Secrets used by Ingress not detected as in use

[lee-harmonic]

Ingress resources can use secrets to store TLS certificates, such as those managed by Cert Manager. Kubectl-reap currently detects these secrets are not in use and suggests removing them.

Eg

$ kubectl get secret
NAME                              TYPE                                  DATA   AGE
default-token-ggbbh               kubernetes.io/service-account-token   3      521d
review-41-enquiry-4r57wt-secret   Opaque                                3      10d
review-41-enquiry-4r57wt-tls      kubernetes.io/tls                     3      10d

#The review-41-enquiry-4r57wt-secret is used by a pod

$ kubectl reap secret --dry-run=client
secret/review-41-enquiry-4r57wt-tls deleted (dry run)

$ kubectl get ingress review-41-enquiry-4r57wt -o yaml 
#partly redacted
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
spec:
  rules:
  - host: 41-enquiry.example.com
    http:
      paths:
      - backend:
          service:
            name: review-41-enquiry-4r57wt
            port:
              number: 8000
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - 41-enquiry.example.com
    secretName: review-41-enquiry-4r57wt-tls