VC-Syncer fails to sync pods with optional secrets

[lukeweber]

What steps did you take and what happened:

Apply the following to a virtual cluster:

apiVersion: v1
kind: Pod
metadata:
  name: optional-secret-test
spec:
  containers:
  - image: busybox
    name: test
    command: ['sh', '-c', 'while true; do echo "alive" && sleep 3600; done']
  restartPolicy: Always
  volumes:
    - name: optional-password
      secret:
        optional: true
        secretName: optional-password

What did you expect to happen:

Expected it to schedule but the pod is stuck in pending state.

Events:

  Type     Reason        Age                From       Message
  ----     ------        ----               ----       -------
  Warning  FailedCreate  7s (x12 over 17s)  vc-syncer  Error creating: failed to get service account secret from cluster test-cluster cache: failed to get vSecret default/optional-password: Secret "optional-password" not found

Anything else you would like to add: [Miscellaneous information that will assist in solving the issue.]

Environment:

• kind v0.11.1
• super cluster - Version: GitVersion:"v1.19.13"
• tenant - Version: GitVersion:"v1.18.20"

/kind bug [One or more /area label. See https://github.com/kubernetes-sigs/cluster-api-provider-nested/labels?q=area for the list of labels]

[christopherhein]

@Fei-Guo have you experienced this?