Merge pull request #5520 from alam0rt/sam.lockart/allow-preserving-addons

✨  allow preserving addons on delete

Author: k8s-ci-robot

config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanes.yaml

@@ -96,6 +96,11 @@ spec:
                       description: Name is the name of the addon
                       minLength: 2
                       type: string
+                    preserveOnDelete:
+                      description: |-
+                        PreserveOnDelete indicates that the addon resources should be
+                        preserved in the cluster on delete.
+                      type: boolean
                     serviceAccountRoleARN:
                       description: ServiceAccountRoleArn is the ARN of an IAM role
                         to bind to the addons service account
@@ -2270,6 +2275,11 @@ spec:
                       description: Name is the name of the addon
                       minLength: 2
                       type: string
+                    preserveOnDelete:
+                      description: |-
+                        PreserveOnDelete indicates that the addon resources should be
+                        preserved in the cluster on delete.
+                      type: boolean
                     serviceAccountRoleARN:
                       description: ServiceAccountRoleArn is the ARN of an IAM role
                         to bind to the addons service account

config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanetemplates.yaml

@@ -83,6 +83,11 @@ spec:
                               description: Name is the name of the addon
                               minLength: 2
                               type: string
+                            preserveOnDelete:
+                              description: |-
+                                PreserveOnDelete indicates that the addon resources should be
+                                preserved in the cluster on delete.
+                              type: boolean
                             serviceAccountRoleARN:
                               description: ServiceAccountRoleArn is the ARN of an
                                 IAM role to bind to the addons service account

controlplane/eks/api/v1beta1/types.go

@@ -141,6 +141,10 @@ type Addon struct {
 	// ServiceAccountRoleArn is the ARN of an IAM role to bind to the addons service account
 	// +optional
 	ServiceAccountRoleArn *string `json:"serviceAccountRoleARN,omitempty"`
+	// PreserveOnDelete indicates that the addon resources should be
+	// preserved in the cluster on delete.
+	// +optional
+	PreserveOnDelete bool `json:"preserveOnDelete,omitempty"`
 }
 
 // AddonResolution defines the method for resolving parameter conflicts.

controlplane/eks/api/v1beta1/zz_generated.conversion.go

@@ -85,118 +85,52 @@ func TestDefaultingWebhook(t *testing.T) {
 			resourceName: "cluster1",
 			resourceNS:   "default",
 			expectHash:   false,
-			expectSpec: AWSManagedControlPlaneSpec{
-				EKSClusterName:             "default_cluster1",
-				IdentityRef:                defaultIdentityRef,
-				Bastion:                    defaultTestBastion,
-				NetworkSpec:                defaultNetworkSpec,
-				TokenMethod:                &EKSTokenMethodIAMAuthenticator,
-				BootstrapSelfManagedAddons: true,
-			},
+			expectSpec:   AWSManagedControlPlaneSpec{EKSClusterName: "default_cluster1", IdentityRef: defaultIdentityRef, Bastion: defaultTestBastion, NetworkSpec: defaultNetworkSpec, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: true},
 		},
 		{
 			name:         "less than 100 chars, dot in name",
 			resourceName: "team1.cluster1",
 			resourceNS:   "default",
 			expectHash:   false,
-			expectSpec: AWSManagedControlPlaneSpec{
-				EKSClusterName:             "default_team1_cluster1",
-				IdentityRef:                defaultIdentityRef,
-				Bastion:                    defaultTestBastion,
-				NetworkSpec:                defaultNetworkSpec,
-				TokenMethod:                &EKSTokenMethodIAMAuthenticator,
-				BootstrapSelfManagedAddons: true,
-			},
+			expectSpec:   AWSManagedControlPlaneSpec{EKSClusterName: "default_team1_cluster1", IdentityRef: defaultIdentityRef, Bastion: defaultTestBastion, NetworkSpec: defaultNetworkSpec, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: true},
 		},
 		{
 			name:         "more than 100 chars",
 			resourceName: "abcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcde",
 			resourceNS:   "default",
 			expectHash:   true,
-			expectSpec: AWSManagedControlPlaneSpec{
-				EKSClusterName:             "capi_",
-				IdentityRef:                defaultIdentityRef,
-				Bastion:                    defaultTestBastion,
-				NetworkSpec:                defaultNetworkSpec,
-				TokenMethod:                &EKSTokenMethodIAMAuthenticator,
-				BootstrapSelfManagedAddons: true,
-			},
+			expectSpec:   AWSManagedControlPlaneSpec{EKSClusterName: "capi_", IdentityRef: defaultIdentityRef, Bastion: defaultTestBastion, NetworkSpec: defaultNetworkSpec, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: true},
 		},
 		{
 			name:         "with patch",
 			resourceName: "cluster1",
 			resourceNS:   "default",
 			expectHash:   false,
-			spec: AWSManagedControlPlaneSpec{
-				Version: &vV1_17_1,
-			},
-			expectSpec: AWSManagedControlPlaneSpec{
-				EKSClusterName:             "default_cluster1",
-				Version:                    &vV1_17_1,
-				IdentityRef:                defaultIdentityRef,
-				Bastion:                    defaultTestBastion,
-				NetworkSpec:                defaultNetworkSpec,
-				TokenMethod:                &EKSTokenMethodIAMAuthenticator,
-				BootstrapSelfManagedAddons: true,
-			},
+			spec:         AWSManagedControlPlaneSpec{Version: &vV1_17_1},
+			expectSpec:   AWSManagedControlPlaneSpec{EKSClusterName: "default_cluster1", Version: &vV1_17_1, IdentityRef: defaultIdentityRef, Bastion: defaultTestBastion, NetworkSpec: defaultNetworkSpec, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: true},
 		},
 		{
 			name:         "with allowed ip on bastion",
 			resourceName: "cluster1",
 			resourceNS:   "default",
 			expectHash:   false,
-			spec: AWSManagedControlPlaneSpec{
-				Bastion: infrav1.Bastion{
-					AllowedCIDRBlocks: []string{"100.100.100.100/0"},
-				},
-			},
-			expectSpec: AWSManagedControlPlaneSpec{
-				EKSClusterName: "default_cluster1",
-				IdentityRef:    defaultIdentityRef,
-				Bastion: infrav1.Bastion{
-					AllowedCIDRBlocks: []string{"100.100.100.100/0"},
-				},
-				NetworkSpec:                defaultNetworkSpec,
-				TokenMethod:                &EKSTokenMethodIAMAuthenticator,
-				BootstrapSelfManagedAddons: true,
-			},
+			spec:         AWSManagedControlPlaneSpec{Bastion: infrav1.Bastion{AllowedCIDRBlocks: []string{"100.100.100.100/0"}}},
+			expectSpec:   AWSManagedControlPlaneSpec{EKSClusterName: "default_cluster1", IdentityRef: defaultIdentityRef, Bastion: infrav1.Bastion{AllowedCIDRBlocks: []string{"100.100.100.100/0"}}, NetworkSpec: defaultNetworkSpec, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: true},
 		},
 		{
 			name:         "with CNI on network",
 			resourceName: "cluster1",
 			resourceNS:   "default",
 			expectHash:   false,
-			spec: AWSManagedControlPlaneSpec{
-				NetworkSpec: infrav1.NetworkSpec{
-					CNI: &infrav1.CNISpec{},
-				},
-			},
-			expectSpec: AWSManagedControlPlaneSpec{
-				EKSClusterName: "default_cluster1",
-				IdentityRef:    defaultIdentityRef,
-				Bastion:        defaultTestBastion,
-				NetworkSpec: infrav1.NetworkSpec{
-					CNI: &infrav1.CNISpec{},
-					VPC: defaultVPCSpec,
-				},
-				TokenMethod:                &EKSTokenMethodIAMAuthenticator,
-				BootstrapSelfManagedAddons: true,
-			},
+			spec:         AWSManagedControlPlaneSpec{NetworkSpec: infrav1.NetworkSpec{CNI: &infrav1.CNISpec{}}},
+			expectSpec:   AWSManagedControlPlaneSpec{EKSClusterName: "default_cluster1", IdentityRef: defaultIdentityRef, Bastion: defaultTestBastion, NetworkSpec: infrav1.NetworkSpec{CNI: &infrav1.CNISpec{}, VPC: defaultVPCSpec}, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: true},
 		},
 		{
 			name:         "secondary CIDR",
 			resourceName: "cluster1",
 			resourceNS:   "default",
 			expectHash:   false,
-			expectSpec: AWSManagedControlPlaneSpec{
-				EKSClusterName:             "default_cluster1",
-				IdentityRef:                defaultIdentityRef,
-				Bastion:                    defaultTestBastion,
-				NetworkSpec:                defaultNetworkSpec,
-				SecondaryCidrBlock:         nil,
-				TokenMethod:                &EKSTokenMethodIAMAuthenticator,
-				BootstrapSelfManagedAddons: true,
-			},
+			expectSpec:   AWSManagedControlPlaneSpec{EKSClusterName: "default_cluster1", IdentityRef: defaultIdentityRef, Bastion: defaultTestBastion, NetworkSpec: defaultNetworkSpec, SecondaryCidrBlock: nil, TokenMethod: &EKSTokenMethodIAMAuthenticator, BootstrapSelfManagedAddons: true},
 		},
 	}
 

controlplane/eks/api/v1beta2/awsmanagedcontrolplane_webhook_test.go

@@ -141,6 +141,10 @@ type Addon struct {
 	// ServiceAccountRoleArn is the ARN of an IAM role to bind to the addons service account
 	// +optional
 	ServiceAccountRoleArn *string `json:"serviceAccountRoleARN,omitempty"`
+	// PreserveOnDelete indicates that the addon resources should be
+	// preserved in the cluster on delete.
+	// +optional
+	PreserveOnDelete bool `json:"preserveOnDelete,omitempty"`
 }
 
 // AddonResolution defines the method for resolving parameter conflicts.

controlplane/eks/api/v1beta2/types.go

@@ -207,6 +207,7 @@ func (s *Service) translateAPIToAddon(addons []ekscontrolplanev1.Addon) []*eksad
 			Tags:                  ngTags(s.scope.Cluster.Name, s.scope.AdditionalTags()),
 			ResolveConflict:       conflict,
 			ServiceAccountRoleARN: addon.ServiceAccountRoleArn,
+			Preserve:              addon.PreserveOnDelete,
 		}
 
 		converted = append(converted, convertedAddon)

pkg/cloud/services/eks/addons.go

@@ -86,7 +86,7 @@ func (a *plan) Create(_ context.Context) ([]planner.Procedure, error) {
 		desired := a.getDesired(*installed.Name)
 		if desired == nil {
 			if *installed.Status != string(ekstypes.AddonStatusDeleting) {
-				procedures = append(procedures, &DeleteAddonProcedure{plan: a, name: *installed.Name})
+				procedures = append(procedures, &DeleteAddonProcedure{plan: a, name: *installed.Name, preserve: installed.Preserve})
 			}
 			procedures = append(procedures, &WaitAddonDeleteProcedure{plan: a, name: *installed.Name})
 		}

pkg/eks/addons/plan.go

@@ -41,6 +41,7 @@ func TestEKSAddonPlan(t *testing.T) {
 	addonStatusUpdating := string(ekstypes.AddonStatusUpdating)
 	addonStatusDeleting := string(ekstypes.AddonStatusDeleting)
 	addonStatusCreating := string(ekstypes.AddonStatusCreating)
+	addonPreserve := false
 	created := time.Now()
 	maxActiveUpdateDeleteWait := 30 * time.Minute
 
@@ -176,7 +177,7 @@ func TestEKSAddonPlan(t *testing.T) {
 				createDesiredAddon(addon1Name, addon1version),
 			},
 			installedAddons: []*EKSAddon{
-				createInstalledAddon(addon1Name, addon1version, addonARN, addonStatusActive),
+				createInstalledAddon(addon1Name, addon1version, addonARN, addonStatusActive, false),
 			},
 			expectCreateError: false,
 			expectDoError:     false,
@@ -198,7 +199,7 @@ func TestEKSAddonPlan(t *testing.T) {
 				createDesiredAddon(addon1Name, addon1version),
 			},
 			installedAddons: []*EKSAddon{
-				createInstalledAddon(addon1Name, addon1version, addonARN, addonStatusCreating),
+				createInstalledAddon(addon1Name, addon1version, addonARN, addonStatusCreating, addonPreserve),
 			},
 			expectCreateError: false,
 			expectDoError:     false,
@@ -236,7 +237,7 @@ func TestEKSAddonPlan(t *testing.T) {
 				createDesiredAddon(addon1Name, addon1Upgrade),
 			},
 			installedAddons: []*EKSAddon{
-				createInstalledAddon(addon1Name, addon1version, addonARN, addonStatusActive),
+				createInstalledAddon(addon1Name, addon1version, addonARN, addonStatusActive, addonPreserve),
 			},
 			expectCreateError: false,
 			expectDoError:     false,
@@ -258,7 +259,7 @@ func TestEKSAddonPlan(t *testing.T) {
 				createDesiredAddon(addon1Name, addon1Upgrade),
 			},
 			installedAddons: []*EKSAddon{
-				createInstalledAddon(addon1Name, addon1Upgrade, addonARN, addonStatusUpdating),
+				createInstalledAddon(addon1Name, addon1Upgrade, addonARN, addonStatusUpdating, addonPreserve),
 			},
 			expectCreateError: false,
 			expectDoError:     false,
@@ -277,7 +278,7 @@ func TestEKSAddonPlan(t *testing.T) {
 				createDesiredAddonExtraTag(addon1Name, addon1version),
 			},
 			installedAddons: []*EKSAddon{
-				createInstalledAddon(addon1Name, addon1version, addonARN, addonStatusActive),
+				createInstalledAddon(addon1Name, addon1version, addonARN, addonStatusActive, addonPreserve),
 			},
 			expectCreateError: false,
 			expectDoError:     false,
@@ -321,7 +322,7 @@ func TestEKSAddonPlan(t *testing.T) {
 				createDesiredAddonExtraTag(addon1Name, addon1Upgrade),
 			},
 			installedAddons: []*EKSAddon{
-				createInstalledAddon(addon1Name, addon1version, addonARN, addonStatusActive),
+				createInstalledAddon(addon1Name, addon1version, addonARN, addonStatusActive, addonPreserve),
 			},
 			expectCreateError: false,
 			expectDoError:     false,
@@ -333,6 +334,7 @@ func TestEKSAddonPlan(t *testing.T) {
 					DeleteAddon(gomock.Eq(context.TODO()), gomock.Eq(&eks.DeleteAddonInput{
 						AddonName:   &addon1Name,
 						ClusterName: &clusterName,
+						Preserve:    false,
 					})).
 					Return(&eks.DeleteAddonOutput{
 						Addon: &ekstypes.Addon{
@@ -352,7 +354,39 @@ func TestEKSAddonPlan(t *testing.T) {
 				}), maxActiveUpdateDeleteWait).Return(nil)
 			},
 			installedAddons: []*EKSAddon{
-				createInstalledAddon(addon1Name, addon1version, addonARN, addonStatusActive),
+				createInstalledAddon(addon1Name, addon1version, addonARN, addonStatusActive, addonPreserve),
+			},
+			expectCreateError: false,
+			expectDoError:     false,
+		},
+		{
+			name: "1 installed and 0 desired - delete addon & preserve",
+			expect: func(m *mock_eksiface.MockEKSAPIMockRecorder) {
+				m.
+					DeleteAddon(gomock.Eq(context.TODO()), gomock.Eq(&eks.DeleteAddonInput{
+						AddonName:   &addon1Name,
+						ClusterName: &clusterName,
+						Preserve:    true,
+					})).
+					Return(&eks.DeleteAddonOutput{
+						Addon: &ekstypes.Addon{
+							AddonArn:     aws.String(addonARN),
+							AddonName:    aws.String(addon1Name),
+							AddonVersion: aws.String(addon1version),
+							ClusterName:  aws.String(clusterName),
+							CreatedAt:    &created,
+							ModifiedAt:   &created,
+							Status:       ekstypes.AddonStatusDeleting,
+							Tags:         createTags(),
+						},
+					}, nil)
+				m.WaitUntilAddonDeleted(gomock.Eq(context.TODO()), gomock.Eq(&eks.DescribeAddonInput{
+					AddonName:   aws.String(addon1Name),
+					ClusterName: aws.String(clusterName),
+				}), maxActiveUpdateDeleteWait).Return(nil)
+			},
+			installedAddons: []*EKSAddon{
+				createInstalledAddon(addon1Name, addon1version, addonARN, addonStatusActive, true),
 			},
 			expectCreateError: false,
 			expectDoError:     false,
@@ -366,7 +400,7 @@ func TestEKSAddonPlan(t *testing.T) {
 				}), maxActiveUpdateDeleteWait).Return(nil)
 			},
 			installedAddons: []*EKSAddon{
-				createInstalledAddon(addon1Name, addon1version, addonARN, addonStatusDeleting),
+				createInstalledAddon(addon1Name, addon1version, addonARN, addonStatusDeleting, false),
 			},
 			expectCreateError: false,
 			expectDoError:     false,
@@ -442,10 +476,11 @@ func createDesiredAddonExtraTag(name, version string) *EKSAddon {
 	}
 }
 
-func createInstalledAddon(name, version, arn, status string) *EKSAddon {
+func createInstalledAddon(name, version, arn, status string, preserve bool) *EKSAddon {
 	desired := createDesiredAddon(name, version)
 	desired.ARN = &arn
 	desired.Status = &status
+	desired.Preserve = preserve
 
 	return desired
 }

pkg/eks/addons/plan_test.go

@@ -40,15 +40,17 @@ var (
 
 // DeleteAddonProcedure is a procedure that will delete an EKS addon.
 type DeleteAddonProcedure struct {
-	plan *plan
-	name string
+	plan     *plan
+	name     string
+	preserve bool
 }
 
 // Do implements the logic for the procedure.
 func (p *DeleteAddonProcedure) Do(ctx context.Context) error {
 	input := &eks.DeleteAddonInput{
 		AddonName:   aws.String(p.name),
 		ClusterName: aws.String(p.plan.clusterName),
+		Preserve:    p.preserve,
 	}
 
 	if _, err := p.plan.eksClient.DeleteAddon(ctx, input); err != nil {