operator deletes the ssl issuer and certificate if delete-ssl finalizer is not specified

General

Escalation

General

Escalation

Description

We introduced "delete-ssl" finalizer and when it is specified we delete secret, issuer and certificate which is correct, but when it is not specified we delete issuer and certificate and leave the secret.
It would be best to have the same behaviour as in PXC: if finalizer is specified delete all these objects and if it is not specified don't touch anything.
This is not a regression since in 0.4.0 part without finalizer works the same so this is basically to have the consistent behaviour across operators.

deletion without finalizer:

Environment

None

Linked issues

relates to

K8SPS-158

cert manager certificate renew is not working after delete+apply

Activity

Show:

Pavel Tankov August 23, 2023 at 9:28 AM

This is fixed. Here is how I tested:

With delete-ssl finalizer

Deploy Cert Manager: https://docs.percona.com/percona-operator-for-mysql/ps/TLS.html#install-and-use-the-cert-manager
Deploy Percona Server (PS) cluster
Verify that the cert manager is in use: k get secrets cluster1-ssl -o yaml (see the annotations)
Get the secrets, issuers, certificates --> delete ps --> get secrets, issuers, certificates again:

result is that everything is deleted.

Without delete-ssl finalizer

(same steps as above)

result is that secrets, issuers, certificates are not touched.

Done

Details

Assignee

inel.pandzic

Reporter

Tomislav Plavcic

Needs Review

Yes

Needs QA

Yes

Fix versions

0.6.0

Affects versions

0.5.0

Priority

Medium

Smart Checklist

Created March 28, 2023 at 2:01 PM

Updated February 29, 2024 at 8:04 PM

Resolved August 23, 2023 at 9:28 AM

Configure