Closed ragsonline closed 4 years ago
It's kinda expected - KamusSecret is managing the Secret, not the other way around. So, if you delete the KamusSecret the secret will be deleted - but if delete the secret the state will be invalid: Kamus think the secret exists (because KamusSecret exists).
Can you share more about the error you had? WDYM Re-creating the same secret
? How?
Thanks for your prompt response @omerlh What I meant about that error is because the KumaSecret object is not deleted or exists.
if I do, kubectl apply or create -f kumasecret.yaml that I used to create in the first place says already exists.
which now means. we need to delete and recreate KumaSecret object if we need to reuse the manifest file
Not following... So - you deleted the secret. Does the KamusSecret exist after deletion? Did you try to create the secret manually? Or, did you try to apply again the manifest and it failed because KamusSecret object exist, but the secret not?
If so, we can open another PR - asking that Kamus will watch Secrets managed by Kamus, and if such a secret is deleted it will recreate it. Does that makes sense?
Below are the steps i followed. @omerlh
cat kamu-secret.yaml
apiVersion: "soluto.com/v1alpha2"
kind: KamusSecret
metadata:
name: this-kamus-secret-v2
namespace: test
stringData:
key:
serviceAccount: kamus-example-sa
kubectl create -f kamu-secret.yaml kamussecret.soluto.com/this-kamus-secret-v2 created
List KamusSecret and Kube Secret
kubectl get secret this-kamus-secret-v2 NAME TYPE DATA AGE this-kamus-secret-v2 Opaque 1 26s
kubectl get kamussecret this-kamus-secret-v2 NAME AGE this-kamus-secret-v2 35s
kubectl delete secret this-kamus-secret-v2 secret "this-kamus-secret-v2" deleted
6. Trying to run the same manifest file to create the secret[ failed due to above step ]
kubectl create -f kamu-secret.yaml Error from server (AlreadyExists): error when creating "kamu-secret.yaml": kamussecrets.soluto.com "this-kamus-secret-v2" already exists
Yes, as I said earlier – this is expected. As long as the KamusSecret exists, Kamus assume that the secret exists. So to fix the state, you need first to delete the KamusSecret and then re-create it. This is just a workaround, can you please file another issue? I think that Kamus should “watch” for missing Secrets managed by KamusSecret, and we should fix that…
Also – I do hope that the key you put on GitHub is not sensitive ☺ If so – please delete it!
From: ragsonline notifications@github.com Reply-To: Soluto/kamus reply@reply.github.com Date: Thursday, 27 February 2020 at 1:17 To: Soluto/kamus kamus@noreply.github.com Cc: Omer Levi Hevroni omerl@soluto.com, Mention mention@noreply.github.com Subject: Re: [Soluto/kamus] Deleting secret is not reflected kamussecret object (#451)
Below are the steps i followed.
apiVersion: "soluto.com/v1alpha2"
kind: KamusSecret
metadata:
name: this-kamus-secret-v2
namespace: test
stringData:
key: env$AQIDAHj62ep3X3tHLsS0CEMtJtKUJGfkthgc0ux5ttRiB7ebLQFFPoyYt3JZ1kHXd6cuQCsWAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMxiKwIh4fRclG6AuLAgEQgDtL4hw401nSeiK/71EaUh3zom+6rZjU4TmjIleP/hDSKzWFP1YWl9oPmIUuXaUVtXnNi5fsMAHI4jQU5g==$oTZTShqWrnY9pO6l4eLlyQ==:9z9BrgdLIAJ3KPevPX2InQ==
serviceAccount: kamus-example-sa```
kamussecret.soluto.com/this-kamus-secret-v2 created
kubectl get secret this-kamus-secret-v2
NAME TYPE DATA AGE
this-kamus-secret-v2 Opaque 1 26s
kubectl get kamussecret this-kamus-secret-v2
NAME AGE
this-kamus-secret-v2 35s
kubectl delete secret this-kamus-secret-v2
secret "this-kamus-secret-v2" deleted
kubectl get kamussecret
NAME AGE
this-kamus-secret-v2 2m49s
kubectl create -f kamu-secret.yaml
Error from server (AlreadyExists): error when creating "kamu-secret.yaml": kamussecrets.soluto.com "this-kamus-secret-v2" already exists
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Soluto/kamus/issues/451?email_source=notifications&email_token=ABTLGWDYNVSNXNPP6ET37E3RE32AXA5CNFSM4K23E4RKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOENCIQXQ#issuecomment-591693918, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABTLGWBSAWKJWX47TUGF5FLRE32AXANCNFSM4K23E4RA.
Closing as #457 is more accurate.
Describe the bug After deleting the secret created through CRD Object KamusSecret- Unable to re-create the secret with the same name as Kamus fails with error
kamussecrets.soluto.com "secret" already exists
Versions used Kamus (API images): soluto.com/v1alpha2 Kamus CLI: 0.3.0 Chart version: kamus-0.4.6 KMS provider: AWS KMS Kubernetes flavour and version: (e.g. OpenShift Origin 3.9) Docker-for-Desktop
To Reproduce Steps to reproduce the behavior:
Expected behavior
Should be this way that deleting kuberentes secret should also delete kumas secret.