Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default namespace for TokenSecret not applied correctly #15

Open
eportet opened this issue Feb 17, 2022 · 5 comments
Open

Default namespace for TokenSecret not applied correctly #15

eportet opened this issue Feb 17, 2022 · 5 comments

Comments

@eportet
Copy link

eportet commented Feb 17, 2022

I tried following the sample configuration provided and the only way it worked for me was by adding a namespace of doppler-operator-system in the DopplerSecret file.

secrets_v1alpha1_dopplersecret.yaml

apiVersion: secrets.doppler.com/v1alpha1
kind: DopplerSecret
metadata:
  name: dopplersecret-test # DopplerSecret Name
  namespace: doppler-operator-system
spec:
  tokenSecret: # Kubernetes service token secret
    name: doppler-token-secret
    # HAD TO ADD THIS FOR IT TO WORK
    namespace: doppler-operator-system
  managedSecret: # Kubernetes managed secret (will be created if does not exist)
    name: doppler-test-secret
    namespace: default # Should match the namespace of deployments that will use the secret

After adding that namespace the operator was able to find the Token secret and generate the ManagedSecret in the desired namespace.
@nmanoogian
Copy link
Member

Hi @eportet 👋 Thanks for filing this! A few quick questions for you:

  1. Did you install the operator via Helm, our provided recommended.yaml, or some other way?
  2. Did the operator present any errors when you didn't specify the namespace?
  3. Was the doppler-token-secret already in place when you applied this YAML?

@eportet
Copy link
Author

eportet commented Feb 18, 2022

Hi @nmanoogian!

  1. Did you install the operator via Helm, our provided recommended.yaml, or some other way?

I installed it using the recommended.yml file!

  1. Did the operator present any errors when you didn't specify the namespace?

The errors that showed up for me were that the Deployments were showing up with a CreateContainerConfigError. At closer inspection I could see that the secret for the namespace wasn't being created. (doppler-test-secret in this case)

  1. Was the doppler-token-secret already in place when you applied this YAML?

Yes it was!

Another thing to note is that I wasn't using the default namespace. I was using my own namespace called staging if that matters.

@nmanoogian
Copy link
Member

OK, thanks!

The namespace of the managed secret shouldn't make a difference on the operator's ability to find your token secret. I'll see if we can reproduce this in a test environment.

Am I correct in assuming that this issue isn't blocking you? It seems like adding the namespace explicitly was enough to unblock you.

@eportet
Copy link
Author

eportet commented Feb 18, 2022

It isn't blocking anymore!

The namespace of the managed secret shouldn't make a difference on the operator's ability to find your token secret. I'll see if we can reproduce this in a test environment.

That makes sense. I honestly don't know why it worked, but it wasn't until I added the namespace that the operator was able to generate the managed secrets. Initially, I thought it was because it was trying to find the token in another namespace (default), but didn't find any so it failed to generate anything.

Feel free to close this issue or need more info to reproduce. Thanks for an amazing product 🥇

@nmanoogian
Copy link
Member

OK, excellent!

Feel free to close this issue or need more info to reproduce. Thanks for an amazing product 🥇

Thank you for the kind words and for your feedback! It takes some effort to write these reports and we really appreciate it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nmanoogian @eportet