[feat gw-api]implement finalizer

Author: shuqz

controllers/gateway/eventhandlers/gateway_events.go

@@ -54,7 +54,7 @@ func (h *enqueueRequestsForGatewayEvent) Delete(ctx context.Context, e event.Typ
 
 func (h *enqueueRequestsForGatewayEvent) Generic(ctx context.Context, e event.TypedGenericEvent[*gwv1.Gateway], queue workqueue.TypedRateLimitingInterface[reconcile.Request]) {
 	gw := e.Object
-	h.logger.V(1).Info("enqueue gateway delete event", "gateway", k8s.NamespacedName(gw))
+	h.logger.V(1).Info("enqueue gateway generic event", "gateway", k8s.NamespacedName(gw))
 	h.enqueueImpactedGateway(ctx, gw, queue)
 }
 

controllers/gateway/eventhandlers/service_events.go

@@ -2,12 +2,15 @@ package eventhandlers
 
 import (
 	"context"
+	"fmt"
 	"github.com/go-logr/logr"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/client-go/tools/record"
 	"k8s.io/client-go/util/workqueue"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/gateway/constants"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/gateway/routeutils"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/k8s"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/shared_constants"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/event"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
@@ -65,9 +68,33 @@ func (h *enqueueRequestsForServiceEvent) Update(ctx context.Context, e event.Typ
 func (h *enqueueRequestsForServiceEvent) Delete(ctx context.Context, e event.TypedDeleteEvent[*corev1.Service], queue workqueue.TypedRateLimitingInterface[reconcile.Request]) {
 	svc := e.Object
 	h.logger.V(1).Info("enqueue service delete event", "service", svc.Name)
+	// remove target group configuration finalizer when service is deleted
+	h.removeTargetGroupConfigurationFinalizer(ctx, svc)
+
 	h.enqueueImpactedRoutes(ctx, svc)
 }
 
+func (h *enqueueRequestsForServiceEvent) removeTargetGroupConfigurationFinalizer(ctx context.Context, svc *corev1.Service) {
+	tgConfig, err := routeutils.LookUpTargetGroupConfiguration(ctx, h.k8sClient, k8s.NamespacedName(svc))
+	if err != nil {
+		h.logger.Error(err, "failed to look up target group configuration", "service", svc.Name)
+		return
+	}
+	if tgConfig == nil {
+		h.logger.V(1).Info("TargetGroupConfigurationNotFound, ignoring remove finalizer.", "TargetGroupConfiguration", svc.Name)
+		return
+	}
+
+	tgFinalizer := shared_constants.TargetGroupConfigurationFinalizer
+	if k8s.HasFinalizer(tgConfig, tgFinalizer) {
+		finalizerManager := k8s.NewDefaultFinalizerManager(h.k8sClient, logr.Discard())
+		if err := finalizerManager.RemoveFinalizers(ctx, tgConfig, tgFinalizer); err != nil {
+			h.eventRecorder.Event(tgConfig, corev1.EventTypeWarning, k8s.TargetGroupBindingEventReasonFailedRemoveFinalizer, fmt.Sprintf("Failed to remove target group configuration finalizer due to %v", err))
+		}
+		h.logger.V(1).Info("TargetGroupConfigurationFinalizerRemoved", "TargetGroupConfiguration", tgConfig.Name)
+	}
+}
+
 func (h *enqueueRequestsForServiceEvent) Generic(ctx context.Context, e event.TypedGenericEvent[*corev1.Service], queue workqueue.TypedRateLimitingInterface[reconcile.Request]) {
 	svc := e.Object
 	h.logger.V(1).Info("enqueue service generic event", "service", svc.Name)

controllers/gateway/gateway_controller.go

@@ -223,17 +223,17 @@ func (r *gatewayReconciler) reconcileHelper(ctx context.Context, req reconcile.R
 	}
 
 	if lb == nil {
-		err = r.reconcileDelete(ctx, gw, stack, allRoutes)
+		err = r.reconcileDelete(ctx, gw, gwClass, stack, allRoutes)
 		if err != nil {
 			r.logger.Error(err, "Failed to process gateway delete")
 		}
 		return err
 	}
 
-	return r.reconcileUpdate(ctx, gw, stack, lb, backendSGRequired)
+	return r.reconcileUpdate(ctx, gw, gwClass, stack, lb, backendSGRequired)
 }
 
-func (r *gatewayReconciler) reconcileDelete(ctx context.Context, gw *gwv1.Gateway, stack core.Stack, routes map[int32][]routeutils.RouteDescriptor) error {
+func (r *gatewayReconciler) reconcileDelete(ctx context.Context, gw *gwv1.Gateway, gwClass *gwv1.GatewayClass, stack core.Stack, routes map[int32][]routeutils.RouteDescriptor) error {
 	for _, routeList := range routes {
 		if len(routeList) != 0 {
 			err := errors.Errorf("Gateway deletion invoked with routes attached [%s]", generateRouteList(routes))
@@ -250,21 +250,34 @@ func (r *gatewayReconciler) reconcileDelete(ctx context.Context, gw *gwv1.Gatewa
 		if err := r.backendSGProvider.Release(ctx, networking.ResourceTypeGateway, []types.NamespacedName{k8s.NamespacedName(gw)}); err != nil {
 			return err
 		}
+		// remove load balancer configuration finalizer
+		if err := r.removeLoadBalancerConfigurationFinalizers(ctx, gw, gwClass); err != nil {
+			r.eventRecorder.Event(gw, corev1.EventTypeWarning, k8s.LoadBalancerConfigurationEventReasonFailedRemoveFinalizer, fmt.Sprintf("Failed remove load balancer configuration finalizer due to %v", err))
+			return err
+		}
+		// remove gateway finalizer
 		if err := r.finalizerManager.RemoveFinalizers(ctx, gw, r.finalizer); err != nil {
-			r.eventRecorder.Event(gw, corev1.EventTypeWarning, k8s.GatewayEventReasonFailedAddFinalizer, fmt.Sprintf("Failed remove finalizer due to %v", err))
+			r.eventRecorder.Event(gw, corev1.EventTypeWarning, k8s.GatewayEventReasonFailedRemoveFinalizer, fmt.Sprintf("Failed remove gateway finalizer due to %v", err))
 			return err
 		}
 	}
 	return nil
 }
 
-func (r *gatewayReconciler) reconcileUpdate(ctx context.Context, gw *gwv1.Gateway, stack core.Stack,
+func (r *gatewayReconciler) reconcileUpdate(ctx context.Context, gw *gwv1.Gateway, gwClass *gwv1.GatewayClass, stack core.Stack,
 	lb *elbv2model.LoadBalancer, backendSGRequired bool) error {
-
+	// add gateway finalizer
 	if err := r.finalizerManager.AddFinalizers(ctx, gw, r.finalizer); err != nil {
-		r.eventRecorder.Event(gw, corev1.EventTypeWarning, k8s.GatewayEventReasonFailedAddFinalizer, fmt.Sprintf("Failed add finalizer due to %v", err))
+		r.eventRecorder.Event(gw, corev1.EventTypeWarning, k8s.GatewayEventReasonFailedAddFinalizer, fmt.Sprintf("Failed add gateway finalizer due to %v", err))
 		return err
 	}
+
+	// add load balancer configuration finalizer
+	if err := r.addLoadBalancerConfigurationFinalizers(ctx, gw, gwClass); err != nil {
+		r.eventRecorder.Event(gw, corev1.EventTypeWarning, k8s.LoadBalancerConfigurationEventReasonFailedAddFinalizer, fmt.Sprintf("Failed add load balancer configuration finalizer due to %v", err))
+		return err
+	}
+
 	err := r.deployModel(ctx, gw, stack)
 	if err != nil {
 		return err
@@ -284,6 +297,93 @@ func (r *gatewayReconciler) reconcileUpdate(ctx context.Context, gw *gwv1.Gatewa
 	return nil
 }
 
+// add finalizer to load balancer configuration when it is in use by gateway or gatewayClass
+func (r *gatewayReconciler) addLoadBalancerConfigurationFinalizers(ctx context.Context, gw *gwv1.Gateway, gwClass *gwv1.GatewayClass) error {
+	// add finalizer to lbConfig referred by gatewayClass
+	if gwClass.Spec.ParametersRef != nil && string(gwClass.Spec.ParametersRef.Kind) == constants.LoadBalancerConfiguration {
+		lbConfig := &elbv2gw.LoadBalancerConfiguration{}
+		if err := r.k8sClient.Get(ctx, types.NamespacedName{
+			Namespace: string(*gwClass.Spec.ParametersRef.Namespace),
+			Name:      gwClass.Spec.ParametersRef.Name,
+		}, lbConfig); err != nil {
+			return client.IgnoreNotFound(err)
+		}
+		if err := r.finalizerManager.AddFinalizers(ctx, lbConfig, shared_constants.LoadBalancerConfigurationFinalizer); err != nil {
+			r.eventRecorder.Event(gw, corev1.EventTypeWarning, k8s.LoadBalancerConfigurationEventReasonFailedAddFinalizer, fmt.Sprintf("Failed to add load balancer configuration finalizer due to %v", err))
+			return err
+		}
+	}
+
+	// add finalizer to lbConfig referred by gateway
+	if gw.Spec.Infrastructure != nil && gw.Spec.Infrastructure.ParametersRef != nil && string(gw.Spec.Infrastructure.ParametersRef.Kind) == constants.LoadBalancerConfiguration {
+		lbConfig := &elbv2gw.LoadBalancerConfiguration{}
+		if err := r.k8sClient.Get(ctx, types.NamespacedName{
+			Namespace: gw.Namespace,
+			Name:      gw.Spec.Infrastructure.ParametersRef.Name,
+		}, lbConfig); err != nil {
+			return client.IgnoreNotFound(err)
+		}
+		if err := r.finalizerManager.AddFinalizers(ctx, lbConfig, shared_constants.LoadBalancerConfigurationFinalizer); err != nil {
+			r.eventRecorder.Event(gw, corev1.EventTypeWarning, k8s.LoadBalancerConfigurationEventReasonFailedAddFinalizer, fmt.Sprintf("Failed to add load balancer configuration finalizer due to %v", err))
+			return err
+		}
+	}
+	return nil
+}
+
+func (r *gatewayReconciler) removeLoadBalancerConfigurationFinalizers(ctx context.Context, gw *gwv1.Gateway, gwClass *gwv1.GatewayClass) error {
+	// remove finalizer from lbConfig - gatewayClass
+	if gwClass.Spec.ParametersRef != nil && string(gwClass.Spec.ParametersRef.Kind) == constants.LoadBalancerConfiguration {
+		lbConfig := &elbv2gw.LoadBalancerConfiguration{}
+		if err := r.k8sClient.Get(ctx, types.NamespacedName{
+			Namespace: string(*gwClass.Spec.ParametersRef.Namespace),
+			Name:      gwClass.Spec.ParametersRef.Name,
+		}, lbConfig); err != nil {
+			return client.IgnoreNotFound(err)
+		}
+		// remove finalizer if it exists and it not in use
+		if k8s.HasFinalizer(lbConfig, shared_constants.LoadBalancerConfigurationFinalizer) && !r.isLBConfigInUse(ctx, lbConfig, gw) {
+			if err := r.finalizerManager.RemoveFinalizers(ctx, lbConfig, shared_constants.LoadBalancerConfigurationFinalizer); err != nil {
+				r.eventRecorder.Event(gw, corev1.EventTypeWarning, k8s.LoadBalancerConfigurationEventReasonFailedRemoveFinalizer, fmt.Sprintf("Failed to remove load balancer configuration finalizer due to %v", err))
+				return err
+			}
+		}
+	}
+
+	// remove finalizer from lbConfig - gateway
+	if gw.Spec.Infrastructure != nil && gw.Spec.Infrastructure.ParametersRef != nil && string(gw.Spec.Infrastructure.ParametersRef.Kind) == constants.LoadBalancerConfiguration {
+		lbConfig := &elbv2gw.LoadBalancerConfiguration{}
+		if err := r.k8sClient.Get(ctx, types.NamespacedName{
+			Namespace: gw.Namespace,
+			Name:      gw.Spec.Infrastructure.ParametersRef.Name,
+		}, lbConfig); err != nil {
+			return client.IgnoreNotFound(err)
+		}
+		// remove finalizer if it exists and it is not in use
+		if k8s.HasFinalizer(lbConfig, shared_constants.LoadBalancerConfigurationFinalizer) && !r.isLBConfigInUse(ctx, lbConfig, gw) {
+			if err := r.finalizerManager.RemoveFinalizers(ctx, lbConfig, shared_constants.LoadBalancerConfigurationFinalizer); err != nil {
+				r.eventRecorder.Event(gw, corev1.EventTypeWarning, k8s.LoadBalancerConfigurationEventReasonFailedRemoveFinalizer, fmt.Sprintf("Failed to remove load balancer configuration finalizer due to %v", err))
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func (r *gatewayReconciler) isLBConfigInUse(ctx context.Context, lbConfig *elbv2gw.LoadBalancerConfiguration, gw *gwv1.Gateway) bool {
+	// check if lbConfig is referred by other gateway
+	gwsUsingLBConfig := eventhandlers.GetImpactedGatewaysFromLbConfig(ctx, r.k8sClient, lbConfig, r.controllerName)
+	for _, gwUsingLBConfig := range gwsUsingLBConfig {
+		if gwUsingLBConfig.Name != gw.Name || gwUsingLBConfig.Namespace != gw.Namespace {
+			return true
+		}
+	}
+
+	// check if lbConfig is referred by other gatewayClass
+	gwClassesUsingLBConfig := eventhandlers.GetImpactedGatewayClassesFromLbConfig(ctx, r.k8sClient, lbConfig, sets.New(r.controllerName))
+	return len(gwClassesUsingLBConfig) > 0
+}
+
 func (r *gatewayReconciler) deployModel(ctx context.Context, gw *gwv1.Gateway, stack core.Stack) error {
 	if err := r.stackDeployer.Deploy(ctx, stack, r.metricsCollector, r.controllerName, nil); err != nil {
 		var requeueNeededAfter *runtime.RequeueNeededAfter

pkg/gateway/routeutils/backend.go

@@ -3,11 +3,13 @@ package routeutils
 import (
 	"context"
 	"fmt"
+	"github.com/go-logr/logr"
 	"github.com/pkg/errors"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
 	elbv2gw "sigs.k8s.io/aws-load-balancer-controller/apis/gateway/v1beta1"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/k8s"
+	"sigs.k8s.io/aws-load-balancer-controller/pkg/shared_constants"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	gwv1 "sigs.k8s.io/gateway-api/apis/v1"
 	gwbeta1 "sigs.k8s.io/gateway-api/apis/v1beta1"
@@ -102,12 +104,18 @@ func commonBackendLoader(ctx context.Context, k8sClient client.Client, typeSpeci
 		}
 	}
 
-	tgConfig, err := lookUpTargetGroupConfiguration(ctx, k8sClient, k8s.NamespacedName(svc))
+	tgConfig, err := LookUpTargetGroupConfiguration(ctx, k8sClient, k8s.NamespacedName(svc))
 
 	if err != nil {
 		// As of right now, this error can only be thrown because of a k8s api error hence no status update.
 		return nil, errors.Wrap(err, fmt.Sprintf("Unable to fetch tg config object"))
 	}
+	// add TGConfig finalizer
+	if tgConfig != nil {
+		if err := addTargetGroupConfigurationFinalizer(ctx, k8sClient, tgConfig); err != nil {
+			return nil, errors.Wrap(err, fmt.Sprintf("Unable to add finalizer to tg config object"))
+		}
+	}
 
 	if servicePort == nil {
 		initialErrorMessage := fmt.Sprintf("Unable to find service port for port %d", *backendRef.Port)
@@ -164,9 +172,9 @@ func commonBackendLoader(ctx context.Context, k8sClient client.Client, typeSpeci
 	}, nil
 }
 
-// lookUpTargetGroupConfiguration given a service, lookup the target group configuration associated with the service.
+// LookUpTargetGroupConfiguration given a service, lookup the target group configuration associated with the service.
 // recall that target group configuration always lives within the same namespace as the service.
-func lookUpTargetGroupConfiguration(ctx context.Context, k8sClient client.Client, serviceMetadata types.NamespacedName) (*elbv2gw.TargetGroupConfiguration, error) {
+func LookUpTargetGroupConfiguration(ctx context.Context, k8sClient client.Client, serviceMetadata types.NamespacedName) (*elbv2gw.TargetGroupConfiguration, error) {
 	tgConfigList := &elbv2gw.TargetGroupConfigurationList{}
 
 	// TODO - Add index
@@ -227,3 +235,15 @@ func referenceGrantCheck(ctx context.Context, k8sClient client.Client, svcIdenti
 
 	return false, nil
 }
+
+// Implements helper function to add finalizer for target group configuration
+func addTargetGroupConfigurationFinalizer(ctx context.Context, k8sClient client.Client, tgConfig *elbv2gw.TargetGroupConfiguration) error {
+	finalizer := shared_constants.TargetGroupConfigurationFinalizer
+	// check if finalizer already exist
+	if k8s.HasFinalizer(tgConfig, finalizer) {
+		return nil
+	}
+	finalizerManager := k8s.NewDefaultFinalizerManager(k8sClient, logr.Discard())
+
+	return finalizerManager.AddFinalizers(ctx, tgConfig, finalizer)
+}

pkg/gateway/routeutils/backend_test.go

@@ -528,7 +528,7 @@ func Test_lookUpTargetGroupConfiguration(t *testing.T) {
 				assert.NoError(t, err)
 			}
 
-			result, err := lookUpTargetGroupConfiguration(context.Background(), k8sClient, tc.serviceMetadata)
+			result, err := LookUpTargetGroupConfiguration(context.Background(), k8sClient, tc.serviceMetadata)
 
 			if tc.expectErr {
 				assert.Error(t, err)

pkg/k8s/events.go

@@ -37,4 +37,12 @@ const (
 	GatewayEventReasonSuccessfullyReconciled         = "SuccessfullyReconciled"
 	GatewayEventReasonFailedDeployModel              = "FailedDeployModel"
 	GatewayEventReasonFailedBuildModel               = "FailedBuildModel"
+
+	// Target Group Configuration events
+	TargetGroupConfigurationEventReasonFailedAddFinalizer    = "FailedAddFinalizer"
+	TargetGroupConfigurationEventReasonFailedRemoveFinalizer = "FailedRemoveFinalizer"
+
+	// Load Balancer Configuration events
+	LoadBalancerConfigurationEventReasonFailedAddFinalizer    = "FailedAddFinalizer"
+	LoadBalancerConfigurationEventReasonFailedRemoveFinalizer = "FailedRemoveFinalizer"
 )

pkg/shared_constants/finalizers.go

@@ -15,4 +15,10 @@ const (
 
 	// ALBGatewayFinalizer the finalizer we attach to an ALB Gateway resource
 	ALBGatewayFinalizer = "gateway.k8s.aws/alb"
+
+	// TargetGroupConfigurationFinalizer the finalizer we attach to a target group configuration resource
+	TargetGroupConfigurationFinalizer = "gateway.k8s.aws/targetgroupconfigurations"
+
+	// LoadBalancerConfigurationFinalizer the finalizer we attach to a load balancer configuration resource
+	LoadBalancerConfigurationFinalizer = "gateway.k8s.aws/loadbalancerconfigurations"
 )