Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 delete kubeconfig secret as part of cluster deletion #1431

Closed
wants to merge 1 commit into from
Closed

🐛 delete kubeconfig secret as part of cluster deletion #1431

wants to merge 1 commit into from

Conversation

andrewsykim
Copy link
Member

Signed-off-by: Andrew Sy Kim kiman@vmware.com

What this PR does / why we need it:
Deletes kubeconfig secret as part of cluster reconcile on delete. Wasn't sure if we intentionally left out kubeconfig, but the patch was small enough so I didn't mind opening the PR anyways.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

@andrewsykim
delete cluster kubeconfig as part of cluster deletion
cc24b7e 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: andrewsykim
To complete the pull request process, please assign detiber
You can assign the PR to them by writing /assign @detiber in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Sep 23, 2019
andrewsykim
andrewsykim commented Sep 23, 2019
View reviewed changes
controllers/cluster_controller.go
@@ -243,6 +244,14 @@ func (r *ClusterReconciler) listChildren(ctx context.Context, cluster *clusterv1
}
controlPlaneMachines, machines := splitMachineList(allMachines)

secrets := &corev1.SecretList{}
secretsListOptions := []client.ListOption{
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Secret list has it's own list options because we don't apply the cluster.x-k8s.io/cluster-name label to secret resources (maybe we should?).

@andrewsykim andrewsykim changed the title 🐛 delete cluster kubeconfig as part of cluster deletion 🐛 delete kubeconfig secret as part of cluster deletion Sep 23, 2019
@andrewsykim andrewsykim mentioned this pull request Sep 23, 2019
Closed
ncdc
ncdc reviewed Sep 23, 2019
View reviewed changes
controllers/cluster_controller.go
secretsListOptions := []client.ListOption{
client.InNamespace(cluster.Namespace),
}
if err := r.Client.List(ctx, secrets, secretsListOptions...); err != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can't delete all secrets in the namespace!

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reconcileDelete does a check for OwnerRef before deleting though?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/kubernetes-sigs/cluster-api/blob/master/controllers/cluster_controller.go#L176-L194

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, right (but it's in eachFunc)

@ncdc
Copy link
Contributor

ncdc commented Sep 23, 2019

The kubeconfig secret has an OwnerReference to the cluster. It is removed when the cluster is deleted.

@vincepri
Copy link
Member

This should have been fixed with #1403

@ncdc
Copy link
Contributor

ncdc commented Sep 23, 2019

We explicitly deal with MachineDeployments, MachineSets, and Machines because we have to delete them in the right order, and kubectl by default does background deletion. We need foreground (we have to delete everything before we delete the cluster), and there's no way for a user to do that with kubectl today, and it's bad UX if we make the user responsible for deleting it "the right way"

@andrewsykim
Copy link
Member Author

Ah, we don't have the OwnerRef set on Secret yet cause we don't have #1403 which explains why it was not deleted. Will report back on this after we pull in #1403. Thanks all!

/close

@k8s-ci-robot
Copy link
Contributor

@andrewsykim: Closed this PR.

In response to this:

Ah, we don't have the OwnerRef set on Secret yet cause we don't have #1403 which explains why it was not deleted. Will report back on this after we pull in #1403. Thanks all!

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ncdc ncdc ncdc left review comments

@detiber detiber Awaiting requested review from detiber

@vincepri vincepri Awaiting requested review from vincepri

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@andrewsykim @k8s-ci-robot @ncdc @vincepri