vmsingle, vlogs: set ownerreference on all pvcs

api/operator/v1beta1/vmextra_types.go

@@ -42,6 +42,7 @@ const (
 	// FinalizerName name of vm-operator finalizer.
 	FinalizerName            = "apps.victoriametrics.com/finalizer"
 	SkipValidationAnnotation = "operator.victoriametrics.com/skip-validation"
+	APIGroup                 = "operator.victoriametrics.com"
 	SkipValidationValue      = "true"
 	AdditionalServiceLabel   = "operator.victoriametrics.com/additional-service"
 	// PVCExpandableLabel controls checks for storageClass
@@ -131,19 +132,37 @@ func isContainsFinalizer(src []string) bool {
 // RemoveFinalizer - removes vm-operator finalizer from finalizers list.
 // executes provided callback if finalizer found
 func RemoveFinalizer(src client.Object, andThen func(client.Object) error) error {
+	return RemoveFinalizerWithOwnerReference(src, true, andThen)
+}
+
+func RemoveFinalizerWithOwnerReference(src client.Object, keepOwnerReference bool, andThen func(client.Object) error) error {
 	existFinalizers := src.GetFinalizers()
-	var wasFinalizerFound bool
-	dst := existFinalizers[:0]
+	var wasFound bool
+	dstFinalizers := existFinalizers[:0]
 	// filter in-place
 	for _, s := range existFinalizers {
 		if s == FinalizerName {
-			wasFinalizerFound = true
+			wasFound = true
 			continue
 		}
-		dst = append(dst, s)
+		dstFinalizers = append(dstFinalizers, s)
+	}
+	src.SetFinalizers(dstFinalizers)
+	if !keepOwnerReference {
+		existOwnerReferences := src.GetOwnerReferences()
+		dstOwnerReferences := existOwnerReferences[:0]
+		// filter in-place
+		for _, s := range existOwnerReferences {
+			if strings.HasPrefix(s.APIVersion, APIGroup) {
+				wasFound = true
+				continue
+			}
+			dstOwnerReferences = append(dstOwnerReferences, s)
+		}
+		src.SetOwnerReferences(dstOwnerReferences)
 	}
-	src.SetFinalizers(dst)
-	if wasFinalizerFound && andThen != nil {
+
+	if wasFound && andThen != nil {
 		return andThen(src)
 	}
 	return nil

docs/vars.md

@@ -10,14 +10,14 @@ aliases:
   - /operator/vars/index.html
 ---
 <!-- this doc autogenerated - don't edit it manually -->
- updated at Fri Aug  9 18:57:09 UTC 2024
+ updated at Fri Aug 30 10:04:35 UTC 2024
 
 
 | variable name | variable default value | variable required | variable description |
 | --- | --- | --- | --- |
 | VM_USECUSTOMCONFIGRELOADER | false | false | enables custom config reloader for vmauth and vmagent,it should speed-up config reloading process. |
 | VM_CONTAINERREGISTRY | - | false | container registry name prefix, e.g. docker.io |
-| VM_CUSTOMCONFIGRELOADERIMAGE | victoriametrics/operator:config-reloader-v0.43.0 | false | - |
+| VM_CUSTOMCONFIGRELOADERIMAGE | victoriametrics/operator:config-reloader-v0.47.2 | false | - |
 | VM_PSPAUTOCREATEENABLED | false | false | - |
 | VM_VLOGSDEFAULT_IMAGE | victoriametrics/victoria-logs | false | - |
 | VM_VLOGSDEFAULT_VERSION | v0.28.0-victorialogs | false | - |
@@ -28,7 +28,7 @@ aliases:
 | VM_VLOGSDEFAULT_RESOURCE_REQUEST_MEM | 500Mi | false | - |
 | VM_VLOGSDEFAULT_RESOURCE_REQUEST_CPU | 150m | false | - |
 | VM_VMALERTDEFAULT_IMAGE | victoriametrics/vmalert | false | - |
-| VM_VMALERTDEFAULT_VERSION | v1.102.0 | false | - |
+| VM_VMALERTDEFAULT_VERSION | v1.103.0 | false | - |
 | VM_VMALERTDEFAULT_PORT | 8080 | false | - |
 | VM_VMALERTDEFAULT_USEDEFAULTRESOURCES | true | false | - |
 | VM_VMALERTDEFAULT_RESOURCE_LIMIT_MEM | 500Mi | false | - |
@@ -39,7 +39,7 @@ aliases:
 | VM_VMALERTDEFAULT_CONFIGRELOADERMEMORY | 25Mi | false | - |
 | VM_VMALERTDEFAULT_CONFIGRELOADIMAGE | jimmidyson/configmap-reload:v0.3.0 | false | - |
 | VM_VMAGENTDEFAULT_IMAGE | victoriametrics/vmagent | false | - |
-| VM_VMAGENTDEFAULT_VERSION | v1.102.0 | false | - |
+| VM_VMAGENTDEFAULT_VERSION | v1.103.0 | false | - |
 | VM_VMAGENTDEFAULT_CONFIGRELOADIMAGE | quay.io/prometheus-operator/prometheus-config-reloader:v0.68.0 | false | - |
 | VM_VMAGENTDEFAULT_PORT | 8429 | false | - |
 | VM_VMAGENTDEFAULT_USEDEFAULTRESOURCES | true | false | - |
@@ -50,7 +50,7 @@ aliases:
 | VM_VMAGENTDEFAULT_CONFIGRELOADERCPU | 100m | false | - |
 | VM_VMAGENTDEFAULT_CONFIGRELOADERMEMORY | 25Mi | false | - |
 | VM_VMSINGLEDEFAULT_IMAGE | victoriametrics/victoria-metrics | false | - |
-| VM_VMSINGLEDEFAULT_VERSION | v1.102.0 | false | - |
+| VM_VMSINGLEDEFAULT_VERSION | v1.103.0 | false | - |
 | VM_VMSINGLEDEFAULT_PORT | 8429 | false | - |
 | VM_VMSINGLEDEFAULT_USEDEFAULTRESOURCES | true | false | - |
 | VM_VMSINGLEDEFAULT_RESOURCE_LIMIT_MEM | 1500Mi | false | - |
@@ -61,14 +61,14 @@ aliases:
 | VM_VMSINGLEDEFAULT_CONFIGRELOADERMEMORY | 25Mi | false | - |
 | VM_VMCLUSTERDEFAULT_USEDEFAULTRESOURCES | true | false | - |
 | VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_IMAGE | victoriametrics/vmselect | false | - |
-| VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_VERSION | v1.102.0-cluster | false | - |
+| VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_VERSION | v1.103.0-cluster | false | - |
 | VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_PORT | 8481 | false | - |
 | VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_RESOURCE_LIMIT_MEM | 1000Mi | false | - |
 | VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_RESOURCE_LIMIT_CPU | 500m | false | - |
 | VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_RESOURCE_REQUEST_MEM | 500Mi | false | - |
 | VM_VMCLUSTERDEFAULT_VMSELECTDEFAULT_RESOURCE_REQUEST_CPU | 100m | false | - |
 | VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_IMAGE | victoriametrics/vmstorage | false | - |
-| VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_VERSION | v1.102.0-cluster | false | - |
+| VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_VERSION | v1.103.0-cluster | false | - |
 | VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_VMINSERTPORT | 8400 | false | - |
 | VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_VMSELECTPORT | 8401 | false | - |
 | VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_PORT | 8482 | false | - |
@@ -77,7 +77,7 @@ aliases:
 | VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_RESOURCE_REQUEST_MEM | 500Mi | false | - |
 | VM_VMCLUSTERDEFAULT_VMSTORAGEDEFAULT_RESOURCE_REQUEST_CPU | 250m | false | - |
 | VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_IMAGE | victoriametrics/vminsert | false | - |
-| VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_VERSION | v1.102.0-cluster | false | - |
+| VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_VERSION | v1.103.0-cluster | false | - |
 | VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_PORT | 8480 | false | - |
 | VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_RESOURCE_LIMIT_MEM | 500Mi | false | - |
 | VM_VMCLUSTERDEFAULT_VMINSERTDEFAULT_RESOURCE_LIMIT_CPU | 500m | false | - |
@@ -96,7 +96,7 @@ aliases:
 | VM_VMALERTMANAGER_RESOURCE_REQUEST_CPU | 30m | false | - |
 | VM_DISABLESELFSERVICESCRAPECREATION | false | false | - |
 | VM_VMBACKUP_IMAGE | victoriametrics/vmbackupmanager | false | - |
-| VM_VMBACKUP_VERSION | v1.102.0-enterprise | false | - |
+| VM_VMBACKUP_VERSION | v1.103.0-enterprise | false | - |
 | VM_VMBACKUP_PORT | 8300 | false | - |
 | VM_VMBACKUP_USEDEFAULTRESOURCES | true | false | - |
 | VM_VMBACKUP_RESOURCE_LIMIT_MEM | 500Mi | false | - |
@@ -105,7 +105,7 @@ aliases:
 | VM_VMBACKUP_RESOURCE_REQUEST_CPU | 150m | false | - |
 | VM_VMBACKUP_LOGLEVEL | INFO | false | - |
 | VM_VMAUTHDEFAULT_IMAGE | victoriametrics/vmauth | false | - |
-| VM_VMAUTHDEFAULT_VERSION | v1.102.0 | false | - |
+| VM_VMAUTHDEFAULT_VERSION | v1.103.0 | false | - |
 | VM_VMAUTHDEFAULT_CONFIGRELOADIMAGE | quay.io/prometheus-operator/prometheus-config-reloader:v0.68.0 | false | - |
 | VM_VMAUTHDEFAULT_PORT | 8427 | false | - |
 | VM_VMAUTHDEFAULT_USEDEFAULTRESOURCES | true | false | - |
@@ -137,4 +137,4 @@ aliases:
 | VM_PODWAITREADYINITDELAY | 10s | false | - |
 | VM_FORCERESYNCINTERVAL | 60s | false | configures force resync interval for VMAgent, VMAlert, VMAlertmanager and VMAuth. |
 | VM_ENABLESTRICTSECURITY | false | false | EnableStrictSecurity will add default `securityContext` to pods and containers created by operatorDefault PodSecurityContext include:1. RunAsNonRoot: true2. RunAsUser/RunAsGroup/FSGroup: 65534'65534' refers to 'nobody' in all the used default images like alpine, busybox.If you're using customize image, please make sure '65534' is a valid uid in there or specify SecurityContext.3. FSGroupChangePolicy: &onRootMismatchIf KubeVersion>=1.20, use `FSGroupChangePolicy="onRootMismatch"` to skip the recursive permission changewhen the root of the volume already has the correct permissions4. SeccompProfile:type: RuntimeDefaultUse `RuntimeDefault` seccomp profile by default, which is defined by the container runtime,instead of using the Unconfined (seccomp disabled) mode.Default container SecurityContext include:1. AllowPrivilegeEscalation: false2. ReadOnlyRootFilesystem: true3. Capabilities:drop:- allturn off `EnableStrictSecurity` by default, see https://github.com/VictoriaMetrics/operator/issues/749 for details |
-[envconfig-sum]: e9e93721c4232b8d21d8195387649304
+[envconfig-sum]: 4560053e758cdaf3d11170e5bf296de4

internal/controller/operator/factory/finalize/common.go

@@ -25,11 +25,17 @@ type crdObject interface {
 }
 
 func patchReplaceFinalizers(ctx context.Context, rclient client.Client, instance client.Object) error {
-	op := []map[string]interface{}{{
-		"op":    "replace",
-		"path":  "/metadata/finalizers",
-		"value": instance.GetFinalizers(),
-	}}
+	op := []map[string]interface{}{
+		{
+			"op":    "replace",
+			"path":  "/metadata/finalizers",
+			"value": instance.GetFinalizers(),
+		}, {
+			"op":    "replace",
+			"path":  "/metadata/ownerReferences",
+			"value": instance.GetOwnerReferences(),
+		},
+	}
 
 	patchData, err := json.Marshal(op)
 	if err != nil {
@@ -56,13 +62,17 @@ func RemoveFinalizer(ctx context.Context, rclient client.Client, instance client
 }
 
 func removeFinalizeObjByName(ctx context.Context, rclient client.Client, obj client.Object, name, ns string) error {
+	return removeFinalizeObjByNameWithOwnerReference(ctx, rclient, obj, name, ns, true)
+}
+
+func removeFinalizeObjByNameWithOwnerReference(ctx context.Context, rclient client.Client, obj client.Object, name, ns string, keepOwnerReference bool) error {
 	if err := rclient.Get(ctx, types.NamespacedName{Name: name, Namespace: ns}, obj); err != nil {
 		if errors.IsNotFound(err) {
 			return nil
 		}
 		return err
 	}
-	return vmv1beta1.RemoveFinalizer(obj, func(o client.Object) error {
+	return vmv1beta1.RemoveFinalizerWithOwnerReference(obj, keepOwnerReference, func(o client.Object) error {
 		return patchReplaceFinalizers(ctx, rclient, o)
 	})
 }

internal/controller/operator/factory/finalize/vlogs.go

@@ -20,7 +20,7 @@ func OnVLogsDelete(ctx context.Context, rclient client.Client, crd *vmv1beta1.VL
 		return err
 	}
 	if crd.Spec.Storage != nil {
-		if err := removeFinalizeObjByName(ctx, rclient, &v1.PersistentVolumeClaim{}, crd.PrefixedName(), crd.Namespace); err != nil {
+		if err := removeFinalizeObjByNameWithOwnerReference(ctx, rclient, &v1.PersistentVolumeClaim{}, crd.PrefixedName(), crd.Namespace, crd.Spec.RemovePvcAfterDelete); err != nil {
 			return err
 		}
 	}

internal/controller/operator/factory/finalize/vmsingle.go

@@ -20,7 +20,7 @@ func OnVMSingleDelete(ctx context.Context, rclient client.Client, crd *vmv1beta1
 		return err
 	}
 	if crd.Spec.Storage != nil {
-		if err := removeFinalizeObjByName(ctx, rclient, &v1.PersistentVolumeClaim{}, crd.PrefixedName(), crd.Namespace); err != nil {
+		if err := removeFinalizeObjByNameWithOwnerReference(ctx, rclient, &v1.PersistentVolumeClaim{}, crd.PrefixedName(), crd.Namespace, crd.Spec.RemovePvcAfterDelete); err != nil {
 			return err
 		}
 	}

internal/controller/operator/factory/vlogs/vlogs.go

@@ -68,17 +68,15 @@ func CreateVLogsStorage(ctx context.Context, r *vmv1beta1.VLogs, rclient client.
 func makeVLogsPvc(r *vmv1beta1.VLogs) *corev1.PersistentVolumeClaim {
 	pvcObject := &corev1.PersistentVolumeClaim{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:        r.PrefixedName(),
-			Namespace:   r.Namespace,
-			Labels:      labels.Merge(r.Spec.StorageMetadata.Labels, r.SelectorLabels()),
-			Annotations: r.Spec.StorageMetadata.Annotations,
-			Finalizers:  []string{vmv1beta1.FinalizerName},
+			Name:            r.PrefixedName(),
+			Namespace:       r.Namespace,
+			Labels:          labels.Merge(r.Spec.StorageMetadata.Labels, r.SelectorLabels()),
+			Annotations:     r.Spec.StorageMetadata.Annotations,
+			Finalizers:      []string{vmv1beta1.FinalizerName},
+			OwnerReferences: r.AsOwner(),
 		},
 		Spec: *r.Spec.Storage,
 	}
-	if r.Spec.RemovePvcAfterDelete {
-		pvcObject.OwnerReferences = r.AsOwner()
-	}
 	return pvcObject
 }
 

internal/controller/operator/factory/vmsingle/vmsingle.go

@@ -70,17 +70,15 @@ func CreateVMSingleStorage(ctx context.Context, cr *vmv1beta1.VMSingle, rclient
 func makeVMSinglePvc(cr *vmv1beta1.VMSingle) *corev1.PersistentVolumeClaim {
 	pvcObject := &corev1.PersistentVolumeClaim{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:        cr.PrefixedName(),
-			Namespace:   cr.Namespace,
-			Labels:      labels.Merge(cr.Spec.StorageMetadata.Labels, cr.SelectorLabels()),
-			Annotations: cr.Spec.StorageMetadata.Annotations,
-			Finalizers:  []string{vmv1beta1.FinalizerName},
+			Name:            cr.PrefixedName(),
+			Namespace:       cr.Namespace,
+			Labels:          labels.Merge(cr.Spec.StorageMetadata.Labels, cr.SelectorLabels()),
+			Annotations:     cr.Spec.StorageMetadata.Annotations,
+			Finalizers:      []string{vmv1beta1.FinalizerName},
+			OwnerReferences: cr.AsOwner(),
 		},
 		Spec: *cr.Spec.Storage,
 	}
-	if cr.Spec.RemovePvcAfterDelete {
-		pvcObject.OwnerReferences = cr.AsOwner()
-	}
 	return pvcObject
 }