search

fluxcd / flux2

Open and extensible continuous delivery solution for Kubernetes. Powered by GitOps Toolkit.
https://fluxcd.io
Apache License 2.0
6.58k stars 608 forks source link

PVC deleted even with the prune:delete annotation #5035

Closed kheraud closed 1 month ago

kheraud commented 1 month ago

Describe the bug

I use the following kustomize to deploy my apps:

---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: apps
  namespace: flux-system
spec:
  interval: 10m0s
  dependsOn:
    - name: infra-controllers
  sourceRef:
    kind: GitRepository
    name: flux-system
  path: ./k8s/apps/homelab
  prune: true
  wait: true
  timeout: 10m0s

And the following HelmRelease to be deployed:

---
apiVersion: v1
kind: Namespace
metadata:
  name: data-collection
  annotations:
    kustomize.toolkit.fluxcd.io/prune: disabled
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
  name: influxdb
  namespace: data-collection
spec:
  interval: 10m
  layerSelector:
    mediaType: "application/vnd.cncf.helm.chart.content.v1.tar+gzip"
    operation: copy
  url: oci://registry-1.docker.io/bitnamicharts/influxdb
  ref:
    semver: ">= 6.3.0"
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: influxdb
  namespace: data-collection
spec:
  interval: 10m
  chartRef:
    kind: OCIRepository
    name: influxdb
    namespace: data-collection
  values:
    global:
      defaultStorageClass: local-path
    auth: {}
    persistence:
      enabled: true
      storageClass: local-path
      accessModes:
      - ReadWriteOnce
      size: 8Gi
      annotations:
        kustomize.toolkit.fluxcd.io/prune: disabled
    metrics:
      enabled: true
    ingress:
      enabled: true

The resulting PVC (coming from here: https://github.com/bitnami/charts/blob/main/bitnami/influxdb/templates/pvc.yaml) landing in the cluster:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    kustomize.toolkit.fluxcd.io/prune: disabled
    meta.helm.sh/release-name: influxdb
    meta.helm.sh/release-namespace: data-collection
    pv.kubernetes.io/bind-completed: "yes"
    pv.kubernetes.io/bound-by-controller: "yes"
    volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
    volume.kubernetes.io/selected-node: nas
    volume.kubernetes.io/storage-provisioner: rancher.io/local-path
  creationTimestamp: "2024-10-16T14:57:54Z"
  finalizers:
  - kubernetes.io/pvc-protection
  labels:
    app.kubernetes.io/component: influxdb
    app.kubernetes.io/instance: influxdb
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: influxdb
    app.kubernetes.io/version: 2.7.10
    helm.sh/chart: influxdb-6.3.21_aafdad728b24
    helm.toolkit.fluxcd.io/name: influxdb
    helm.toolkit.fluxcd.io/namespace: data-collection
  name: influxdb
  namespace: data-collection
  resourceVersion: "1297139"
  uid: a3e38f2c-c6f3-4df2-8bec-f7c0b4c28c82
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 8Gi
  storageClassName: local-path
  volumeMode: Filesystem
  volumeName: pvc-a3e38f2c-c6f3-4df2-8bec-f7c0b4c28c82
status:
  accessModes:
  - ReadWriteOnce
  capacity:
    storage: 8Gi
  phase: Bound

Even with the kustomize.toolkit.fluxcd.io/prune: disabled annotation, the whole PVC (and PersistentVolume) is deleted when I delete the HelmRelease.

Is there something I am missing here ?

Steps to reproduce

Use the manifest above and attempt a creation / deletion

Expected behavior

No removal of PVC and PersistentVolume

Screenshots and recordings

No response

OS / Distro

N/A

Flux version

v2.4.0

Flux check

► checking prerequisites ✔ Kubernetes 1.30.5+k3s1 >=1.28.0-0 ► checking version in cluster ✔ distribution: flux-v2.4.0 ✔ bootstrapped: true ► checking controllers ✔ helm-controller: deployment ready ► ghcr.io/fluxcd/helm-controller:v1.1.0 ✔ kustomize-controller: deployment ready ► ghcr.io/fluxcd/kustomize-controller:v1.4.0 ✔ notification-controller: deployment ready ► ghcr.io/fluxcd/notification-controller:v1.4.0 ✔ source-controller: deployment ready ► ghcr.io/fluxcd/source-controller:v1.4.1 ► checking crds ✔ alerts.notification.toolkit.fluxcd.io/v1beta3 ✔ buckets.source.toolkit.fluxcd.io/v1 ✔ gitrepositories.source.toolkit.fluxcd.io/v1 ✔ helmcharts.source.toolkit.fluxcd.io/v1 ✔ helmreleases.helm.toolkit.fluxcd.io/v2 ✔ helmrepositories.source.toolkit.fluxcd.io/v1 ✔ kustomizations.kustomize.toolkit.fluxcd.io/v1 ✔ ocirepositories.source.toolkit.fluxcd.io/v1beta2 ✔ providers.notification.toolkit.fluxcd.io/v1beta3 ✔ receivers.notification.toolkit.fluxcd.io/v1 ✔ all checks passed

Git provider

No response

Container Registry provider

No response

Additional context

No response

Code of Conduct

stefanprodan commented 1 month ago

The kustomize.toolkit.fluxcd.io/prune: disabled works for objects applied by kustomize-controller, the PVC is managed by Helm.

stefanprodan commented 1 month ago

See here the Helm docs: https://helm.sh/docs/howto/charts_tips_and_tricks/#:~:text=Tell%20Helm%20Not%20To%20Uninstall%20a%20Resource&text=The%20annotation%20helm.sh%2Fresource,would%20result%20in%20its%20deletion.

kheraud commented 1 month ago

Thanks for the quick reply. Indeed, helm.sh/resource-policy: keep is the proper annotation to prevent pruning resources from HelmRelease