search

kubermatic / kubeone

Kubermatic KubeOne automate cluster operations on all your cloud, on-prem, edge, and IoT environments.
https://kubeone.io
Apache License 2.0
1.37k stars 234 forks source link

Disabling encryptionProviders doesn't decrypt Secrets automatically #3097

Open xmudrii opened 6 months ago

xmudrii commented 6 months ago

Discussed in https://github.com/kubermatic/kubeone/discussions/3095

Originally posted by **clickersmudge** March 25, 2024 Hi, I would like to report an error. When I run a new installation of KubeOne with the configuration. kubeone.yaml ``` apiVersion: kubeone.k8c.io/v1beta2 kind: KubeOneCluster versions: kubernetes: "v1.27.11" clusterNetwork: cni: canal: mtu: 1400 cloudProvider: hetzner: {} external: true features: encryptionProviders: enable: true ``` Everything works. However, when I change ``` features: encryptionProviders: enable: false ``` and run ``` kubeone apply --credentials credentials.yaml --manifest kubeone.yaml --tfjson tf.json --force-upgrade ``` I have an error ``` WARN[15:17:26 CET] Retrying task... INFO[15:17:26 CET] Creating machine-controller credentials secret... WARN[15:17:26 CET] Task failed, error was: kubernetes: getting *v1.Secret kube-system/kubeone-machine-controller-credentials Internal error occurred: identity transformer tried to read encrypted data WARN[15:18:42 CET] Retrying task... INFO[15:18:42 CET] Creating machine-controller credentials secret... WARN[15:18:42 CET] Task failed, error was: kubernetes: getting *v1.Secret kube-system/kubeone-machine-controller-credentials Internal error occurred: identity transformer tried to read encrypted data WARN[15:20:27 CET] Retrying task... INFO[15:20:28 CET] Creating machine-controller credentials secret... WARN[15:20:28 CET] Task failed, error was: kubernetes: getting *v1.Secret kube-system/kubeone-machine-controller-credentials Internal error occurred: identity transformer tried to read encrypted data WARN[15:22:56 CET] Retrying task... INFO[15:22:56 CET] Creating machine-controller credentials secret... WARN[15:22:56 CET] Task failed, error was: kubernetes: getting *v1.Secret kube-system/kubeone-machine-controller-credentials Internal error occurred: identity transformer tried to read encrypted data ``` ![obraz](https://github.com/kubermatic/kubeone/assets/113194014/55814cdd-f9b1-4a66-8901-4c40d66f8b8d)
xmudrii commented 6 months ago

I see two options:

xmudrii commented 6 months ago

Also relevant to https://github.com/kubermatic/kubeone/discussions/3096

clickersmudge commented 6 months ago

Probably also revelant to #3098