USHIFT-2444: Router enable/disable

.golangci.yaml

@@ -33,4 +33,13 @@ linters:
   - unparam
   - usestdlibvars
   - wastedassign
-  - whitespace
+  - whitespace
+
+linters-settings:
+  ireturn:
+    allow:
+      - anon
+      - error
+      - empty
+      - stdlib
+      - generic

assets/components/openshift-router/deployment.yaml

@@ -116,7 +116,6 @@ spec:
             optional: false
           defaultMode: 420
       restartPolicy: Always
-      terminationGracePeriodSeconds: 3600
       dnsPolicy: ClusterFirst
       nodeSelector:
         kubernetes.io/os: linux

cmd/generate-config/config/config-openapi-spec.json

@@ -73,7 +73,8 @@
     "ingress": {
       "type": "object",
       "required": [
-        "routeAdmissionPolicy"
+        "routeAdmissionPolicy",
+        "status"
       ],
       "properties": {
         "routeAdmissionPolicy": {
@@ -88,6 +89,11 @@
               "default": "InterNamespaceAllowed"
             }
           }
+        },
+        "status": {
+          "description": "Default router status, can be Managed or Removed.",
+          "type": "string",
+          "default": "Managed"
         }
       }
     },

docs/user/howto_config.md

@@ -20,6 +20,7 @@ etcd:
 ingress:
     routeAdmissionPolicy:
         namespaceOwnership: ""
+    status: ""
 manifests:
     kustomizePaths:
         - ""
@@ -59,6 +60,7 @@ etcd:
 ingress:
     routeAdmissionPolicy:
         namespaceOwnership: InterNamespaceAllowed
+    status: Managed
 manifests:
     kustomizePaths:
         - /usr/lib/microshift/manifests

packaging/microshift/config.yaml

@@ -25,6 +25,8 @@ ingress:
         #  - InterNamespaceAllowed: Allow routes to claim different paths of the same host name across namespaces. 
         #  If empty, the default is InterNamespaceAllowed.
         namespaceOwnership: InterNamespaceAllowed
+    # Default router status, can be Managed or Removed.
+    status: Managed
 manifests:
     # The locations on the filesystem to scan for kustomization files to use to load manifests. Set to a list of paths to scan only those paths. Set to an empty list to disable loading manifests. The entries in the list can be glob patterns to match multiple subdirectories.
     kustomizePaths:

pkg/assets/admission-registration.go

@@ -22,7 +22,7 @@ type validationWebhookCfg struct {
 	codec                   serializer.CodecFactory
 }
 
-func (v *validationWebhookCfg) Reader(objBytes []byte, renderFunc RenderFunc, params RenderParams) {
+func (v *validationWebhookCfg) Read(objBytes []byte, renderFunc RenderFunc, params RenderParams) {
 	var err error
 	if renderFunc != nil {
 		objBytes, err = renderFunc(objBytes, RenderParams{})
@@ -37,7 +37,7 @@ func (v *validationWebhookCfg) Reader(objBytes []byte, renderFunc RenderFunc, pa
 	v.validationWebhookConfig = obj.(*arV1.ValidatingWebhookConfiguration)
 }
 
-func (v *validationWebhookCfg) Applier(ctx context.Context) error {
+func (v *validationWebhookCfg) Handle(ctx context.Context) error {
 	_, _, err := resourceapply.ApplyValidatingWebhookConfigurationImproved(ctx, v.Client, assetsEventRecorder, v.validationWebhookConfig, resourceapply.NewResourceCache())
 	return err
 }
@@ -50,7 +50,7 @@ func admissionRegistrationClient(kubeconfigPath string) *arClientV1.Admissionreg
 	return arClientV1.NewForConfigOrDie(rest.AddUserAgent(restConfig, "admission-registration"))
 }
 
-func applyAdmissionRegistration(ctx context.Context, admissionRegistrations []string, applier readerApplier, render RenderFunc, params RenderParams) error {
+func applyAdmissionRegistration(ctx context.Context, admissionRegistrations []string, handler resourceHandler, render RenderFunc, params RenderParams) error {
 	lock.Lock()
 	defer lock.Unlock()
 
@@ -60,8 +60,8 @@ func applyAdmissionRegistration(ctx context.Context, admissionRegistrations []st
 		if err != nil {
 			return fmt.Errorf("error getting embedded asset %s: %w", ar, err)
 		}
-		applier.Reader(objBytes, render, params)
-		if err := applier.Applier(ctx); err != nil {
+		handler.Read(objBytes, render, params)
+		if err := handler.Handle(ctx); err != nil {
 			klog.Warningf("failed to apply admissionRegistration object: %s, %v", ar, err)
 			return err
 		}

pkg/assets/apps.go

@@ -42,7 +42,7 @@ type dpApplier struct {
 	dp     *appsv1.Deployment
 }
 
-func (d *dpApplier) Reader(objBytes []byte, render RenderFunc, params RenderParams) {
+func (d *dpApplier) Read(objBytes []byte, render RenderFunc, params RenderParams) {
 	var err error
 	if render != nil {
 		objBytes, err = render(objBytes, params)
@@ -57,7 +57,7 @@ func (d *dpApplier) Reader(objBytes []byte, render RenderFunc, params RenderPara
 	d.dp = obj.(*appsv1.Deployment)
 }
 
-func (d *dpApplier) Applier(ctx context.Context) error {
+func (d *dpApplier) Handle(ctx context.Context) error {
 	_, _, err := resourceapply.ApplyDeployment(ctx, d.Client, assetsEventRecorder, d.dp, 0)
 	return err
 }
@@ -67,7 +67,7 @@ type dsApplier struct {
 	ds     *appsv1.DaemonSet
 }
 
-func (d *dsApplier) Reader(objBytes []byte, render RenderFunc, params RenderParams) {
+func (d *dsApplier) Read(objBytes []byte, render RenderFunc, params RenderParams) {
 	var err error
 	if render != nil {
 		objBytes, err = render(objBytes, params)
@@ -81,12 +81,12 @@ func (d *dsApplier) Reader(objBytes []byte, render RenderFunc, params RenderPara
 	}
 	d.ds = obj.(*appsv1.DaemonSet)
 }
-func (d *dsApplier) Applier(ctx context.Context) error {
+func (d *dsApplier) Handle(ctx context.Context) error {
 	_, _, err := resourceapply.ApplyDaemonSet(ctx, d.Client, assetsEventRecorder, d.ds, 0)
 	return err
 }
 
-func applyApps(ctx context.Context, apps []string, applier readerApplier, render RenderFunc, params RenderParams) error {
+func applyApps(ctx context.Context, apps []string, handler resourceHandler, render RenderFunc, params RenderParams) error {
 	lock.Lock()
 	defer lock.Unlock()
 
@@ -96,8 +96,8 @@ func applyApps(ctx context.Context, apps []string, applier readerApplier, render
 		if err != nil {
 			return fmt.Errorf("error getting asset %s: %v", app, err)
 		}
-		applier.Reader(objBytes, render, params)
-		if err := applier.Applier(ctx); err != nil {
+		handler.Read(objBytes, render, params)
+		if err := handler.Handle(ctx); err != nil {
 			klog.Warningf("Failed to apply apps api %s: %v", app, err)
 			return err
 		}

pkg/assets/core.go

@@ -28,11 +28,6 @@ func init() {
 	}
 }
 
-type nsApplier struct {
-	Client *coreclientv1.CoreV1Client
-	ns     *corev1.Namespace
-}
-
 func coreClient(kubeconfigPath string) *coreclientv1.CoreV1Client {
 	restConfig, err := clientcmd.BuildConfigFromFlags("", kubeconfigPath)
 	if err != nil {
@@ -42,7 +37,7 @@ func coreClient(kubeconfigPath string) *coreclientv1.CoreV1Client {
 	return coreclientv1.NewForConfigOrDie(rest.AddUserAgent(restConfig, "core-agent"))
 }
 
-func (ns *nsApplier) Reader(objBytes []byte, render RenderFunc, params RenderParams) {
+func readCore[T any](objBytes []byte, render RenderFunc, params RenderParams) T {
 	var err error
 	if render != nil {
 		objBytes, err = render(objBytes, params)
@@ -54,35 +49,47 @@ func (ns *nsApplier) Reader(objBytes []byte, render RenderFunc, params RenderPar
 	if err != nil {
 		panic(err)
 	}
-	ns.ns = obj.(*corev1.Namespace)
+	return obj.(T)
 }
 
-func (ns *nsApplier) Applier(ctx context.Context) error {
+type nsApplier struct {
+	Client *coreclientv1.CoreV1Client
+	ns     *corev1.Namespace
+}
+
+func (ns *nsApplier) Read(objBytes []byte, render RenderFunc, params RenderParams) {
+	ns.ns = readCore[*corev1.Namespace](objBytes, render, params)
+}
+
+func (ns *nsApplier) Handle(ctx context.Context) error {
 	_, _, err := resourceapply.ApplyNamespace(ctx, ns.Client, assetsEventRecorder, ns.ns)
 	return err
 }
 
+type nsDeleter struct {
+	Client *coreclientv1.CoreV1Client
+	ns     *corev1.Namespace
+}
+
+func (ns *nsDeleter) Read(objBytes []byte, render RenderFunc, params RenderParams) {
+	ns.ns = readCore[*corev1.Namespace](objBytes, render, params)
+}
+
+func (ns *nsDeleter) Handle(ctx context.Context) error {
+	_, _, err := resourceapply.DeleteNamespace(ctx, ns.Client, assetsEventRecorder, ns.ns)
+	return err
+}
+
 type secretApplier struct {
 	Client *coreclientv1.CoreV1Client
 	secret *corev1.Secret
 }
 
-func (secret *secretApplier) Reader(objBytes []byte, render RenderFunc, params RenderParams) {
-	var err error
-	if render != nil {
-		objBytes, err = render(objBytes, params)
-		if err != nil {
-			panic(err)
-		}
-	}
-	obj, err := runtime.Decode(coreCodecs.UniversalDecoder(corev1.SchemeGroupVersion), objBytes)
-	if err != nil {
-		panic(err)
-	}
-	secret.secret = obj.(*corev1.Secret)
+func (secret *secretApplier) Read(objBytes []byte, render RenderFunc, params RenderParams) {
+	secret.secret = readCore[*corev1.Secret](objBytes, render, params)
 }
 
-func (secret *secretApplier) Applier(ctx context.Context) error {
+func (secret *secretApplier) Handle(ctx context.Context) error {
 	_, _, err := resourceapply.ApplySecret(ctx, secret.Client, assetsEventRecorder, secret.secret)
 	return err
 }
@@ -92,22 +99,11 @@ type svcApplier struct {
 	svc    *corev1.Service
 }
 
-func (svc *svcApplier) Reader(objBytes []byte, render RenderFunc, params RenderParams) {
-	var err error
-	if render != nil {
-		objBytes, err = render(objBytes, params)
-		if err != nil {
-			panic(err)
-		}
-	}
-	obj, err := runtime.Decode(coreCodecs.UniversalDecoder(corev1.SchemeGroupVersion), objBytes)
-	if err != nil {
-		panic(err)
-	}
-	svc.svc = obj.(*corev1.Service)
+func (svc *svcApplier) Read(objBytes []byte, render RenderFunc, params RenderParams) {
+	svc.svc = readCore[*corev1.Service](objBytes, render, params)
 }
 
-func (svc *svcApplier) Applier(ctx context.Context) error {
+func (svc *svcApplier) Handle(ctx context.Context) error {
 	_, _, err := resourceapply.ApplyService(ctx, svc.Client, assetsEventRecorder, svc.svc)
 	return err
 }
@@ -117,22 +113,11 @@ type saApplier struct {
 	sa     *corev1.ServiceAccount
 }
 
-func (sa *saApplier) Reader(objBytes []byte, render RenderFunc, params RenderParams) {
-	var err error
-	if render != nil {
-		objBytes, err = render(objBytes, params)
-		if err != nil {
-			panic(err)
-		}
-	}
-	obj, err := runtime.Decode(coreCodecs.UniversalDecoder(corev1.SchemeGroupVersion), objBytes)
-	if err != nil {
-		panic(err)
-	}
-	sa.sa = obj.(*corev1.ServiceAccount)
+func (sa *saApplier) Read(objBytes []byte, render RenderFunc, params RenderParams) {
+	sa.sa = readCore[*corev1.ServiceAccount](objBytes, render, params)
 }
 
-func (sa *saApplier) Applier(ctx context.Context) error {
+func (sa *saApplier) Handle(ctx context.Context) error {
 	_, _, err := resourceapply.ApplyServiceAccount(ctx, sa.Client, assetsEventRecorder, sa.sa)
 	return err
 }
@@ -142,27 +127,16 @@ type cmApplier struct {
 	cm     *corev1.ConfigMap
 }
 
-func (cm *cmApplier) Reader(objBytes []byte, render RenderFunc, params RenderParams) {
-	var err error
-	if render != nil {
-		objBytes, err = render(objBytes, params)
-		if err != nil {
-			panic(err)
-		}
-	}
-	obj, err := runtime.Decode(coreCodecs.UniversalDecoder(corev1.SchemeGroupVersion), objBytes)
-	if err != nil {
-		panic(err)
-	}
-	cm.cm = obj.(*corev1.ConfigMap)
+func (cm *cmApplier) Read(objBytes []byte, render RenderFunc, params RenderParams) {
+	cm.cm = readCore[*corev1.ConfigMap](objBytes, render, params)
 }
 
-func (cm *cmApplier) Applier(ctx context.Context) error {
+func (cm *cmApplier) Handle(ctx context.Context) error {
 	_, _, err := resourceapply.ApplyConfigMap(ctx, cm.Client, assetsEventRecorder, cm.cm)
 	return err
 }
 
-func applyCore(ctx context.Context, cores []string, applier readerApplier, render RenderFunc, params RenderParams) error {
+func handleCore(ctx context.Context, cores []string, handler resourceHandler, render RenderFunc, params RenderParams) error {
 	lock.Lock()
 	defer lock.Unlock()
 
@@ -172,8 +146,8 @@ func applyCore(ctx context.Context, cores []string, applier readerApplier, rende
 		if err != nil {
 			return fmt.Errorf("error getting asset %s: %v", core, err)
 		}
-		applier.Reader(objBytes, render, params)
-		if err := applier.Applier(ctx); err != nil {
+		handler.Read(objBytes, render, params)
+		if err := handler.Handle(ctx); err != nil {
 			klog.Warningf("Failed to apply corev1 api %s: %v", core, err)
 			return err
 		}
@@ -185,25 +159,31 @@ func applyCore(ctx context.Context, cores []string, applier readerApplier, rende
 func ApplyNamespaces(ctx context.Context, cores []string, kubeconfigPath string) error {
 	ns := &nsApplier{}
 	ns.Client = coreClient(kubeconfigPath)
-	return applyCore(ctx, cores, ns, nil, nil)
+	return handleCore(ctx, cores, ns, nil, nil)
+}
+
+func DeleteNamespaces(ctx context.Context, cores []string, kubeconfigPath string) error {
+	ns := &nsDeleter{}
+	ns.Client = coreClient(kubeconfigPath)
+	return handleCore(ctx, cores, ns, nil, nil)
 }
 
 func ApplyServices(ctx context.Context, cores []string, render RenderFunc, params RenderParams, kubeconfigPath string) error {
 	svc := &svcApplier{}
 	svc.Client = coreClient(kubeconfigPath)
-	return applyCore(ctx, cores, svc, render, params)
+	return handleCore(ctx, cores, svc, render, params)
 }
 
 func ApplyServiceAccounts(ctx context.Context, cores []string, kubeconfigPath string) error {
 	sa := &saApplier{}
 	sa.Client = coreClient(kubeconfigPath)
-	return applyCore(ctx, cores, sa, nil, nil)
+	return handleCore(ctx, cores, sa, nil, nil)
 }
 
 func ApplyConfigMaps(ctx context.Context, cores []string, render RenderFunc, params RenderParams, kubeconfigPath string) error {
 	cm := &cmApplier{}
 	cm.Client = coreClient(kubeconfigPath)
-	return applyCore(ctx, cores, cm, render, params)
+	return handleCore(ctx, cores, cm, render, params)
 }
 
 func ApplyConfigMapWithData(ctx context.Context, cmPath string, data map[string]string, kubeconfigPath string) error {
@@ -213,7 +193,7 @@ func ApplyConfigMapWithData(ctx context.Context, cmPath string, data map[string]
 	if err != nil {
 		return err
 	}
-	cm.Reader(cmBytes, nil, nil)
+	cm.Read(cmBytes, nil, nil)
 	cm.cm.Data = data
 	_, _, err = resourceapply.ApplyConfigMap(ctx, cm.Client, assetsEventRecorder, cm.cm)
 	return err
@@ -226,7 +206,7 @@ func ApplySecretWithData(ctx context.Context, secretPath string, data map[string
 	if err != nil {
 		return err
 	}
-	secret.Reader(secretBytes, nil, nil)
+	secret.Read(secretBytes, nil, nil)
 	secret.secret.Data = data
 	_, _, err = resourceapply.ApplySecret(ctx, secret.Client, assetsEventRecorder, secret.secret)
 	return err