From 1651d942911aa512c166bf902350323ae957d764 Mon Sep 17 00:00:00 2001
From: Timofei Larkin <lllamnyp@gmail.com>
Date: Thu, 13 Nov 2025 16:27:30 +0300
Subject: [PATCH] [kubernetes] Cleanup loadbalancer services

## What this PR does

Similar to an earlier issue with DataVolumes remaining after deleting
the tenant k8s cluster using them, a similar problem is observed with
LoadBalancer services consuming external IPs. This patch adds another
step to the cleanup Helm hook to delete any such services.

### Release note

```release-note
[kubernetes] Add a cleanup hook to delete LoadBalancer services after
deleting the tenant Kubernetes cluster that they were servicing.
```

Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
---
 .../templates/{csi => }/delete.yaml           | 27 ++++++++++++++-----
 1 file changed, 20 insertions(+), 7 deletions(-)
 rename packages/apps/kubernetes/templates/{csi => }/delete.yaml (73%)

diff --git a/packages/apps/kubernetes/templates/csi/delete.yaml b/packages/apps/kubernetes/templates/delete.yaml
similarity index 73%
rename from packages/apps/kubernetes/templates/csi/delete.yaml
rename to packages/apps/kubernetes/templates/delete.yaml
index 53a11af7..cd16cc99 100644
--- a/packages/apps/kubernetes/templates/csi/delete.yaml
+++ b/packages/apps/kubernetes/templates/delete.yaml
@@ -6,11 +6,11 @@ metadata:
     "helm.sh/hook": post-delete
     "helm.sh/hook-weight": "10"
     "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
-  name: {{ .Release.Name }}-datavolume-cleanup
+  name: {{ .Release.Name }}-cleanup
 spec:
   template:
     spec:
-      serviceAccountName: {{ .Release.Name }}-datavolume-cleanup
+      serviceAccountName: {{ .Release.Name }}-cleanup
       restartPolicy: Never
       tolerations:
         - key: CriticalAddonsOnly
@@ -28,12 +28,17 @@ spec:
               -l "cluster.x-k8s.io/cluster-name={{ .Release.Name }}"
               --ignore-not-found=true
 
+              kubectl -n {{ .Release.Namespace }} delete services
+              -l "cluster.x-k8s.io/cluster-name={{ .Release.Name }}"
+              --field-selector spec.type=LoadBalancer
+              --ignore-not-found=true
+
 
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ .Release.Name }}-datavolume-cleanup
+  name: {{ .Release.Name }}-cleanup
   annotations:
     helm.sh/hook: post-delete
     helm.sh/hook-delete-policy: before-hook-creation,hook-failed,hook-succeeded
@@ -46,7 +51,7 @@ metadata:
     "helm.sh/hook": post-delete
     "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
     "helm.sh/hook-weight": "5"
-  name: {{ .Release.Name }}-datavolume-cleanup
+  name: {{ .Release.Name }}-cleanup
 rules:
   - apiGroups:
       - "cdi.kubevirt.io"
@@ -56,6 +61,14 @@ rules:
       - get
       - list
       - delete
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -64,13 +77,13 @@ metadata:
     "helm.sh/hook": post-delete
     "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
     "helm.sh/hook-weight": "5"
-  name: {{ .Release.Name }}-datavolume-cleanup
+  name: {{ .Release.Name }}-cleanup
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: {{ .Release.Name }}-datavolume-cleanup
+  name: {{ .Release.Name }}-cleanup
 subjects:
   - kind: ServiceAccount
-    name: {{ .Release.Name }}-datavolume-cleanup
+    name: {{ .Release.Name }}-cleanup
     namespace: {{ .Release.Namespace }}