[BUG] CRP deletion leaks Work/AppliedWork and in-cluster resources #297
Description
Describe the bug
A clear and concise description of what the bug is.
Environment
Please provide the following:
- Hub cluster details: 0.16.6
- Member cluster details: 0.16.6
To Reproduce
-
Create a namespace in hub:
kubectl create ns foo -
Create CRP (pickFixed a specific cluster) to propagate a namespace from Hub to Member cluster
kubectl create -f- <<EOF apiVersion: placement.kubernetes-fleet.io/v1beta1 kind: ClusterResourcePlacement metadata: name: crp-copy-ns spec: policy: placementType: PickFixed clusterNames: - member-1 resourceSelectors: - group: "" version: v1 kind: Namespace name: foo revisionHistoryLimit: 5 EOF -
When the Namespace
foois applied to member cluster,kubectl editit, and add a customexample.com/foofinalizer to Namespace'smetadata.finalizers. -
Delete CRP:
kubectl delete crp crp-copy-ns. -
Observe that the Namespace in member cluster shows
Terminatingbut it is also stuck deleting on custom finalizer we added (as expected) -
Observe the deletion has cascaded to Work (hub API) and AppliedWork (member API) such that there's
deletionTimestampon these objects; but the deletions are stuck (as expected).kubectl get work -A -o=custom-columns=NAME:.metadata.name,DELETION-TS:.metadata.deletionTimestamp --context=kind-hub NAME DELETION-TS crp-copy-ns-work 2025-10-20T18:21:11Z kubectl get appliedwork -A --context=kind-member-1 -o=custom-columns=NAME:.metadata.name,DELETION-TS:.metadata.deletionTimestamp NAME DELETION-TS crp-copy-ns-work 2025-10-20T18:21:12Z -
However the CRP object is long gone (unexpected):
kubectl get crp -A --context=kind-hub No resources found
Expected behavior
ClusterResourcePlacement object should have a finalizer and block its deletion from the API until its Work object disappears.
Screenshots
N/A
Additional context
N/A