Cleanup scritp enhancement (#1331)

* support multi-ns Signed-off-by: Allen Li <[email protected]> * update Signed-off-by: Allen Li <[email protected]> * cleanup cs control Signed-off-by: Allen Li <[email protected]> * delete cs-control Signed-off-by: Allen Li <[email protected]> * add nss common-service Signed-off-by: Allen Li <[email protected]> * update uninstall script Signed-off-by: Allen Li <[email protected]> * add runtime role Signed-off-by: Allen Li <[email protected]> * serviceNamespace error handle Signed-off-by: Allen Li <[email protected]> * remove echo Signed-off-by: Allen Li <[email protected]> * fix cleanup controlns error Signed-off-by: Allen Li <[email protected]> * fix typo Signed-off-by: Allen Li <[email protected]> * delete common-service-maps Signed-off-by: Allen Li <[email protected]> --------- Signed-off-by: Allen Li <[email protected]>
IBM · Jul 12, 2023 · 7c75c8f · 7c75c8f
1 parent 124f814
commit 7c75c8f
Show file tree

Hide file tree

Showing 2 changed files with 158 additions and 48 deletions.
diff --git a/cp3pt0-deployment/common/utils.sh b/cp3pt0-deployment/common/utils.sh
@@ -659,7 +659,7 @@ function cleanup_OperandBindInfo() {
 
 function cleanup_NamespaceScope() {
     local namespace=$1
-    ${OC} delete namespacescope odlm-scope-managedby-odlm nss-odlm-scope nss-managedby-odlm -n ${namespace} --ignore-not-found
+    ${OC} delete namespacescope odlm-scope-managedby-odlm nss-odlm-scope nss-managedby-odlm common-service -n ${namespace} --ignore-not-found
 }
 
 function cleanup_OperandRequest() {
@@ -1031,7 +1031,7 @@ function delete_operand_finalizer() {
     local ns=$2
     for crd in ${crds}; do
         if [ "${crd}" != "packagemanifests.packages.operators.coreos.com" ] && [ "${crd}" != "events" ] && [ "${crd}" != "events.events.k8s.io" ]; then
-            crs=$(${OC} get ${crd} --no-headers --ignore-not-found -n ${ns} 2>/dev/null | awk '{print $1}')
+            crs=$(${OC} get "${crd}" --no-headers --ignore-not-found -n "${ns}" 2>/dev/null | awk '{print $1}')
             for cr in ${crs}; do
                 msg "Removing the finalizers for resource: ${crd}/${cr}"
                 ${OC} patch ${crd} ${cr} -n ${ns} --type="json" -p '[{"op": "remove", "path":"/metadata/finalizers"}]' 2>/dev/null

diff --git a/cp3pt0-deployment/uninstall_tenant.sh b/cp3pt0-deployment/uninstall_tenant.sh
@@ -13,6 +13,7 @@
 OC=oc
 YQ=yq
 TENANT_NAMESPACES=""
+OPERATOR_NS_LIST=""
 FORCE_DELETE=0
 DEBUG=0
 
@@ -123,18 +124,48 @@ function pre_req() {
 }
 
 function set_tenant_namespaces() {
-    TENANT_NAMESPACES=$(${OC} get -n "$OPERATOR_NS" configmap namespace-scope -o jsonpath='{.data.namespaces}')
-    if [ "$TENANT_NAMESPACES" == "" ]; then
-        TENANT_NAMESPACES=$OPERATOR_NS
-    fi
-    info "Tenant namespaces are: $TENANT_NAMESPACES"
+    # check if user want to cleanup operatorNamespace
+    for ns in ${OPERATOR_NS//,/ }; do
+        # if this namespace is operatorNamespace
+        temp_namespace=$(${OC} get -n "$ns" configmap namespace-scope -o jsonpath='{.data.namespaces}' --ignore-not-found)
+        if [ "$temp_namespace" != "" ]; then
+            if [ "$TENANT_NAMESPACES" == "" ]; then
+                TENANT_NAMESPACES=$temp_namespace
+                OPERATOR_NS_LIST=$ns
+            else
+                TENANT_NAMESPACES="${TENANT_NAMESPACES},${temp_namespace}"
+                OPERATOR_NS_LIST="${OPERATOR_NS_LIST},${ns}"
+            fi
+            continue
+        fi
+
+        # if this namespace is servicesNamespace
+        operator_ns=$(${OC} get -n "$ns" commonservice common-service -o jsonpath='{.spec.operatorNamespace}' --ignore-not-found)
+        services_ns=$(${OC} get -n "$ns" commonservice common-service -o jsonpath='{.spec.servicesNamespace}' --ignore-not-found)
+        if [ "$services_ns" == "$ns" ]; then
+            temp_namespace=$(${OC} get -n "$operator_ns" configmap namespace-scope -o jsonpath='{.data.namespaces}' --ignore-not-found)
+            if [ "$TENANT_NAMESPACES" == "" ]; then
+                TENANT_NAMESPACES=$temp_namespace
+                OPERATOR_NS_LIST=$operator_ns
+            else
+                TENANT_NAMESPACES="${TENANT_NAMESPACES},${temp_namespace}"
+                OPERATOR_NS_LIST="${OPERATOR_NS_LIST},${operator_ns}"
+            fi
+            continue
+        fi
 
-    # TODO: have a fallback to populate TENANT_NAMESPACES, so that script
-    # can be run multiple times, i.e. handle case where NSS configmap has been
-    # deleted, but script hits error before namespace cleanup
-    # if [ "$TENANT_NAMESPACES" == "" ]; then
-    #     error "Failed to get tenant namespaces"
-    # fi
+        # if this namespace neither operatorNamespace nor serviceNamsespace
+        if [ "$TENANT_NAMESPACES" == "" ]; then
+            TENANT_NAMESPACES=$ns
+        else
+            TENANT_NAMESPACES="${TENANT_NAMESPACES},${ns}"
+        fi
+    done
+
+    # delete duplicate namespace in TENANT_NAMESPACES and OPERATOR_NS_LIST
+    TENANT_NAMESPACES=$(echo "$TENANT_NAMESPACES" | sed -e 's/,/\n/g' | sort -u | tr "\r\n" "," | sed '$ s/,$//')
+    OPERATOR_NS_LIST=$(echo "$OPERATOR_NS_LIST" | sed -e 's/,/\n/g' | sort -u | tr "\r\n" "," | sed '$ s/,$//')
+    info "Tenant namespaces are: $TENANT_NAMESPACES"
 }
 
 function uninstall_odlm() {
@@ -153,28 +184,30 @@ function uninstall_odlm() {
         grep_args='no-operand-requests'
     fi
 
-    local namespace=$1
-    local name=$2
-    local condition="${OC} get operandrequests -A --no-headers | cut -d ' ' -f1 | grep -w ${grep_args} || echo Success"
-    local retries=20
-    local sleep_time=10
-    local total_time_mins=$(( sleep_time * retries / 60))
-    local wait_message="Waiting for all OperandRequests in tenant namespaces to be deleted"
-    local success_message="All tenant OperandRequests deleted"
-    local error_message="Timeout after ${total_time_mins} minutes waiting for tenant OperandRequests to be deleted"
-
-    # ideally ODLM will ensure OperandRequests are cleaned up neatly
-    wait_for_condition "${condition}" ${retries} ${sleep_time} "${wait_message}" "${success_message}" "${error_message}"
-
-    local sub=$(fetch_sub_from_package ibm-odlm $OPERATOR_NS)
-    if [ "$sub" != "" ]; then
-        ${OC} delete --ignore-not-found -n "$OPERATOR_NS" sub "$sub"
-    fi
+    for ns in ${TENANT_NAMESPACES//,/ }; do
+        local condition="${OC} get operandrequests -n ${ns} --no-headers | cut -d ' ' -f1 | grep -w ${grep_args} || echo Success"
+        local retries=20
+        local sleep_time=10
+        local total_time_mins=$(( sleep_time * retries / 60))
+        local wait_message="Waiting for all OperandRequests in tenant namespaces:${ns} to be deleted"
+        local success_message="This tenant OperandRequests deleted"
+        local error_message="Timeout after ${total_time_mins} minutes waiting for tenant OperandRequests to be deleted"
+
+        # ideally ODLM will ensure OperandRequests are cleaned up neatly
+        wait_for_condition "${condition}" ${retries} ${sleep_time} "${wait_message}" "${success_message}" "${error_message}"
+    done
 
-    local csv=$(fetch_csv_from_sub operand-deployment-lifecycle-manager "$OPERATOR_NS")
-    if [ "$csv" != "" ]; then
-        ${OC} delete --ignore-not-found -n "$OPERATOR_NS" csv "$csv"
-    fi
+        for ns in ${TENANT_NAMESPACES//,/ }; do
+        local sub=$(fetch_sub_from_package ibm-odlm $ns)
+        if [ "$sub" != "" ]; then
+            ${OC} delete --ignore-not-found -n "$ns" sub "$sub"
+        fi
+
+        local csv=$(fetch_csv_from_sub operand-deployment-lifecycle-manager "$ns")
+        if [ "$csv" != "" ]; then
+            ${OC} delete --ignore-not-found -n "$ns" csv "$csv"
+        fi
+    done
 }
 
 function uninstall_cs_operator() {
@@ -196,22 +229,24 @@ function uninstall_cs_operator() {
 function uninstall_nss() {
     title "Uninstall ibm-namespace-scope-operator"
 
-    ${OC} delete --ignore-not-found nss -n "$OPERATOR_NS" common-service
-
     for ns in ${TENANT_NAMESPACES//,/ }; do
-        ${OC} delete --ignore-not-found rolebinding "nss-managed-role-from-$OPERATOR_NS"
-        ${OC} delete --ignore-not-found role "nss-managed-role-from-$OPERATOR_NS"
-    done
-
-    sub=$(fetch_sub_from_package ibm-namespace-scope-operator "$OPERATOR_NS")
-    if [ "$sub" != "" ]; then
-        ${OC} delete --ignore-not-found -n "$OPERATOR_NS" sub "$sub"
-    fi
+        ${OC} delete --ignore-not-found nss -n "$ns" common-service
+        for op_ns in ${OPERATOR_NS_LIST//,/ }; do
+            ${OC} delete --ignore-not-found rolebinding -n "$ns" "nss-managed-role-from-$op_ns"
+            ${OC} delete --ignore-not-found role -n "$ns" "nss-managed-role-from-$op_ns"
+            ${OC} delete --ignore-not-found rolebinding -n "$ns" "nss-runtime-managed-role-from-$op_ns"
+            ${OC} delete --ignore-not-found role -n "$ns" "nss-runtime-managed-role-from-$op_ns"
+        done
 
-    csv=$(fetch_csv_from_sub "$sub" "$OPERATOR_NS")
-    if [ "$csv" != "" ]; then
-        ${OC} delete --ignore-not-found -n "$OPERATOR_NS" csv "$csv"
-    fi
+        sub=$(fetch_sub_from_package ibm-namespace-scope-operator "$ns")
+        if [ "$sub" != "" ]; then
+            ${OC} delete --ignore-not-found -n "$ns" sub "$sub"
+        fi
+        csv=$(fetch_csv_from_sub "$sub" "$ns")
+        if [ "$csv" != "" ]; then
+            ${OC} delete --ignore-not-found -n "$ns" csv "$csv"
+        fi
+    done
 }
 
 function delete_webhook() {
@@ -266,10 +301,85 @@ function delete_tenant_ns() {
             warning "Failed to delete namespace $ns, force deleting remaining resources..."
             remove_all_finalizers $ns && success "Namespace $ns is deleted successfully."
         fi
+        update_namespaceMapping $ns
     done
+
+    cleanup_cs_control
+
     success "Common Services uninstall finished and successfull." 
 }
 
+function update_namespaceMapping() {
+    namespace=$1
+    title "Updating common-service-maps $namespace"
+    msg "-----------------------------------------------------------------------"
+    local current_yaml=$("${OC}" get -n kube-public cm common-service-maps -o yaml | yq '.data.["common-service-maps.yaml"]')
+    local isExist=$(echo "$current_yaml" | yq '.namespaceMapping[] | select(.map-to-common-service-namespace == "'$namespace'")')
+
+    if [ "$isExist" ]; then
+        info "The map-to-common-service-namespace: $namespace, exist in common-service-maps"
+        info "Deleting this tenant in common-service-maps"
+        updated_yaml=$(echo "$current_yaml" | yq 'del(.namespaceMapping[] | select(.map-to-common-service-namespace == "'$namespace'"))')
+        local padded_yaml=$(echo "$updated_yaml" | awk '$0="    "$0')
+        update_cs_maps "$padded_yaml"
+    else
+        info "Namespace: $namespace does not exist in .map-to-common-service-namespace, skipping"
+    fi
+}
+
+# update_cs_maps Updates the common-service-maps with the given yaml. Note that
+# the given yaml should have the right indentation/padding, minimum 2 spaces per
+# line. If there are multiple lines in the yaml, ensure that each line has
+# correct indentation.
+function update_cs_maps() {
+    local yaml=$1
+
+    local object="$(
+        cat <<EOF
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: common-service-maps
+  namespace: kube-public
+data:
+  common-service-maps.yaml: |
+${yaml}
+EOF
+)"
+    echo "$object" | oc apply -f -
+}
+
+# check if we need to cleanup contorl namespace and clean it
+function cleanup_cs_control() {
+    local current_yaml=$("${OC}" get -n kube-public cm common-service-maps -o yaml | yq '.data.["common-service-maps.yaml"]')
+    local isExist=$(echo "$current_yaml" | yq '.namespaceMapping[] | has("map-to-common-service-namespace")' )
+    if [ "$isExist" ]; then
+        info "map-to-common-service-namespace exist in common-service-maps, don't clean up control namespace"
+    else
+        title "Clean up control namespace"
+        msg "-----------------------------------------------------------------------"
+        get_control_namespace
+        # cleanup namespaceScope in Control namespace
+        cleanup_NamespaceScope $CONTROL_NS
+        # cleanup webhook
+        cleanup_webhook $CONTROL_NS ""
+        # cleanup secretshare
+        cleanup_secretshare $CONTROL_NS ""
+        # cleanup crossplane    
+        cleanup_crossplane
+        # delete common-service-maps 
+        ${OC} delete configmap common-service-maps -n kube-public
+        # delete namespace
+        ${OC} delete --ignore-not-found ns "$CONTROL_NS" --timeout=30s
+        if [ $? -ne 0 ] || [ $FORCE_DELETE -eq 1 ]; then
+            warning "Failed to delete namespace $CONTROL_NS, force deleting remaining resources..."
+            remove_all_finalizers $ns && success "Namespace $CONTROL_NS is deleted successfully."
+        fi
+
+        success "Control namespace: ${CONTROL_NS} is cleanup"
+    fi
+
+}
 
 
 main $*