Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhahance Terraformer.IsStateEmpty to check for presence of terraformer finalizer #3423

Merged
merged 1 commit into from Jan 27, 2021
Merged

Enhahance Terraformer.IsStateEmpty to check for presence of terraformer finalizer #3423

merged 1 commit into from Jan 27, 2021

Conversation

vpnachev
Copy link
Member

@vpnachev vpnachev commented Jan 15, 2021
edited

How to categorize this PR?

/kind bug
/priority normal

What this PR does / why we need it:
After gardener/terraformer#65 the terraform finalizers are removed at the end of a successful destroy. However, the finalizer deletion can be rejected for some reason by the API and the whole operation needs to executed again. At this point, most of the extensions skips to run a destroy pod because of empty state, ref: https://github.com/gardener/gardener-extension-provider-aws/blob/d4c1eaf8590296add7a4bca19903b6eee3cd293b/pkg/controller/infrastructure/actuator_delete.go#L62-L65, hence there is no controller to remove the finalizer.

Update:
Now the IsStateEmpty check is enhanced to also verify for presence of the terraformer finalizer.

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:
Thanks @ialidzhikov for spotting it.

Release note:

A bug in the extension library that was preventing the deletion of TF secret and configmaps with empty state is now fixed.

@gardener-robot gardener-robot added kind/bug Bug priority/normal size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jan 15, 2021
@vpnachev vpnachev marked this pull request as ready for review January 17, 2021 13:56
@vpnachev vpnachev requested a review from a team as a code owner January 17, 2021 13:56
ialidzhikov
ialidzhikov reviewed Jan 18, 2021
View reviewed changes
extensions/pkg/terraformer/config.go Outdated Show resolved Hide resolved
extensions/pkg/terraformer/config.go Outdated Show resolved Hide resolved
@vpnachev vpnachev force-pushed the extensions/terraformer/finalize-on-empty-state branch from ccb44a6 to 3edf432 Compare January 18, 2021 07:58
@vpnachev vpnachev force-pushed the extensions/terraformer/finalize-on-empty-state branch from 3edf432 to 6deb49f Compare January 18, 2021 08:30
ialidzhikov
ialidzhikov previously approved these changes Jan 18, 2021
View reviewed changes
Copy link
Member

@ialidzhikov ialidzhikov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

rfranzke
rfranzke reviewed Jan 18, 2021
View reviewed changes
Copy link
Member

@rfranzke rfranzke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't a better approach be to make the extensions not skip the destruction in case the state is already empty and rather let the Terraformer remove the finalizers that it previously added?

extensions/pkg/terraformer/config.go Outdated Show resolved Hide resolved
@vpnachev vpnachev force-pushed the extensions/terraformer/finalize-on-empty-state branch from 6deb49f to ac61999 Compare January 18, 2021 15:19
@vpnachev
Copy link
Member Author

Wouldn't a better approach be to make the extensions not skip the destruction in case the state is already empty and rather let the Terraformer remove the finalizers that it previously added?

I believe It was introduced on purpose, for example provider-aws. Now the terraformer finalizer has broken this shortcut, and from my point of view the correct solution was to enhance the CleanupConfiguration.

@rfranzke
Copy link
Member

The Terraformer library is not dealing with the finalizer yet and should not start doing so, I believe. It should rather properly instrument the Terraformer - now that we have this new behaviour.
It might work at the moment as you propose, but it has some potential to hit us later again.
Instead of existing early in the extension it should probably only do the LB cleanup if the state is not empty.
WDYT?

@danielfoehrKn
Copy link
Contributor

I do not know all the details here, but why would the extensions remove a finalized from the terraformer? Wouldnt it be better to fix the terraformer to ensure the finalizer is removed from all the secrets (like @rfranzke suggests)? The extension would
In case the terraformer fails to remove the secret and the pod is terminated, the terraformer pod should be re-spawned to try again, no?

Instead of existing early in the extension it should probably only do the LB cleanup if the state is not empty.

Is this to make sure that the terraformer pod is re-created and removes the finalized? How is this related to the LB cleanup?

ialidzhikov
ialidzhikov reviewed Jan 27, 2021
View reviewed changes
extensions/pkg/terraformer/state.go Outdated Show resolved Hide resolved
extensions/pkg/terraformer/state.go Outdated Show resolved Hide resolved
timebertt
timebertt previously approved these changes Jan 27, 2021
View reviewed changes
Copy link
Member

@timebertt timebertt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks.
/lgtm

@vpnachev vpnachev dismissed stale reviews from timebertt and rfranzke via 5a93c66 January 27, 2021 08:09
@vpnachev vpnachev force-pushed the extensions/terraformer/finalize-on-empty-state branch from fe69e7f to 5a93c66 Compare January 27, 2021 08:09
@vpnachev vpnachev force-pushed the extensions/terraformer/finalize-on-empty-state branch from 5a93c66 to 8133868 Compare January 27, 2021 08:11
@vpnachev vpnachev force-pushed the extensions/terraformer/finalize-on-empty-state branch from 8133868 to 2381883 Compare January 27, 2021 08:17
ialidzhikov
ialidzhikov approved these changes Jan 27, 2021
View reviewed changes
Copy link
Member

@ialidzhikov ialidzhikov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@timebertt timebertt merged commit 47a34c8 into gardener:master Jan 27, 2021
@vpnachev vpnachev deleted the extensions/terraformer/finalize-on-empty-state branch January 27, 2021 09:17
@vpnachev vpnachev mentioned this pull request Feb 15, 2021
Merged
@gardener-robot gardener-robot added priority/3 Priority (lower number equals higher priority) and removed priority/3 Priority (lower number equals higher priority) labels Mar 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ialidzhikov ialidzhikov ialidzhikov approved these changes

@timebertt timebertt timebertt approved these changes

@rfranzke rfranzke rfranzke left review comments

Assignees
No one assigned
Labels
kind/bug Bug size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
9 participants
@vpnachev @rfranzke @danielfoehrKn @ialidzhikov @timebertt @gardener-robot-ci-1 @gardener-robot-ci-2 @gardener-robot-ci-3 @gardener-robot