Merge pull request #897 from spectrocloud/PCP-2735

PCP-2735: EKS cluster deletion stuck with error failed to delete OIDC provider
spectrocloud · Mar 27, 2024 · fe9c93f · fe9c93f
2 parents 28d7617 + 7047c04
commit fe9c93f
Showing 1 changed file with 19 additions and 3 deletions.
diff --git a/pkg/cloud/services/eks/oidc.go b/pkg/cloud/services/eks/oidc.go
@@ -36,6 +36,13 @@ import (
 	"sigs.k8s.io/cluster-api/controllers/remote"
 )
 
+const (
+	// OIDCProviderARNAnnotation set/unset this annotation to managed control plane.
+	// This is required in case of force pivot control plane status do not have ARN in status.
+	// In that cases annotation will be used to delete oidc resource.
+	OIDCProviderARNAnnotation = "aws.spectrocloud.com/oidcProviderArn"
+)
+
 func (s *Service) reconcileOIDCProvider(cluster *eks.Cluster) error {
 	if !s.scope.ControlPlane.Spec.AssociateOIDCProvider {
 		return nil
@@ -56,7 +63,7 @@ func (s *Service) reconcileOIDCProvider(cluster *eks.Cluster) error {
 		if anno == nil {
 			anno = make(map[string]string)
 		}
-		anno["aws.spectrocloud.com/oidcProviderArn"] = oidcProvider
+		anno[OIDCProviderARNAnnotation] = oidcProvider
 		s.scope.ControlPlane.SetAnnotations(anno)
 		if err := s.scope.PatchObject(); err != nil {
 			return errors.Wrap(err, "failed to update control plane with OIDC provider ARN")
@@ -140,10 +147,15 @@ func (s *Service) reconcileTrustPolicy() error {
 }
 
 func (s *Service) deleteOIDCProvider() error {
-	anno := s.scope.ControlPlane.GetAnnotations()
-	arn := anno["aws.spectrocloud.com/oidcProviderArn"]
+
+	// In case of force pivot managed control plane do not have ARN in status, that lead to oidcProvider not getting cleaned up during delete.
+	// OIDCProviderARNAnnotation will be used to avoid it.
+
+	annotations := s.scope.ControlPlane.GetAnnotations()
+	arn := annotations[OIDCProviderARNAnnotation]
 
 	if arn == "" {
+		// Upgrade support for cluster without OIDCProviderARNAnnotation set
 		arn = s.scope.ControlPlane.Status.OIDCProvider.ARN
 	}
 
@@ -161,6 +173,10 @@ func (s *Service) deleteOIDCProvider() error {
 		return errors.Wrap(err, "failed to update control plane with OIDC provider ARN")
 	}
 
+	// Remove OIDCProviderARNAnnotation after successfully deleting oidc provider
+	annotations[OIDCProviderARNAnnotation] = ""
+	s.scope.ControlPlane.SetAnnotations(annotations)
+
 	return nil
 }