Closed xoanmi closed 6 months ago
@xoanmi thanks for bringing this up. The scaffold secrets copy job can probably get rid of existing secrets via a check. This has definitely caused me a sheer amount of pain when re-deploy scaffold on existing namespaces.
There is also an expectation that if you are creating certain namespaces via scaffold helm release then an uninstall and re-install shall get rid of the secrets anyway.
I am assuming that has been the case in your situation?
thanks for bringing this up. The scaffold secrets copy job can probably get rid of existing secrets via a check. This has definitely caused me a sheer amount of pain when re-deploy scaffold on existing namespaces.
There is also an expectation that if you are creating certain namespaces via scaffold helm release then an uninstall and re-install shall get rid of the secrets anyway.
I am assuming that has been the case in your situation?
Not really. Our is a cosmetic issue. When redeploying the same helm with slightly different parameters, the job is recreated and tries to patch some of the secrets. As it can't, the job fails even if the secret is already present and the services are running correctly.
I've opened a PR to add the needed permissions on the cluster role --> #729
It all makes sense, thanks for the PR
Description
The tuf-secret-copy-job could not patch the secrets that already exist.
Chart version:
v0.6.46