-
Notifications
You must be signed in to change notification settings - Fork 5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SealedSecret status stuck "Progressing" even when unsealed successfully #5991
Comments
@mbouchenoire Thanks for that. We've upgraded to v2.0 2 minutes ago and facing the same issue. |
It looks like the lua script checks the Edit: In our case this will definitely fail because of an old version of Sealed Secrets. Will try to upgrade and see. |
Hey - you checked "I've searched the FAQ" but you seem to have missed https://argo-cd.readthedocs.io/en/stable/faq/#why-are-resources-of-type-sealedsecret-stuck-in-the-progressing-state :) |
@jannfis Yeah, we also have just found it in Sealed Secrets release notes. Thanks |
Indeed ! I think I made this mistake because I assumed the answer would be included in this chapter : Why is my application stuck in Progressing state?. Is it worth considering merging these two ? Tank you for the link :) |
@mbouchenoire Yeah, good suggestion about merging them - or at least, linking to the SealedSecrets FAQ entry from the "Why is my application stuck..." one. Do you mind sending a PR? Also, we hoped for SealedSecrets to release v0.16.0 (which is supposed to have the status update enabled by default again) before our 2.0 release. Unfortunately, we were quicker :) |
Related: bitnami-labs/sealed-secrets#555, #5971 |
This might help: Set the SEALED_SECRETS_UPDATE_STATUS variable to "1" in the sealed-secrets deployment yaml file https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.16.0/controller.yaml
|
Yep, looks like this is fixed now in the latest v0.16.0 release. Either use the env var like @YevheniiPokhvalii mentioned or the |
I'm using flux to install sealed-secrets with Helm Release. helm search repo sealed-secrets/sealed-secrets --versions
I upgraded to 1.16.1 (app v.0.16.0) and added the following: chart:
spec:
chart: sealed-secrets
version: "1.16.1"
sourceRef:
kind: HelmRepository
name: sealed-secrets
namespace: flux-system
interval: 10m
values:
fullnameOverride: sealed-secrets-controller
controller:
env:
- name: SEALED_SECRETS_UPDATE_STATUS
value: "1" but when I'm checking the
Should I manually delete the crd :
What is the right way to set Update I've also tried (bad practice, i know but for testing) to manually edit the from running pod:spec:
containers:
- args:
- --key-prefix
- sealed-secrets-key
command:
- controller
env:
- name: SEALED_SECRETS_UPDATE_STATUS
value: "1"
image: quay.io/bitnami/sealed-secrets-controller:v0.16.0 |
Hi @haim-ari
|
Yes, I tried that as well, same result:
But a new secret was created successfully:
|
Seems that this was related to CRD somehow (not sure why but could be related to the fact that this was an upgrade of Helm) Now ArgoCD shows the correct state. |
I can confirm this also worked on another cluster. |
@haim-ari you said you added a new command flag to sealed-secrets version 1.16.1. However, I cannot find it in the sealed secrets repository: https://github.com/bitnami-labs/sealed-secrets/tree/main/helm/sealed-secrets Did you speak about a private fork? EDIT: Sorry, looks like I meant @ismailyenigul EDIT2: Ah okay.. the |
Hi @shibumi |
I can confirm that this works:
My |
I experienced the same issue. I deleted helm chart that already had I deleted everything about sealed-secret with deleted again with kubectl and installed with helm and it is still good. |
Hi @ismailyenigul @haim-ari @shibumi, can confirm with the |
upgrading sealed secrets to v0.17.1 did the trick, Argocd is now showing "Healthy" |
Hi @anggutie-dev, so its safe to use the latest version of the chart? |
What are you getting in your sealed secret object events in the agro UI? I can see it is healthy but in the events, its shows "Failed to unseal: no key could decrypt secret". |
Yes. because it is not sealed-secret code update. it is just helm update. |
This is not something about sealed-secrets configuration. |
Same here, after few rollouts it was stuck while waiting for something of sealed sealed secrets. Updating from |
Can confirm, the current version of SealedSecrets does not cause this issue (tested with v0.17.3) |
Looks like there's a documented workaround for <=1.16 and everything Just Works in >=0.17. Let me know if I need to reopen! |
Checklist:
argocd version
.Describe the bug
After upgrading to
v2.0.0
, SealedSecret resources are stuck in the "Progressing" state, even when the secret was unsealed successfully by the controller.To Reproduce
quay.io/bitnami/sealed-secrets-controller:v0.15.0
SealedSecret
resourceSealedSecret
managed by Argo CD has a "Progressing" health and "Waiting for Sealed Secret to be decrypted" as health detailsExpected behavior
The
SealedSecret
health should be "Healthy"Screenshots
The
SealedSecret
manifest:Version
Logs
The text was updated successfully, but these errors were encountered: