Reconcile delete logic

.gitignore

@@ -28,7 +28,7 @@ go.work
 
 # custom
 bin/
-crd/
+/crd/
 hack/deploy/cluster.yaml
 helm/
 build/

cmd/manager/main.go

@@ -256,9 +256,9 @@ func capiCRDExists(k8sClient client.Client) (bool, error) {
 	if err != nil {
 		if k8serrors.IsNotFound(err) {
 			return false, nil
-		} else {
-			return false, err
 		}
+
+		return false, err
 	}
 	return true, nil
 }

config/crd/bases/argora.cloud.sap_clusterimports.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.1
+    controller-gen.kubebuilder.io/version: v0.20.0
   name: clusterimports.argora.cloud.sap
 spec:
   group: argora.cloud.sap

config/crd/bases/argora.cloud.sap_ippoolimports.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.1
+    controller-gen.kubebuilder.io/version: v0.20.0
   name: ippoolimports.argora.cloud.sap
 spec:
   group: argora.cloud.sap

config/crd/bases/argora.cloud.sap_updates.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.1
+    controller-gen.kubebuilder.io/version: v0.20.0
   name: updates.argora.cloud.sap
 spec:
   group: argora.cloud.sap

config/rbac/role.yaml

@@ -96,11 +96,20 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ipam.cluster.x-k8s.io
+  resources:
+  - ipaddressclaims
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ipam.cluster.x-k8s.io
   resources:
   - ipaddresses
   verbs:
+  - get
   - list
   - patch
   - update
@@ -119,6 +128,14 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - metal.ironcore.dev
+  resources:
+  - serverclaims
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - metal3.io
   resources:

internal/controller/ipupdate_controller.go

@@ -12,7 +12,9 @@ import (
 
 	metalv1alpha1 "github.com/ironcore-dev/metal-operator/api/v1alpha1"
 	"github.com/sapcc/go-netbox-go/models"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	ipamv1 "sigs.k8s.io/cluster-api/api/ipam/v1beta2"
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
 	"github.com/sapcc/argora/internal/credentials"
 	"github.com/sapcc/argora/internal/netbox"
@@ -26,6 +28,8 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log"
 )
 
+const ipAddressFinalizer = "ipupdate.argora.cloud.sap.com/finalizer"
+
 // IPUpdateReconciler reconciles a ipam.cluster.x-k8s.io.IPAddress object
 type IPUpdateReconciler struct {
 	k8sClient   client.Client
@@ -62,10 +66,15 @@ func (r *IPUpdateReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 	ipAddress := &ipamv1.IPAddress{}
 	err := r.k8sClient.Get(ctx, req.NamespacedName, ipAddress)
 	if err != nil {
+		if apierrors.IsNotFound(err) {
+			return ctrl.Result{}, nil
+		}
 		logger.Error(err, "unable to get IP Address CR")
 		return ctrl.Result{}, err
 	}
 
+	logger = logger.WithValues("ipAddress", getIPWithMask(ipAddress))
+
 	err = r.credentials.Reload()
 	if err != nil {
 		logger.Error(err, "unable to reload credentials")
@@ -80,13 +89,42 @@ func (r *IPUpdateReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 		return ctrl.Result{}, err
 	}
 
+	if !ipAddress.DeletionTimestamp.IsZero() {
+		ctx = log.IntoContext(ctx, logger)
+
+		if err = r.reconcileDelete(ctx, ipAddress); err != nil {
+			logger.Error(err, "unable to delete IP Address")
+			return ctrl.Result{}, err
+		}
+
+		base := ipAddress.DeepCopy()
+		if removed := controllerutil.RemoveFinalizer(ipAddress, ipAddressFinalizer); removed {
+			if err := r.k8sClient.Patch(ctx, ipAddress, client.MergeFrom(base)); err != nil {
+				logger.Error(err, "unable to remove finalizer")
+				return ctrl.Result{}, err
+			}
+		}
+
+		return ctrl.Result{}, nil
+	}
+
+	base := ipAddress.DeepCopy()
+	if added := controllerutil.AddFinalizer(ipAddress, ipAddressFinalizer); added {
+		if err := r.k8sClient.Patch(ctx, ipAddress, client.MergeFrom(base)); err != nil {
+			logger.Error(err, "unable to add finalizer")
+			return ctrl.Result{}, err
+		}
+
+		return ctrl.Result{}, nil
+	}
+
 	deviceName, err := r.findDeviceName(ctx, req.Namespace, ipAddress)
 	if err != nil {
 		logger.Error(err, "unable to find device name")
 		return ctrl.Result{}, err
 	}
 
-	logger = logger.WithValues("deviceName", deviceName, "deviceIP", ipAddress.Spec.Address)
+	logger = logger.WithValues("deviceName", deviceName)
 	logger.Info("device found")
 
 	device, err := r.netBox.DCIM().GetDeviceByName(deviceName)
@@ -117,6 +155,33 @@ func (r *IPUpdateReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 	return ctrl.Result{}, nil
 }
 
+func getIPWithMask(ipaddr *ipamv1.IPAddress) string {
+	if ipaddr == nil || ipaddr.Spec.Prefix == nil {
+		return ""
+	}
+
+	return fmt.Sprintf("%s/%d", ipaddr.Spec.Address, *ipaddr.Spec.Prefix)
+}
+
+func (r *IPUpdateReconciler) reconcileDelete(ctx context.Context, ipAddr *ipamv1.IPAddress) error {
+	logger := log.FromContext(ctx)
+	logger.Info("deleting IP Address")
+
+	ipStr := getIPWithMask(ipAddr)
+
+	nbIP, err := r.netBox.IPAM().GetIPAddressByAddress(ipStr)
+	if err != nil {
+		logger.Error(err, "unable to find IP netbox ip address, NetBox IP will not be removed")
+		return nil
+	}
+
+	if err = r.netBox.IPAM().DeleteIPAddress(nbIP.ID); err != nil {
+		return fmt.Errorf("delete ip from netbox: %w", err)
+	}
+
+	return nil
+}
+
 func (r *IPUpdateReconciler) findDeviceName(ctx context.Context, namespace string, ipAddr *ipamv1.IPAddress) (string, error) {
 	claimName := ipAddr.Spec.ClaimRef.Name