Calico 3.29.1: OwnerReferences don't work for NetworkPolicies

[alexarefev]

The OwnerReferences don't work for Calico NetworkPolicies. The Kubernetes cascading deletion doesn't work

Expected Behavior

ownerReferences option could be set in Calico NetworkPolicies to use cascading deletion for Kubernetes resources

Current Behavior

NetworkPolicies with ownerReferences are not deleted after the owner resource deletion

Possible Solution

Steps to Reproduce:

1. Create Calico NetworkPolicy eg:

apiVersion: projectcalico.org/v3
kind: NetworkPolicy
metadata:
  name: allow-test
  labels:
    purpose: test
spec:
  ingress:
  - action: Allow
    destination:
      ports:
      - 5432
    protocol: TCP
    source:
      namespaceSelector: kubernetes.io/metadata.name in {'test-2','test-1'}
      selector: all()
  selector: all()
  types:
  - Ingress

2. Get the UID of the NetworkPolicy above and put it into the following policy:

apiVersion: projectcalico.org/v3
kind: NetworkPolicy
metadata:
  name: default-deny
  labels:
    purpose: test
  ownerReferences:
  - apiVersion: projectcalico.org/v3
    blockOwnerDeletion: true
    controller: true
    kind: NetworkPolicy
    name: default.allow-test
    uid: b7a4ad0b-d25f-4ce3-89f7-ee825b565429
spec:
  selector: all()
  types:
    - Ingress

3. Apply the second NetworkPolicy in the same Namespace
4. Delete the allow-test NetworkPolicy
5. Check if the default-deny policy has been deleted

Context

NetworkPolicies could not be included in logical chains with themself and other Kubernetes resources, which makes impossible to use one of the essential Kubernetes feature

Your Environment

• Calico version 3.29.1
• Calico dataplane (iptables, windows etc.)
• Orchestrator version (e.g. kubernetes, mesos, rkt): Kubernetes 1.30.3
• Operating System and version: Ubuntu 22.04
• Link to your project (optional):