Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Controller drops foreign OwnerReferences #127

Closed
wonderhoss opened this issue Nov 21, 2018 · 1 comment · Fixed by #130
Closed

Controller drops foreign OwnerReferences #127

wonderhoss opened this issue Nov 21, 2018 · 1 comment · Fixed by #130
Labels
bug
Milestone
v0.8.0

Comments

@wonderhoss
Copy link

When reconciling a SealedSecret where the corresponding Secret already exists in the cluster, the controller will replace that Secret with a fresh copy, overwriting any existing ObjectMeta.

This drops all existing OwnerReferences on the Secret and causes other controllers in the same cluster to misbehave where they rely on these OwnerReferences to be present.
Our Wave Controler uses OwnerReferences to tie Secrets to Deployments that use them and fails to correctly track Secrets that are also owned by a SealedSecret.

The problematic code is at

sealed-secrets/cmd/controller/controller.go

Lines 192 to 194 in 2e3902b

if err != nil && errors.IsAlreadyExists(err) {
_, err = c.sclient.Secrets(ssecret.GetObjectMeta().GetNamespace()).Update(secret)
}
where Update() is called without merging with existing OwnerReferences first.

I'm currently working on a PR to fix this.
@anguslees anguslees added the bug label Nov 22, 2018
@wonderhoss wonderhoss mentioned this issue Nov 23, 2018
Merged
@wonderhoss
Copy link
Author

@anguslees See #130

bors bot added a commit that referenced this issue Feb 8, 2019
@bors @JoelSpeed
Merge #130
2eb182e 
130: Retain existing OwnerReferences r=anguslees a=gargath

This PR ensures that existing `OwnerReferences` on Secrets managed by the controller are retained when a Secret is reconciled.
When an existing Secret is found, the controller will now merge existing OwnerReferences with its own, ensuring that other controllers can use OwnerReferences safely to track these Secrets.

Fixes #127 

Co-authored-by: Phil Taprogge <philt@pusher.com>
Co-authored-by: Joel Speed <joel.speed@hotmail.co.uk>
@bors bors bot closed this as completed in #130 Feb 8, 2019
@mkmik mkmik added this to the v0.8.0 milestone Jul 19, 2019
@mkmik mkmik mentioned this issue Oct 2, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
v0.8.0
Development

Successfully merging a pull request may close this issue.

Retain existing OwnerReferences pusher/sealed-secrets
3 participants
@mkmik @anguslees @wonderhoss