From 855199ea435914994296a3cd7f52e013a8968722 Mon Sep 17 00:00:00 2001
From: Qing Hao <qhao@redhat.com>
Date: Fri, 1 Jul 2022 12:59:48 +0800
Subject: [PATCH] clean resource before apply new (#257)

* clean resource before apply new

Signed-off-by: haoqing0110 <qhao@redhat.com>

* update

Signed-off-by: haoqing0110 <qhao@redhat.com>
---
 .../klusterlet_controller.go                  | 66 +++++++++++++++++++
 1 file changed, 66 insertions(+)

diff --git a/pkg/operators/klusterlet/controllers/klusterletcontroller/klusterlet_controller.go b/pkg/operators/klusterlet/controllers/klusterletcontroller/klusterlet_controller.go
index 69943b89a..e14aa88b4 100644
--- a/pkg/operators/klusterlet/controllers/klusterletcontroller/klusterlet_controller.go
+++ b/pkg/operators/klusterlet/controllers/klusterletcontroller/klusterlet_controller.go
@@ -92,6 +92,26 @@ var (
 		"klusterletkube111/klusterlet-registration-operator-clusterrolebinding.yaml",
 		"klusterletkube111/klusterlet-work-clusterrolebinding.yaml",
 	}
+
+	// Resources need to clean when upgarde from OCM v0.7.0 to v0.8.0.
+	// TODO: remove these after OCM v0.8.0
+	// Remove deleted resources
+	deletedManagedResource = map[string][]string{
+		"ClusterRoleBindings": {
+			"open-cluster-management:%s-work:agent-addition",
+		},
+	}
+
+	// Clean clusterrolebindings/rolebindings before apply it as it's RoleRef/Subjects changes
+	cleanManagedStaticResourceFiles = []string{
+		"klusterlet/managed/klusterlet-work-clusterrolebinding.yaml",
+	}
+
+	// Clean clusterrolebindings/rolebindings before apply it as it's RoleRef/Subjects changes
+	cleanManagementStaticResourceFiles = []string{
+		"klusterlet/management/klusterlet-registration-rolebinding-extension-apiserver.yaml",
+		"klusterlet/management/klusterlet-work-rolebinding-extension-apiserver.yaml",
+	}
 )
 
 type klusterletController struct {
@@ -331,6 +351,14 @@ func (n *klusterletController) sync(ctx context.Context, controllerContext facto
 		}
 	}
 
+	// Resources need to clean when upgarde from OCM v0.7.0 to v0.8.0.
+	// TODO: remove this after OCM v0.8.0
+	err = n.cleanBeforeApply(ctx, deletedManagedResource, cleanManagedStaticResourceFiles,
+		cleanManagementStaticResourceFiles, managedClusterClients, config)
+	if err != nil {
+		return err
+	}
+
 	var relatedResources []operatorapiv1.RelatedResourceMeta
 	// If kube version is less than 1.12, deploy static resource for kube 1.11 at first
 	// TODO remove this when we do not support kube 1.11 any longer
@@ -454,6 +482,44 @@ func (n *klusterletController) getClusterNameFromHubKubeConfigSecret(ctx context
 	return nil
 }
 
+// cleanBeforeApply clean deleted resources and resources that may have conflict if apply new directly
+func (n *klusterletController) cleanBeforeApply(ctx context.Context,
+	deletedManagedResource map[string][]string,
+	cleanManagedStaticResourceFiles []string,
+	cleanManagementStaticResourceFiles []string,
+	managedClients *managedClusterClients,
+	config klusterletConfig) error {
+	// remove static file on the managed cluster
+	err := n.removeStaticResources(ctx, managedClients.kubeClient, managedClients.apiExtensionClient,
+		cleanManagedStaticResourceFiles, config)
+	if err != nil {
+		return err
+	}
+
+	// remove static file on the management cluster
+	err = n.removeStaticResources(ctx, n.kubeClient, n.apiExtensionClient, cleanManagementStaticResourceFiles, config)
+	if err != nil {
+		return err
+	}
+
+	// remove deleted resources
+	for kind, names := range deletedManagedResource {
+		switch kind {
+		case "ClusterRoleBindings":
+			for _, name := range names {
+				crb := fmt.Sprintf(name, config.KlusterletName)
+				err := managedClients.kubeClient.RbacV1().ClusterRoleBindings().Delete(ctx, crb, metav1.DeleteOptions{})
+				if err != nil && !errors.IsNotFound(err) {
+					return err
+				}
+			}
+		default:
+			klog.Warningf("Failed to clean %s", kind)
+		}
+	}
+	return nil
+}
+
 // applyDeployment applies deployment on the management cluster
 func (n *klusterletController) applyDeployment(ctx context.Context, klusterlet *operatorapiv1.Klusterlet, config *klusterletConfig, deploymentFile string, recorder events.Recorder) (
 	[]operatorapiv1.RelatedResourceMeta, operatorapiv1.GenerationStatus, error) {