fix: ip/vpc are not deleted by helm uninstall (#5501)

Signed-off-by: Mengxin Liu <[email protected]>
(cherry picked from commit e90f157)

Author: oilbeater

charts/kube-ovn-v2/templates/hooks/pre-delete-hook.yaml renamed to charts/kube-ovn-v2/templates/hooks/post-delete-hook.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: kube-ovn-pre-delete-hook
+  name: kube-ovn-post-delete-hook
   namespace: {{ .Values.namespace }}
   annotations:
     # This is what defines this resource as a hook. Without this line, the
     # job is considered part of the release.
-    "helm.sh/hook": pre-delete
+    "helm.sh/hook": post-delete
     "helm.sh/hook-weight": "1"
     "helm.sh/hook-delete-policy": hook-succeeded
 ---
@@ -17,15 +17,17 @@ metadata:
     rbac.authorization.k8s.io/system-only: "true"
     # This is what defines this resource as a hook. Without this line, the
     # job is considered part of the release.
-    "helm.sh/hook": pre-delete
+    "helm.sh/hook": post-delete
     "helm.sh/hook-weight": "2"
     "helm.sh/hook-delete-policy": hook-succeeded
-  name: system:kube-ovn-pre-delete-hook
+  name: system:kube-ovn-post-delete-hook
 rules:
   - apiGroups:
       - kubeovn.io
     resources:
       - subnets
+      - vpcs
+      - ips
     verbs:
       - get
       - list
@@ -34,26 +36,26 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: kube-ovn-pre-delete-hook
+  name: kube-ovn-post-delete-hook
   annotations:
     # This is what defines this resource as a hook. Without this line, the
     # job is considered part of the release.
-    "helm.sh/hook": pre-delete
+    "helm.sh/hook": post-delete
     "helm.sh/hook-weight": "3"
     "helm.sh/hook-delete-policy": hook-succeeded
 roleRef:
-  name: system:kube-ovn-pre-delete-hook
+  name: system:kube-ovn-post-delete-hook
   kind: ClusterRole
   apiGroup: rbac.authorization.k8s.io
 subjects:
   - kind: ServiceAccount
-    name: kube-ovn-pre-delete-hook
+    name: kube-ovn-post-delete-hook
     namespace: {{ .Values.namespace }}
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: "{{ .Chart.Name }}-pre-delete-hook"
+  name: "{{ .Chart.Name }}-post-delete-hook"
   namespace: {{ .Values.namespace }}
   labels:
     app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
@@ -63,7 +65,7 @@ metadata:
   annotations:
     # This is what defines this resource as a hook. Without this line, the
     # job is considered part of the release.
-    "helm.sh/hook": pre-delete
+    "helm.sh/hook": post-delete
     "helm.sh/hook-weight": "4"
     "helm.sh/hook-delete-policy": hook-succeeded
 spec:
@@ -75,7 +77,7 @@ spec:
         app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
         app.kubernetes.io/instance: {{ .Release.Name | quote }}
         helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-        app: kube-ovn-pre-delete-hook
+        app: kube-ovn-post-delete-hook
         component: job
     spec:
       tolerations:
@@ -91,7 +93,7 @@ spec:
                   - key: app
                     operator: In
                     values:
-                      - kube-ovn-pre-delete-hook
+                      - kube-ovn-post-delete-hook
                   - key: component
                     operator: In
                     values:
@@ -100,8 +102,8 @@ spec:
       hostNetwork: true
       nodeSelector:
         kubernetes.io/os: "linux"
-      serviceAccount: kube-ovn-pre-delete-hook
-      serviceAccountName: kube-ovn-pre-delete-hook
+      serviceAccount: kube-ovn-post-delete-hook
+      serviceAccountName: kube-ovn-post-delete-hook
       containers:
         - name: remove-subnet-finalizer
           image: "{{ .Values.global.registry.address}}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}"
@@ -113,7 +115,7 @@ spec:
           command:
             - sh
             - -c
-            - /kube-ovn/remove-subnet-finalizer.sh 2>&1 | tee -a /var/log/kube-ovn/remove-subnet-finalizer.log
+            - /kube-ovn/remove-finalizer.sh 2>&1 | tee -a /var/log/kube-ovn/remove-finalizer.log
           volumeMounts:
             - mountPath: /var/log/kube-ovn
               name: kube-ovn-log

charts/kube-ovn/templates/pre-delete-hook.yaml renamed to charts/kube-ovn/templates/post-delete-hook.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: kube-ovn-pre-delete-hook
+  name: kube-ovn-post-delete-hook
   namespace: {{ .Values.namespace }}
   annotations:
     # This is what defines this resource as a hook. Without this line, the
     # job is considered part of the release.
-    "helm.sh/hook": pre-delete
+    "helm.sh/hook": post-delete
     "helm.sh/hook-weight": "1"
     "helm.sh/hook-delete-policy": hook-succeeded
 ---
@@ -17,15 +17,17 @@ metadata:
     rbac.authorization.k8s.io/system-only: "true"
     # This is what defines this resource as a hook. Without this line, the
     # job is considered part of the release.
-    "helm.sh/hook": pre-delete
+    "helm.sh/hook": post-delete
     "helm.sh/hook-weight": "2"
     "helm.sh/hook-delete-policy": hook-succeeded
-  name: system:kube-ovn-pre-delete-hook
+  name: system:kube-ovn-post-delete-hook
 rules:
   - apiGroups:
       - kubeovn.io
     resources:
       - subnets
+      - vpcs
+      - ips
     verbs:
       - get
       - list
@@ -34,26 +36,26 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: kube-ovn-pre-delete-hook
+  name: kube-ovn-post-delete-hook
   annotations:
     # This is what defines this resource as a hook. Without this line, the
     # job is considered part of the release.
-    "helm.sh/hook": pre-delete
+    "helm.sh/hook": post-delete
     "helm.sh/hook-weight": "3"
     "helm.sh/hook-delete-policy": hook-succeeded
 roleRef:
-  name: system:kube-ovn-pre-delete-hook
+  name: system:kube-ovn-post-delete-hook
   kind: ClusterRole
   apiGroup: rbac.authorization.k8s.io
 subjects:
   - kind: ServiceAccount
-    name: kube-ovn-pre-delete-hook
+    name: kube-ovn-post-delete-hook
     namespace: {{ .Values.namespace }}
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: "{{ .Chart.Name }}-pre-delete-hook"
+  name: "{{ .Chart.Name }}-post-delete-hook"
   namespace: {{ .Values.namespace }}
   labels:
     app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
@@ -63,7 +65,7 @@ metadata:
   annotations:
     # This is what defines this resource as a hook. Without this line, the
     # job is considered part of the release.
-    "helm.sh/hook": pre-delete
+    "helm.sh/hook": post-delete
     "helm.sh/hook-weight": "4"
     "helm.sh/hook-delete-policy": hook-succeeded
 spec:
@@ -75,7 +77,7 @@ spec:
         app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
         app.kubernetes.io/instance: {{ .Release.Name | quote }}
         helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-        app: kube-ovn-pre-delete-hook
+        app: kube-ovn-post-delete-hook
         component: job
     spec:
       tolerations:
@@ -91,7 +93,7 @@ spec:
                   - key: app
                     operator: In
                     values:
-                      - kube-ovn-pre-delete-hook
+                      - kube-ovn-post-delete-hook
                   - key: component
                     operator: In
                     values:
@@ -100,8 +102,8 @@ spec:
       hostNetwork: true
       nodeSelector:
         kubernetes.io/os: "linux"
-      serviceAccount: kube-ovn-pre-delete-hook
-      serviceAccountName: kube-ovn-pre-delete-hook
+      serviceAccount: kube-ovn-post-delete-hook
+      serviceAccountName: kube-ovn-post-delete-hook
       containers:
         - name: remove-subnet-finalizer
           image: "{{ .Values.global.registry.address}}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}"
@@ -113,7 +115,7 @@ spec:
           command:
             - sh
             - -c
-            - /kube-ovn/remove-subnet-finalizer.sh 2>&1 | tee -a /var/log/kube-ovn/remove-subnet-finalizer.log
+            - /kube-ovn/remove-finalizer.sh 2>&1 | tee -a /var/log/kube-ovn/remove-finalizer.log
           volumeMounts:
             - mountPath: /var/log/kube-ovn
               name: kube-ovn-log

dist/images/remove-finalizer.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -ex
+
+for resource_type in subnet vpc ip; do
+  for resource in $(kubectl get "$resource_type" -o name); do
+    kubectl patch "$resource" --type='json' -p '[{"op": "replace", "path": "/metadata/finalizers", "value": []}]'
+  done
+done