Don't create PodInfo if the pod is being deleted

Check if the pod has DeletionTimestamp field set before reconciling to avoid the situation where pod deletion gets stuck because Tetragon operator recreates PodInfo during pod deletion. Signed-off-by: Michi Mutsuzaki <[email protected]>
cilium · May 15, 2024 · be19aeb · be19aeb
1 parent da825b5
commit be19aeb
Show file tree

Hide file tree

Showing 8 changed files with 1,681 additions and 0 deletions.
diff --git a/operator/podinfo/podinfo_controller.go b/operator/podinfo/podinfo_controller.go
@@ -43,6 +43,10 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 		// Pod is deleted. Nothing to reconcile.
 		return ctrl.Result{}, nil
 	}
+	if pod.GetDeletionTimestamp() != nil {
+		// Pod is being deleted. Nothing to reconcile.
+		return ctrl.Result{}, nil
+	}
 
 	// Wait until the necessary pod fields are available.
 	if !hasAllRequiredFields(pod) {

diff --git a/operator/podinfo/podinfo_controller_test.go b/operator/podinfo/podinfo_controller_test.go
@@ -4,6 +4,7 @@
 package podinfo
 
 import (
+	"context"
 	"crypto/rand"
 	"fmt"
 	"math/big"
@@ -14,8 +15,14 @@ import (
 	"github.com/cilium/tetragon/pkg/process"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/uuid"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 )
 
 var letterRunes = []rune("abcdefghijklmnopqrstuvwxyz")
@@ -275,3 +282,36 @@ func TestEqual(t *testing.T) {
 		})
 	})
 }
+
+func TestReconcile(t *testing.T) {
+	pod := randomPodGenerator()
+	client := getClientBuilder().WithObjects(pod).Build()
+	reconciler := Reconciler{client}
+	namespacedName := types.NamespacedName{Namespace: pod.Namespace, Name: pod.Name}
+	res, err := reconciler.Reconcile(context.Background(), ctrl.Request{NamespacedName: namespacedName})
+	assert.NoError(t, err)
+	assert.False(t, res.Requeue)
+	assert.NoError(t, client.Get(context.Background(), namespacedName, &ciliumv1alpha1.PodInfo{}))
+}
+
+func TestReconcileWithDeletionTimestamp(t *testing.T) {
+	pod := randomPodGenerator()
+	pod.SetFinalizers([]string{"finalize-it"})
+	deletionTimestamp := metav1.Now()
+	pod.SetDeletionTimestamp(&deletionTimestamp)
+	client := getClientBuilder().WithObjects(pod).Build()
+	reconciler := Reconciler{client}
+	namespacedName := types.NamespacedName{Namespace: pod.Namespace, Name: pod.Name}
+	res, err := reconciler.Reconcile(context.Background(), ctrl.Request{NamespacedName: namespacedName})
+	assert.NoError(t, err)
+	assert.False(t, res.Requeue)
+	err = client.Get(context.Background(), namespacedName, &ciliumv1alpha1.PodInfo{})
+	assert.True(t, errors.IsNotFound(err))
+}
+
+func getClientBuilder() *fake.ClientBuilder {
+	scheme := runtime.NewScheme()
+	utilruntime.Must(corev1.AddToScheme(scheme))
+	utilruntime.Must(ciliumv1alpha1.AddToScheme(scheme))
+	return fake.NewClientBuilder().WithScheme(scheme)
+}
diff --git a/vendor/k8s.io/apimachinery/pkg/util/rand/rand.go b/vendor/k8s.io/apimachinery/pkg/util/rand/rand.go
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -1260,6 +1260,7 @@ k8s.io/apimachinery/pkg/util/mergepatch
 k8s.io/apimachinery/pkg/util/naming
 k8s.io/apimachinery/pkg/util/net
 k8s.io/apimachinery/pkg/util/proxy
+k8s.io/apimachinery/pkg/util/rand
 k8s.io/apimachinery/pkg/util/remotecommand
 k8s.io/apimachinery/pkg/util/runtime
 k8s.io/apimachinery/pkg/util/sets
@@ -1727,6 +1728,8 @@ sigs.k8s.io/controller-runtime/pkg/certwatcher/metrics
 sigs.k8s.io/controller-runtime/pkg/client
 sigs.k8s.io/controller-runtime/pkg/client/apiutil
 sigs.k8s.io/controller-runtime/pkg/client/config
+sigs.k8s.io/controller-runtime/pkg/client/fake
+sigs.k8s.io/controller-runtime/pkg/client/interceptor
 sigs.k8s.io/controller-runtime/pkg/cluster
 sigs.k8s.io/controller-runtime/pkg/config
 sigs.k8s.io/controller-runtime/pkg/config/v1alpha1
@@ -1743,6 +1746,7 @@ sigs.k8s.io/controller-runtime/pkg/internal/field/selector
 sigs.k8s.io/controller-runtime/pkg/internal/flock
 sigs.k8s.io/controller-runtime/pkg/internal/httpserver
 sigs.k8s.io/controller-runtime/pkg/internal/log
+sigs.k8s.io/controller-runtime/pkg/internal/objectutil
 sigs.k8s.io/controller-runtime/pkg/internal/recorder
 sigs.k8s.io/controller-runtime/pkg/internal/source
 sigs.k8s.io/controller-runtime/pkg/internal/testing/addr