Merge pull request #76 from projectsyn/deletion

Deletion

CHANGELOG.md

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## Unreleased
+### Added
+- The operator can now remove external resources: Vault, Git Repository and Files in a repository
+
 ## v0.1.5 - 2020-06-12
 ### Added
 - Kustomize setup ([#71])

deploy/crds/syn.tools_clusters_crd.yaml

@@ -41,6 +41,16 @@ spec:
         spec:
           description: ClusterSpec defines the desired state of Cluster
           properties:
+            deletionPolicy:
+              description: 'DeletionPolicy defines how the external resources should
+                be treated upon CR deletion. Retain: will not delete any external
+                resources Delete: will delete the external resources Archive: will
+                archive the external resources, if it supports that'
+              enum:
+              - Delete
+              - Retain
+              - Archive
+              type: string
             displayName:
               description: DisplayName of cluster which could be different from metadata.name.
                 Allows cluster renaming should it be needed.
@@ -69,6 +79,16 @@ spec:
                         name must be unique.
                       type: string
                   type: object
+                deletionPolicy:
+                  description: 'DeletionPolicy defines how the external resources
+                    should be treated upon CR deletion. Retain: will not delete any
+                    external resources Delete: will delete the external resources
+                    Archive: will archive the external resources, if it supports that'
+                  enum:
+                  - Delete
+                  - Retain
+                  - Archive
+                  type: string
                 deployKeys:
                   additionalProperties:
                     description: DeployKey defines an SSH key to be used for git operations.

deploy/crds/syn.tools_gitrepos_crd.yaml

@@ -57,6 +57,16 @@ spec:
                     name must be unique.
                   type: string
               type: object
+            deletionPolicy:
+              description: 'DeletionPolicy defines how the external resources should
+                be treated upon CR deletion. Retain: will not delete any external
+                resources Delete: will delete the external resources Archive: will
+                archive the external resources, if it supports that'
+              enum:
+              - Delete
+              - Retain
+              - Archive
+              type: string
             deployKeys:
               additionalProperties:
                 description: DeployKey defines an SSH key to be used for git operations.

deploy/crds/syn.tools_tenants_crd.yaml

@@ -38,6 +38,16 @@ spec:
         spec:
           description: TenantSpec defines the desired state of Tenant
           properties:
+            deletionPolicy:
+              description: 'DeletionPolicy defines how the external resources should
+                be treated upon CR deletion. Retain: will not delete any external
+                resources Delete: will delete the external resources Archive: will
+                archive the external resources, if it supports that'
+              enum:
+              - Delete
+              - Retain
+              - Archive
+              type: string
             displayName:
               description: DisplayName is the display name of the tenant.
               type: string
@@ -58,6 +68,16 @@ spec:
                         name must be unique.
                       type: string
                   type: object
+                deletionPolicy:
+                  description: 'DeletionPolicy defines how the external resources
+                    should be treated upon CR deletion. Retain: will not delete any
+                    external resources Delete: will delete the external resources
+                    Archive: will archive the external resources, if it supports that'
+                  enum:
+                  - Delete
+                  - Retain
+                  - Archive
+                  type: string
                 deployKeys:
                   additionalProperties:
                     description: DeployKey defines an SSH key to be used for git operations.

docs/modules/ROOT/nav.adoc

@@ -10,4 +10,4 @@ include::partial$nav-howtos.adoc[]
 include::partial$nav-reference.adoc[]
 
 .Explanation
-include::partial$nav-explanation.adoc[]
+include::partial$nav-explanation.adoc[]

docs/modules/ROOT/pages/configuration.adoc

@@ -0,0 +1,50 @@
+= Configuration
+
+== Permissions for other systems
+
+In order for the operator to work correctly it will need specific permissions in other systems.
+
+=== Gitlab
+
+These are the settings needed for the Gitlab API token.
+
+image::gitlab_settings.png[]
+
+=== Vault
+[source,hcl]
+----
+path "kv/data/*" {
+  capabilities = ["read", "create", "update", "delete"]
+}
+
+path "kv/metadata/*" {
+  capabilities = ["read", "create", "update", "delete", "list"]
+}
+
+path "kv/delete/*" {
+  capabilities = ["update"]
+}
+----
+
+== Environment variables
+
+[cols=",",options="header",]
+|===
+
+a| Environment Variable
+
+a| Description
+
+| VAULT_ADDR | Sets the address to the Vault instance
+
+| VAULT_TOKEN | Sets the Vault token to be used, ony recommended for testing. in production the K8s authentication should be used.
+
+| SKIP_VAULT_SETUP | Doesn't create any Vault secrets. Recommended for testing only.
+
+| DEFAULT_DELETION_POLICY | Sets what deletion policy for external resources (Git, Vault) should be used by default.
+
+| LIEUTENANT_SYNC_DURATION | Defines with what frequence the CRs will be synced. Default: 5m
+
+| LIEUTENANT_DELETE_PROTECTION | Defines whether the annotation to protect for accidental deletion should be set by default. Default: true
+
+|===

docs/modules/ROOT/partials/crds.html

@@ -236,6 +236,26 @@ <h3 id="syn.tools/v1alpha1.Cluster">Cluster
 <p class="tableblock">
 </td>
 </tr>
+<tr>
+<td class="tableblock halign-left valign-top">
+<p class="tableblock">
+<code>deletionPolicy</code></br>
+<em>
+<a href="#syn.tools/v1alpha1.DeletionPolicy">
+DeletionPolicy
+</a>
+</em>
+</p>
+</td>
+<td class="tableblock halign-left valign-top">
+<p class="tableblock">
+<p>DeletionPolicy defines how the external resources should be treated upon CR deletion.
+Retain: will not delete any external resources
+Delete: will delete the external resources
+Archive: will archive the external resources, if it supports that</p>
+<p class="tableblock">
+</td>
+</tr>
 </table>
 <p class="tableblock">
 </td>
@@ -386,6 +406,26 @@ <h3 id="syn.tools/v1alpha1.ClusterSpec">ClusterSpec
 <p class="tableblock">
 </td>
 </tr>
+<tr>
+<td class="tableblock halign-left valign-top">
+<p class="tableblock">
+<code>deletionPolicy</code></br>
+<em>
+<a href="#syn.tools/v1alpha1.DeletionPolicy">
+DeletionPolicy
+</a>
+</em>
+</p>
+</td>
+<td class="tableblock halign-left valign-top">
+<p class="tableblock">
+<p>DeletionPolicy defines how the external resources should be treated upon CR deletion.
+Retain: will not delete any external resources
+Delete: will delete the external resources
+Archive: will archive the external resources, if it supports that</p>
+<p class="tableblock">
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="syn.tools/v1alpha1.ClusterStatus">ClusterStatus
@@ -424,6 +464,17 @@ <h3 id="syn.tools/v1alpha1.ClusterStatus">ClusterStatus
 </tr>
 </tbody>
 </table>
+<h3 id="syn.tools/v1alpha1.DeletionPolicy">DeletionPolicy
+(<code>string</code> alias)</p></h3>
+<p>
+(<em>Appears on:</em>
+<a href="#syn.tools/v1alpha1.ClusterSpec">ClusterSpec</a>, 
+<a href="#syn.tools/v1alpha1.GitRepoTemplate">GitRepoTemplate</a>, 
+<a href="#syn.tools/v1alpha1.TenantSpec">TenantSpec</a>)
+</p>
+<p>
+<p>DeletionPolicy defines the type deletion policy</p>
+</p>
 <h3 id="syn.tools/v1alpha1.DeployKey">DeployKey
 </h3>
 <p>
@@ -882,6 +933,26 @@ <h3 id="syn.tools/v1alpha1.GitRepoTemplate">GitRepoTemplate
 <p class="tableblock">
 </td>
 </tr>
+<tr>
+<td class="tableblock halign-left valign-top">
+<p class="tableblock">
+<code>deletionPolicy</code></br>
+<em>
+<a href="#syn.tools/v1alpha1.DeletionPolicy">
+DeletionPolicy
+</a>
+</em>
+</p>
+</td>
+<td class="tableblock halign-left valign-top">
+<p class="tableblock">
+<p>DeletionPolicy defines how the external resources should be treated upon CR deletion.
+Retain: will not delete any external resources
+Delete: will delete the external resources
+Archive: will archive the external resources, if it supports that</p>
+<p class="tableblock">
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="syn.tools/v1alpha1.GitType">GitType
@@ -996,6 +1067,26 @@ <h3 id="syn.tools/v1alpha1.Tenant">Tenant
 <p class="tableblock">
 </td>
 </tr>
+<tr>
+<td class="tableblock halign-left valign-top">
+<p class="tableblock">
+<code>deletionPolicy</code></br>
+<em>
+<a href="#syn.tools/v1alpha1.DeletionPolicy">
+DeletionPolicy
+</a>
+</em>
+</p>
+</td>
+<td class="tableblock halign-left valign-top">
+<p class="tableblock">
+<p>DeletionPolicy defines how the external resources should be treated upon CR deletion.
+Retain: will not delete any external resources
+Delete: will delete the external resources
+Archive: will archive the external resources, if it supports that</p>
+<p class="tableblock">
+</td>
+</tr>
 </table>
 <p class="tableblock">
 </td>
@@ -1082,6 +1173,26 @@ <h3 id="syn.tools/v1alpha1.TenantSpec">TenantSpec
 <p class="tableblock">
 </td>
 </tr>
+<tr>
+<td class="tableblock halign-left valign-top">
+<p class="tableblock">
+<code>deletionPolicy</code></br>
+<em>
+<a href="#syn.tools/v1alpha1.DeletionPolicy">
+DeletionPolicy
+</a>
+</em>
+</p>
+</td>
+<td class="tableblock halign-left valign-top">
+<p class="tableblock">
+<p>DeletionPolicy defines how the external resources should be treated upon CR deletion.
+Retain: will not delete any external resources
+Delete: will delete the external resources
+Archive: will archive the external resources, if it supports that</p>
+<p class="tableblock">
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="syn.tools/v1alpha1.TenantStatus">TenantStatus

examples/cluster.yaml

@@ -2,11 +2,15 @@ apiVersion: syn.tools/v1alpha1
 kind: Cluster
 metadata:
   name: c-ae3oso
+  annotations:
+    syn.tools/protected-delete: "false"
 spec:
   displayName: Big Corp. Production Cluster
+  deletionPolicy: Delete
   gitRepoTemplate:
     path: cluster
     repoName: cluster1
+    deletionPolicy: Delete
     apiSecretRef:
       name: example-secret
       # namespace: syn-lieutenant

examples/gitrepo-secret.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 stringData:
   endpoint: http://192.168.5.42:8080
-  token: zbxUWoPykEh5ZjG-mFsa
+  token: vY3gHvPs82NvYK8dKAGw
 kind: Secret
 metadata:
   name: example-secret

examples/tenant.yaml

@@ -7,6 +7,7 @@ spec:
   gitRepoTemplate:
     path: tenant
     repoName: tenant1
+    deletionPolicy: Delete
     apiSecretRef:
       name: example-secret
       # namespace: syn-lieutenant

go.sum

@@ -943,6 +943,7 @@ go.elastic.co/apm/module/apmot v1.5.0/go.mod h1:d2KYwhJParTpyw2WnTNy8geNlHKKFX+4
 go.elastic.co/fastjson v1.0.0/go.mod h1:PmeUOMMtLHQr9ZS9J9owrAVg0FkaZDRZJEFTTGHtchs=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
+go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738 h1:VcrIfasaLFkyjk6KNlXQSzO+B0fZcnECiDrKJsfxka0=
 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
 go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
 go.mongodb.org/mongo-driver v1.1.0/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
@@ -1403,4 +1404,5 @@ sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1
 sigs.k8s.io/structured-merge-diff v1.0.2/go.mod h1:IIgPezJWb76P0hotTxzDbWsMYB8APh18qZnxkomBpxA=
 sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
+vbom.ml/util v0.0.0-20160121211510-db5cfe13f5cc h1:MksmcCZQWAQJCTA5T0jgI/0sJ51AVm4Z41MrmfczEoc=
 vbom.ml/util v0.0.0-20160121211510-db5cfe13f5cc/go.mod h1:so/NYdZXCz+E3ZpW0uAoCj6uzU2+8OWDFv/HxUSs7kI=

pkg/apis/syn/v1alpha1/cluster_types.go

@@ -24,6 +24,12 @@ type ClusterSpec struct {
 	TokenLifeTime string `json:"tokenLifeTime,omitempty"`
 	// Facts are key/value pairs for statically configured facts
 	Facts *Facts `json:"facts,omitempty"`
+	// DeletionPolicy defines how the external resources should be treated upon CR deletion.
+	// Retain: will not delete any external resources
+	// Delete: will delete the external resources
+	// Archive: will archive the external resources, if it supports that
+	// +kubebuilder:validation:Enum=Delete;Retain;Archive
+	DeletionPolicy DeletionPolicy `json:"deletionPolicy,omitempty"`
 }
 
 // BootstrapToken this key is used only once for Steward to register.