search

clastix / kamaji

Kamaji is the Hosted Control Plane Manager for Kubernetes.
https://kamaji.clastix.io
Apache License 2.0
934 stars 81 forks source link

Owner reference should be re-reconciled if it is lost for CA secret object #427

Closed andreykont closed 3 months ago

andreykont commented 4 months ago

When you restore Kamaji tcp from backup, such tool as Velero deletes ownerReference on objects. This may lead to bug if third-party controller take control under restored objects.

In my case I lost ca.crt and ca.key files in CA secret object. The problem is described in detail here

According to CAPI specification about owner references: Kamaji always has to restore owner reference for it's objects.

netlify[bot] commented 4 months ago

Deploy Preview for kamaji-documentation ready!

Name Link
Latest commit a1dd6fe3f3d0262301b765173a72228649da178c
Latest deploy log https://app.netlify.com/sites/kamaji-documentation/deploys/660c071672a8b30008c961b3
Deploy Preview https://deploy-preview-427--kamaji-documentation.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

hrak commented 4 months ago

This appears to be the case for more resources than just the CA. Other resources that don't set controller ref when the checksum is valid:

andreykont commented 4 months ago

Of course, I will do

andreykont commented 3 months ago

Hello @hrak. I fixed other secret's owner references. Also I have tested owner reference restore process for all 13 secrets on my local environment. Please look at PR again.

hrak commented 3 months ago

LGTM, let's wait for @hrak's review too.

LGTM!