kube_runtime/finalizer.rs
1//! Finalizer helper for [`Controller`](crate::Controller) reconcilers
2use crate::controller::Action;
3use futures::{TryFuture, TryFutureExt};
4use json_patch::{AddOperation, PatchOperation, RemoveOperation, TestOperation, jsonptr::PointerBuf};
5use kube_client::{
6 Api, Resource, ResourceExt,
7 api::{Patch, PatchParams},
8};
9
10use serde::{Serialize, de::DeserializeOwned};
11use std::{error::Error as StdError, fmt::Debug, str::FromStr, sync::Arc};
12use thiserror::Error;
13
14/// Errors from the finalizer helper
15///
16/// Note that this error takes the user's error as a type parameter.
17/// This makes its usage within loosely typed errors (such as anyhow) difficult.
18///
19/// Using proper error enums such as ones generated by e.g. thiserror is the easiest.
20/// See <https://github.com/kube-rs/kube/discussions/982>
21#[derive(Debug, Error)]
22pub enum Error<ReconcileErr>
23where
24 ReconcileErr: StdError + 'static,
25{
26 /// User side `Event::Apply` branch failed
27 #[error("failed to apply object: {0}")]
28 ApplyFailed(#[source] ReconcileErr),
29
30 /// User side `Event::Cleanup` branch failed
31 #[error("failed to clean up object: {0}")]
32 CleanupFailed(#[source] ReconcileErr),
33
34 /// The patch call adding a finalizer failed
35 #[error("failed to add finalizer: {0}")]
36 AddFinalizer(#[source] kube_client::Error),
37
38 /// The patch call removing a finalizer failed
39 #[error("failed to remove finalizer: {0}")]
40 RemoveFinalizer(#[source] kube_client::Error),
41
42 /// The object requested to be patched has no name
43 ///
44 /// This should not happen unless you are hand crafting the object without a name
45 #[error("object has no name")]
46 UnnamedObject,
47
48 /// The finalizer path was invalid
49 ///
50 /// This should not happen, the path is constructed internally and should be
51 /// valid as far as `json_patch` is concerned.
52 #[error("invalid finalizer")]
53 InvalidFinalizer,
54}
55
56struct FinalizerState {
57 finalizer_index: Option<usize>,
58 is_deleting: bool,
59}
60
61impl FinalizerState {
62 fn for_object<K: Resource>(obj: &K, finalizer_name: &str) -> Self {
63 Self {
64 finalizer_index: obj
65 .finalizers()
66 .iter()
67 .enumerate()
68 .find(|(_, fin)| *fin == finalizer_name)
69 .map(|(i, _)| i),
70 is_deleting: obj.meta().deletion_timestamp.is_some(),
71 }
72 }
73}
74
75/// Reconcile an object in a way that requires cleanup before an object can be deleted.
76///
77/// It does this by managing a [`ObjectMeta::finalizers`] entry,
78/// which prevents the object from being deleted before the cleanup is done.
79///
80/// In typical usage, if you use `finalizer` then it should be the only top-level "action"
81/// in your [`applier`](crate::applier)/[`Controller`](crate::Controller)'s `reconcile` function.
82///
83/// # Expected Flow
84///
85/// 1. User creates object
86/// 2. Reconciler sees object
87/// 3. `finalizer` adds `finalizer_name` to [`ObjectMeta::finalizers`]
88/// 4. Reconciler sees updated object
89/// 5. `finalizer` runs [`Event::Apply`]
90/// 6. User updates object
91/// 7. Reconciler sees updated object
92/// 8. `finalizer` runs [`Event::Apply`]
93/// 9. User deletes object
94/// 10. Reconciler sees deleting object
95/// 11. `finalizer` runs [`Event::Cleanup`]
96/// 12. `finalizer` removes `finalizer_name` from [`ObjectMeta::finalizers`]
97/// 13. Kubernetes sees that all [`ObjectMeta::finalizers`] are gone and finally deletes the object
98///
99/// # Guarantees
100///
101/// If [`Event::Apply`] is ever started then [`Event::Cleanup`] must succeed before the Kubernetes object deletion completes.
102///
103/// # Assumptions
104///
105/// `finalizer_name` must be unique among the controllers interacting with the object
106///
107/// [`Event::Apply`] and [`Event::Cleanup`] must both be idempotent, and tolerate being executed several times (even if previously cancelled).
108///
109/// [`Event::Cleanup`] must tolerate [`Event::Apply`] never having ran at all, or never having succeeded. Keep in mind that
110/// even infallible `.await`s are cancellation points.
111///
112/// # Caveats
113///
114/// Object deletes will get stuck while the controller is not running, or if `cleanup` fails for some reason.
115///
116/// `reconcile` should take the object that the [`Event`] contains, rather than trying to reuse `obj`, since it may have been updated.
117///
118/// # Errors
119///
120/// [`Event::Apply`] and [`Event::Cleanup`] are both fallible, their errors are passed through as [`Error::ApplyFailed`]
121/// and [`Error::CleanupFailed`], respectively.
122///
123/// In addition, adding and removing the finalizer itself may fail. In particular, this may be because of
124/// network errors, lacking permissions, or because another `finalizer` was updated in the meantime on the same object.
125///
126/// [`ObjectMeta::finalizers`]: kube_client::api::ObjectMeta#structfield.finalizers
127pub async fn finalizer<K, ReconcileFut>(
128 api: &Api<K>,
129 finalizer_name: &str,
130 obj: Arc<K>,
131 reconcile: impl FnOnce(Event<K>) -> ReconcileFut,
132) -> Result<Action, Error<ReconcileFut::Error>>
133where
134 K: Resource + Clone + DeserializeOwned + Serialize + Debug,
135 ReconcileFut: TryFuture<Ok = Action>,
136 ReconcileFut::Error: StdError + 'static,
137{
138 match FinalizerState::for_object(&*obj, finalizer_name) {
139 FinalizerState {
140 finalizer_index: Some(_),
141 is_deleting: false,
142 } => TryFutureExt::into_future(reconcile(Event::Apply(obj)))
143 .await
144 .map_err(Error::ApplyFailed),
145 FinalizerState {
146 finalizer_index: Some(finalizer_i),
147 is_deleting: true,
148 } => {
149 // Cleanup reconciliation must succeed before it's safe to remove the finalizer
150 let name = obj.meta().name.clone().ok_or(Error::UnnamedObject)?;
151 let action = TryFutureExt::into_future(reconcile(Event::Cleanup(obj)))
152 .await
153 // Short-circuit, so that we keep the finalizer if cleanup fails
154 .map_err(Error::CleanupFailed)?;
155 // Cleanup was successful, remove the finalizer so that deletion can continue
156 let finalizer_path = format!("/metadata/finalizers/{finalizer_i}");
157 api.patch::<K>(
158 &name,
159 &PatchParams::default(),
160 &Patch::Json(json_patch::Patch(vec![
161 // All finalizers run concurrently and we use an integer index
162 // `Test` ensures that we fail instead of deleting someone else's finalizer
163 // (in which case a new `Cleanup` event will be sent)
164 PatchOperation::Test(TestOperation {
165 path: PointerBuf::from_str(finalizer_path.as_str())
166 .map_err(|_err| Error::InvalidFinalizer)?,
167 value: finalizer_name.into(),
168 }),
169 PatchOperation::Remove(RemoveOperation {
170 path: PointerBuf::from_str(finalizer_path.as_str())
171 .map_err(|_err| Error::InvalidFinalizer)?,
172 }),
173 ])),
174 )
175 .await
176 .map_err(Error::RemoveFinalizer)?;
177 Ok(action)
178 }
179 FinalizerState {
180 finalizer_index: None,
181 is_deleting: false,
182 } => {
183 // Finalizer must be added before it's safe to run an `Apply` reconciliation
184 let patch = json_patch::Patch(if obj.finalizers().is_empty() {
185 vec![
186 PatchOperation::Test(TestOperation {
187 path: PointerBuf::from_str("/metadata/finalizers")
188 .map_err(|_err| Error::InvalidFinalizer)?,
189 value: serde_json::Value::Null,
190 }),
191 PatchOperation::Add(AddOperation {
192 path: PointerBuf::from_str("/metadata/finalizers")
193 .map_err(|_err| Error::InvalidFinalizer)?,
194 value: vec![finalizer_name].into(),
195 }),
196 ]
197 } else {
198 vec![
199 // Kubernetes doesn't automatically deduplicate finalizers (see
200 // https://github.com/kube-rs/kube/issues/964#issuecomment-1197311254),
201 // so we need to fail and retry if anyone else has added the finalizer in the meantime
202 PatchOperation::Test(TestOperation {
203 path: PointerBuf::from_str("/metadata/finalizers")
204 .map_err(|_err| Error::InvalidFinalizer)?,
205 value: obj.finalizers().into(),
206 }),
207 PatchOperation::Add(AddOperation {
208 path: PointerBuf::from_str("/metadata/finalizers/-")
209 .map_err(|_err| Error::InvalidFinalizer)?,
210 value: finalizer_name.into(),
211 }),
212 ]
213 });
214 api.patch::<K>(
215 obj.meta().name.as_deref().ok_or(Error::UnnamedObject)?,
216 &PatchParams::default(),
217 &Patch::Json(patch),
218 )
219 .await
220 .map_err(Error::AddFinalizer)?;
221 // No point applying here, since the patch will cause a new reconciliation
222 Ok(Action::await_change())
223 }
224 FinalizerState {
225 finalizer_index: None,
226 is_deleting: true,
227 } => {
228 // Our work here is done
229 Ok(Action::await_change())
230 }
231 }
232}
233
234/// A representation of an action that should be taken by a reconciler.
235pub enum Event<K> {
236 /// The reconciler should ensure that the actual state matches the state desired in the object.
237 ///
238 /// This must be idempotent, since it may be recalled if, for example (this list is non-exhaustive):
239 ///
240 /// - The controller is restarted
241 /// - The object is updated
242 /// - The reconciliation fails
243 /// - The grinch attacks
244 Apply(Arc<K>),
245 /// The object is being deleted, and the reconciler should remove all resources that it owns.
246 ///
247 /// This must be idempotent, since it may be recalled if, for example (this list is non-exhaustive):
248 ///
249 /// - The controller is restarted while the deletion is in progress
250 /// - The reconciliation fails
251 /// - Another finalizer was removed in the meantime
252 /// - The grinch's heart grows a size or two
253 Cleanup(Arc<K>),
254}