Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent orphaned certificates when deleting orphaned Kyma with skip-reconciliation #1965

Open
1 task
c-pius opened this issue Oct 16, 2024 · 0 comments
Open
1 task
Labels
kind/bug Categorizes issue or PR as related to a bug. kind/feature Categorizes issue or PR as related to a new feature.

Comments

@c-pius
Copy link
Contributor

c-pius commented Oct 16, 2024

Description

Original reported issue: #6304

We had a KymaCR with Deletion Timestamp and set skip-reconciliation label. The shoot was already de-provisioned and the kbueconfig secret was deleted. After removing the skip-reconciliation label, the KymaCR and manifests were deleted as expected. However, the watcher TLS certificate and related keys were kept. This behavior is also reproducible locally.

The problem is likely that Certificate cleanup is part of Kyma reconciliation loop. The only place where we trigger the cleanup is here as part of handling "Deleting" state:

if err := r.SKRWebhookManager.Remove(ctx, kyma); err != nil {

We however don't enter the "Deleting" state as the secret is already gone.

Reasons

Don't produce orphaned resources

Acceptance Criteria

  • TLS certificate and secret removed, even though Kyma may have skipped Deleting state

Feature Testing

No response

Testing approach

No response

Attachments

No response

@c-pius c-pius added kind/feature Categorizes issue or PR as related to a new feature. kind/bug Categorizes issue or PR as related to a bug. labels Oct 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Categorizes issue or PR as related to a bug. kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Development

No branches or pull requests

1 participant