dotnet-operator-sdk icon indicating copy to clipboard operation
dotnet-operator-sdk copied to clipboard

Published 20 hours ago verified publisher icon buehler

[bug]: Garbage collection of cluster-wide resources owned by operator deployment fails

Open anekdoti opened this issue 2 years ago • 2 comments

Describe the bug

The installation of webhooks in the init container of the operator creates a service as well as a ValidatingWebhookConfiguration and a MutatingWebhookConfiguration. All three resources are created with an owner reference to the deployment of the operator. However, the latter two resources are cluster-wide, and thus can not be owned by a namespaced resource the deployment (see https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/#owner-references-in-object-specifications). Hence, the resources are not cleaned up on removal of the operator deployment but instead generate warning events as described in the link above.

To reproduce

  1. Deploy a KubeOps operator on your Kubernetes cluster
  2. Remove the operator deployment

Expected behavior

The ValidatingWebhookConfiguration and the MutatingWebhookConfiguration are cleaned up as well.

Screenshots

The warning event created for each of the two mentioned resources:

  Type     Reason                    Age    From                          Message
  ----     ------                    ----   ----                          -------
  Warning  OwnerRefInvalidNamespace  3m42s  garbage-collector-controller  ownerRef [apps/v1/Deployment, namespace: , name: my-operator, uid: 46c64771-eedf-41ca-b65c-d28b6f9326d7] does not exist in namespace ""

Additional Context

Kubernetes: v1.23 KubeOps: 7.0.6

anekdoti avatar Feb 08 '23 17:02 anekdoti

A possible fix might be to not set the owner references to the Deployment, but e.g. to the ClusterRoleBinding.

anekdoti avatar Feb 17 '23 14:02 anekdoti

This absolutely makes sense :-D did not know that was the case

buehler avatar Feb 23 '23 13:02 buehler