Skip to content
This repository was archived by the owner on May 24, 2023. It is now read-only.

Commit 77a6802

Browse files
pleshakovpleshakov
committed
Fix updating ClusterRoleBinding on NIC deletion
* Fix the construction of the updated list of subjects for the ClusterRoleBinding. Previously, the subjects that matched the NginxIngressController resource name OR namespace were wrongly removed. * Stop reconciliation after removing the finalizer. Previously, the reconciliation would proceed and it would wrongly restore the subject for the NginxIngressController resource that was deleted.
1 parent 84f1d3b commit 77a6802

File tree

1 file changed

+27
-23
lines changed

1 file changed

+27
-23
lines changed

pkg/controller/nginxingresscontroller/nginxingresscontroller_controller.go

Lines changed: 27 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -422,7 +422,17 @@ func (r *ReconcileNginxIngressController) Reconcile(request reconcile.Request) (
422422
return reconcile.Result{}, err
423423
}
424424

425-
err = r.handleFinalizers(reqLogger, instance)
425+
if instance.GetDeletionTimestamp() != nil {
426+
err = r.handleDeletion(reqLogger, instance)
427+
if err != nil {
428+
return reconcile.Result{}, err
429+
}
430+
431+
reqLogger.Info("NginxIngressController was successfully deleted")
432+
return reconcile.Result{}, nil
433+
}
434+
435+
err = r.ensureFinalizer(reqLogger, instance);
426436
if err != nil {
427437
return reconcile.Result{}, err
428438
}
@@ -607,7 +617,7 @@ func (r *ReconcileNginxIngressController) finalizeNginxIngressController(reqLogg
607617

608618
var subjects []rbacv1.Subject
609619
for _, s := range crb.Subjects {
610-
if s.Name != instance.Name && s.Namespace != instance.Namespace {
620+
if s.Name != instance.Name || s.Namespace != instance.Namespace {
611621
subjects = append(subjects, s)
612622
}
613623
}
@@ -659,30 +669,24 @@ func (r *ReconcileNginxIngressController) addFinalizer(reqLogger logr.Logger, in
659669
return nil
660670
}
661671

662-
func (r *ReconcileNginxIngressController) handleFinalizers(reqLogger logr.Logger, instance *k8sv1alpha1.NginxIngressController) error {
663-
// If instance has been marked to be deleted
664-
if instance.GetDeletionTimestamp() != nil {
665-
if contains(instance.GetFinalizers(), finalizer) {
666-
err := r.finalizeNginxIngressController(reqLogger, instance)
667-
if err != nil {
668-
return err
669-
}
670-
671-
instance.SetFinalizers(remove(instance.GetFinalizers(), finalizer))
672-
err = r.client.Update(context.TODO(), instance)
673-
if err != nil {
674-
return err
675-
}
676-
}
672+
func (r *ReconcileNginxIngressController) handleDeletion(reqLogger logr.Logger, instance *k8sv1alpha1.NginxIngressController) error {
673+
if !contains(instance.GetFinalizers(), finalizer) {
677674
return nil
678675
}
679676

680-
if !contains(instance.GetFinalizers(), finalizer) {
681-
err := r.addFinalizer(reqLogger, instance)
682-
if err != nil {
683-
return err
684-
}
677+
err := r.finalizeNginxIngressController(reqLogger, instance)
678+
if err != nil {
679+
return err
685680
}
686681

687-
return nil
682+
instance.SetFinalizers(remove(instance.GetFinalizers(), finalizer))
683+
return r.client.Update(context.TODO(), instance)
684+
}
685+
686+
func (r *ReconcileNginxIngressController) ensureFinalizer(reqLogger logr.Logger, instance *k8sv1alpha1.NginxIngressController) error {
687+
if contains(instance.GetFinalizers(), finalizer) {
688+
return nil
689+
}
690+
691+
return r.addFinalizer(reqLogger, instance)
688692
}

0 commit comments

Comments
 (0)