You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 2, 2024. It is now read-only.
When a secret type changes, let's say from Opaque to kubernetes.io/tls, secreter failing to update the secret.
I think it should handle such changes, and recreate secret if needed. Or make EncryptedSecret to honor type field as immutable same as in secret resources
2019-11-10T09:21:42.185Z ERROR kubebuilder.controller Reconciler error {"controller": "encryptedsecret-controller", "request": "default/tls-ingress", "error": "failed to update Secret: Secret \"tls-ingress\" is invalid: type: Invalid value: \"kubernetes.io/tls\": field is immutable"}
github.com/amaizfinance/secreter/vendor/github.com/go-logr/zapr.(*zapLogger).Error
vendor/github.com/go-logr/zapr/zapr.go:128
github.com/amaizfinance/secreter/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:217
github.com/amaizfinance/secreter/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1
vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:158
github.com/amaizfinance/secreter/vendor/k8s.io/apimachinery/pkg/util/wait.JitterUntil.func1
vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133
github.com/amaizfinance/secreter/vendor/k8s.io/apimachinery/pkg/util/wait.JitterUntil
vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:134
github.com/amaizfinance/secreter/vendor/k8s.io/apimachinery/pkg/util/wait.Until
vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:88
The text was updated successfully, but these errors were encountered:
Unfortunately API documentation does not mention that this field is immutable.
I would be happy to add some validation of EncryptedSecret in this regard and I am actually planning to do that in future.
Currently Kubernetes - Open API to be precise - is not capable of validating immutable fields for custom resource objects. Yet it is possible to do that via a validating webhook.
Hi,
When a secret type changes, let's say from
Opaque
tokubernetes.io/tls
, secreter failing to update the secret.I think it should handle such changes, and recreate secret if needed. Or make
EncryptedSecret
to honortype
field as immutable same as insecret
resourcesThe text was updated successfully, but these errors were encountered: