Skip to content

Add finalizer to backup secrets #1211

Open
Open
Add finalizer to backup secrets#1211
Labels
MySQLPSProposedfeature requestjira_task
@evilhamsterman

Description

@evilhamsterman
evilhamsterman
opened on Feb 19, 2026

Report

Deleting a namespace that has ps-backups using S3 storage gets stuck and backups don't get cleaned up because as soon as you mark the namespace for deletion the secret containing the access key for S3 gets deleted, so the operator is unable to cleanup the backups and delete the ps-backups.

More about the problem

I'd expect that the operator adds a finalizer to the required secret as long as there is a backup that uses it, to ensure it isn't deleted while there are backups that depend on it. Once there are no more backups that depend on the secret the finalizer can be removed allowing deletion of the secret.

Steps to reproduce

  1. Create a namespace with a MySQL instance
  2. Create a ps-backup using S3 or other destination requiring access to a secret for authentication
  3. Attempt to delete the namespace
  4. The namespace will get stuck in terminating and cannot be cleaned up without manually removing finalizers from the ps-backup which leaves the backup on the destination.

Versions

  1. Kubernetes: 1.32
  2. Operator: 1.0.0
  3. Database: Any

Anything else?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    MySQLPSProposedfeature requestjira_task

    Type

    No type

    Projects

    Percona Kubernetes Operators Roadmap

    Status

    Researching

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions