-
Notifications
You must be signed in to change notification settings - Fork 466
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vault-agent configmap created by mutating webhook is not deleted when pod is finished #1663
Comments
/kind bug |
Thank you for your contribution! This issue has been automatically marked as |
Hi @dhpizza, could you verify if this is still relevant? |
Thank you for your contribution! This issue has been automatically marked as |
Hi @ramizpolic |
Describe the issue
vault-agent configmap is not deleted when pod is gone. This becomes an issue when having hundreds of thousands of these orphaned resources in the cluster which can happen quite easily.
Expected behaviour
Configmap to be deleted when corresponding pod is deleted
Steps to reproduce
Minimal pod template with annotations to trigger the mutating webhook to create containers
consul-template
andvault-agent
in as init containers.after startup of
mya-pod
, you see a configmap createdmy-pod-vault-agent-config
.Now delete the pod, you see that the configmap stays deployed as an orphaned resource.
Suggestion for a fix
adding pod id as
ownerReference
in the configmaplike this
so that the configmap is deleted when the pod is deleted.
Environment details:
Kubernetes version (e.g. v1.10.2): v1.21.11"
Cloud-provider/provisioner (e.g. AKS, GKE, EKS, PKE etc): -
bank-vaults version (e.g. 0.4.17): (webhook chart version):
1.15.11
ghcr.io/banzaicloud/vault-secrets-webhook:1.15.3
hashicorp/consul-template:0.27.2
vault:1.6.2
Install method (e.g. helm or static manifests): helm chart
Logs from the misbehaving component (and any other relevant logs): see above
Resource definition (possibly in YAML format) that caused the issue, without sensitive data:
pod.yaml
:ct-configmap.yaml
The text was updated successfully, but these errors were encountered: