You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Then, Secret is filled with data (certificate) probably by some controller but unfortunately this process is removing metadata (labels and annotations) from the Secret:
So any gitops based flow (e.g. with ArgoCD) is broken due to reconciliation loop constantly detecting changes that need to be sync with the source of true (helm).
Additionally by removing annotations and labels all object tracking info is wiped out from the object (ArgoCD is using labels or annotation to keep track of managed objects)
To Reproduce
Steps to reproduce the behavior:
Deploy vault-agent injection via helm
Wait until Secret vault-injector-certs is filled with data
Secret metadata (labels and annotations) is removed.
Expected behavior
Controller or other mechanism is not removing metadata from Secret vault-agent injection during filling it with data.
Hi @r0bj, thanks for raising this issue. I'm seeing the same thing happening with the current version. vault-k8s is populating that Secret with the cert material it generates for communication between it and the kubernetes API.
It looks like we'll need to do a .Get() before the .Update here, or perhaps use `.Patch() instead.
Describe the bug
During Agent Sidecar Injector installation via helm, Secret
vault-injector-certs
is created empty:Then, Secret is filled with data (certificate) probably by some controller but unfortunately this process is removing metadata (labels and annotations) from the Secret:
So any gitops based flow (e.g. with ArgoCD) is broken due to reconciliation loop constantly detecting changes that need to be sync with the source of true (helm).
Additionally by removing annotations and labels all object tracking info is wiped out from the object (ArgoCD is using labels or annotation to keep track of managed objects)
To Reproduce
Steps to reproduce the behavior:
vault-injector-certs
is filled with dataExpected behavior
Controller or other mechanism is not removing metadata from Secret
vault-agent injection
during filling it with data.Environment
The text was updated successfully, but these errors were encountered: