search

vmware-tanzu-labs / educates-training-platform

A platform for hosting interactive workshop environments in Kubernetes, or on top of a local container runtime.
https://docs.educates.dev
Apache License 2.0
70 stars 17 forks source link

SecretImporter may require secrets-manager to run finalizer. #208

Open GrahamDumpleton opened 10 months ago

GrahamDumpleton commented 10 months ago

Describe the bug

For the SecretImporter resource, the secrets-manager operator doesn't define:

@kopf.on.delete(
    f"secrets.{OPERATOR_API_GROUP}", "v1beta1", "secretiimporters", optional=True
)
def secretimporter_delete(**_):
    pass

and thus the operator has to acknowledge deletion of a resource of this type even if not doing anything and delete call not optional.

Technically this means could have a problem where if training platform was deleted and secrets manager was deleted before the SecretImporter resource was deleted, that could block training platform being delete.

Additional information

No response

GrahamDumpleton commented 10 months ago

This issue may be invalid since for SecretImporter only tracking events and not create etc, thus not doing anything where finalizer would be added.

Also note that there is a requirement in kopf that if use kopf.timer or kopf.daemon that it overrides requirement for finalizer and makes it mandatory. Thus whether set optional=True in kopf.on.delete makes no difference. For the case of SecretCopier, SecretExporter and SecretInjector this means finalizers is being applied even though had attempted to avoid that. So the original concern about not being able to delete operator when instances of those other resources exists will occur.