-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.15.0
-
Low
-
No
-
ODC Sprint 3255
-
1
-
False
-
Description of problem:
To support different auth providers (SSO via OIDC), we needed to remove the ownerReference from the ConfigMap, Role, and Rolebinding we create for each user to store the user settings.
Keeping these resources also when the user is deleted might decrease the overall cluster performance, esp. on Dev Sandbox where users are automatically removed every month.
We should make it easier to understand which user created these resources. This will help the Dev Sandbox team and maybe other customers in the future.
Version-Release number of selected component (if applicable):
4.15+
How reproducible:
Always when a user is deleted
Steps to Reproduce:
- Create a cluster with some developer user accounts
- Log in as one of the users
- Login again as kubeadmin and delete the User CR in the openshift-console-user-settings namespace
Actual results:
The user settings ConfigMap, Role, and RoleBinding in the same namespace aren't deleted and can only be found via the user uid. Which we might not know anymore since the User CR is already deleted.
Expected results:
The user settings ConfigMap, Role, and RoleBinding should also have a label or annotation referencing the user who created these resources.
See also https://github.com/openshift/console/issues/13696
For example:
metadata:
labels:
console.openshift.io/user-settings: "true"
console.openshift.io/user-settings-username: "" # escaped if the username contains characters that are not valid as label-value
console.openshift.io/user-settings-uid: "..." # only if available
Additional info:
- Please ping https://redhat-internal.slack.com/archives/CHK0J6HT6/p1713274090487289 when this change is implemented and shipped with 4.15.
