You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Which component:
controller: registry.gitlab.com/bkkvbu/platform/sealed-secrets/controller:v0.15.0
Is your feature request related to a problem? Please describe.
There are basically two use cases that trigger this request:
We've had several cases where an update to a sealed secret was / could not be not decrypted correctly. This was hard to debug, because it was basically only detectable by looking at the log output of the sealed secret controller.
We've had several instances where an old version of the secret was used because the new version wasn't yet decrypted.
Describe the solution you'd like
I would like to have the generation and / or resourceVersion of the sealed secret be part of the ownerReferences. That way it is easy to check wether the decryption worked as expected and it is also actually possible to wait for the sealed secretto be decrypted to a secret.
Describe alternatives you've considered
We're currently using code like this to work around this problem:
While this works, it is clunky and hard to extend to all our projects. Also its not easily feasible to extend tools like helm to be able to wait for the secret to update without this being natively supported (AFAIK).
The text was updated successfully, but these errors were encountered:
Hi @dwt We've noticed that your sealed secrets controller is quite outdated. We recently included an extended status view (versions above 0.22.0 should be able to report whenever a Sealed Secrets is not updated, provided you've updated as well the sealed secrets CRD in your installation.
An example report will be like this:
NAME STATUS SYNCED AGE
my-secret no key could decrypt secret (password) False 25m
Which component:
controller: registry.gitlab.com/bkkvbu/platform/sealed-secrets/controller:v0.15.0
Is your feature request related to a problem? Please describe.
There are basically two use cases that trigger this request:
Describe the solution you'd like
I would like to have the
generation
and / orresourceVersion
of the sealed secret be part of theownerReferences
. That way it is easy to check wether the decryption worked as expected and it is also actually possible to wait for thesealed secret
to be decrypted to asecret
.Describe alternatives you've considered
We're currently using code like this to work around this problem:
While this works, it is clunky and hard to extend to all our projects. Also its not easily feasible to extend tools like helm to be able to wait for the secret to update without this being natively supported (AFAIK).
The text was updated successfully, but these errors were encountered: