-
Notifications
You must be signed in to change notification settings - Fork 164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HelmRelease with non-existing service account gets stuck being deleted #554
Comments
…X, stays around in k8s flux HelmRelease CR #5577 (#5584) fixed an inconsistency between GetInstalledPackageSummaries() and GetInstalledPackageDetail() in one corner case. Main fix is dependent on flux fluxcd/helm-controller#554 There is only one small change to production code. The rest is test-related code. Also, + added a few integration tests. + bump flux version in tests + fix for available package handling with flux in multi-tenant mode #5541
Looks like this is related to: fluxcd/flux2#997 The missing service account means that HelmRelease can't actually do anything, because its permissions in RBAC only come from the service account. So the clean-up tasks that are normally associated with deleting a Deleting a HelmRelease normally would perform There is an example command here that shows how to wield https://kubernetes.io/blog/2021/05/14/using-finalizers-to-control-deletion/#understanding-finalizers
|
I think helm-controller should behave like kustomize-controller. To avoid deadocks of a tenant's namespace, if the tenant service account is not found, kustomize-controller logs the error, then it removes the Kustomization object leaving the reconciled resources in place. cc @hiddeco |
So far so good. This is all as expected
Now the command
$ kubectl delete hr/podinfo -n test-123
will outputhelmrelease.helm.toolkit.fluxcd.io "podinfo" deleted
and hang forever. Meanwhile in another terminal you can do
i.e. the object still exists (with observedGeneration:1 and metadata.generation:2 ?)
and will result in errors if another object with the same name were to be created
I found one way to workaround is ctrl+C and then
kubectl edit hr/podinfo -n test-123
to removethen the object is really purged. The fact that the finalizer stops the object from being deleted is an issue that should be addressed, in my opinion.
Thank you
The text was updated successfully, but these errors were encountered: