From a0644ab3bb32b72da01225f523d0527813575f2b Mon Sep 17 00:00:00 2001 From: Artur Zheludkov Date: Wed, 21 Feb 2024 16:04:56 -0500 Subject: [PATCH 1/7] remove orphan network policy --- .../service/RedisFailoverClient.go | 14 ++++++++++++++ operator/redisfailover/ensurer.go | 4 ++++ operator/redisfailover/ensurer_test.go | 2 ++ operator/redisfailover/service/client.go | 18 ++++++++++++++++++ 4 files changed, 38 insertions(+) diff --git a/mocks/operator/redisfailover/service/RedisFailoverClient.go b/mocks/operator/redisfailover/service/RedisFailoverClient.go index de464abb9..3a4f650ff 100644 --- a/mocks/operator/redisfailover/service/RedisFailoverClient.go +++ b/mocks/operator/redisfailover/service/RedisFailoverClient.go @@ -14,6 +14,20 @@ type RedisFailoverClient struct { mock.Mock } +// DestroyRemainedRedisNetworkPolicy provides a mock function with given fields: rFailover +func (_m *RedisFailoverClient) DestroyRemainedRedisNetworkPolicy(rFailover *v1.RedisFailover) error { + ret := _m.Called(rFailover) + + var r0 error + if rf, ok := ret.Get(0).(func(*v1.RedisFailover) error); ok { + r0 = rf(rFailover) + } else { + r0 = ret.Error(0) + } + + return r0 +} + // DestroySentinelResources provides a mock function with given fields: rFailover func (_m *RedisFailoverClient) DestroySentinelResources(rFailover *v1.RedisFailover) error { ret := _m.Called(rFailover) diff --git a/operator/redisfailover/ensurer.go b/operator/redisfailover/ensurer.go index ee008eb9b..41f74c302 100644 --- a/operator/redisfailover/ensurer.go +++ b/operator/redisfailover/ensurer.go @@ -25,6 +25,10 @@ func (w *RedisFailoverHandler) Ensure(rf *redisfailoverv1.RedisFailover, labels } } + if err := w.rfService.DestroyRemainedRedisNetworkPolicy(rf); err != nil { + return err + } + if rf.Spec.Haproxy != nil { if err := w.rfService.EnsureHAProxyRedisMasterService(rf, labels, or); err != nil { return err diff --git a/operator/redisfailover/ensurer_test.go b/operator/redisfailover/ensurer_test.go index a62e0c751..f196f9d0d 100644 --- a/operator/redisfailover/ensurer_test.go +++ b/operator/redisfailover/ensurer_test.go @@ -151,6 +151,8 @@ func TestEnsure(t *testing.T) { mrfs.On("EnsureRedisReadinessConfigMap", rf, mock.Anything, mock.Anything).Once().Return(nil) mrfs.On("EnsureRedisStatefulset", rf, mock.Anything, mock.Anything).Once().Return(nil) + mrfs.On("DestroyRemainedRedisNetworkPolicy", rf, mock.Anything, mock.Anything).Once().Return(nil) + // Create the Kops client and call the valid logic. handler := rfOperator.NewRedisFailoverHandler(config, mrfs, mrfc, mrfh, mk, metrics.Dummy, log.Dummy) err := handler.Ensure(rf, map[string]string{}, []metav1.OwnerReference{}, metrics.Dummy) diff --git a/operator/redisfailover/service/client.go b/operator/redisfailover/service/client.go index 3e6b52f99..dec7973ef 100644 --- a/operator/redisfailover/service/client.go +++ b/operator/redisfailover/service/client.go @@ -38,6 +38,8 @@ type RedisFailoverClient interface { DestroySentinelResources(rFailover *redisfailoverv1.RedisFailover) error UpdateStatus(rFailover *redisfailoverv1.RedisFailover) (*redisfailoverv1.RedisFailover, error) + + DestroyRemainedRedisNetworkPolicy(rFailover *redisfailoverv1.RedisFailover) error } // RedisFailoverKubeClient implements the required methods to talk with kubernetes @@ -212,6 +214,22 @@ func (r *RedisFailoverKubeClient) DestroySentinelResources(rf *redisfailoverv1.R return err } +// DestroyRemainedRedisNetworkPolicy remove remained network policy +func (r *RedisFailoverKubeClient) DestroyRemainedRedisNetworkPolicy(rf *redisfailoverv1.RedisFailover) error { + + name := GetRedisNetworkPolicyName(rf) + + if _, err := r.K8SService.GetNetworkPolicy(rf.Namespace, name); err != nil { + // If no resource, do nothing + if errors.IsNotFound(err) { + return nil + } + } + + err := r.K8SService.DeleteNetworkPolicy(rf.Namespace, name) + return err +} + // EnsureRedisStatefulset makes sure the redis statefulset exists in the desired state func (r *RedisFailoverKubeClient) EnsureRedisStatefulset(rf *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error { if !rf.Spec.Redis.DisablePodDisruptionBudget { From caac88380bc03687aa76a28d75043b52ca16b16d Mon Sep 17 00:00:00 2001 From: Artur Zheludkov Date: Wed, 21 Feb 2024 16:11:02 -0500 Subject: [PATCH 2/7] Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f8f04c173..c681d7742 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,10 @@ Also check this project's [releases](https://github.com/powerhome/redis-operator ## Unreleased +### Fixed + +- [In version 2.0.1, the approach to generating network policy by the operator was modified. From v2.0.1 onwards, the operator no longer creates network policy for redis but continues to do it for sentinels. This fix automatically removes any leftover network policy from the namespace, eliminating the need for manual intervention](https://github.com/powerhome/redis-operator/pull/49) + ### Changed - Add default haproxy image #47 From ef064b29c1b9317aeeecd1da1051b553fe1fca07 Mon Sep 17 00:00:00 2001 From: Artur Zheludkov Date: Wed, 21 Feb 2024 16:56:23 -0500 Subject: [PATCH 3/7] Update operator/redisfailover/service/client.go Co-authored-by: Ben Langfeld --- operator/redisfailover/service/client.go | 1 - 1 file changed, 1 deletion(-) diff --git a/operator/redisfailover/service/client.go b/operator/redisfailover/service/client.go index dec7973ef..c53c0ed7e 100644 --- a/operator/redisfailover/service/client.go +++ b/operator/redisfailover/service/client.go @@ -214,7 +214,6 @@ func (r *RedisFailoverKubeClient) DestroySentinelResources(rf *redisfailoverv1.R return err } -// DestroyRemainedRedisNetworkPolicy remove remained network policy func (r *RedisFailoverKubeClient) DestroyRemainedRedisNetworkPolicy(rf *redisfailoverv1.RedisFailover) error { name := GetRedisNetworkPolicyName(rf) From 568957a4148a6123134e0e78c5ad9b09dd5e3081 Mon Sep 17 00:00:00 2001 From: Artur Zheludkov Date: Wed, 21 Feb 2024 16:56:37 -0500 Subject: [PATCH 4/7] Update operator/redisfailover/service/client.go Co-authored-by: Ben Langfeld --- operator/redisfailover/service/client.go | 1 - 1 file changed, 1 deletion(-) diff --git a/operator/redisfailover/service/client.go b/operator/redisfailover/service/client.go index c53c0ed7e..c3a48edda 100644 --- a/operator/redisfailover/service/client.go +++ b/operator/redisfailover/service/client.go @@ -219,7 +219,6 @@ func (r *RedisFailoverKubeClient) DestroyRemainedRedisNetworkPolicy(rf *redisfai name := GetRedisNetworkPolicyName(rf) if _, err := r.K8SService.GetNetworkPolicy(rf.Namespace, name); err != nil { - // If no resource, do nothing if errors.IsNotFound(err) { return nil } From 4cf92bfb82a92a3adf7b4652070fb5860c194300 Mon Sep 17 00:00:00 2001 From: Artur Zheludkov Date: Wed, 21 Feb 2024 20:43:12 -0500 Subject: [PATCH 5/7] Update operator/redisfailover/service/client.go Co-authored-by: Aaron Kuehler --- operator/redisfailover/service/client.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/operator/redisfailover/service/client.go b/operator/redisfailover/service/client.go index c3a48edda..c2011a381 100644 --- a/operator/redisfailover/service/client.go +++ b/operator/redisfailover/service/client.go @@ -221,6 +221,8 @@ func (r *RedisFailoverKubeClient) DestroyRemainedRedisNetworkPolicy(rf *redisfai if _, err := r.K8SService.GetNetworkPolicy(rf.Namespace, name); err != nil { if errors.IsNotFound(err) { return nil + } else { + return err } } From c83934f5181a8d939365901c9c99e3fa9255336e Mon Sep 17 00:00:00 2001 From: Artur Zheludkov Date: Wed, 21 Feb 2024 20:43:17 -0500 Subject: [PATCH 6/7] Update operator/redisfailover/service/client.go Co-authored-by: Aaron Kuehler --- operator/redisfailover/service/client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operator/redisfailover/service/client.go b/operator/redisfailover/service/client.go index c2011a381..51e4c7372 100644 --- a/operator/redisfailover/service/client.go +++ b/operator/redisfailover/service/client.go @@ -214,7 +214,7 @@ func (r *RedisFailoverKubeClient) DestroySentinelResources(rf *redisfailoverv1.R return err } -func (r *RedisFailoverKubeClient) DestroyRemainedRedisNetworkPolicy(rf *redisfailoverv1.RedisFailover) error { +func (r *RedisFailoverKubeClient) DestroydOrphanedRedisNetworkPolicy(rf *redisfailoverv1.RedisFailover) error { name := GetRedisNetworkPolicyName(rf) From 4ed83272bf76d844de5a5e8d4d87a321766ade1b Mon Sep 17 00:00:00 2001 From: Artur Zheludkov Date: Thu, 22 Feb 2024 08:37:24 -0500 Subject: [PATCH 7/7] rename method --- .../operator/redisfailover/service/RedisFailoverClient.go | 8 ++++---- operator/redisfailover/ensurer.go | 2 +- operator/redisfailover/ensurer_test.go | 2 +- operator/redisfailover/service/client.go | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/mocks/operator/redisfailover/service/RedisFailoverClient.go b/mocks/operator/redisfailover/service/RedisFailoverClient.go index 3a4f650ff..e12b989fe 100644 --- a/mocks/operator/redisfailover/service/RedisFailoverClient.go +++ b/mocks/operator/redisfailover/service/RedisFailoverClient.go @@ -14,8 +14,8 @@ type RedisFailoverClient struct { mock.Mock } -// DestroyRemainedRedisNetworkPolicy provides a mock function with given fields: rFailover -func (_m *RedisFailoverClient) DestroyRemainedRedisNetworkPolicy(rFailover *v1.RedisFailover) error { +// DestroySentinelResources provides a mock function with given fields: rFailover +func (_m *RedisFailoverClient) DestroySentinelResources(rFailover *v1.RedisFailover) error { ret := _m.Called(rFailover) var r0 error @@ -28,8 +28,8 @@ func (_m *RedisFailoverClient) DestroyRemainedRedisNetworkPolicy(rFailover *v1.R return r0 } -// DestroySentinelResources provides a mock function with given fields: rFailover -func (_m *RedisFailoverClient) DestroySentinelResources(rFailover *v1.RedisFailover) error { +// DestroydOrphanedRedisNetworkPolicy provides a mock function with given fields: rFailover +func (_m *RedisFailoverClient) DestroydOrphanedRedisNetworkPolicy(rFailover *v1.RedisFailover) error { ret := _m.Called(rFailover) var r0 error diff --git a/operator/redisfailover/ensurer.go b/operator/redisfailover/ensurer.go index 41f74c302..33870a3f2 100644 --- a/operator/redisfailover/ensurer.go +++ b/operator/redisfailover/ensurer.go @@ -25,7 +25,7 @@ func (w *RedisFailoverHandler) Ensure(rf *redisfailoverv1.RedisFailover, labels } } - if err := w.rfService.DestroyRemainedRedisNetworkPolicy(rf); err != nil { + if err := w.rfService.DestroydOrphanedRedisNetworkPolicy(rf); err != nil { return err } diff --git a/operator/redisfailover/ensurer_test.go b/operator/redisfailover/ensurer_test.go index f196f9d0d..2a8b11ac8 100644 --- a/operator/redisfailover/ensurer_test.go +++ b/operator/redisfailover/ensurer_test.go @@ -151,7 +151,7 @@ func TestEnsure(t *testing.T) { mrfs.On("EnsureRedisReadinessConfigMap", rf, mock.Anything, mock.Anything).Once().Return(nil) mrfs.On("EnsureRedisStatefulset", rf, mock.Anything, mock.Anything).Once().Return(nil) - mrfs.On("DestroyRemainedRedisNetworkPolicy", rf, mock.Anything, mock.Anything).Once().Return(nil) + mrfs.On("DestroydOrphanedRedisNetworkPolicy", rf, mock.Anything, mock.Anything).Once().Return(nil) // Create the Kops client and call the valid logic. handler := rfOperator.NewRedisFailoverHandler(config, mrfs, mrfc, mrfh, mk, metrics.Dummy, log.Dummy) diff --git a/operator/redisfailover/service/client.go b/operator/redisfailover/service/client.go index 51e4c7372..fef338439 100644 --- a/operator/redisfailover/service/client.go +++ b/operator/redisfailover/service/client.go @@ -39,7 +39,7 @@ type RedisFailoverClient interface { DestroySentinelResources(rFailover *redisfailoverv1.RedisFailover) error UpdateStatus(rFailover *redisfailoverv1.RedisFailover) (*redisfailoverv1.RedisFailover, error) - DestroyRemainedRedisNetworkPolicy(rFailover *redisfailoverv1.RedisFailover) error + DestroydOrphanedRedisNetworkPolicy(rFailover *redisfailoverv1.RedisFailover) error } // RedisFailoverKubeClient implements the required methods to talk with kubernetes