Bug 2015042

Summary: Adding a template from the catalog creates a secret that is not owned by the TemplateInstance
Product: OpenShift Container Platform Reporter: Andrew Downs <adowns>
Component: Dev ConsoleAssignee: Avik Kundu <akundu>
Status: CLOSED ERRATA QA Contact: spathak <spathak>
Severity: medium Docs Contact: Olivia Payne <opayne>
Priority: low    
Version: 4.8CC: akundu, aos-bugs, cbremble, hsaini, nmukherj
Target Milestone: ---   
Target Release: 4.11.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: When a template instance is initiated from the catalog, its parameters get stored as a secret resource. But when the template instance is deleted, the secret stays. Consequence: This results in unnecessary piling of secrets in the cluster. Fix: Added ownership reference to the secret that maps to the template instance. Result: Thus, when the Template instance is deleted, the secret also gets deleted.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-08-10 10:38:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andrew Downs 2021-10-18 09:27:20 UTC 
Description of problem:

When using the console to instantiate a Template via the console a secret gets created which holds all of the parameters in the template. This secret is not owned by the TemplateInstance and when you delete the TemplateInstance it is not cleaned up. 

Persistent volume claims created by the template are cleaned up on deletion

Mailing list discussion : https://mailman-int.corp.redhat.com/archives/openshift-sme/2021-June/msg00313.html

Version-Release number of selected component (if applicable): 4.8.13 and earlier


How reproducible:
Every time

Steps to Reproduce:
1. Add a service from the developer catalog that is from a template such as the Postgresql template
2. A TemplateInstance gets created and a secret named something like: 
TemplateInstance: postgresql-persistent-cx4rb
Secret: postgresql-persistent-parameters-pvspn
3. Delete the TemplateInstance
4. Check the secret to see that the secret holding the parameters still exist.

Actual results:

Secret holding the parameters is not deleted

Expected results:

As the TemplateInstance creates the parameters secret it should own and delete it.

Additional info:

Using the CLI to achieve to deploy the template doesn't create a TemplateInstance

e.g. 
oc process openshift//postgresql-persistent | oc create -f -
or
oc new-app --template postgresql-persistent


Customer who raised the issue quotas secrets so every time a user creates a template via the console they get an "unexpected" secret.
Comment 7 Hemant Saini 2022-06-24 14:01:56 UTC 
verified on build version: 4.11.0-0.nightly-2022-06-23-153912
verified on browser version: chrome 102
Comment 8 errata-xmlrpc 2022-08-10 10:38:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069