remove leftover ClusterAdmin resources #112
Description
What happened:
The MCP Operator on dev logs lots of these messages
{
"level": "error",
"ts": "2025-07-24T12:06:05.615Z",
"msg": "Reconciler error",
"controller": "clusteradmin",
"controllerGroup": "core.openmcp.cloud",
"controllerKind": "ClusterAdmin",
"ClusterAdmin": {
"name": "ott-cluster-admin",
"namespace": "project-onboarding-provider-demo--ws-umbrella"
},
"namespace": "project-onboarding-provider-demo--ws-umbrella",
"name": "ott-cluster-admin",
"reconcileID": "b68fa7a0-a202-4ae3-af18-8b9cdfc808e1",
"error": "Authorization.core.openmcp.cloud \"ott-cluster-admin\" not found"
}At least this specific one occurs because there is a ClusterAdmin object for an MCP that already has been deleted (or never existed in the first place).
What you expected to happen:
The more aggressive option: The controller should remove ClusterAdmin resources that belong to non-existing MCPs. Might break the 'eventually consistent' concept of k8s though.
The less aggressive approach: Deletion of an MCP resource (or probably better, the Authorization resource) should remove all associated ClusterAdmin resources. This doesn't prevent creating ClusterAdmin resources without corresponding MCP, but it prevents leaking them.
How to reproduce it (as minimally and precisely as possible):
Didn't test, but I assume one can simply create a ClusterAdmin resource that doesn't belong to an MCP or delete an MCP with a corresponding ClusterAdmin resource.
Anything else we need to know:
Environment:
Found on the dev landscape.