Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Skip uninstall action if SA is not available #536

Closed
stefanprodan opened this issue Sep 28, 2022 · 0 comments · Fixed by #738
Closed

Skip uninstall action if SA is not available #536

stefanprodan opened this issue Sep 28, 2022 · 0 comments · Fixed by #738
Labels
enhancement New feature or request

Comments

@stefanprodan
Copy link
Member

To avoid HelmReleases being stuck in finalization when a tenant is deleted, we should skip the uninstall action if the service account is no longer available.

To make helm-controller play nice with multi-tenancy, we could adapt this logic from kustomize-controller:

func (r *KustomizationReconciler) finalize(ctx context.Context, kustomization kustomizev1.Kustomization) (ctrl.Result, error) {
		if impersonation.CanFinalize(ctx) {
			// purne
		} else {
			// when the account to impersonate is gone, log the stale objects and continue with the finalization
			msg := fmt.Sprintf("unable to prune objects: \n%s", ssa.FmtUnstructuredList(objects))
			log.Error(fmt.Errorf("skiping pruning, failed to find account to impersonate"), msg)
}

Ref: https://github.com/fluxcd/kustomize-controller/blob/main/controllers/kustomization_controller.go#L916-L974
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Rework HelmRelease reconciliation logic fluxcd/helm-controller
2 participants
@stefanprodan @hiddeco