I am creating some secrets when helm install is executed via pre-install hooks.
Everything works great. However when helm delete is performed the secrets created are not deleted. This is because any resource installed using pre-install is considered to be self managed. So I read this could be done using post-delete hooks.
So questions are:
How do I delete secrets in post delete?
If we remove pre-install hooks then then delete works just fine. But then how to guarantee that secrets are created before the pods are even created when we perform helm install?
Tiller creates resources in a specific order (find it in the source code here: https://github.com/kubernetes/helm/blob/master/pkg/tiller/kind_sorter.go#L26)
So for this specific user case there is no need for hooks or any other mechanism, just include your secret and your pods and magic will happen ;)
That said, there is still the issue with pre-installed objects. The documentation states that this is the desired behaviour:
Practically speaking, this means that if you create resources in a hook, you cannot rely upon helm delete to remove the resources. To destroy such resources, you need to either write code to perform this operation in a pre-delete or post-delete hook or add "helm.sh/hook-delete-policy" annotation to the hook template file.
The only solution is to add a job to the chart, with the post-delete hook, that deletes those resources.