Wordpress charm creates too many k8s secrets and never cleans up #249
Assignees
Comments
kot0dama
changed the title
|
@alithethird Can you have a look, please? Thanks. |
|
I believe this is a Juju/Kubernetes problem, not a charm issue, as the secrets that aren't cleaned up are all of type |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug Description
The wordpress charm seems to create a lot of k8s secrets and never clean them up. All our wordpress deployments seem affected and hold more than 3000 secrets in their respective namespaces each.
This greatly increases the load on the k8s cluster and affects its stability.
Also, since we are collecting metrics through kube-state-metrics, it also yields 5 high-cardinality metrics in our Prometheus instance (
kube_secret_metadata_resource_version,kube_secret_type,kube_secret_created,kube_secret_info,kube_secret_labelscurrently have 127180 cardinality which is way too much).It seems some event triggers creating 3 tokens
modeloperator-token-RANDOMBITSmodel-exec-token-RANDOMBITSwordpress-operator-token-RANDOMBITS.I am unsure at this point what creates these k8s secrets, but if these are triggered through juju actions or other automated actions, I believe this is a bad idea to store forever such tokens in k8s secrets. Sadly, it doesn't look like k8s secrets can be set with an expiry time.
Could you please elaborate on what these secrets would be used for, and ideally come up with a solution to either not use k8s secrets as storage, or at least prune these secrets after a while?
Thank you!
To Reproduce
Deploy wordpress-k8s charm with listed versions and wait for it to create secrets.
Environment
Juju 2.9.49
Charm: wordpress-k8s
Channel: stable
Revs where this happens: 7, 25, 114
Relevant log output
Additional context
No response
The text was updated successfully, but these errors were encountered: