Open asoc opened 9 months ago
Damn came looking for a label solution exactly because of ArgoCD.
Labels from InfisicalSecret
are now propagated to the manged secret that get created https://infisical.com/docs/integrations/platforms/kubernetes#propagating-labels-and-annotations
This is confusing for me. Now one of the propagated labels is:
labels:
argocd.argoproj.io/instance: example-argo-application
however the InfisicalSecret doesn't set ownerReference on the created secret so ArgoCD assumes new secret resource is not part of the example-argo-application Application and immediately deletes it? A workaround is to pass an annotation like this
annotations:
argocd.argoproj.io/sync-options: Prune=false
but this makes an app forever out of sync.
What am I missing here?
apiVersion: secrets.infisical.com/v1alpha1
kind: InfisicalSecret
metadata:
name: infisical-test-secret
namespace: infisical
annotations:
argocd.argoproj.io/sync-options: Prune=false <---- this is needed to make this work at all
spec:
hostAPI: https://app.infisical.com/api
resyncInterval: 60
authentication:
serviceToken:
serviceTokenSecretReference:
secretName: infisical-service-token
secretNamespace: infisical
secretsScope:
envSlug: prod
secretsPath: "/test"
managedSecretReference:
secretName: test-secret
secretNamespace: infisical
Currently best solution I found is to roll back to v0.3.0 operator image
@matti-kz The issue should be fixed now as the secret that gets created will have owner reference. Can you let us know if it is working for you?
Hello,
yes this fixes the issue thank you. You should probably also note that this is introducing an additional requirement, now InfisicalSecret resource needs to be in the same namespace as the created secret because cross-namespace ownership is not supported - but your helm chart is using the latest
image tag which will introduce some changes for your current users, ideally helm charts version should come bundled with a specific image tag.
Feature description
I would like the ability to specify labels and annotations that should be added to the generated
Secret
resource.Why would it be useful?
Some applications use labels/annotations for management or tracking purposes. For a specific example, ArgoCD supports declaring repository credentials via Secrets but requires a specific label on the Secret for it to be usable. https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repository-credentials
Example from the link:
From SyncLinear.com | ENG-142