Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Operator copies last-applied-configuration annotation to Secret #102

Closed
codeshrew opened this issue Apr 7, 2022 · 2 comments · Fixed by #104
Closed

Operator copies last-applied-configuration annotation to Secret #102

codeshrew opened this issue Apr 7, 2022 · 2 comments · Fixed by #104
Labels
bug Something isn't working tracked Issue is tracked in 1Password's internal ticketing system as well.

Comments

@codeshrew
Copy link

Your environment

Operator Version: 1password/onepassword-operator:1.4.0

Connect Server Version: 1password/connect-api:1.5.1

Kubernetes Version: v1.21.5-eks-bc4871b

1Password Operator version used:

operator:
  create: true
  version: "1.4.0"

What happened?

kubectl.kubernetes.io/last-applied-configuration is copied from OnePasswordItem to Secret by Kubernetes Operator.

What did you expect to happen?

The kubectl.kubernetes.io/last-applied-configuration only applies to the OnePasswordItem and should not be copied to the Secret.

Steps to reproduce

  1. Add OnePasswordItem to git repo for the example-argocd-project. Git commit and push.
  2. ArgoCD sees the new resource and creates it in the example namespace in the cluster
  3. 1Password Operator sees the new OnePasswordItem in the example namespace and creates the Secret in the same namespace. It copies all annotations from the OnePasswordItem including the kubectl.kubernetes.io/last-applied-configuration
  4. This annotation has values that only apply to the OnePasswordItem and are garbage values on the Secret that is created.
kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"onepassword.com/v1","kind":"OnePasswordItem","metadata":{"annotations":{},"labels":{"argocd.argoproj.io/instance":"example-argocd-project","tags.datadoghq.com/env":"dev"},"name":"test","namespace":"example"},"spec":{"itemPath":"vaults/REDACTED/items/test"}}

Notes & Logs

apiVersion: v1
data:
  password: REDACTED
  username: REDACTED
kind: Secret
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"onepassword.com/v1","kind":"OnePasswordItem","metadata":{"annotations":{},"labels":{"argocd.argoproj.io/instance":"example-argocd-project","tags.datadoghq.com/env":"dev"},"name":"test","namespace":"example"},"spec":{"itemPath":"vaults/REDACTED/items/test"}}
    operator.1password.io/item-path: vaults/REDACTED/items/REDACTED
    operator.1password.io/item-version: "4"
  creationTimestamp: "2022-04-07T17:35:41Z"
  labels:
    argocd.argoproj.io/instance: example-argocd-project
    tags.datadoghq.com/env: dev
  name: test
  namespace: example
  ownerReferences:
  - apiVersion: onepassword.com/v1
    kind: OnePasswordItem
    name: test
    uid: REDACTED
  resourceVersion: "REDACTED"
  uid: REDACTED
type: Opaque
@codeshrew codeshrew added the bug Something isn't working label Apr 7, 2022
@jpcoenen
Copy link
Member

jpcoenen commented Apr 8, 2022

Thank you for reporting this 🙌 I agree with you that this should not be happening.

My initial thought is that no annotations should be copied from the OnePasswordItem at all.

@jpcoenen jpcoenen added the tracked Issue is tracked in 1Password's internal ticketing system as well. label Apr 8, 2022
@jpcoenen jpcoenen mentioned this issue Apr 11, 2022
Merged
@github-actions github-actions bot mentioned this issue Apr 12, 2022
Merged
2 tasks
@tomjohnburton
Copy link

tomjohnburton commented Dec 22, 2022
edited
Loading

@jpcoenen
Hi, this breaks my ability to use 1password with Kubed and ArgoCD. I can no longer add the kubed.appscode.com/sync or argocd.argoproj.io/compare-options: IgnoreExtraneous annotation. What is the reason for remove all annotations?

@uhthomas uhthomas mentioned this issue Nov 4, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working tracked Issue is tracked in 1Password's internal ticketing system as well.
Projects
None yet
Milestone
No milestone
3 participants
@codeshrew @jpcoenen @tomjohnburton