Secret ownerReferences not restored #6979
Comments
k8s-ci-robot
added
kind/cleanup
fabriziopandini
added
triage/accepted
|
Is this related (only) to the KCP secrets? Naively I would have assumed that when we create Secrets with ownerRefs we should also adopt them after restore (~ at the same place in the code). |
|
I think this is the relevant code for kubeadmconfig: In this function we only set the owner references on generating the secrets, if the secrets exist and has a correctly formatted KeyPair we don't re-add the owner references. |
|
Could be a good place to "adopt" if the ownerRefs of the current secrets are missing (not sure what is executed after the initial create) |
|
/assign |
|
@killianmuldoon: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
When Cluster API is backed up and restored the ownerReferences on the Kubernetes Secrets relating to the cluster are not restored. This doesn't seem to cause issues in the functioning of the cluster, but it causes these Secrets to not be deleted when the Cluster is deleted.
The following flow then results in an error as some of the secrets continue to exist unexpectedly.
There is no reconciler that watches Secrets in CAPI, so there's no obvious place to restore the references. Some options for improving this situation:
kubectl delete secrets -l cluster.x-k8s.io/cluster-name=cloister(or similar) should be run as part of cleaning up a Cluster API cluster./kind cleanup
/area ux
May be related to other orphaned object cleanups e.g.
#6863
The text was updated successfully, but these errors were encountered: