From 59ef5afa3de89a07a4247cb38c5cfdd9ebea5241 Mon Sep 17 00:00:00 2001 From: Anastasia Alexadrova Date: Thu, 4 Sep 2025 12:30:58 +0200 Subject: [PATCH] Cloud-926 Documented a note about deletion of user Secrets if delete-pvc finalizer is on --- docs/delete.md | 10 ++++++++-- docs/operator.md | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/docs/delete.md b/docs/delete.md index 81e30f9f..cb64d783 100644 --- a/docs/delete.md +++ b/docs/delete.md @@ -16,7 +16,7 @@ To delete the database cluster means to delete the Custom Resource associated wi There are 3 [finalizers :octicons-link-external-16:](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#finalizers) defined in the Custom Resource, which define whether to delete or preserve TLS-related objects and data volumes when the cluster is deleted. * `finalizers.percona.com/delete-ssl`: if present, objects, created for SSL (Secret, certificate, and issuer) are deleted along with the cluster deletion. - * `finalizers.percona.com/delete-pxc-pvc`: if present, [Persistent Volume Claims :octicons-link-external-16:](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) for the database cluster Pods are deleted along with the cluster deletion. + * `finalizers.percona.com/delete-pxc-pvc`: if present, [Persistent Volume Claims :octicons-link-external-16:](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) for the database cluster Pods and user Secrets are deleted along with the cluster deletion. * `finalizers.percona.com/delete-proxysql-pvc`: if present, [Persistent Volume Claims :octicons-link-external-16:](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) for ProxySQL Pods are deleted along with the cluster deletion. All 3 finalizers are off by default in the `deploy/cr.yaml` configuration file, and this allows you to recreate the cluster without losing data, credentials for the system users, etc. You can always [delete TLS-related objects and PVCs manually](#clean-up-resources), if needed. @@ -151,7 +151,11 @@ Choose the instructions relevant to the way you installed the Operator. ## Clean up resources -By default, TLS-related objects and data volumes remain in Kubernetes environment after you delete the cluster to allow you to recreate it without losing the data. If you wish to delete them, do the following: +By default, TLS-related objects and data volumes remain in Kubernetes environment after you delete the cluster to allow you to recreate it without losing the data. + +You can automate resource cleanup by turning on `percona.com/delete-pxc-pvc` and/or `percona.com/delete-ssl` [finalizers](operator.md#metadata-name)). You can also delete TLS-related objects and PVCs manually. + +To manually clean up resources, do the following: {.power-number} 1. Delete Persistent Volume Claims. @@ -184,6 +188,8 @@ By default, TLS-related objects and data volumes remain in Kubernetes environmen persistentvolumeclaim "datadir-cluster1-pxc-1" deleted persistentvolumeclaim "datadir-cluster1-pxc-2" deleted ``` + + Note that it also deletes user secrets if you have enabled the `percona.com/delete-pxc-pvc` finalizer. To prevent it from happening, disable the finalizer. 2. Delete the Secrets diff --git a/docs/operator.md b/docs/operator.md index ea53d7d7..00104bad 100644 --- a/docs/operator.md +++ b/docs/operator.md @@ -18,7 +18,7 @@ not exceed 22 characters, start with an alphabetic character, and end with an alphanumeric character; * `finalizers` subsection: * `percona.com/delete-pods-in-order` if present, activates the [Finalizer :octicons-link-external-16:](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#finalizers) which controls the proper Pods deletion order in case of the cluster deletion event (on by default). - * `percona.com/delete-pxc-pvc` if present, activates the [Finalizer :octicons-link-external-16:](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#finalizers) which deletes [Persistent Volume Claims :octicons-link-external-16:](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) for Percona XtraDB Cluster Pods after the cluster deletion event (off by default). + * `percona.com/delete-pxc-pvc` if present, activates the [Finalizer :octicons-link-external-16:](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#finalizers) which deletes [Persistent Volume Claims :octicons-link-external-16:](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) for Percona XtraDB Cluster Pods after the cluster deletion event (off by default). It also deletes user Secrets. * `percona.com/delete-proxysql-pvc` if present, activates the [Finalizer :octicons-link-external-16:](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#finalizers) which deletes [Persistent Volume Claim :octicons-link-external-16:](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) for ProxySQL Pod after the cluster deletion event (off by default). * `percona.com/delete-ssl` if present, activates the [Finalizer :octicons-link-external-16:](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#finalizers) which deletes [objects, created for SSL](TLS.md) (Secret, certificate, and issuer) after the cluster deletion event (off by default).