From f7d62f5b22a3d44550091bdd2c37eaf0978ca9a0 Mon Sep 17 00:00:00 2001 From: Simon Murray Date: Wed, 13 Mar 2024 09:33:27 +0000 Subject: [PATCH] Add Better Provider GC Support (#24) Obviously nothing is done yet, but we can better spot orphans when using a UID. Also sneak in a fix for cluster provisioning. --- pkg/providers/openstack/provider.go | 26 ++++++++++++------- .../clusteropenstack/provisioner.go | 2 +- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/pkg/providers/openstack/provider.go b/pkg/providers/openstack/provider.go index 4143e704..b4aad416 100644 --- a/pkg/providers/openstack/provider.go +++ b/pkg/providers/openstack/provider.go @@ -309,26 +309,34 @@ const ( ProjectIDAnnotation = "openstack.unikorn-cloud.org/project-id" // Projects are randomly named to avoid clashes, so we need to add some tags - // in order to be able to reason about who they really belong to. + // in order to be able to reason about who they really belong to. It is also + // useful to have these in place so we can spot orphaned resources and garbage + // collect them. OrganizationTag = "organization" ProjectTag = "project" ClusterTag = "cluster" + ClusterUUIDTag = "clusterUUID" ) -// provisionProject creates a project per-cluster. Cluster API provider Openstack is -// somewhat broken in that networks can alias and cause all kinds of disasters, so it's -// safest to have one cluster in one project so it has its own namespace. -func (p *Provider) provisionProject(ctx context.Context, identityService *IdentityClient, cluster *unikornv1.KubernetesCluster) (*projects.Project, error) { - name := "unikorn-" + rand.String(8) - - // Set some tags so we can audit who owns this projects. +// projectTags defines how to tag projects. +func projectTags(cluster *unikornv1.KubernetesCluster) []string { tags := []string{ OrganizationTag + "=" + cluster.Labels[constants.OrganizationLabel], ProjectTag + "=" + cluster.Labels[constants.ProjectLabel], ClusterTag + "=" + cluster.Name, + ClusterUUIDTag + "=" + string(cluster.UID), } - project, err := identityService.CreateProject(ctx, p.domainID, name, tags) + return tags +} + +// provisionProject creates a project per-cluster. Cluster API provider Openstack is +// somewhat broken in that networks can alias and cause all kinds of disasters, so it's +// safest to have one cluster in one project so it has its own namespace. +func (p *Provider) provisionProject(ctx context.Context, identityService *IdentityClient, cluster *unikornv1.KubernetesCluster) (*projects.Project, error) { + name := "unikorn-" + rand.String(8) + + project, err := identityService.CreateProject(ctx, p.domainID, name, projectTags(cluster)) if err != nil { return nil, err } diff --git a/pkg/provisioners/helmapplications/clusteropenstack/provisioner.go b/pkg/provisioners/helmapplications/clusteropenstack/provisioner.go index d5e5a39e..eba6138b 100644 --- a/pkg/provisioners/helmapplications/clusteropenstack/provisioner.go +++ b/pkg/provisioners/helmapplications/clusteropenstack/provisioner.go @@ -241,7 +241,7 @@ func (p *Provisioner) Values(ctx context.Context, version *string) (interface{}, }, "serverMetadata": serverMetadata, }, - "clusterManager": map[string]interface{}{ + "controlPlane": map[string]interface{}{ "replicas": *cluster.Spec.ControlPlane.Replicas, "machine": p.generateMachineHelmValues(&cluster.Spec.ControlPlane.MachineGeneric, nil), },