Comments (5)
Hi @yahorchy thanks for the feedback. We recently fixed the STATUS
behavior in the controller and that might explain the issues you're finding. Could you please check again using the 0.24.3 version?
from sealed-secrets.
Hi @agarcia-oss ,
I have updated the controller to the version 0.24.3 and downloaded the latest kubeseal utility (0.24.3 version).
After playing in the console and installing/uninstalling the same sealedsecret resource it does not show Failed
sync status anymore.
But, there is another case, when I used it in the helm chart templates files:
Steps to reproduce(fresh install):
- I have 7 sealedsecrets in templates/secrets.yaml file.
- I'm encrypting all these secrets with the same
kubeseal
utility in the same way, which mentioned in the description. - Placed sealed value into values.yaml
- Then installing helm charts with
helm install app . -f values.yaml
What is the output:
- on the first attempt the first 6 secrets was created successfully (sync True), only the last secret from list was with sync status false.
- at the second attempt the last 6 secrets was created successfully (sync True), only the first one was with sync status false.
- at the third attempt 5 secrets from 7 was created with sync True, 2 remaining had status false.
In addition in all above output scenarios allsecrets
was created fromsealed-secrets
and application is up and running.
To fix this status issue:
- perform the seal of the string again
- modify the values.yaml file with the new sealed value
- make an upgrade
helm upgrade app . -f values.yaml
. You will see syncTrue
.
Any idea how to avoid to seal secrets a couple of times to make sync status True
?
from sealed-secrets.
Hi @yahorchy we cannot reproduce the issue you're commenting on. Could you please provide more detailed logs of the controller to verify it?
from sealed-secrets.
Hi @agarcia-oss ,
By the way, yesterday I have upgraded sealed-secrets controller to the latest version (0.24.4).
Scenario:
I was able to reproduce problem without helm.
Steps:
- I took 7 sealed-secrets which needs to be created and separately placed them in sealed-secrets.yaml file.
- I run the command
oc create -f sealed-secrets.yaml
- Got Sync status False for fifth sealedsecret.
- But the usual secret has been created for fifth sealedsecret.
Let me attach sealed-secrets.yaml
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
name: first-secret
spec:
template:
type: Opaque
encryptedData:
seed: AgARBuLJxZ/lRjtlDoxj+HjtP7ndPz/12cMzegJl/hNOpLQuxHean/SBxbzeMq2H8NUo/N1B6vx1onTQeo3tZWhwl+5gXKZq1022uU4JJsJcccjlN7td4Qt4AMlTOgm6o8ksGuNjHzmGmDe/s6gZ6n1o2S6RqUczEybry8Gxr19LHFoz4S25PrK2aroxXZeFBSURCdrEW6jXG4yduzgcJozXYZiPslzu0CfDfgZSanSOyRZM/IGVCw8tneckDCh87WYz/6lW3nZ3AzT2xGJsVZ80GXBicBqrxCJBNd+q1MhWITVgoI1zI5vbvJP7jjutKhI77++MPMKH+L1VLI+ZVpAGVlqGYzHPbkUdYultjwsGcBky/msPXYl76m44X/xU/H04d6gTFzTpVHgSdHM5Z+ZKxmg5HrPWsFQE/NpmOrECqc9olhpiP+yh3whafmQ799TD0nXcUO+UVe6PkiUexK+g+XJPkBSP/L6ngpZCVMtXS3U7+2WL23SpfAGQG+95gyn/uOANVhu91MMspTLKUfqZ06PTBiU//rNMnkSGrgtWQgoZYPEQBlicIbNCT5X/X0b9Pj2qROgIQWarElcUFpT9/rsIG9ceuiI/DC44n3Pi3LizQVF+s3ifn/jCAXfQgH8xp7pS36EGb9Rk2BJyO7LKgzHwamsYMDuNcgLyt5y7CjVclvLvcxz0gkED9x37YKC7o5QYSXZ83Z2sR7t31TucCBL9u+a9yLrKslCA1jP7oCu0PC6V++BeS12zCxY0sVDyrbTCJaVKufu1jJx/b8B2Tx0QCtlhWrAbsokTQWyoJOiqWhRKtV4gdydvWHbrN/CS0o7jYx3daBfVkwtS3Qb3AoSLCrNBAF/QqyEuV0lm
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
name: second-secret
spec:
template:
type: Opaque
encryptedData:
secret: AgCx7vpVNJstvuhYdMUtSXtjlQFVzZWxCRDQL1zuiyg4fEZ0puJemncwvKWsPjY0hBjsDqTc0ETsYdEX4i1CQ2VxsCXwjqm/DLqyCnrM3O6sYrflrTdOjirCZem58jvCbPNv4wXQrOICYnCR1yCu+JPLl/UdpbXLSuafLcgMH7PUvTo1Eem3CqzBDJRnIdxVz94b07atvgdZNTsS0FGn6z9NmlZza+jzpUvy8cErxzJ/q4MFJg69PbUIKaKx1EeABf7ae+0+OELLnlCvTYuibsj06v9s+1pwXJFwRMiqysQLCuX0qP5s3RgNVf9C8MAD7D3jk9mzDGQAnXPfwT6FA+BtDEOT5OFnvoJsXAmoNUNwpj3mYl0Uwx/UpdvsNLvAgtD+9x20wrvTTOYFy4lk9s7O07MUt1+cgAQ/IfhuGjPWffb8Zlsct0qA2wgDNjkp+ZAN/I0dT4OEfNEYKHSvcQJYR7mizp7RIwvdVpNmVCSDUiWbx7vCwWbKRDQA6swj8IoOWGVQDNFJ3cjd+7itQR+tilNk6Qwj+PhofNnFFPp8pLIpehlhSctTrybW8rx8jMUu4vkju7vy3ka/aWwaGgbH4YsaF6usRBuio/zh7wlGnYC70Vq5jrqloe0dTTK5XAYu+kfL7EjhVe0jXuRGIZ1MNFuzYZ+YZYRZOnAO6PNz5bdFOtLihXm3whhgRTXiJXTHjhgNzZEoiVaspThhSCfZcz8mUgceFTx00Hql+dYYA0B81m/m9NWd07BUntJ3DXN/ZtedQFhObZyx6ZPNhGTDktNBRlpADADnhxMqfhglZnnW7ecuiAI9d0PoT+EDHW+WPNZHI+o9TPr5z4f9WQnpHiyvMflkv1325RtXP16p
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
name: third-secret
spec:
template:
type: Opaque
encryptedData:
root-password: AgB5QxM1itW1b9hO7bEJ4qcJMICrnwktYsPG4ofeqVXTy+P/4OSupXahaDhEEEjNt736EzCV2p+k2n+lfW8MF4rZacYEdRgNzk18Pmm2lpWzZunloxrzp5SWnpo6IHZwmKDpC1wnphHFnUxUmzhtqVLaDdP1YiH0tnEuqoSQ0fIWQMUby7guuAq5cD859y6C84f21nK5K7AgVIfRG4AK3zEl4b3rUoCXL8BiBh9yq99ZUEAraEzCIcBzYmeOpA70lAgckfHuLbBweUdjXMqOFz3J/gyVYPp8owJDQVKimYnNK1iQgcPMy4FIWJoS0SPXI8f8Nsybs5AcSCydNns2sf+4pHbuRZW+vBBK7Jha04apbdp4Bhi1JOhUfCh9/mTewXu814UhYgY3rz9zeN4Eh9wsQzQGWR6PokVUMPScMNK4IJ6gZHpVnm23x+Gw0v4WsPHsLIZshTABOXjeptfc9Q4nDa1vFRkPN+P2LuWjBz6hHSc48P54kkYcOq1B3DUYmE2hSn2Z93dNCawe6MDem0tBzIQU3PhWZ29UwakQER7ZAn7C503GdNCVgnGxExYThFzbmc3tLI4eqXjN5ufnDchjKqaKxq1KOdMpssr6r77pXOlV1ksa90CinY1hrxyji4ZQcKuIfsFsSRqEMbFIURYFU7umXPqm3QImcEOPO5qU5/FU18pco5HKu0tCz5kt5A1ZmJZ189VHuw9urJfQtQXkqoCJYionTXT4EEgNyM7Y
replication-password: AgArtEFLx1miL2jMKTHhcrPZddz/hoqGGudcn6ViCSB8IoSdWJL7RkA3gurBxBJtte+aXCIdnHetCwbdCb0OEMVdaJs3htg8NnFBiy//hVJQPFvr2nb8hVOg0R0uFNswaNScBjw0FE8gQDqnYR2ldnsC4rDhQqDw6yEVRjfa5ver7IQmmDuwPGi5hxEoy0JvGxwclfTybMlXd3cAXvavBvXyb5n3Ycx9l5MQcqXXqvBqh2iBOdxZ7AnGBzHFufOwx8k7aH982AG6hwum4T+8OB4mmQmOd+Ft1uJ4JYaUWX36pOp7xs70yecE2y3jbOpOzzwij7+dxBQ1KOnsThqg2NZQfjFtci5dUeSYFCbFTKi/lcTCy0pMrDgqJIRs2PmGZnjnbA2MY93CMhn9Im0QUOiLDVaPoNnS1itjgekFoBJfeumbmwlSswQ2CIw3ZEpVD78a3xJy4skuUMua2fJKUYN3eLUdP/Ku5PZxoKYXyYPc6odkS7QFjJg+q/Ya7mhqTxrZLtGIbl4jUPtxJDwBJ3xalNQJyZdr8b+pVqg8iLwmW3nOl+mefy/Ix2O9WnnOFUzN41SsoppWQ0XwU2UzYU1w0i88naUHwV9Dg2tdBqidCv71sQQEwetEGEEzGMLeiLuTVDj0MhypA1A05z0YFansoHGTyyHLMxhbfvSikcCbrU/VDQBJuU7fPAtHirLwqntn7ROnOjIlN7gwnXCXtA4lmB8AVQeDTRBmLdnpNOCK
password: AgBbzzKbE+AJfhYCuXsdRrcSWqFvcDMt4BKBMV+ncfzc98N83g8Rd6T55SIzbxqEND1heUhGjLbz6G8paGJENxxv+wUCdQSb0le9E/NqiVkrwmNTIlhJiBqC+wwjYFgFYNumZ6rEs8a8nXml0/tAbUYFNx0Ltj6t932neoNKFwznZQXwrupXyA3fxPSSnSqcSe6h0pHG6p5sWfsqOb39cSjKnrVeFlfi4zbDEV5AoApiFh3fBws8AAiifqam1yMkkgzjQusJRMvCGIzNKNRDBpaU33nCVvIn0bC6PF1w5g/5+tnppa5P1EBwbKgVb/ypSHk3STox4LJfh0U4hmlSaIDZkL6MjiYZ+UYudBBn3z8ZPeDJDGpOn6YlNUA/FAYkLg76dlTgoBOAlKWWhXOfh11pUqrxa+03O5GnixzB0BbnHViWUzmZ4D2mlHphpYYLxuWdso5SQO11UaObLI/g72PbE8bvu9VUeOGyEfg02jr6nzOWivpQ8CyPoNVmnZHpu826cyz3R1Taj3NW0tqFmqf0kpfQVjjMPqChu8jSyXdSpukFs2nRZqX9IfvQbTQB0wp6Z1U61G71rCoaCdTfmM1udWAGm1Sifu91aHuu4tra8RblUh95R0V5whtar6T7RZej70leqIDZdrU+8uFFhBT1b48kRJv9NaGF3eKi4Eu+QI3VaQPdBP9j0qCHlSLcpMtReTy0EP7wucjEWUBsVCqj2ibeKqc+syANqV7ptDVy
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
name: fourth-secret
spec:
template:
type: Opaque
encryptedData:
auth: AgDFOJZyAivQdxcK9Y9m5BVxat3KePHCM9Lrw1pDfeJsPjH14TA67Fm3HLddR2+TrViTiscX8rGVvGUFgbe/AFQNGjGvU0gHmiE6SSVXkbGeWkK1Xd7HO32M88LQ5FPZvaQFADmhx9wy7B/Q5HcQ3ZKl+g4R9ssVuX3SYZWHyUVgTBviux9+zpQ8tyHUxkTlQ1h19yOuhz7JpK2BMgO+YQeksxHR9quCeaCtQ2QfaiCoOaoCXlMhMDA2nwqydM6nh/b7QNzfFnRqAgMLSoFkN89AQ/rR3Yk46MhPmU9Vnra5UOMe1KlxNk2pqORn/pS4xWtqt5hzpgnNODTMD+lUMOGbFV4cQzIn6jfaUpWGu8h/noflDE2MH+xI9JFpBJtre9oC4Nd1z1xQO/4VzpTId03evfxxhLPQ5Sk3njAGOicFNlqQwiLtHnqS4xI8ceWdoza8yLXCYPIafQTtjG0y16peyDWsibKflYZtBjV/ZIvfuuqKhlSWOyKFIgWTNgs7O2k2JIuBtnuOPRQaT+P4eI1zxCSHYkzG6DokFMIMiGKPhQq4J/lRAc+7leZ6bec+oD32LYPbx/MXK+hJog7AKdaRxiEPO9Yy55G04Wc7tH+LNrEVkka9Pdh65UH3eVEMRi7C4w+jUvpxvjZXhb/B52x47NXOZQ3u4+HU1CJ2oNJkjQ1x0ierRqDVKTwyskDNKAZPMy9BjH+0+i95QG4Pm+VnBG6fUWnmdz11XRfKQ4AFuYbqOLSCgmQHO4am0c8w2FAIBn46fbgrFDYUb3zxJDtk4O9uoY66XA7IRr5nyR/7OUL1/ft+qd3hGX6KJ7YuPQC5V26JbQbKBJe4MqyH92JPpixNpubIkN8dNliQO8WO
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
name: fifth-secret
spec:
template:
type: kubernetes.io/dockerconfigjson
encryptedData:
.dockerconfigjson: AgCkdnSR/zGgfhfeUfcHJ6+aPY7DpSNbh0qjPkI8Dur8HVWCI2Y8HrIMeSDA7nd98Sc/BsnPT+5paoM6cbzvF03zifuoc2o2WH4QeJTUofVQP3Zvb0tZfeUZ7lu7IfrKNdwFGZqzIGwvfCSdT9UuGR/CegZ7J7hgL8ptdWiBegB1M9MEH31p4d4/995W7nru6WOn97FpM8oJJrkBcTCPedFkyiZwTjDe0Na5sQ3KV3gHjO0lALYthx6wu40kfJX0IkX6+aPQmbCYcmxM89QW9KySq+tWy+L7DXc1bRQUpZ5a8in6j9mHgQ6Gkn9kCuir//uVapyR0MoybJkRwhTpY9DZ5y7MSZsh6L88fkKII1Uyu4ZFpg0IfXZDk67msmHoq7ZxxYpyMRAegs4yChfiNGNlJQG3OayR+Mxa3BJrvb0QT6fKZ12q/6z9LGk8z/xW6+orCCaqj3bDsfYhxJqpBXsCqruoOo8QURnm0KPyIDOpWUv+zqvIWEeK5nskRw+MhMyyS0ULiXcC464IqGksOQwEouJMCctd4u4acc3GTbUeXMj1oizgfQUZmayT23KNw1+5ZKBCJtReaBKm0akDXlDOiPSNH0RVMvzL9b5PJIs7y8OYXWeX7GxrwoMGaAgwUNzK4fAWTt/u9Sc1UUDjuytj0X8q5Ji+/L61J3vODkNmytvalxYtwByuJOebApmg32oDUSGrCS7lZry2KC/BxAFGzbe3oOr/LrHX/0rFQpTTGcNQ2q5QHJ4+HswJfinZY94VRbyu341vS6KRX1wZVfd0lvlWow5mobGXv23xXxv+pSAXhimcfe7x3tZMjXUBCSP1PTfDlLdqWszit9p5VnVvnCxIeUpioeeKFH4fl8pehGNfrrc9VmHgcKMBsNMasDgb6anfg+uBY0w5wtGSBOiKghw=
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
name: sixth-secret
spec:
template:
type: Opaque
encryptedData:
client: AgAnnTv6ZvrAo+Iw9CkbcfKtkdscXat/CEu+q5ggrBRJk3Kmp5p+aSbbL1rtg/iNSFey9TpAynv+FhH+M3tsJ8bggKQU3hK5QFwbFUlLkvCZlA05gssrZ5aVwT3ZRasaf/BRNF7lWkw+VEqtxQKTBcfOP/8zgI5UD6EROu0Fkz55FHeRBK0Ol9douGu79Wlz/tlvmvwcuJEKGdjHwWGNYQk2oko0Kpm9of8eJkIHxbNdPn9hUtXMKTD3MGQCjitxjEF8Qvnc/IgWw4jGvkpV7anTP9K7aMb8vmGyI/+trwMqMzbCuLn5MHw+fz5RaOWl+OMQx8iNlyH+Fdo0fryR6k30r3ayZ/NcpGpKZUnWM7x/MQLZptHXxyu1xiDtMqBUo55a/EBJiCIfz33VzUnjdK0p4lJfP3I4qIBCiqKSg80mFcRzJSMIiHgQRTVps/OHMc8I7uyU2ViXE+a4WhJ60w6ERSkTV+1PYWYLCBn+P7BumD4fsCoEm8KaTainmmIOPz0ItWk4s3u8LWD5YXc4fx3/XWr+NuIQUkLYDJpEziYqVz9qRjMIAX+4GM4nvGDocd0aSIpTIm1pLo6zcAt48mJbmdiQ3Tn2aeb0ZILYaiR0Doc2ZSdGyK+GJlNtmnrV8JceqrweQkq6kzX8ptOXvfquCM+b6WoAcVuJGePxl6OIUV4tJbE5fWjFVCqc4RHV9XkxOYLjLxOOFP7Ha6O7NZS1Nq8DeA==
secret: AgCa0AGPs/sFTLufJ2Iy44QuQ4hRXFCvf76IMLSajsOO0ihNhikWtCXCBwQWV0pbjXha1LEm6cSvixo8UsMZJ5FJdSClvai77GAK4ljP9f/4hI9zj+GgFBfhtybgGc14sOcFNLc6DShtsmz0I3HeVJtusCnoz+7oOl4DyQwyRDizKUegd0GhcgWzfC8k99SayffLF4KOK7Dpnsc9SRZfRJsl/z041o3ndtijnSj23xBVi3Q/iH7HLknzAJJ9JtnijxV7AcVwlVJiDov7RpasPxkxDBasm2IFwzK/SYMxWH+TRQYqqouxWyNrqgNkz1lFr0SVCcXaHVdgPdkvEKtpsggmeu1wIjH/mxAvemPDvUTQgSLbFm0kqypFP3kQzLw6xvnFlCC9JNKTtTIRonNBuIUK3gv1wrnU1Dby5bkN9L9RP7Yggst9UbNz9Jf+nvaVHdFxaxrlIt5G3fBipDX6cBsfP7haZWZDLXAa/cia4My32heV9wYJhnqJ9/oAvDD1WzjkXyfIPUYctf2J+UL6mkplB2cNejWElfp00WGa74fXstyMI2MMw9T6YEgxxd0rvaTUTK8Yf8bGoDD5iIeczTXGAsOTg1cwoBvnpE/f73JbVNzFjWgjjVhajaIYwIY8+/RXoDQxFEotgQI/TL/Onh1L2Lnl1FonRHYUVIWc023cTJjvtKw2j8xq5MSTDNAFeriONjJFnTei44hc+GkqzdVITnDZqJoHil2LETAKOML7UYy3/7E/T79SkQfpOLXQwttog4eRJYuO1IrPQq8BiAXN
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
name: seventh-secret
spec:
template:
type: Opaque
encryptedData:
id: AgC9TCxlfnpL9cu80/VelBBd36dmiKKJmgTX24CBPA7ItXahaujZPuITlOReP3NNaOnWi76B3EnRbLMrWbk+Bl3QuAIiIstt+wqIzyjoAUZRPP4COp+jc8HhWfOnW7GWg8GQ6GXxzwUFjbKm+XjfmHk0DxdSd8eEKmuQ2ELWsqqc7SOsZsjTt40ZrBzDLwIy7j+qqs20z88Wsabxba02a93qC6oUofVwn28/FmJ9ykNMhMzXAo1/j7i0rzhV1cMfDsjIT4HXKZfQatNizpZ150xhEe8mbFSwXF/rAQlbB7rsYpghXsPjnhsqlWG7YrTTDcaHTJcLeoIX7LxE/mitEWhKY2ar5e8EboFgpldFbfunV/uyeDGOn4d42yOujXngg0ojuk44t2R7RaTJixWqx75sScbFAS/OMH91RLYtmomuPBDysj348bq8gnUEnjntVPgSjkeHP1Sqj5sKcy40j4wGABYdQ3VPmBndTJvuu6tns41YQkL7mEnsoD9e5DufUsYdF+5tjR29YB3/gHbmAbRk+++QaVmwhcz0WlfjFei6V1j1RN7ZBm8xewpn/eVMUegsBzEpSzLxN72pxXWPweSIjLjmfklVwTlkfij+q2pgOCF/Wz1z0J9SSUhCEDMB57V+dHrUCFq7MmcBHNQOJC6cMooSkI8OKOXIGoxp0qMdkCg2HZSGk27H3uKyePscJTs5H3U9eBJKSaZ18WpMyQYMO+OYUUCk5tw5dt28kkVXED9y1mq59/pxuOIpOQ+z61PgRjWi5svR2qdqgkf70dhHjQKtLK3P
Here is the all logs output for sealed-secrets-controller during the creation:
Updating next-xray-scan/first-secret
Event(v1.ObjectReference{Kind:"SealedSecret", Namespace:"next-xray-scan", Name:"first-secret", UID:"e3674f24-4822-483a-84f9-50e3e0aeb646", APIVersion:"bitnami.com/v1alpha1", ResourceVersion:"1283674451", FieldPath:""}): type: 'Normal' reason: 'Unsealed' SealedSecret unsealed successfully
Updating next-xray-scan/second-secret
update suppressed, no changes in sealed secret spec of next-xray-scan/first-secret
Event(v1.ObjectReference{Kind:"SealedSecret", Namespace:"next-xray-scan", Name:"second-secret", UID:"7e194f2d-3757-42c8-accb-3f22c95fcbe8", APIVersion:"bitnami.com/v1alpha1", ResourceVersion:"1283674452", FieldPath:""}): type: 'Normal' reason: 'Unsealed' SealedSecret unsealed successfully
update suppressed, no changes in sealed secret spec of next-xray-scan/second-secret
Updating next-xray-scan/third-secret
Event(v1.ObjectReference{Kind:"SealedSecret", Namespace:"next-xray-scan", Name:"third-secret", UID:"62cc9fde-0ab5-4589-b9d1-f3d406e60a99", APIVersion:"bitnami.com/v1alpha1", ResourceVersion:"1283674454", FieldPath:""}): type: 'Normal' reason: 'Unsealed' SealedSecret unsealed successfully
Updating next-xray-scan/fourth-secret
update suppressed, no changes in sealed secret spec of next-xray-scan/third-secret
Event(v1.ObjectReference{Kind:"SealedSecret", Namespace:"next-xray-scan", Name:"fourth-secret", UID:"343d9078-3147-4de4-9fed-ef41831ddc09", APIVersion:"bitnami.com/v1alpha1", ResourceVersion:"1283674456", FieldPath:""}): type: 'Normal' reason: 'Unsealed' SealedSecret unsealed successfully
update suppressed, no changes in sealed secret spec of next-xray-scan/fourth-secret
Updating next-xray-scan/fifth-secret
update suppressed, no changes in sealed secret spec of next-xray-scan/fifth-secret
update suppressed, no changes in sealed secret spec of next-xray-scan/sixth-secret
update suppressed, no changes in sealed secret spec of next-xray-scan/seventh-secret
Event(v1.ObjectReference{Kind:"SealedSecret", Namespace:"next-xray-scan", Name:"fifth-secret", UID:"27634e4e-2fb2-441f-8ebc-58caaadf7697", APIVersion:"bitnami.com/v1alpha1", ResourceVersion:"1283674457", FieldPath:""}): type: 'Normal' reason: 'Unsealed' SealedSecret unsealed successfully
Error updating SealedSecret next-xray-scan/fifth-secret status: Operation cannot be fulfilled on sealedsecrets.bitnami.com "fifth-secret": the object has been modified; please apply your changes to the latest version and try again
Updating next-xray-scan/sixth-secret
Event(v1.ObjectReference{Kind:"SealedSecret", Namespace:"next-xray-scan", Name:"sixth-secret", UID:"48686c7f-c80b-4ec3-9be6-1915f4bd9c9a", APIVersion:"bitnami.com/v1alpha1", ResourceVersion:"1283674497", FieldPath:""}): type: 'Normal' reason: 'Unsealed' SealedSecret unsealed successfully
Updating next-xray-scan/seventh-secret
update suppressed, no changes in sealed secret spec of next-xray-scan/sixth-secret
Event(v1.ObjectReference{Kind:"SealedSecret", Namespace:"next-xray-scan", Name:"seventh-secret", UID:"be773ff0-0e2b-44c5-a5bd-374de96efb59", APIVersion:"bitnami.com/v1alpha1", ResourceVersion:"1283674498", FieldPath:""}): type: 'Normal' reason: 'Unsealed' SealedSecret unsealed successfully
update suppressed, no changes in sealed secret spec of next-xray-scan/seventh-secret
Here is the output of sealed-secrets:
[yahor@test02 sealed-secrets]$ oc get sealedsecrets
NAME STATUS SYNCED AGE
fifth-secret no key could decrypt secret (.dockerconfigjson) False 9m32s
first-secret True 9m32s
fourth-secret True 9m32s
second-secret True 9m32s
seventh-secret True 9m32s
sixth-secret True 9m32s
third-secret True 9m32s
Here is the output of secrets:
[yahor@test022 sealed-secrets]$ oc get secrets
NAME TYPE DATA AGE
fifth-secret kubernetes.io/dockerconfigjson 1 10m
first-secret Opaque 1 10m
fourth-secret Opaque 1 10m
second-secret Opaque 1 10m
seventh-secret Opaque 1 10m
sixth-secret Opaque 2 10m
third-secret Opaque 3 10m
Also, I have tried to extend the logs for controller by setting this option logInfoStdout: true
. Does the controller have more options to extend the verbosity of the logs?
from sealed-secrets.
I'm trying to reproduce your issue, but I'm at a loss.
I created seven sealed secrets, with the fifth of them being of dockerconfigjson
type:
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
creationTimestamp: null
name: first
namespace: default
spec:
encryptedData:
s: AgBZ2LaK29Vf84X6ZSBuV8h0Ff2y+B1LiI1kSKIQGgNBNZ7a+Tm/MVNBTB5k1J7S8YKI1yyl/ibV6TwduqVMlQ+Fkr08ieUJL+V6f9anSPUfS1b4URz4kJRT5DfrXwrdp7vID8prEBlSRpNK8AFdje3SKVBK8Wkl0VIfpH+VXB/PFi5KkPg9UWtCtIK5ENU3gGM8yj9nLJvrib14JIyWqG+7E8VueGflh7zJFT5ErEUfG081plU95iPODirlILQkbvzk9rtge4EUQmBKzOC2sySmkjET+LI+DCXqyCkkTpXgruD64PbyXeUjaAywLe4x9Faw7hZKtDX/esMKT3MxxsPNFl/lf1Bp2iVV72kW2YL7PCvSJ/H8v9U0UvZ6F0AHN9fGMrLFLQ+nKDjSu8LSj1z4VEpSvkiesjl97QcqJXuNVH1rYZS2lDJ/CLp0/q8m/Jk0Vyl+NcTnXrYlUn7wYHjOxgbzR/UQOAA/1lnBSGTNIzruB3YnewziwjKb9oMlbQl0mi/2pr3yYws0kJYpH6VV+zOJN398OED90fxlI9Iyp2dWBHGy4mOppTZVaOWtkgoKKIHAQM4ieQj56GnfMhRUv98NN9mNRq0bw29WdDUEEBTDOtSbPiRDxDmHcMJP02IClReBP52u7fsMjTYcKDTL1fIMK8DPRN9fhlsqN+hpM2Ll3FVEDbmgh1NhlGCmfW9UIkgh2w==
template:
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
creationTimestamp: null
name: first
namespace: default
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
creationTimestamp: null
name: second
namespace: default
spec:
encryptedData:
s: AgCNphcYFr3x5o1tHLwnZm7bBwe8Ndy5+15YtV+ApgLZDfIpS/+D5TeNhJ0f37szEPWCdRVudc65YGUDUDnD/EnnZfdEOKcu8RdNwCxI9eeSAVZdJITSoWPQqei/FeP+VJVvF7JZL2gzry8hq6okOlB3zDh56P9cjiAcTasEue1SeEItp711OD/N0ajZDqYQ5GnOENj2ax6RON4/Bx5RhmthoNMqbOMuGXieE1NSCGO+mI2kjA7vudY/KKMHg33NOrSdY1p0krlROf0WpjBEcaOBETl8WEdbS6Lplr/GBcTDklfMZsuCo4yv+GaEHQx7tDGBZfaQzdVyuDKU5M5E47YPoMFilzxoOXwGWkd6jv402l4/yhB+vtlCGftcDKWTucFJbwgDWFHbpV/DT3KLUA65LvW9vlP4H5lS51oHO3ZjpImsNvjwXnTKMOeFTnMcgFkpfSmOlMJjhGNmBpk0YU1iKbdrwuAtXU5sK2tJGA+Nh4H3w3Gm/eXbyNkCw7Afe+OM6QgQdW8aSvCgNTYxpFlWYi9kry/qCUPEON06nxyLogYGp6Rj5C097aL7BQuOs/imQ9SvP9+2fqx9tStZ4CSWIG1Csv7TYyaInARhmTRqaJVG7p1+NU8ktifzp0kAocZsKpe91re73mrXcPinzG/Sk6FBELapqGiIKT7FYfDU61AKi1TwsOVkpxZ0K15BBZa8W9IR62w=
template:
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
creationTimestamp: null
name: second
namespace: default
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
creationTimestamp: null
name: third
namespace: default
spec:
encryptedData:
s: AgBAtsAfrSUY0UP6v8YjmYdyuFB70Ja8Y85zgcRtJzlNZi++Sp6loqDkl5yxQrFNUY0Bk/NmQwVL5QrbX5U5I+PSnHdvs7oB0YndrlDknqprqZoV6N8UjLOaVJsIxfpYQ57jmlkW9tKqn25/8+Ft3Kf9N6NX7J3Ho18IXXnbz/VE1C9yQZwpY1zEEge7IYuJa+HO8mqs2mOMfuRckgguO/h0VVeBybJOQvnWo4VywgMrjnceMIczAwlNbtqY0sdLtW2acKJrf1KrNwpo0q/OvcRaPrVEie3ZLgln7/rRxRGv7PsRGG7ROAp2YYvInwDTI/+fYN+3f4SqcKC5QFWHSBh/nRdnanUj2NtxyqPBD8Rt7bQemvdZLUFhjxJWk80nk1pinW/0dAZYBadVYLhLprqikGxr81LsZrrcRc0ltq6FtRUl9wtjuO/EIqy9+5J2NXeVmtIkDYMy6flyjdr0AiPvcpNymjLb7Z2SwSryCBbhirK3JhG3+p6lgHUkxYqK+fK+p7aPxKAwOnsyvXRWYh8bGpySSi7IjLtM06dpa6l9EFxwdxJVvHwDJh1YXJ9oGDpdnBrrKtk4ESgWOs6+MrDA+m8qQtcVTyHNabuOhEjz0ZWu6+Q8U5WOkm3CLxZ0Agfw3fGoKkYvCDUuC2v+KdMUi05i+8v0vh5+FPDveslhINIusuSG8oX2VzY7c5fCdwLayeZVKg==
template:
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
creationTimestamp: null
name: third
namespace: default
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
creationTimestamp: null
name: fourth
namespace: default
spec:
encryptedData:
s: AgCdhRarDlwC+6Y13RnkJP8uUq1mqrE4bblna929oIttBE176CxomZxZjBV8BKD//E8VaJ04BoK8R7YxIvh0lPPodzwg/KoPyTeTSEx1ndx7yyGfgAAH3ShaAUAXdbpDoaw0ol0RXiQsBZEpZ4ccPJbTTa8RbZ9EtDQmvwes+kE5TWz9CBZC7N+x2W20DG2JgzuG9Uyh1+Bx6MkyWoI83PK4L93v/w2fMnnvUtpFpPHzPFcCM/O7IrRcMYt+sRcJcU6timN16Nwxrs4TpPPYCTu3vMe9hIOY3Ct4gQ/XqgPC42hAkLKTU0r/pgyQ2N2KMi67j5wsBsKOROPlsEgxHOHXruCO5mNzOHo3ImbBLBNMujfTbneQx/3p46RokyAknSZccyr37aNWZV8GMy367rS19X1v82UdOI3tKn3onhP5sVvGarBcJUtY71koa1A/RH7R2LWgQjZgaGThtGVp8n25nrSFEKK6v6HIXqnCmdkDUq4UeFzOuTFXtJc9NhptWtW9dPYaD5cfpbdLSbQEFXWfMT2VZA2X4nSdrvNbKfoEpDoqjVlYN+uht3Yyq5+rMLY1hfbxrzcM85EsFLb953B0V9q1gXSSGskQFlHYRgHSRJbQ1ZAB8FYyEvBdfp+3ad/e5V2CDl/UBKa1ssndc+/jytn5wvtmL6ATOHqLn1Tr3DdjXJ66rkBYV6JCisE/RxkjnRKqaTI=
template:
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
creationTimestamp: null
name: fourth
namespace: default
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
creationTimestamp: null
name: fifth
namespace: default
spec:
encryptedData:
.dockerconfigjson: AgCg3qbAhSVrEnzy/j8/Z83g29QQHfH+v4kiHPwiMFCQjXBQVdd6szlYPlB1ZxQSGNq4wXNow1612d7dpMDqayq1AwJiNJ9f0/o8LLmmKRkpkrg/QuVwehK0xjldT3FTdb8xOGwezu+tO/fTg6JK4Uux0p/hQhYaicQqw2Bv8gCGnWLP9Jvzkd/oIfJ5v859ed/aLupVjdhphIim9o11oNK7CFTBfe8myaruS2qxTXXfE63xz1HtpOfkKtLpMScAHQ5cY0Z168n0BDCZHcELlMATIK0GQ06hZHoBBRO/xAz2S0dbRIqkpdpPIKcOtw9UoFyIsaKpyrz9IVNQDWeV9yitBjzO0jfWiu+5qtWRWEYNWCG2RB8VzBVStrqcn57uAtrc5Gk9ZMt8XseFg0PLkXbBa56MnHQCSRtiw0BbPaFU73vF9k1FKVY+nupnJ/GpFFMvJvm6xFt4v5EsUJlKGN9IWqpwPPA+eMDuiM8SbO+QBaa4aq3lg9Cz9CMriysM1OZl+nkZRBbUsA0hAV5UncOd02h2yW/1yGlUH0gZ9NABTvm1nOIm0lJ5knmeRp+7fBgkrQhGABEKZJFzsyaytaHDqHt5fkaPaNP11yFcmpjurLNvHUE1IiuZwwSulYvyD5mSmHa9HR9Tx3aajBTDOynrCV1G5qGzKo+OA6BbpZjONoCMmWkcpzSjR2nF3O7VILCZ1ZVCMx58n+t4vZTxRlVeuWDR7u2OjsXNta1/iktJYSyaEqZzur+8yDwrJ2aV6G+QoRjXBcRLb4jZOyDwoE0d4gVMXdNjCzNiqGMa7g/06r0dxrPGxis3hfdznXqQWUQuX26hknPvDhbEWJqJ5eh1FRjOr1oM2L3fNzLQtaki9XA=
template:
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
creationTimestamp: null
name: fifth
namespace: default
type: kubernetes.io/dockerconfigjson
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
creationTimestamp: null
name: sixth
namespace: default
spec:
encryptedData:
s: AgADpslut6NcySWq4LSJfmI84+yLZ7O7bnAmf2Rss7OXZ/7FOX+WDzrygFsynh9uKA24C+D+M3B3kzwsyfT/rWw3BTF3mAzBodwfVRyCKgW/In+Xf7Rw5F+Mb24ctWgRiEfMVQ/sR3swJUh8e049ey5CgWxrOHGoEUgi5+w9m//xtSelEvtCjsRme95seAp6uydTU12xIKD3e8laHBezmhQde/NnJPHN2OgFXGJFDMIhxVTVSiCL4qFe0b2kIYpih5hIsgSe9JItw6rLMsGMRA9eBJxKfcRILXqjds4ued0Mbo/ow8gQsPVDi5c44/5x1etWMlLStPjd2OZXs9+J0BPqUihnLogz+vMP98c3cuLuwlSVUFwBTjRL+VzEVgIhphkCH59QW3lCfG0kIQMrSfmvYk/lJe78UBEGJy2BNZvC+uAgTWUA5XGOhm9jDydUb1f/BCzQw+mvz33xDHfunWcDKKqvC0SMydKmeZf9aLC6MiUVQjB2eZ6sBcOPB34nEEfIpm6A3HjUf/fTYwLHbBXICSkMjCs1TGDQ5IlgAOJXhcBp9ceWKw4J1Ry8xb5h/SbWw66M6NfJVcekTIDmeb9s+5Y1emX2Ci2tu94S1vqvaajaP6rxLeCrjeGUTZ6xhSs8+S+rIAukjDEvurOkNXsUQ7RoGWl65joY7jMBxR7BWcmq/Q7Ny1jh4BVUCfrQ/wK1L7CmNw==
template:
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
creationTimestamp: null
name: sixth
namespace: default
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
creationTimestamp: null
name: seventh
namespace: default
spec:
encryptedData:
s: AgBpqTtGeYX+I8ZIfKFgKeetglfqWgcOxgpNd/A3/sLMyClCIZyacopsFeot1quM0Be5E1V189BqtxO7Q45DH4zdD38M/CdN1IYOuswGBiLOz+LWv874ih0IsO7eBHbxqwiz4ZbOY5zDxRCCaoJL1inY+6bhNc0WIlXZvR60W6FjDAAqa1yXcOWbqsiVv3XDWPVDL+bj6AE5UWN8ZORx+pXAfH2ZfrTAanKOhiUOgKXB4SSql/HB1OeBrIrF0DXdGQcrZG2zN4Hi1+rVqI1CCMMCOzSrlcSCX/R+D1wjrphcEUXOtwYMUjCLCOhheGdHswcStEN3rK1oAKe+5blCkz8nZfc8hsdHR7APEgRb6U3mfPChqYNNM4RRoMyYA9HeX3HyNCfoZjEIBiuPaHz4g9oHECURUpbu3FD1U2AHR+vbxhdEiZo8jxdbdRurBUOiVbWQEwMg3ORpyWNfGOrNmAsEtD4JBMhasB/N0/DGBfs1P3ng91gpLWs9fh8FabJQErD3TJRFVP3eIl9tmfD9f2SpbhqmssnfaeyBkc0y1Ih0wfjGp/otfb9xJw23PYw2zZhl7p49R2exgBbuEt6oIrndqQ+I45wnvrFmhDR98iNeXGk9mZ0zMI9HM6RnvkNhBnwdTArbGvfxDfrJhb4CaV8mFIyYxJ8nCxqmP9prxb6/Km8ssGkBTQ3wRBNk8SuRrw/3myJPl2rG
template:
metadata:
annotations:
sealedsecrets.bitnami.com/namespace-wide: "true"
creationTimestamp: null
name: seventh
namespace: default
But, unlike in your case, my logs are ok:
Updating default/first
Event(v1.ObjectReference{Kind:"SealedSecret", Namespace:"default", Name:"first", UID:"84cc03e2-c4b9-4bf3-8f31-27b8fd90ab81", APIVersion:"bitnami.com/v1alpha1", ResourceVersion:"101010", FieldPath:""}): type: 'Normal' reason: 'Unsealed' SealedSecret unsealed successfully
update suppressed, no changes in sealed secret spec of default/first
Updating default/second
Event(v1.ObjectReference{Kind:"SealedSecret", Namespace:"default", Name:"second", UID:"158a1d2a-4d66-44cf-8c22-668e148799bb", APIVersion:"bitnami.com/v1alpha1", ResourceVersion:"101011", FieldPath:""}): type: 'Normal' reason: 'Unsealed' SealedSecret unsealed successfully
update suppressed, no changes in sealed secret spec of default/second
Updating default/third
Event(v1.ObjectReference{Kind:"SealedSecret", Namespace:"default", Name:"third", UID:"0dbcad16-7d26-4f6d-8546-ab0d922ad93b", APIVersion:"bitnami.com/v1alpha1", ResourceVersion:"101013", FieldPath:""}): type: 'Normal' reason: 'Unsealed' SealedSecret unsealed successfully
update suppressed, no changes in sealed secret spec of default/third
Updating default/fourth
Event(v1.ObjectReference{Kind:"SealedSecret", Namespace:"default", Name:"fourth", UID:"9ab1e7a3-4341-4443-be69-93129ca3b128", APIVersion:"bitnami.com/v1alpha1", ResourceVersion:"101016", FieldPath:""}): type: 'Normal' reason: 'Unsealed' SealedSecret unsealed successfully
update suppressed, no changes in sealed secret spec of default/fourth
Updating default/fifth
Event(v1.ObjectReference{Kind:"SealedSecret", Namespace:"default", Name:"fifth", UID:"ab13130d-d2c5-41d6-a787-7af19829b474", APIVersion:"bitnami.com/v1alpha1", ResourceVersion:"101017", FieldPath:""}): type: 'Normal' reason: 'Unsealed' SealedSecret unsealed successfully
update suppressed, no changes in sealed secret spec of default/fifth
Updating default/sixth
Event(v1.ObjectReference{Kind:"SealedSecret", Namespace:"default", Name:"sixth", UID:"69d8088a-8fda-4115-8761-272207495fd3", APIVersion:"bitnami.com/v1alpha1", ResourceVersion:"101019", FieldPath:""}): type: 'Normal' reason: 'Unsealed' SealedSecret unsealed successfully
update suppressed, no changes in sealed secret spec of default/sixth
Updating default/seventh
Event(v1.ObjectReference{Kind:"SealedSecret", Namespace:"default", Name:"seventh", UID:"47f4a989-2a5a-4896-9b8f-34197521c394", APIVersion:"bitnami.com/v1alpha1", ResourceVersion:"101022", FieldPath:""}): type: 'Normal' reason: 'Unsealed' SealedSecret unsealed successfully
update suppressed, no changes in sealed secret spec of default/seventh
And all the statuses are good as well:
NAME STATUS SYNCED AGE
fifth True 6m46s
first True 6m46s
fourth True 6m46s
second True 6m46s
seventh True 6m46s
sixth True 6m46s
third True 6m46s
Is your environment clean or do you already had some of the Sealed Secrets deployed there?
from sealed-secrets.
Related Issues (20)
- Recreation of secret object after sync in ArgoCD HOT 7
- Consolidation of Sealed Secrets images in DockerHub HOT 3
- Incomplete and broken move of metrics to isolated port
- kubeseal with Secret input from -f fails silently HOT 6
- Sealed Secrets plugin for Helm HOT 1
- Helm chart 2.14.0 error if dashboard enabled after commonLabels added
- Sealed secret is not working when you have the kubernetes secret parse the data using the stringData using the yml file HOT 3
- Incorrect selector matchLabels on Helm chart ServiceMonitor HOT 1
- Correct way to validate the kubeseal tarball with Ansible HOT 4
- (question) sealed-secrets ingress, what use is it? HOT 2
- Immutable secrets are still not supported HOT 2
- Using sealed-secrets without controller/operator HOT 3
- About 0.25.0 release HOT 2
- Offline validation using signatures HOT 6
- Template `data` field treated as `stringData`, `stringData` ignored HOT 4
- Kubeseal not working on EKS IPv6 CLuster HOT 8
- kubeseal does not respond HOT 7
- Document system:authenticated group usage in GKE HOT 3
- Kubeseal is not able to fetch certificate HOT 1
- Kubeseal --re-encrypt with local certificates HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sealed-secrets.