Default namespace for TokenSecret not applied correctly

[eportet]

I tried following the sample configuration provided and the only way it worked for me was by adding a namespace of doppler-operator-system in the DopplerSecret file.

secrets_v1alpha1_dopplersecret.yaml

apiVersion: secrets.doppler.com/v1alpha1
kind: DopplerSecret
metadata:
  name: dopplersecret-test # DopplerSecret Name
  namespace: doppler-operator-system
spec:
  tokenSecret: # Kubernetes service token secret
    name: doppler-token-secret
    # HAD TO ADD THIS FOR IT TO WORK
    namespace: doppler-operator-system
  managedSecret: # Kubernetes managed secret (will be created if does not exist)
    name: doppler-test-secret
    namespace: default # Should match the namespace of deployments that will use the secret

After adding that namespace the operator was able to find the Token secret and generate the ManagedSecret in the desired namespace.

[nmanoogian]

Hi @eportet 👋 Thanks for filing this! A few quick questions for you:

1. Did you install the operator via Helm, our provided recommended.yaml, or some other way?
2. Did the operator present any errors when you didn't specify the namespace?
3. Was the doppler-token-secret already in place when you applied this YAML?

[eportet]

Hi @nmanoogian!

1. Did you install the operator via Helm, our provided recommended.yaml, or some other way?

I installed it using the recommended.yml file!

2. Did the operator present any errors when you didn't specify the namespace?

The errors that showed up for me were that the Deployments were showing up with a CreateContainerConfigError. At closer inspection I could see that the secret for the namespace wasn't being created. (doppler-test-secret in this case)

3. Was the doppler-token-secret already in place when you applied this YAML?

Yes it was!

Another thing to note is that I wasn't using the default namespace. I was using my own namespace called staging if that matters.

[nmanoogian]

OK, thanks!

The namespace of the managed secret shouldn't make a difference on the operator's ability to find your token secret. I'll see if we can reproduce this in a test environment.

Am I correct in assuming that this issue isn't blocking you? It seems like adding the namespace explicitly was enough to unblock you.

[eportet]

It isn't blocking anymore!

The namespace of the managed secret shouldn't make a difference on the operator's ability to find your token secret. I'll see if we can reproduce this in a test environment.

That makes sense. I honestly don't know why it worked, but it wasn't until I added the namespace that the operator was able to generate the managed secrets. Initially, I thought it was because it was trying to find the token in another namespace (default), but didn't find any so it failed to generate anything.

Feel free to close this issue or need more info to reproduce. Thanks for an amazing product 🥇

[nmanoogian]

OK, excellent!

Feel free to close this issue or need more info to reproduce. Thanks for an amazing product 🥇

Thank you for the kind words and for your feedback! It takes some effort to write these reports and we really appreciate it.