Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rbd: Encrypted PVC with Metadata KMS cannot be deleted #5148

Closed
zerotens opened this issue Feb 16, 2025 · 0 comments · Fixed by #5149
Closed

rbd: Encrypted PVC with Metadata KMS cannot be deleted #5148

zerotens opened this issue Feb 16, 2025 · 0 comments · Fixed by #5149

Comments

@zerotens
Copy link
Contributor

zerotens commented Feb 16, 2025
edited
Loading

Describe the bug

Creating an encrypted Persistent Volume Claim with reclaim policy Retain, the Persistent Volume cannot be deleted after the Namespace with the corresponding secret of the encrypted volume was deleted.

I0216 12:40:22.228097       1 utils.go:266] ID: 42 Req-ID: 0001-0024-5e325bdb-0833-4d54-8d90-0bc07f43a580-0000000000000007-797f904b-8c83-4ab6-983d-c93d0500a7ca GRPC call: /csi.v1.Controller/DeleteVolume
I0216 12:40:22.228156       1 utils.go:267] ID: 42 Req-ID: 0001-0024-5e325bdb-0833-4d54-8d90-0bc07f43a580-0000000000000007-797f904b-8c83-4ab6-983d-c93d0500a7ca GRPC request: {"secrets":"***stripped***","volume_id":"0001-0024-5e325bdb-0833-4d54-8d90-0bc07f43a580-0000000000000007-797f904b-8c83-4ab6-983d-c93d0500a7ca"}
I0216 12:40:22.235003       1 omap.go:89] ID: 42 Req-ID: 0001-0024-5e325bdb-0833-4d54-8d90-0bc07f43a580-0000000000000007-797f904b-8c83-4ab6-983d-c93d0500a7ca got omap values: (pool="kubernetes", namespace="", name="csi.volume.797f904b-8c83-4ab6-983d-c93d0500a7ca"): map[csi.imageid:3ee7f9c1922985 csi.imagename:csi-vol-797f904b-8c83-4ab6-983d-c93d0500a7ca csi.volname:pvc-72bee4e6-4ffb-4065-98d2-b7fa005c7ea2 csi.volume.encryptKMS:mykms csi.volume.encryptionType:block csi.volume.owner:ceph-csi]
E0216 12:40:22.240139       1 utils.go:271] ID: 42 Req-ID: 0001-0024-5e325bdb-0833-4d54-8d90-0bc07f43a580-0000000000000007-797f904b-8c83-4ab6-983d-c93d0500a7ca GRPC error: rpc error: code = Internal desc = failed to get Secret ceph-csi/tenant-encryption: secrets "tenant-encryption" not found

Environment details

  • Image/version of Ceph CSI driver : 3.13.0

Steps to reproduce

Steps to reproduce the behavior:

  1. Install Ceph-CSI RBD with values
    encryptionKMSConfig:
      mykms:
        encryptionKMSType: "metadata"
        secretName: "tenant-encryption"
  1. Create a namespace and a secret named "tenant-encryption" with an an encryptionPassphrase
  2. Create PVC in this namespace with Storage Class which uses the metadata secrets encryption.
  3. Delete the corresponding Secret
  4. Try to delete PVC/PV

Expected behavior

PV should get deleted
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

rbd: fix encrypted PVC with metadata KMS cannot be deleted zerotens/ceph-csi
1 participant
@zerotens