fix(controller): use ownerreferences without controller owner relation (#1095)

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
2026-02-14 18:09:58 +00:00 · 2024-05-27 14:33:34 +02:00
parent 82995a3e66
commit 4afcfbbb27
7 changed files with 30 additions and 10 deletions
--- a/pkg/webhook/namespace/utils.go
+++ b/pkg/webhook/namespace/utils.go
@@ -1,7 +1,7 @@
 // Copyright 2020-2023 Project Capsule Authors.
 // SPDX-License-Identifier: Apache-2.0

-package namespace
+package utils

 import (
 	"strings"
@@ -15,7 +15,7 @@ const (
 	ObjectReferenceTenantKind = "Tenant"
 )

-func isTenantOwnerReference(or metav1.OwnerReference) bool {
+func IsTenantOwnerReference(or metav1.OwnerReference) bool {
 	parts := strings.Split(or.APIVersion, "/")
 	if len(parts) != 2 {
 		return false
--- a/pkg/webhook/namespace/freezed.go
+++ b/pkg/webhook/namespace/freezed.go
@@ -15,6 +15,7 @@ import (

 	capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2"
 	"github.com/projectcapsule/capsule/pkg/configuration"
+	capsuleutils "github.com/projectcapsule/capsule/pkg/utils"
 	capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook"
 	"github.com/projectcapsule/capsule/pkg/webhook/utils"
 )
@@ -35,7 +36,7 @@ func (r *freezedHandler) OnCreate(client client.Client, decoder admission.Decode
 		}

 		for _, objectRef := range ns.ObjectMeta.OwnerReferences {
-			if !isTenantOwnerReference(objectRef) {
+			if !capsuleutils.IsTenantOwnerReference(objectRef) {
 				continue
 			}

--- a/pkg/webhook/namespace/prefix.go
+++ b/pkg/webhook/namespace/prefix.go
@@ -16,6 +16,7 @@ import (

 	capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2"
 	"github.com/projectcapsule/capsule/pkg/configuration"
+	capsuleutils "github.com/projectcapsule/capsule/pkg/utils"
 	capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook"
 	"github.com/projectcapsule/capsule/pkg/webhook/utils"
 )
@@ -49,7 +50,7 @@ func (r *prefixHandler) OnCreate(clt client.Client, decoder admission.Decoder, r
 			tnt := &capsulev1beta2.Tenant{}

 			for _, or := range ns.ObjectMeta.OwnerReferences {
-				if !isTenantOwnerReference(or) {
+				if !capsuleutils.IsTenantOwnerReference(or) {
 					continue
 				}

--- a/pkg/webhook/namespace/quota.go
+++ b/pkg/webhook/namespace/quota.go
@@ -13,6 +13,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"

 	capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2"
+	capsuleutils "github.com/projectcapsule/capsule/pkg/utils"
 	capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook"
 	"github.com/projectcapsule/capsule/pkg/webhook/utils"
 )
@@ -31,7 +32,7 @@ func (r *quotaHandler) OnCreate(client client.Client, decoder admission.Decoder,
 		}

 		for _, objectRef := range ns.ObjectMeta.OwnerReferences {
-			if !isTenantOwnerReference(objectRef) {
+			if !capsuleutils.IsTenantOwnerReference(objectRef) {
 				continue
 			}

--- a/pkg/webhook/namespace/user_metadata.go
+++ b/pkg/webhook/namespace/user_metadata.go
@@ -15,6 +15,7 @@ import (

 	capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2"
 	"github.com/projectcapsule/capsule/pkg/api"
+	capsuleutils "github.com/projectcapsule/capsule/pkg/utils"
 	capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook"
 	"github.com/projectcapsule/capsule/pkg/webhook/utils"
 )
@@ -35,7 +36,7 @@ func (r *userMetadataHandler) OnCreate(client client.Client, decoder admission.D
 		tnt := &capsulev1beta2.Tenant{}

 		for _, objectRef := range ns.ObjectMeta.OwnerReferences {
-			if !isTenantOwnerReference(objectRef) {
+			if !capsuleutils.IsTenantOwnerReference(objectRef) {
 				continue
 			}

@@ -90,7 +91,7 @@ func (r *userMetadataHandler) OnUpdate(client client.Client, decoder admission.D
 		tnt := &capsulev1beta2.Tenant{}

 		for _, objectRef := range newNs.ObjectMeta.OwnerReferences {
-			if !isTenantOwnerReference(objectRef) {
+			if !capsuleutils.IsTenantOwnerReference(objectRef) {
 				continue
 			}

--- a/pkg/webhook/ownerreference/patching.go
+++ b/pkg/webhook/ownerreference/patching.go
@@ -12,6 +12,7 @@ import (
 	"strings"

 	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/tools/record"
@@ -71,7 +72,21 @@ func (h *handler) OnUpdate(_ client.Client, decoder admission.Decoder, _ record.
 			return &response
 		}

-		newNs.OwnerReferences = oldNs.OwnerReferences
+		var refs []metav1.OwnerReference
+
+		for _, ref := range oldNs.OwnerReferences {
+			if capsuleutils.IsTenantOwnerReference(ref) {
+				refs = append(refs, ref)
+			}
+		}
+
+		for _, ref := range newNs.OwnerReferences {
+			if !capsuleutils.IsTenantOwnerReference(ref) {
+				refs = append(refs, ref)
+			}
+		}
+
+		newNs.OwnerReferences = refs

 		c, err := json.Marshal(newNs)
 		if err != nil {
@@ -212,7 +227,7 @@ func (h *handler) patchResponseForOwnerRef(tenant *capsulev1beta2.Tenant, ns *co
 		return admission.Errored(http.StatusInternalServerError, err)
 	}

-	if err = controllerutil.SetControllerReference(tenant, ns, scheme); err != nil {
+	if err = controllerutil.SetOwnerReference(tenant, ns, scheme); err != nil {
 		recorder.Eventf(tenant, corev1.EventTypeWarning, "Error", "Namespace %s cannot be assigned to the desired Tenant", ns.GetName())

 		return admission.Errored(http.StatusInternalServerError, err)