Improved HelmRelease deletion

.gitignore

@@ -19,3 +19,6 @@ go.work.sum
 *.swp
 *.swo
 *~
+
+# Vendoring directory
+vendor

api/v1alpha1/deployment_types.go

@@ -23,10 +23,13 @@ import (
 
 const (
 	DeploymentFinalizer = "hmc.mirantis.com/deployment"
+	BlockingFinalizer   = "hmc.mirantis.com/do-not-delete"
 
 	FluxHelmChartNameKey = "helm.toolkit.fluxcd.io/name"
 	HMCManagedLabelKey   = "hmc.mirantis.com/managed"
 	HMCManagedLabelValue = "true"
+
+	ClusterNameLabelKey = "cluster.x-k8s.io/cluster-name"
 )
 
 const (

internal/controller/deployment_controller.go

@@ -18,10 +18,9 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"slices"
 	"time"
 
-	"k8s.io/apimachinery/pkg/labels"
-
 	hcv2 "github.com/fluxcd/helm-controller/api/v2"
 	fluxmeta "github.com/fluxcd/pkg/apis/meta"
 	fluxconditions "github.com/fluxcd/pkg/runtime/conditions"
@@ -33,6 +32,7 @@ import (
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
@@ -395,6 +395,12 @@ func (r *DeploymentReconciler) Delete(ctx context.Context, l logr.Logger, deploy
 		}
 		return ctrl.Result{}, err
 	}
+
+	err = r.releaseAWSCluster(ctx, deployment.Namespace, hr.Name, deployment.Spec.Template)
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+
 	err = helm.DeleteHelmRelease(ctx, r.Client, deployment.Name, deployment.Namespace)
 	if err != nil {
 		return ctrl.Result{}, err
@@ -403,6 +409,91 @@ func (r *DeploymentReconciler) Delete(ctx context.Context, l logr.Logger, deploy
 	return ctrl.Result{RequeueAfter: 10 * time.Second}, nil
 }
 
+func (r *DeploymentReconciler) releaseAWSCluster(ctx context.Context, namespace, clusterName, templateName string) error {
+	aws, err := r.hasAWSProvider(ctx, templateName)
+	if err != nil {
+		return err
+	}
+	if !aws {
+		// nothing to do - we can skip this step
+		return nil
+	}
+
+	found, err := r.machinesAvailable(ctx, namespace, clusterName)
+	if err != nil {
+		return err
+	}
+
+	if !found {
+		return r.removeAWSClusterFinalizer(ctx, namespace, clusterName)
+	}
+
+	return nil
+}
+
+func (r *DeploymentReconciler) hasAWSProvider(ctx context.Context, templateName string) (bool, error) {
+	template := &hmc.Template{}
+	templateRef := types.NamespacedName{Name: templateName, Namespace: hmc.TemplatesNamespace}
+	if err := r.Get(ctx, templateRef, template); err != nil {
+		log.FromContext(ctx).Error(err, "Failed to get Template")
+		return false, err
+	}
+	return slices.Contains(template.Status.Providers.InfrastructureProviders, "aws"), nil
+}
+
+func (r *DeploymentReconciler) removeAWSClusterFinalizer(ctx context.Context, namespace, clusterName string) error {
+	l := log.FromContext(ctx)
+	opts := &client.ListOptions{
+		LabelSelector: labels.SelectorFromSet(map[string]string{hmc.FluxHelmChartNameKey: clusterName}),
+	}
+	gvk := schema.GroupVersionKind{
+		Group:   "infrastructure.cluster.x-k8s.io",
+		Version: "v1beta2",
+		Kind:    "awscluster",
+	}
+	itemsList := &metav1.PartialObjectMetadataList{}
+	itemsList.SetGroupVersionKind(gvk)
+	if err := r.Client.List(ctx, itemsList, opts); err != nil {
+		return err
+	}
+	if len(itemsList.Items) == 0 {
+		l.Info("AWSCluster object not found", "awscluster", clusterName)
+		return nil
+	}
+
+	cluster := itemsList.Items[0]
+
+	l.Info("Ensure we allow to stop AWSCluster", "finalizer", hmc.BlockingFinalizer)
+	originalCluster := cluster
+	finalizersUpdated := controllerutil.RemoveFinalizer(&cluster, hmc.BlockingFinalizer)
+	if finalizersUpdated {
+		if err := r.Client.Patch(ctx, &originalCluster, client.MergeFrom(&cluster)); err != nil {
+			return fmt.Errorf("failed to patch cluster %s/%s: %w", namespace, clusterName, err)
+		}
+	}
+
+	return nil
+}
+
+func (r *DeploymentReconciler) machinesAvailable(ctx context.Context, namespace, clusterName string) (bool, error) {
+	opts := &client.ListOptions{
+		LabelSelector: labels.SelectorFromSet(map[string]string{hmc.ClusterNameLabelKey: clusterName}),
+		Namespace:     namespace,
+		Limit:         1,
+	}
+	gvk := schema.GroupVersionKind{
+		Group:   "cluster.x-k8s.io",
+		Version: "v1beta1",
+		Kind:    "machine",
+	}
+	itemsList := &metav1.PartialObjectMetadataList{}
+	itemsList.SetGroupVersionKind(gvk)
+	if err := r.Client.List(ctx, itemsList, opts); err != nil {
+		return false, err
+	}
+	return len(itemsList.Items) != 0, nil
+}
+
 // SetupWithManager sets up the controller with the Manager.
 func (r *DeploymentReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(mgr).

templates/aws-hosted-cp/templates/awscluster.yaml

@@ -4,6 +4,8 @@ metadata:
   name: {{ include "cluster.name" . }}
   annotations:
     cluster.x-k8s.io/managed-by: k0smotron
+  finalizers:
+  - hmc.mirantis.com/do-not-delete
 spec:
   region: {{ .Values.region }}
   # identityRef:

templates/hmc/templates/rbac/roles.yaml

@@ -121,6 +121,23 @@ rules:
   - certificates
   verbs:
   - create
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - awsclusters
+  verbs:
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machines
+  verbs:
+  - get
+  - list
+  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role