Comments (3)
I have reproduced it by deploying telegraf-operator, manually creating the secret with matching name and then deploying a statefulset (statefulset will cause the name of the secret to be predictable, hence this is how I could reproduce it).
However, I can see how this would happen when telegraf-operator was temporarily down when a pod in a statefulset was being deleted.
I think the best long term approach would be to support upgrading the secret when it already exists. This has the danger of overwriting an existing secret that just collided because of same name.
Ideally we should only update the secret if it has a valid annotation - i.e. app.kubernetes.io/managed-by
set to telegraf-operator
. However, this would break it when upgrading any existing telegraf-operator
- since existing secrets would not have the annotation.
So, I propose we always add the annotation and regarding handling of existing secrets:
- by default, always update the secret when needed
- provide an optional CLI flag that will fail if the annotation is not present - the flag could be used for new deployments of
telegraf-operator
Additional checks could be made regarding the secret - such as that the secret is of type Opaque
and only has one key - telegraf.conf
. This will allow us to be safe about accidentally updating an existing secret.
from telegraf-operator.
@wojciechka I like the annotation approach of calling out telegraf-operator as the managed-by
. I think this would be good regardless so we can easily link secrets with telegraf-operator.
Regards to secret update, the cli fail flag would make sense to help with the upgrade. Once users are beyond this change do we see a need for this going forward if the annotations are present?
from telegraf-operator.
@wojciechka I tested the PR locally and it solves the issue for us 👍
from telegraf-operator.
Related Issues (20)
- I can't find how to mount a volume? HOT 2
- Multiple classes for the single pod
- Telegraf-istio sidecar is killed with OOM HOT 1
- when OLM update telegraf-operator version, the classes secret data be reset null
- Sidecar not injecting on AKS HOT 1
- Ability to set Basic Auth credentials for the default prometheus input plugin
- Specify custom Certificate Authority HOT 5
- Add support for mounted secrets
- Add support for storing configuration in configmap HOT 1
- Missing telegraf sidecar after pod destroy
- Support Default Environment Variables on Sidecar
- Support `name_override` for `metrics_version: 2`
- InfluxDBv2 authorization fails if docker secrets are used HOT 1
- support sidecar containers feature (kubernetes 1.29)
- issue - telegraf-operator - MountVolume.SetUp failed for volume "telegraf-config" : secret "telegraf-XXXX" not found HOT 8
- Elasticsearch query HOT 1
- Allow removing resource requests/limits on sidecar
- How to set `metric_version` on `inputs.prometheus`
- Should metric-version be a string? HOT 3
- Weird behaviour of cpu&memory limits&requests? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from telegraf-operator.