Prevent orphaned certificates when deleting orphaned Kyma with skip-reconciliation #1965
Labels
kind/bug
Categorizes issue or PR as related to a bug.
kind/feature
Categorizes issue or PR as related to a new feature.
Description
Original reported issue:
#6304
We had a KymaCR with Deletion Timestamp and set skip-reconciliation label. The shoot was already de-provisioned and the kbueconfig secret was deleted. After removing the skip-reconciliation label, the KymaCR and manifests were deleted as expected. However, the watcher TLS certificate and related keys were kept. This behavior is also reproducible locally.
The problem is likely that Certificate cleanup is part of Kyma reconciliation loop. The only place where we trigger the cleanup is here as part of handling "Deleting" state:
lifecycle-manager/internal/controller/kyma/controller.go
Line 392 in 5eddd74
We however don't enter the "Deleting" state as the secret is already gone.
Reasons
Don't produce orphaned resources
Acceptance Criteria
Feature Testing
No response
Testing approach
No response
Attachments
No response
The text was updated successfully, but these errors were encountered: