Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secret loses ownerReferences and fails to sync #69

Open
abudavis opened this issue Jul 14, 2023 · 3 comments
Open

Secret loses ownerReferences and fails to sync #69

abudavis opened this issue Jul 14, 2023 · 3 comments

Comments

@abudavis
Copy link

Environment: Openshift 4.10.30
Chart Version: 2.5.0
App Version: 1.5.0
NOTE: Issue also existed on Chart/App versions: 2.3.5/1.4.0 on Openshift 4.12.21, but when I upgraded to 2.5.0/1.5.0 the issue went away, so I guess it also had something to do with the Openshift version!

I have around 15+ secrets /certs synced to different namespaces/projects.
However I have a secret called "ibm-entitlement-key" that is initially created by akv2k8s but suddenly after a few seconds loses its "ownerReferences" and then the attached controller pod log throws the below error:

Another thing is I have the same secret with the same name synced OK to other namespaces/projects.
Any ideas how do I fix this?

Failed to process key apic/ibm-entitlement-key. Reason: Resource 'ibm-entitlement-key' already exists and is not managed by AzureKeyVaultSecret
200
E0714 11:07:21.164464 1 worker.go:108] Resource 'ibm-entitlement-key' already exists and is not managed by AzureKeyVaultSecret
201
I0714 11:07:21.164471 1 worker.go:110] Dropping key "apic/ibm-entitlement-key" out of the queue: Resource 'ibm-entitlement-key' already exists and is not managed by AzureKeyVaultSecret

akv2k8s-controller-566c6d695f-bbmhw-controller.log.zip
@tspearconquest
Copy link

Hey, just an FYI - this repo is for the AKV2K8S website. You probably want your issue over on github.com/SparebankenVest/azure-key-vault-to-kubernetes

But to try to get some more info...

Your log contains:
E0714 10:59:30.868328 1 azureKeyVaultSecret.go:99] "failed to delete secret data from azurekeyvaultsecret" err="Secret \"ibm-entitlement-key\" is invalid: data[.dockerconfigjson]: Required value" azurekeyvaultsecret="apic/ibm-entitlement-key"

So I wonder if something is mutating your Secret resource in this namespace to the wrong type of secret.

@thomasschmitt73
Copy link

Hello,

AKS on Azure 1.27.2 (kubernetes version)
AWX Version 23.6.0

I am getting the same error for AWX application seen it's being managed by awx-operator
A temporary workaround would be to delete the secret which automatically came back to the error state few hours later

image

Any useful workaround ? force the secret to be handle by akv2k8s?
Thanks a lot

@tspearconquest
Copy link

@thomasschmitt73 file an issue at github.com/SparebankenVest/azure-key-vault-to-kubernetes as this tracker is for the akv2k8s.io website docs, not the app itself. :)

@thomasschmitt73 thomasschmitt73 mentioned this issue Mar 26, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@abudavis @tspearconquest @thomasschmitt73