From 4a819c001a0778ef22e631976865b4d8fdbeab58 Mon Sep 17 00:00:00 2001 From: Jianjun Shen Date: Wed, 26 Aug 2020 17:26:01 -0700 Subject: [PATCH] Delete the registered APIService for "networking" API group --- build/yamls/antrea-aks.yml | 8 ++++++++ build/yamls/antrea-eks.yml | 8 ++++++++ build/yamls/antrea-gke.yml | 8 ++++++++ build/yamls/antrea-ipsec.yml | 8 ++++++++ build/yamls/antrea.yml | 8 ++++++++ build/yamls/base/controller-rbac.yml | 10 ++++++++++ cmd/antrea-controller/controller.go | 6 ++++++ pkg/apiserver/apiserver.go | 26 ++++++++++++++++++++++++++ 8 files changed, 82 insertions(+) diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index 9033af9866f..45584f997b6 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -590,6 +590,14 @@ rules: verbs: - get - update +- apiGroups: + - apiregistration.k8s.io + resourceNames: + - v1beta1.networking.antrea.tanzu.vmware.com + resources: + - apiservices + verbs: + - delete - apiGroups: - security.antrea.tanzu.vmware.com resources: diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index 55bcaad4792..0a8d81e625d 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -590,6 +590,14 @@ rules: verbs: - get - update +- apiGroups: + - apiregistration.k8s.io + resourceNames: + - v1beta1.networking.antrea.tanzu.vmware.com + resources: + - apiservices + verbs: + - delete - apiGroups: - security.antrea.tanzu.vmware.com resources: diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index 4cbfbcb3e58..15da1b9e71d 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -590,6 +590,14 @@ rules: verbs: - get - update +- apiGroups: + - apiregistration.k8s.io + resourceNames: + - v1beta1.networking.antrea.tanzu.vmware.com + resources: + - apiservices + verbs: + - delete - apiGroups: - security.antrea.tanzu.vmware.com resources: diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index 44c3907198b..31949ddbdd5 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -590,6 +590,14 @@ rules: verbs: - get - update +- apiGroups: + - apiregistration.k8s.io + resourceNames: + - v1beta1.networking.antrea.tanzu.vmware.com + resources: + - apiservices + verbs: + - delete - apiGroups: - security.antrea.tanzu.vmware.com resources: diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index 99eb33d9972..704f042441e 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -590,6 +590,14 @@ rules: verbs: - get - update +- apiGroups: + - apiregistration.k8s.io + resourceNames: + - v1beta1.networking.antrea.tanzu.vmware.com + resources: + - apiservices + verbs: + - delete - apiGroups: - security.antrea.tanzu.vmware.com resources: diff --git a/build/yamls/base/controller-rbac.yml b/build/yamls/base/controller-rbac.yml index c12846ac828..feadcc37d75 100644 --- a/build/yamls/base/controller-rbac.yml +++ b/build/yamls/base/controller-rbac.yml @@ -91,6 +91,16 @@ rules: verbs: - get - update + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + resourceNames: + # Add the APIServices for the deprecated APIGroups here. antrea-controller + # will try to delete the APIServices if they are registered. + - v1beta1.networking.antrea.tanzu.vmware.com + verbs: + - delete - apiGroups: - security.antrea.tanzu.vmware.com resources: diff --git a/cmd/antrea-controller/controller.go b/cmd/antrea-controller/controller.go index fbfe0e41d24..b7db6a10382 100644 --- a/cmd/antrea-controller/controller.go +++ b/cmd/antrea-controller/controller.go @@ -130,6 +130,12 @@ func run(o *Options) error { if err != nil { return fmt.Errorf("error creating API server: %v", err) } + + err = apiserver.CleanupDeprecatedAPIServices(aggregatorClient) + if err != nil { + return fmt.Errorf("failed to clean up the deprecated APIServices: %v", err) + } + // Set up signal capture: the first SIGTERM / SIGINT signal is handled gracefully and will // cause the stopCh channel to be closed; if another signal is received before the program // exits, we will force exit. diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go index 143d513ffb1..9b652ebdd8e 100644 --- a/pkg/apiserver/apiserver.go +++ b/pkg/apiserver/apiserver.go @@ -15,6 +15,9 @@ package apiserver import ( + "context" + + apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" @@ -23,6 +26,7 @@ import ( genericapiserver "k8s.io/apiserver/pkg/server" "k8s.io/client-go/informers" "k8s.io/klog" + "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" "github.com/vmware-tanzu/antrea/pkg/apis/controlplane" networkinginstall "github.com/vmware-tanzu/antrea/pkg/apis/controlplane/install" @@ -165,3 +169,25 @@ func (c completedConfig) New() (*APIServer, error) { return s, nil } + +// CleanupDeprecatedAPIServices deletes the registered APIService resources for +// the deprecated Antrea API groups. +func CleanupDeprecatedAPIServices(aggregatorClient clientset.Interface) error { + // The APIService of a deprecated API group should be added to the slice. + // After Antrea upgrades from an old version to a new version that + // deprecates a registered APIService, the APIService should be deleted, + // otherwise K8s will fail to delete an existing Namespace. + // Also check: https://github.com/vmware-tanzu/antrea/issues/494 + deprecatedAPIServices := []string{ + "v1beta1.networking.antrea.tanzu.vmware.com", + } + for _, as := range deprecatedAPIServices { + err := aggregatorClient.ApiregistrationV1().APIServices().Delete(context.TODO(), as, metav1.DeleteOptions{}) + if err == nil { + klog.Infof("Deleted the deprecated APIService %s", as) + } else if !apierrors.IsNotFound(err) { + return err + } + } + return nil +}