Handle metadata.ownerReferences

[morganchristiansson]

Describe the bug
I have secrets decrypted by sops operator. Secrets are created with metadata.ownerReferences set to Custom Resource managing the secret.

When secret is replicated metadata.ownerReferences is copied aswell which is causing issues.

To Reproduce
Create secret with metadata.ownerReferences.

Expected behavior
The ownerReferences should be removed as replicator handles deletions internally. Alternatively ownerReferences could be used instead of built-in deletion handling.

Environment:

• Kubernetes version: 1.19
• kubernetes-replicator version: 2.3.0

Additional context
From reviewing replicator code it neither removes or sets ownerReferences

https://kubernetes.io/docs/concepts/workloads/controllers/garbage-collection/

[martin-helmich]

Indeed, ownerReferences should not be copied -- they won't work across namespaces, anyway.

I'll see if I can find the time to put some work into this at some point in the (hopefully) near future. In the meantime, PRs are of course always welcome. 🙂

[morganchristiansson]

So it turns out someone had created SopsSecret in both src and dest namespaces aswell as enabling replicator. So replicator and sops-operator were trying to overwrite the same dest secret.

After removing SopsSecret in target namespace the war has ended. It appears metadata.ownerReferences is not being replicated.

Thank you for entertaining my hypothesis..

[jkroepke]

@martin-helmich

We have the same problem with secrets from strimzi kafka operator.

See also strimzi/strimzi-kafka-operator#4377

Could you please re-open this issue, since it still exists? I'm happy to see that @morganchristiansson could resolve his Problem with SopsSecrets, but the root cause still there.