Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-1652

Quay operator should garbage collect unneeded secrets

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Minor Minor
    • None
    • None
    • quay-operator
    • False
    • False
    • Quay Enterprise
    • Undefined

      Currently, on every reconciliation, the operator recreates all secrets regarding PostgreSQL password, Quay config editor password and Quay config itself. After a couple of iterations, the number of secrets in the namespace grows to the point where it's impossible to tell which secret is being used where apart from reading the time stamps or reading the deployment file for each individual component directly. This is not a great user experience, it is prone to failure and it complicates debugging process.

      This is a situation on my cluster after a couple of reconcile cycles:

      root@tardis:~# oc get secrets | grep -i quay
quay-clair-config-secret                         Opaque                                1      2d19h
quay-config-bundle-h42r7                         Opaque                                1      2d19h
quay-operator-dockercfg-pl6gm                    kubernetes.io/dockercfg               1      2d19h
quay-operator-token-8csmt                        kubernetes.io/service-account-token   4      2d19h
quay-operator-token-vzc6l                        kubernetes.io/service-account-token   4      2d19h
quay-postgres-bootstrap-hk85ct7mkf               Opaque                                1      2d19h
quay-postgres-config-secret-b245mcg7hk           Opaque                                4      2d17h
quay-postgres-config-secret-b5kmgbcgc2           Opaque                                4      2d18h
quay-postgres-config-secret-g255654hd7           Opaque                                4      2d18h
quay-postgres-config-secret-h8kt6hc54t           Opaque                                4      2d19h
quay-postgres-config-secret-hg2dhfcd59           Opaque                                4      2d19h
quay-postgres-config-secret-mt9b9kd99f           Opaque                                4      2d19h
quay-quay-config-bundle-gfp6w                    Opaque                                4      2d17h
quay-quay-config-bundle-j9j8n                    Opaque                                4      2d18h
quay-quay-config-editor-credentials-42ffm9h98m   Opaque                                2      2d18h
quay-quay-config-editor-credentials-844846kg9h   Opaque                                2      2d18h
quay-quay-config-editor-credentials-89hmt9m6m5   Opaque                                2      2d17h
quay-quay-config-editor-credentials-bftg4584k6   Opaque                                2      2d19h
quay-quay-config-editor-credentials-chb82572f2   Opaque                                2      2d19h
quay-quay-config-editor-credentials-m22g7k5kbf   Opaque                                2      2d19h
quay-quay-config-secret-552mb7fkd4               Opaque                                4      2d18h
quay-quay-config-secret-7dm26t6tc2               Opaque                                3      2d19h
quay-quay-config-secret-8hcd2df27b               Opaque                                3      2d19h
quay-quay-config-secret-dd6gmh5b6d               Opaque                                4      2d18h
quay-quay-config-secret-df7h64b57b               Opaque                                3      2d19h
quay-quay-config-secret-g4b624t7m7               Opaque                                4      2d17h
quay-quay-datastore                              Opaque                                2      2d19h
root@tardis:~# oc get secrets | grep -i quay | wc -l
27

              rhn-coreos-amerdler Alec Merdler (Inactive)
              rhn-support-ibazulic Ivan Bazulic
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: