in fleet-argocd-plugin/fleetclient/fleetclient.go [292:319]
func pruneSecrets(ctx context.Context, clientset *kubernetes.Clientset, clusterSecrets map[string]string) error {
secretsClient := clientset.CoreV1().Secrets("argocd")
listOptions := metav1.ListOptions{
LabelSelector: "argocd.argoproj.io/secret-type=cluster",
}
existingSecrets, err := secretsClient.List(ctx, listOptions)
if err != nil {
return fmt.Errorf("failed to list secrets: %w", err)
}
for _, secret := range existingSecrets.Items {
// Skip secrets that are not managed by the fleet plugin.
if secret.Annotations["fleet.gke.io/managed-by-fleet-plugin"] != "true" {
continue
}
if _, exists := clusterSecrets[secret.Name]; !exists {
// Secret no longer corresponds to a membership, delete it.
err := secretsClient.Delete(ctx, secret.Name, metav1.DeleteOptions{})
if err != nil {
return fmt.Errorf("failed to delete secret: %w", err)
}
}
}
fmt.Println("Successfully pruned Secrets.")
return nil
}