Describe the bug
When CERTIFICATE_MANAGER_ENABLED a service account for the DNS solver is created, and a secret key is added onto the service account. Because this service account is not deleted, and the key is never removed, repeated deployments with the same account can fail due to a RESOURCE_EXHAUSTED error from gcloud.
To Reproduce
Steps to reproduce the behavior:
Run make gke/create/certificate-manager-sa many times in a row.
Eventually the command will fail due to too many keys.
Expected behavior
The key should either be removed from the service account on cluster destruction, or the service account should be deleted entirely.
willgraf
commented
3 years ago
Describe the bug When
CERTIFICATE_MANAGER_ENABLEDa service account for the DNS solver is created, and a secret key is added onto the service account. Because this service account is not deleted, and the key is never removed, repeated deployments with the same account can fail due to aRESOURCE_EXHAUSTEDerror fromgcloud.To Reproduce Steps to reproduce the behavior:
make gke/create/certificate-manager-samany times in a row.Expected behavior The key should either be removed from the service account on cluster destruction, or the service account should be deleted entirely.