Bug 2015042 - Adding a template from the catalog creates a secret that is not owned by the TemplateInstance
Summary: Adding a template from the catalog creates a secret that is not owned by the ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Dev Console
Version: 4.8
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ---
: 4.11.0
Assignee: Avik Kundu
QA Contact: spathak@redhat.com
Olivia Payne
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-10-18 09:27 UTC by Andrew Downs
Modified: 2022-08-10 10:38 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: When a template instance is initiated from the catalog, its parameters get stored as a secret resource. But when the template instance is deleted, the secret stays. Consequence: This results in unnecessary piling of secrets in the cluster. Fix: Added ownership reference to the secret that maps to the template instance. Result: Thus, when the Template instance is deleted, the secret also gets deleted.
Clone Of:
Environment:
Last Closed: 2022-08-10 10:38:21 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift console pull 11649 0 None open Bug 2015042: Adding a template from the catalog creates a secret that is not owned by the TemplateInstance 2022-06-06 15:38:08 UTC
Red Hat Product Errata RHSA-2022:5069 0 None None None 2022-08-10 10:38:47 UTC

Description Andrew Downs 2021-10-18 09:27:20 UTC 
Description of problem:

When using the console to instantiate a Template via the console a secret gets created which holds all of the parameters in the template. This secret is not owned by the TemplateInstance and when you delete the TemplateInstance it is not cleaned up. 

Persistent volume claims created by the template are cleaned up on deletion

Mailing list discussion : https://mailman-int.corp.redhat.com/archives/openshift-sme/2021-June/msg00313.html

Version-Release number of selected component (if applicable): 4.8.13 and earlier


How reproducible:
Every time

Steps to Reproduce:
1. Add a service from the developer catalog that is from a template such as the Postgresql template
2. A TemplateInstance gets created and a secret named something like: 
TemplateInstance: postgresql-persistent-cx4rb
Secret: postgresql-persistent-parameters-pvspn
3. Delete the TemplateInstance
4. Check the secret to see that the secret holding the parameters still exist.

Actual results:

Secret holding the parameters is not deleted

Expected results:

As the TemplateInstance creates the parameters secret it should own and delete it.

Additional info:

Using the CLI to achieve to deploy the template doesn't create a TemplateInstance

e.g. 
oc process openshift//postgresql-persistent | oc create -f -
or
oc new-app --template postgresql-persistent


Customer who raised the issue quotas secrets so every time a user creates a template via the console they get an "unexpected" secret.
Comment 7 Hemant Saini 2022-06-24 14:01:56 UTC 
verified on build version: 4.11.0-0.nightly-2022-06-23-153912
verified on browser version: chrome 102
Comment 8 errata-xmlrpc 2022-08-10 10:38:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069
Note You need to log in before you can comment on or make changes to this bug.