Allow control of finalization garbage collection

Signed-off-by: Erik Godding Boye <[email protected]>
Co-authored-by: Stefan Prodan <[email protected]>
Co-authored-by: Amund Tenstad <[email protected]>

api/v1/kustomization_types.go

@@ -33,6 +33,10 @@ const (
 	MergeValue                = "Merge"
 	IfNotPresentValue         = "IfNotPresent"
 	IgnoreValue               = "Ignore"
+
+	DeletionPolicyMirrorPrune = "MirrorPrune"
+	DeletionPolicyDelete      = "Delete"
+	DeletionPolicyOrphan      = "Orphan"
 )
 
 // KustomizationSpec defines the configuration to calculate the desired state
@@ -95,6 +99,14 @@ type KustomizationSpec struct {
 	// +required
 	Prune bool `json:"prune"`
 
+	// DeletionPolicy can be used to control garbage collection when this
+	// Kustomization is deleted. Valid values are ('MirrorPrune', 'Delete',
+	// 'Orphan'). 'MirrorPrune' mirrors the Prune field (false = 'Ophan',
+	// true = 'Delete'). Defaults to 'MirrorPrune'.
+	// +kubebuilder:validation:Enum=MirrorPrune;Delete;Orphan
+	// +optional
+	DeletionPolicy string `json:"deletionPolicy,omitempty"`
+
 	// A list of resources to be included in the health assessment.
 	// +optional
 	HealthChecks []meta.NamespacedObjectKindReference `json:"healthChecks,omitempty"`
@@ -287,6 +299,14 @@ func (in Kustomization) GetRequeueAfter() time.Duration {
 	return in.Spec.Interval.Duration
 }
 
+// GetDeletionPolicy returns the deletion policy and default value if not specified.
+func (in Kustomization) GetDeletionPolicy() string {
+	if in.Spec.DeletionPolicy == "" {
+		return DeletionPolicyMirrorPrune
+	}
+	return in.Spec.DeletionPolicy
+}
+
 // GetDependsOn returns the list of dependencies across-namespaces.
 func (in Kustomization) GetDependsOn() []meta.NamespacedObjectReference {
 	return in.Spec.DependsOn

config/crd/bases/kustomize.toolkit.fluxcd.io_kustomizations.yaml

@@ -98,6 +98,17 @@ spec:
                 required:
                 - provider
                 type: object
+              deletionPolicy:
+                description: |-
+                  DeletionPolicy can be used to control garbage collection when this
+                  Kustomization is deleted. Valid values are ('MirrorPrune', 'Delete',
+                  'Orphan'). 'MirrorPrune' mirrors the Prune field (false = 'Ophan',
+                  true = 'Delete'). Defaults to 'MirrorPrune'.
+                enum:
+                - MirrorPrune
+                - Delete
+                - Orphan
+                type: string
               dependsOn:
                 description: |-
                   DependsOn may contain a meta.NamespacedObjectReference slice

docs/api/v1/kustomize.md

@@ -208,6 +208,21 @@ bool
 </tr>
 <tr>
 <td>
+<code>deletionPolicy</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>DeletionPolicy can be used to control garbage collection when this
+Kustomization is deleted. Valid values are (&lsquo;MirrorPrune&rsquo;, &lsquo;Delete&rsquo;,
+&lsquo;Orphan&rsquo;). &lsquo;MirrorPrune&rsquo; mirrors the Prune field (false = &lsquo;Ophan&rsquo;,
+true = &lsquo;Delete&rsquo;). Defaults to &lsquo;MirrorPrune&rsquo;.</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>healthChecks</code><br>
 <em>
 <a href="https://godoc.org/github.com/fluxcd/pkg/apis/meta#NamespacedObjectKindReference">
@@ -716,6 +731,21 @@ bool
 </tr>
 <tr>
 <td>
+<code>deletionPolicy</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>DeletionPolicy can be used to control garbage collection when this
+Kustomization is deleted. Valid values are (&lsquo;MirrorPrune&rsquo;, &lsquo;Delete&rsquo;,
+&lsquo;Orphan&rsquo;). &lsquo;MirrorPrune&rsquo; mirrors the Prune field (false = &lsquo;Ophan&rsquo;,
+true = &lsquo;Delete&rsquo;). Defaults to &lsquo;MirrorPrune&rsquo;.</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>healthChecks</code><br>
 <em>
 <a href="https://godoc.org/github.com/fluxcd/pkg/apis/meta#NamespacedObjectKindReference">

docs/spec/v1/kustomizations.md

@@ -169,6 +169,39 @@ kustomize.toolkit.fluxcd.io/prune: disabled
 For details on how the controller tracks Kubernetes objects and determines what
 to garbage collect, see [`.status.inventory`](#inventory).
 
+### Deletion policy
+
+`.spec.deletionPolicy` is an optional field that is allowing control over
+garbage collection when a Kustomization object is deleted. The default behavior
+is to mirror the value of [`.spec.prune`](#prune).
+
+Valid values:
+
+- `MirrorPrune` (default) - The managed resources will be deleted if `prune` is
+  `true` and orphaned if `false`.
+- `Delete` - Ensure the managed resources are deleted before the Kustomization
+   is finalized.
+- `Orphan` - Leave the managed resources when the Kustomization is deleted.
+
+For special cases when the managed resources are removed by other means (e.g.
+the deletion of the namespace specified with
+[`.spec.targetNamespace`](#target-namespace)), you can set the deletion policy
+to `Orphan`:
+
+```yaml
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: app
+  namespace: tenant
+spec:
+  # ...omitted for brevity
+  targetNamespace: app-namespace
+  prune: true
+  deletionPolicy: Orphan
+```
+
 ### Interval
 
 `.spec.interval` is a required field that specifies the interval at which the

internal/controller/kustomization_controller.go

@@ -956,10 +956,17 @@ func (r *KustomizationReconciler) prune(ctx context.Context,
 	return false, nil
 }
 
+func finalizerShouldDeleteResources(obj *kustomizev1.Kustomization) bool {
+	if obj.GetDeletionPolicy() == kustomizev1.DeletionPolicyMirrorPrune {
+		return obj.Spec.Prune
+	}
+	return obj.Spec.DeletionPolicy == kustomizev1.DeletionPolicyDelete
+}
+
 func (r *KustomizationReconciler) finalize(ctx context.Context,
 	obj *kustomizev1.Kustomization) (ctrl.Result, error) {
 	log := ctrl.LoggerFrom(ctx)
-	if obj.Spec.Prune &&
+	if finalizerShouldDeleteResources(obj) &&
 		!obj.Spec.Suspend &&
 		obj.Status.Inventory != nil &&
 		obj.Status.Inventory.Entries != nil {