Skip to content

fix: remove extraSecrets mySecret blocking KBS deployment#88

Merged
butler54 merged 1 commit into
validatedpatterns:mainfrom
butler54:hotfix/remove-mysecret-blocker
May 28, 2026
Merged

fix: remove extraSecrets mySecret blocking KBS deployment#88
butler54 merged 1 commit into
validatedpatterns:mainfrom
butler54:hotfix/remove-mysecret-blocker

Conversation

@butler54
Copy link
Copy Markdown
Collaborator

@butler54 butler54 commented May 28, 2026

Problem

The mySecret entry in extraSecrets (added in PR #85) is blocking KBS deployment in production. The trustee-operator controller fails every ~17 minutes with:

Error in creating/updating KBS deployment: Secret "mySecret" not found

Impact

Production blocker - all confidential workloads failing:

  • ❌ No KBS deployment = no attestation service
  • ❌ All kata pods fail: CreateContainerError with CDH error: Get resource failed
  • ❌ hello-openshift secure/insecure pods degraded
  • ❌ kbs-access secure pod degraded

Solution

Remove the extraSecrets: [mySecret] section from overrides/values-trustee.yaml. This was test configuration that should not have been merged.

Testing

Verified on live Azure cluster running from main:

  • Trustee operator logs show repeated mySecret errors
  • KBS deployment never starts
  • All kata workloads blocked

After this fix merges, cluster sync will deploy KBS and unblock attestation.

Fixes #85

@butler54
fix: remove extraSecrets mySecret blocking KBS deployment
7b42e79 
The mySecret entry in extraSecrets was accidentally included in PR validatedpatterns#85
and is preventing KBS from deploying. The trustee-operator fails every
~17 minutes with: 'Secret "mySecret" not found'

Without KBS deployment:
- No attestation service available
- All kata pods fail with CDH errors: 'Get resource failed'
- hello-openshift secure/insecure pods: CreateContainerError
- kbs-access secure pod: Init:CreateContainerError

This is a production blocker affecting all confidential workloads.

Fixes validatedpatterns#85
@butler54 butler54 requested a review from a team May 28, 2026 04:14
@butler54 butler54 merged commit e69084c into validatedpatterns:main May 28, 2026
5 checks passed
@butler54 butler54 deleted the hotfix/remove-mysecret-blocker branch May 28, 2026 04:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@butler54