Kubernetes secrets are not deleted after helm uninstall

[Conacious]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.

---

Overview of the Issue

When deploying consul using the helm chart and acl:manageSystemACLs = true a secret is created in Kubernetes with the name ${name}-bootstrap-acl-token. The problem comes when you uninstall the helm chart that the secret is not deleted.

Reproduction Steps

1. Deploy consul using this helm chart and acl:manageSystemACLs = true to create the bootstrap secret.
2. Execute helm uninstall and delete the chart.
3. Notice that the secret is not deleted.

Expected behavior

The secret is deleted after helm uninstall.

Environment details

• consul-k8s version: 1.3.1
• values.yaml: any values that creates a Kubernetes secret.

[Conacious]

As a suggestion, an owner-reference may be added to the secrets pointing to the helm chart https://github.com/kubernetes/apimachinery/blob/15d95c0b2af3f4fcf46dce24105e5fbb9379af5a/pkg/apis/meta/v1/types.go#L240-L247. Gargabe collector will delete it when the chart no longer exists.

[david-yu]

@Conacious Happy to review a PR that implements the desired behavior. I believe we wanted the ACL bootstrap to be around in cases of recovery. For anyone else upvoting, do you typically wipe out all secrets for a cluster during uninstall or do you re-use secrets from previous install for consistency?