fix: add missing owner on knative-serving-cert

[zdtsw]

Description

(out of this comment i had in another PR #1165 (comment))

• why using default ingress cert, owner is not set to FTer: serverless-serving-gateway
• this makes the cleanup did not get this secret removed

How Has This Been Tested?

local build: quay.io/wenzhou/opendatahub-operator:2.16.98

• enable kserve
• check knative-serving-cert
• has FTer set there
• delete DSCI, knative-serving-cert is removed

Screenshot or short clip

Merge criteria

• You have read the contributors guide.
• Commit messages are meaningful - have a clear and concise summary and detailed explanation of what was changed and why.
• Pull Request contains a description of the solution, a link to the JIRA issue, and to any dependent or related Pull Request.
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has manually tested the changes and verified that the changes work

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from zdtsw. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dhirajsb]

This won't work if source and target secrets are in different namespaces. OwnerReferences can only be for local k8s resources.

[zdtsw]

not sure i understand your comment here

the change is for this function to create a new Secret in the namespace with the Data and Type from the old secret also to set the new Secret with OwnerReferences as the origin FeatureTracker

[dhirajsb]

Unless I missed something, it looks like the new secret will have the same owner reference as the old secret with the line:

			OwnerReferences: secret.OwnerReferences,

Which, won't work if secret and newSecret are in different namespaces. For example, if the source secret is the default load balancer ingress cert from the ingress operator namespace being copied to another namespace.

[zdtsw]

my idea is to set the OwnerReferences: secret.OwnerReferences, when we create the new secret.
but this value of secret.OwnerReference is not really the owner from old secret but set in the caller by

        if err := ApplyMetaOptions(defaultIngressSecret, metaOptions...); err != nil {
		return err
	}

and passed from feature.OwnedBy(f))

In kserve's case:
ServingCertificateResource() if it is using type "OpenshiftDefaultIngress"=> f *feature.Feature is added in metaOptions by ApplyMetaOptions => copySecretToNamespace use it as owner on new secret.

[zdtsw]

some updates done after above discussion :

owner is only set within copySecretToNamespace() and passed from upper callers: PropagateDefaultIngressCertificate=>copySecretToNamespace=>copySecretToNamespace

[openshift-ci]

@zdtsw: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/opendatahub-operator-e2e	12de2a9	link	true	/test opendatahub-operator-e2e

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.