search

acorn-io / runtime

A simple application deployment framework built on Kubernetes
https://docs.acorn.io/
Apache License 2.0
1.13k stars 100 forks source link

Cannot use acorn to encrypt secret for `acorn-image-system` namespace #1366

Open drpebcak opened 1 year ago

drpebcak commented 1 year ago

We used to be able to put builder dockerhub credentials in acorn-image-system, but now when we try to encrypt we see the following error:

❯ acorn secret encrypt -j acorn-image-system
  ✗  ERROR:  projects.api.acorn.io "acorn-image-system" not found

However, encryption keys are still generated:

❯ k get secrets -n acorn-system acorn-image-system-3b1be871-ae7-enc-keys                                                
NAME                                       TYPE     DATA   AGE
acorn-image-system-3b1be871-ae7-enc-keys   Opaque   2      19h

Using these manually via acorn secret encrypt --public-key YuqdCCLBS22HBTZjWh1R2dVZoQm4ALINKS_-Qvh6ERI results in a properly encrypted secret, but when that secret is added to the cluster, acorn fails to decrypt it.

test   test        ghcr.io/drpebcak/test:latest       1         1            33m ago               [defined: decrypting acorn credential acorn-image-system/index.docker.io: Unable to decrypt values: pubkey YuqdCCLBS22HBTZjWh1R2dVZoQm4ALINKS_-Qvh6ERI: Decryption Key Not Available on this Cluster, pubkey YuqdCCLBS22HBTZjWh1R2dVZoQm4ALINKS_-Qvh6ERI: Decryption Key Not Available on this Cluster] [controller: [routes.go:51] decrypting acorn credential acorn-image-system/index.docker.io: Unable to decrypt values: pubkey YuqdCCLBS22HBTZjWh1R2dVZoQm4ALINKS_-Qvh6ERI: Decryption Key Not Available on this Cluster, pubkey YuqdCCLBS22HBTZjWh1R2dVZoQm4ALINKS_-Qvh6ERI: Decryption Key Not Available on this Cluster]

This has been observed against v0.6.0-49-gfdb36e57.

cjellick commented 1 year ago

Deprioritizing since we have a solution in place