From a481fbb545845e1a694e450f07a0758f9abbc4b5 Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Wed, 3 Jul 2019 12:33:13 -0400 Subject: [PATCH 1/2] UPSTREAM: : openshift: Add prevent PreserveInstanceAnnotation Why we need this: This commit adds the ability to prevent processing of deletion of machine-objects when the annotation is present. This is particularly useful when an automated remediation mechanism is implemented to serve as a way for administrators to indicate they do not wish a particular machine to be remediated for whatever reason. --- pkg/apis/machine/v1beta1/machine_types.go | 4 ++++ pkg/controller/machine/controller.go | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/pkg/apis/machine/v1beta1/machine_types.go b/pkg/apis/machine/v1beta1/machine_types.go index 0bbc48f5a768..279d8fca26db 100644 --- a/pkg/apis/machine/v1beta1/machine_types.go +++ b/pkg/apis/machine/v1beta1/machine_types.go @@ -37,6 +37,10 @@ const ( // MachineClusterIDLabel is the label that a machine must have to identify the // cluster to which it belongs. MachineClusterIDLabel = "machine.openshift.io/cluster-api-cluster" + + // PreserveInstanceAnnotation prevents a VM from being deleted by the + // machine-controller and will cause machine-controller to requeue. + PreserveInstanceAnnotation = "machine.openshift.io/preserve-instance" ) // +genclient diff --git a/pkg/controller/machine/controller.go b/pkg/controller/machine/controller.go index f5aa0e182ee2..fe9ec0bd1497 100644 --- a/pkg/controller/machine/controller.go +++ b/pkg/controller/machine/controller.go @@ -335,6 +335,11 @@ func (r *ReconcileMachine) getCluster(ctx context.Context, machine *machinev1.Ma } func (r *ReconcileMachine) isDeleteAllowed(machine *machinev1.Machine) bool { + _, exists := m.ObjectMeta.Annotations[machinev1.PreserveInstanceAnnotation] + if exists { + return false + } + if r.nodeName == "" || machine.Status.NodeRef == nil { return true } From ae2a0ed272cd4e3079871000ed891445e8cd2ea3 Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Wed, 10 Jul 2019 12:34:20 -0400 Subject: [PATCH 2/2] UPSTREAM: : openshift: Refactor isDeleteAllowed to remove most logic Currently, it is impossible to delete a machine from the cluster if the machine-controller is running on said machine. This is mostly an artifact of upstream's inability to smartly detect there is only one master running to prevent deletion of the cluster, and it is not desireable generally. To support more automated remediation, we should not treat any particular node specially. Since we drain first, we will not actually delete the underlying machine-object until we are successfully started on a new host, preventing the deletion of the final master. --- pkg/controller/machine/controller.go | 25 ++----------------------- 1 file changed, 2 insertions(+), 23 deletions(-) diff --git a/pkg/controller/machine/controller.go b/pkg/controller/machine/controller.go index fe9ec0bd1497..34530c0565d8 100644 --- a/pkg/controller/machine/controller.go +++ b/pkg/controller/machine/controller.go @@ -335,29 +335,8 @@ func (r *ReconcileMachine) getCluster(ctx context.Context, machine *machinev1.Ma } func (r *ReconcileMachine) isDeleteAllowed(machine *machinev1.Machine) bool { - _, exists := m.ObjectMeta.Annotations[machinev1.PreserveInstanceAnnotation] - if exists { - return false - } - - if r.nodeName == "" || machine.Status.NodeRef == nil { - return true - } - - if machine.Status.NodeRef.Name != r.nodeName { - return true - } - - node := &corev1.Node{} - if err := r.Client.Get(context.Background(), client.ObjectKey{Name: r.nodeName}, node); err != nil { - klog.Infof("Failed to determine if controller's node %q is associated with machine %q: %v", r.nodeName, machine.Name, err) - return true - } - - // When the UID of the machine's node reference and this controller's actual node match then then the request is to - // delete the machine this machine-controller is running on. Return false to not allow machine controller to delete its - // own machine. - return node.UID != machine.Status.NodeRef.UID + _, exists := machine.ObjectMeta.Annotations[machinev1.PreserveInstanceAnnotation] + return !exists } func (r *ReconcileMachine) deleteNode(ctx context.Context, name string) error {