PoliciBinding objects are not deleted from K8s

We are experiencing problems with policy bindings that are not getting removed from Kubernetes when deleting user, policy and policybinding objects simultaneously that are referring to each other.

The users and policies are removed from MinIO.

Example policybinding object that did not get deleted from K8s:

apiVersion: bfiola.dev/v1
kind: MinioPolicyBinding
metadata:
  annotations:
    meta.helm.sh/release-name: ci-9aefe4a9-typescript-react-template-tenant
    meta.helm.sh/release-namespace: ci-9aefe4a9-services-typescript-react-template
  creationTimestamp: "2024-10-16T19:20:53Z"
  deletionGracePeriodSeconds: 0
  deletionTimestamp: "2024-10-16T19:22:43Z"
  finalizers:
  - bfiola.dev/minio-operator-ext
  generation: 4
  labels:
    app.kubernetes.io/instance: ci-9aefe4a9-typescript-react-template-tenant
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: ci-9aefe4a9-typescript-react-template
    app.kubernetes.io/version: 1.6.15
    helm.sh/chart: surf-service-tenant-1.6.15
    helm.toolkit.fluxcd.io/name: ci-9aefe4a9-typescript-react-template-tenant
    helm.toolkit.fluxcd.io/namespace: flux-system
  name: ci-9aefe4a9-typescript-react-template-policy-binding
  namespace: infra-minio
  resourceVersion: "85227485"
  uid: 4a64b0bf-1f07-4bae-bce3-05b3bcd4f901
spec:
  group: {}
  policy: ci-9aefe4a9-typescript-react-template-policy
  tenantRef:
    name: minio-development
    namespace: infra-minio
  user:
    builtin: ci-9aefe4a9-typescript-react-template
status:
  currentSpec:
    group: {}
    policy: ci-9aefe4a9-typescript-react-template-policy
    tenantRef:
      name: minio-development
      namespace: infra-minio
    user:
      builtin: ci-9aefe4a9-typescript-react-template

We now have to manually remove the finalizer on the object in order to let Kubernetes remove it.

benfiola / minio-operator-ext

PoliciBinding objects are not deleted from K8s #25