Add secret support for Delete from pvc name and namespace

Signed-off-by: Grant Griffiths <ggp493@gmail.com>
kubernetes-csi · May 10, 2019 · 9625615 · 9625615
1 parent 544645a
commit 9625615
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go
@@ -663,15 +663,23 @@ func (p *csiProvisioner) Delete(volume *v1.PersistentVolume) error {
 	storageClassName := volume.Spec.StorageClassName
 	if len(storageClassName) != 0 {
 		if storageClass, err := p.client.StorageV1().StorageClasses().Get(storageClassName, metav1.GetOptions{}); err == nil {
+
+			// Get PVC for secret reference if the volume is bound.
+			var pvc *v1.PersistentVolumeClaim
+			if volume.Spec.ClaimRef != nil {
+				pvc, _ = p.client.CoreV1().PersistentVolumeClaims(volume.Spec.ClaimRef.Namespace).Get(volume.Spec.ClaimRef.Name, metav1.GetOptions{})
+				// If we do not find the PVC, continue with deletion.
+			}
+
 			// Resolve provision secret credentials.
-			// No PVC is provided when resolving provision/delete secret names, since the PVC may or may not exist at delete time.
-			provisionerSecretRef, err := getSecretReference(provisionerSecretParams, storageClass.Parameters, volume.Name, nil)
+			provisionerSecretRef, err := getSecretReference(provisionerSecretParams, storageClass.Parameters, volume.Name, pvc)
 			if err != nil {
 				return err
 			}
 			credentials, err := getCredentials(p.client, provisionerSecretRef)
 			if err != nil {
-				return err
+				// Continue with deletion, as the secret may have already been deleted.
+				klog.Warningf("Failed to get credentials for volume %s: %s", volume.Name, err.Error())
 			}
 			req.Secrets = credentials
 		}