"Cannot change existing managed secret type from Opaque to ." after upgrading to 1.4.0

[ArthurMelin]

Hi, doppler-operator is not updating secrets anymore and logging errors Cannot change existing managed secret type from Opaque to . since upgrading it to 1.4.0 (with Helm).

This probably has something to do with the new support for Kubernetes secret types in this version but I'm not sure exactly how it's causing the issue with our existing secrets?

[watsonian]

@ArthurMelin It sounds like you need to update your CRDs. This isn't done automatically when you do a helm upgrade. We detail the steps you need to take here, but the tl;dr is:

# Update doppler Helm repo
helm repo update

# Update the dopplersecrets CRD, which is not automatically upgraded by Helm
helm pull doppler/doppler-kubernetes-operator --untar
kubectl apply -f doppler-kubernetes-operator/crds/all.yaml

# Update the chart
helm upgrade <release_name> doppler/doppler-kubernetes-operator

Try doing that and then see if things start working as expected!

[ArthurMelin]

Ok that fixed it, but I had to recreate all the DopplerSecret resources as well

[watsonian]

@ArthurMelin All your DopplerSecret resources should recover automatically after upgrading the CRD. You'll have to wait for the next refresh to occur (60s by default). I just confirmed that this works as expected though, so it's just a matter of waiting 1-2 minutes for all your resources to refresh after upgrading. If you follow the recommended upgrade process in our docs, then you upgrade the CRD before upgrading the operator, which should avoid this problem altogether in the future.