Explicitly delete onloader configs on delete BackendConfig.

5b0e74ee · Geoff Simmons · add480e4 · 5b0e74ee · 5b0e74ee
Commit 5b0e74ee authored Jul 04, 2024 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 98 additions and 11 deletions

backendconfig.go pkg/controller/backendconfig.go +74 -11

haproxy.go pkg/haproxy/haproxy.go +24 -0

No files found.
--- a/pkg/controller/backendconfig.go
+++ b/pkg/controller/backendconfig.go
@@ -38,22 +38,17 @@ import (
 	"k8s.io/apimachinery/pkg/labels"
 )

-func (worker *NamespaceWorker) enqueueIngsForBackendSvcs(svcs []string,
-	namespace, name string) update.Status {
-
-	svc2ing := make(map[string]*net_v1.Ingress)
+func (worker *NamespaceWorker) svc2IngMap(
+	svcs []string,
+) (map[string]*net_v1.Ingress, error) {
 	ings, err := worker.ing.List(labels.Everything())
 	if errors.IsNotFound(err) {
-		return update.MakeNoop(
-			"BackendConfig %s/%s: no Ingresses found in workspace %s",
-			namespace, name, worker.namespace)
+		return nil, nil
 	}
 	if err != nil {
-		return update.MakeRecoverable("%v", err)
+		return nil, err
 	}
-	worker.log.Debugf("enqueue Ingresses for BackendConfig %s/%s: "+
-		"found %d Ingresses in the namespace", namespace, name,
-		len(ings))
+	svc2ing := make(map[string]*net_v1.Ingress)
 	for _, ing := range ings {
 		if ing.Spec.DefaultBackend != nil {
 			svc2ing[ing.Spec.DefaultBackend.Service.Name] = ing
@@ -67,7 +62,22 @@ func (worker *NamespaceWorker) enqueueIngsForBackendSvcs(svcs []string,
 			}
 		}
 	}
+	return svc2ing, nil
+}

+func (worker *NamespaceWorker) enqueueIngsForBackendSvcs(
+	svcs []string,
+	namespace, name string,
+) update.Status {
+	svc2ing, err := worker.svc2IngMap(svcs)
+	if err != nil {
+		return update.MakeRecoverable("%v", err)
+	}
+	if svc2ing == nil {
+		return update.MakeNoop(
+			"BackendConfig %s/%s: no Ingresses found in workspace %s",
+			namespace, name, worker.namespace)
+	}
 	svcSet := make(map[string]struct{})
 	for _, svc := range svcs {
 		if _, exists := svcSet[svc]; exists {
@@ -86,6 +96,44 @@ func (worker *NamespaceWorker) enqueueIngsForBackendSvcs(svcs []string,
 		"BackendConfig %s/%s: re-queued Ingress(es)", namespace, name)
 }

+func (worker *NamespaceWorker) bcfgDeleteOnload(
+	svc2ing map[string]*net_v1.Ingress,
+	namespace, name string,
+) error {
+	if svc2ing == nil || len(svc2ing) == 0 {
+		worker.log.Infof("BackendConfig %s/%s: no Ingresses found "+
+			"in namespace %s specifying Services with TLS onload",
+			namespace, name, worker.namespace)
+		return nil
+	}
+	for svc, ing := range svc2ing {
+		vSvc, err := worker.getVarnishSvcForIng(ing)
+		if err != nil {
+			if errors.IsNotFound(err) {
+				worker.log.Infof("BackendConfig %s/%s: "+
+					"no viking Service found for "+
+					"Ingress %s/%s, ignoring",
+					namespace, name, ing.Namespace,
+					ing.Name)
+				continue
+			}
+			return err
+		}
+		worker.log.Infof("BackendConfig %s/%s: delete onloader at %s",
+			namespace, name, svc)
+		err = worker.hController.DeleteOnldr(svc, namespace+"/"+name)
+		if err != nil {
+			worker.log.Errorf(
+				"BackendConfig %s/%s: error deleting onload "+
+					"service %s at %s/%s: %v",
+				namespace, name, svc, vSvc.Namespace, vSvc.Name,
+				err)
+			return err
+		}
+	}
+	return nil
+}
+
 func (worker *NamespaceWorker) syncBcfg(key string) update.Status {
 	worker.log.Infof("Syncing BackendConfig: %s/%s", worker.namespace, key)
 	bcfg, err := worker.bcfg.Get(key)
@@ -131,6 +179,21 @@ func (worker *NamespaceWorker) deleteBcfg(obj interface{}) update.Status {
 	}
 	worker.log.Infof("Deleting BackendConfig: %s/%s", bcfg.Namespace,
 		bcfg.Name)
+	if bcfg.Spec.TLS != nil && worker.varnishImpl == "klarlack" {
+		worker.log.Infof("BackendConfig %s/%s: delete TLS onload",
+			bcfg.Namespace, bcfg.Name)
+		svc2ing, err := worker.svc2IngMap(bcfg.Spec.Services)
+		if err != nil {
+			return update.MakeRecoverable("%v", err)
+		}
+		err = worker.bcfgDeleteOnload(svc2ing, bcfg.Namespace,
+			bcfg.Name)
+		if err != nil {
+			return update.MakeRecoverable("%v", err)
+		}
+		worker.log.Infof("BackendConfig %s/%s: TLS onload deleted",
+			bcfg.Namespace, bcfg.Name)
+	}
 	return worker.enqueueIngsForBackendSvcs(bcfg.Spec.Services,
 		bcfg.Namespace, bcfg.Name)
 }
--- a/pkg/haproxy/haproxy.go
+++ b/pkg/haproxy/haproxy.go
@@ -1002,6 +1002,30 @@ func (hc *Controller) DeleteTLSSecret(
 			"for TLS Secret %s", svcKey, secret)
 }

+func (hc *Controller) DeleteOnldr(svcKey, onldSvcKey string) error {
+	svc, exists := hc.svcs[svcKey]
+	if !exists {
+		hc.log.Infof("haproxy service %s: not found, ignoring "+
+			"onloader deletion", svcKey)
+		return nil
+	}
+	if svc.spec == nil {
+		hc.log.Infof("haproxy service %s: no current spec, ignoring "+
+			"onloader deletion", svcKey)
+		return nil
+	}
+	onldMap := svc.spec.Onload
+	if _, exists := onldMap[onldSvcKey]; !exists {
+		hc.log.Infof("haproxy service %s: onload service %s not found,"+
+			" ignoring onloader deletion", svcKey, onldSvcKey)
+		return nil
+	}
+	delete(onldMap, onldSvcKey)
+	hc.log.Infof("haproxy service %s: updating for onload service "+
+		"%s deletion", svcKey, onldSvcKey)
+	return hc.updateOffldSvc(svcKey)
+}
+
 // SetDataplaneSecret stores the secret to be used as the Basic Auth
 // password used in requests to a dataplane API, under the name given
 // in key (from the namespace/name of a k8s Secret).