[release-1.5] feat: external load balancer garbage collection (part 2) - new gc service #3632
Commits on Aug 1, 2022
-
feat: new garbage collection servive
This introduces a new garbage collection service which will be used later by the controllers to do clean up of AWS resources for child/tenant clusters that where created via the CCM. Initially we support clearing up load balancers (classic elb, nlb, alb) and security groups. It works in 2 phases depending on if a child cluster is being created/update (i.e. **Reconcile**) or deleted (i.e. **ReconcileDelete**). When a cluster is created the cluster controllers will call **Reconcile**. Its purpose is to deteremine if the cluster should be garbage collected and if it should then it needs marked. If the gc feature is enabled we will operate an opt-out model, so all clusters will be garbage collected unless they exlicitly opt out. To opt out the infra cluster must have the `aws.cluster.x-k8s.io/external-resource-gc` annotation with a value of false. Otherwise a cluster is marked as requiring gc by adding the `awsexternalresourcegc.infrastructure.cluster.x-k8s.io` finalizer to the infra cluster. When a cluster is deleted the cluster controllers will call **ReconcileDelete**. The first job is to identify the AWS resources that where created by the CCM in the child/tenant cluster. This is done by using the AWS resource tagging api and getting resources with the kubernetes cluster owned label. The resources that are returned are then put into buckets for each AWS resource type (i.e. ec2, elasticloadbalancing) and then these buckets of resource ARNs are passed to a function for that specific AWS service which will do teh actual API calls to clear up the AWS resources. The reason we use buckets is that the order in which you delete services can matter, for example load balancers must be deleted before target groups. The service will be use by a later change to the controllers. Signed-off-by: Richard Case <richard.case@outlook.com>
-
refactor: gc opt in/out any time before delete
Changed the gc service based on the lateset proposal update & review feedback. It now uses a model where "the user decides whether to enable the gc at any time before they delete the cluster.". This translates into the `ReconcileDelete` now: - Checks to see ig the cluster should be garbage collected by looking at the gc annotation (if it exists). - Does resource cleanup Signed-off-by: Richard Case <richard.case@outlook.com>
-
refactor: cleanup functions filter resource
The the cleanup functions now accepted the full list of AWS resources and then they filter which resources they want to delete themselves. Signed-off-by: Richard Case <richard.case@outlook.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.