Konubinix' opinionated web of thoughts

Helm Ne Supprime Pas Les Pvc Des Statefulset

Fleeting

helm ne supprime pas les pvc des statefulset

This was by design. Helm will not manage things that were created by things other than Helm, because Helm is not “authoritative” about those. That is, Helm does not have information about the user’s intent when it comes to things that were created by other things. @viglesiasce has some additional insight on why we are really careful when destroying PVCs/PVs in particular, but it boils down to the fact that a lot of users expect that PVCs will remain when the services that use them disappear

https://github.com/helm/helm/issues/3313

But pre-delete hook could be better way to help deleting pvc.

https://github.com/helm/helm/issues/5137

I think you should provide a service account with role binding to delete pvc.

e.g.

kind: Pod spec: serviceAccountName: pvc-deleter-sa containers:

  • name: post-delete-job

image: “alpine:3.3” command: [“kubectl delete pvc…”]

apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: pvc-deleter-role rules:

  • apiGroups: [""]

resources: [“persistentvolumeclaims”] verbs: [“get”, “list”, “delete”, “deletecollection”]

apiVersion: v1 kind: ServiceAccount metadata: name: pvc-deleter

kind: RoleBinding metadata: pvc-deleter-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: pvc-deleter-role subjects:

  • kind: ServiceAccount

name: pvc-deleter-sa

https://github.com/helm/helm/issues/5137

I use following yaml:

apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: pvc-deleter-role rules:

  • apiGroups: [""]

resources: [“persistentvolumeclaims”] verbs: [“get”, “list”, “delete”, “deletecollection”]

apiVersion: v1 kind: ServiceAccount metadata: name: pvc-deleter-sa

apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: pvc-deleter-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: pvc-deleter-role subjects:

  • kind: ServiceAccount

name: pvc-deleter-sa

apiVersion: batch/v1 kind: Job metadata: name: pvc-deleter-job annotations: “helm.sh/hook”: pre-delete “helm.sh/hook-weight”: “-5” “helm.sh/hook-delete-policy”: hook-succeeded spec: template: spec: restartPolicy: OnFailure containers:

  • name: post-delete-job

image: “bitnami/kubectl” command: [“kubectl”] args:

  • “delete”
  • “pvc”
  • “–all”

serviceAccountName: pvc-deleter-sa securityContext: runAsUser: 0

https://github.com/helm/helm/issues/5137

Notes pointant ici