Secrets Provider To handle more than 50 Conjur secrets, you can set up multiple Secrets Providers. When we attempt to create 2nd secret provider it fails, Error: INSTALLATION FAILED: rendered manifests contain a resource that already exists. #546
Comments
|
Hello, can anyone help with this? |
|
Support Recommended: We would propose to create them only for the first deployment and disable creation for the following ones. This way there shouldn't be any conflicts of resource ownership for following helm deployments. |
|
I proposed the following option if supported: secrets-provider-2 secrets-provider-3 |
|
Cyberark Support Indicated: Yes, that would be even better way of avoiding the ownership conflict, and would make the deployments independent. Just please make sure that all of the names are unique within a given namespace: This did work and 2nd secret provider did deploy it no resource conflicts. |
Summary
*Secrets Provider To handle more than 50 Conjur secrets, you can set up multiple Secrets Providers. When we attempt to create 2nd secret provider it fails, Error: INSTALLATION FAILED: rendered manifests contain a resource that already exists.
Steps to Reproduce
We are following the statement from following doc:
https://docs.cyberark.com/conjur-enterprise/13.3/en/Content/Integrations/k8s-ocp/cjr-k8s-jwt-sp-ac.htm?tocpath=Integrations%7COpenShift%252FKubernetes%7CApp%20owner%253A%20Set%20up%20workloads%20in%20Kubernetes%7CSet%20up%20workloads%20(JWT-based%20authn)%7CSecrets%20Provider%20for%20Kubernetes%7C_____2
We are able to create first secret provider but when we attempt the 2nd one it fails
Expected Results
A clear and concise description of what you expected to happen.
Actual Results
A clear and concise description of what actually did happen. Include logs and
screens shots, whenever possible
Reproducible
Version/Tag number
What version of the product are you running? Any version info that you can
share is helpful. For example, you might give the version from Docker logs,
the Docker tag, a specific download URL, the output of the
/inforoute, etc.Environment setup
Additional Information
We are following the statement from following doc:
https://docs.cyberark.com/conjur-enterprise/13.3/en/Content/Integrations/k8s-ocp/cjr-k8s-jwt-sp-ac.htm?tocpath=Integrations%7COpenShift%252FKubernetes%7CApp%20owner%253A%20Set%20up%20workloads%20in%20Kubernetes%7CSet%20up%20workloads%20(JWT-based%20authn)%7CSecrets%20Provider%20for%20Kubernetes%7C_____2
We are able to create first secret provider but when we attempt the 2nd one it fails
name of first one: sp-test-dev-dis
name of second one: sp-test-dev-dis2
helm install sp-test-dev-dis cyberark/secrets-provider -f test-dev-dis_disvc-dev.yaml --set environment.conjur.conjurConnConfigMap=conjur-connect -n disvc-dev
NAME: sp-test-dev-dis
LAST DEPLOYED: Thu Aug 22 12:18:10 2024
NAMESPACE: disvc-dev
STATUS: deployed
REVISION: 1
TEST SUITE: None
Deploy the Secrets Provider using Helm for 2nd
helm install sp-test-dev-dis2 cyberark/secrets-provider -f test-dev-dis_disvc-dev.yaml --set environment.conjur.conjurConnConfigMap=conjur-connect -n disvc-dev
Error: INSTALLATION FAILED: rendered manifests contain a resource that already exists. Unable to continue with install: ServiceAccount "secrets-provider-service-account" in namespace "disvc-dev" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-name" must equal "sp-test-dev-dis2": current value is "sp-test-dev-dis"
The text was updated successfully, but these errors were encountered: