Secrets used by Ingress not detected as in use #118
Description
Ingress resources can use secrets to store TLS certificates, such as those managed by Cert Manager. Kubectl-reap currently detects these secrets are not in use and suggests removing them.
Eg
$ kubectl get secret
NAME TYPE DATA AGE
default-token-ggbbh kubernetes.io/service-account-token 3 521d
review-41-enquiry-4r57wt-secret Opaque 3 10d
review-41-enquiry-4r57wt-tls kubernetes.io/tls 3 10d
#The review-41-enquiry-4r57wt-secret is used by a pod
$ kubectl reap secret --dry-run=client
secret/review-41-enquiry-4r57wt-tls deleted (dry run)
$ kubectl get ingress review-41-enquiry-4r57wt -o yaml
#partly redacted
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
spec:
rules:
- host: 41-enquiry.example.com
http:
paths:
- backend:
service:
name: review-41-enquiry-4r57wt
port:
number: 8000
path: /
pathType: Prefix
tls:
- hosts:
- 41-enquiry.example.com
secretName: review-41-enquiry-4r57wt-tls