helm:After destroying the helm chart the secrets for token /Service Account/PSP are not getting deleted

[junaid18183]

If you deploy the helm chart with bootstrapACLs: true the helm chart creates the following secrets

NAME                                        TYPE                                  DATA   AGE
consul-consul-bootstrap-acl-token           Opaque                                1      22h
consul-consul-client-acl-token              Opaque                                1      22h
consul-consul-tls-init-token-vzrvg          kubernetes.io/service-account-token   3      85s

Those are not getting deleted if we delete the helm chart.

This causes the issue if you redeploy the helm chart again.

[lkysow]

Hi Juned, for now you'll need to manually delete the secrets and the persistent volume claims:

	kubectl delete pvc -l release=$release
	kubectl get secret | grep $release | awk '{print $1}' | xargs kubectl delete secret

[ashwinkupatkar]

Is this secret deletion going to be part of helm uninstall in any upcoming consul helm releases ? It would be great to have them.

[lkysow]

Is this secret deletion going to be part of helm uninstall in any upcoming consul helm releases ? It would be great to have them.

we could potentially tie deleting secrets to deleting a resource like the server statefulset or the client daemonset. Only danger with that is that someone might accidentally delete critical secrets.

[ashwinkupatkar]

Right. I followed up with this document https://www.consul.io/docs/k8s/operations/uninstall to perform a cleanup and it works well.

[david-yu]

We now have a CLI that is currently in Alpha, and this would handle deletion of PVCs, Service Accounts and secrets for you: https://www.consul.io/docs/k8s/k8s-cli#uninstall. Closing the issue as that is better addressed through a CLI interface instead of Helm.