messaging-topology-operator icon indicating copy to clipboard operation
messaging-topology-operator copied to clipboard

Published 20 hours ago verified publisher icon rabbitmq

`failed setting controller reference` error when using a Secret generated by SealedSecret to create a RabbitMQ User

Open AlbertoArconada opened this issue 2 years ago • 7 comments

Describe the bug

To avoid having base64 encoded credentials in my repos, I'm trying to use SealedSecrets to have encrypted credentials. When a sealedsecret is applied, in the background this operator creates a secret in the same K8s namespace with the same name that contains Base64 encoded. Just for context, when generated, this secret contains some ownerReferences values.

Then, when I try to apply the template of a user that refers to that generated secret, I receive this error:
failed setting controller reference: Object namespace/name-of-the-secret is already owned by another SealedSecret controller name-of-the-sealed-secret

To Reproduce

Steps to reproduce the behavior:

  1. Create a Secret template
  2. Generate the sealed secret using kubeseal command
  3. Apply the generated sealed secret
  4. Create a User template whose importCredentialsSecret->name field points to the secret created in step 1
  5. Apply the User template

Include any YAML or manifest necessary to reproduce the problem.

Cluster template

apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
  name: my-rabbitmq-cluster
  namespace: my-rabbitmq-cluster-namespace
spec:
  replicas: 1

Secret template

apiVersion: v1
data:
  password: dGVzdHVzZXI=
  username: dGVzdHBhc3N3b3Jk
kind: Secret
metadata:
  name: test-user-credentials-secret
  namespace: my-rabbitmq-cluster-namespace
type: Opaque

User template

apiVersion: rabbitmq.com/v1beta1
kind: User
metadata:
  name: test-user
  namespace: my-rabbitmq-cluster-namespace
spec:
  tags:
    - management
  importCredentialsSecret:
    name: test-user-credentials-secret
  rabbitmqClusterReference:
    name: my-rabbitmq-cluster

Expected behavior

The User should be created without any problem using the Secret generated by SealedSecret Operator.

Screenshots

Version and environment information

  • Messaging Topology Operator: bitnami/rmq-messaging-topology-operator:1.12.0-scratch-r0
  • RabbitMQ: 3.12.4-management
  • RabbitMQ Cluster Operator: bitnami/rabbitmq-cluster-operator:2.3.0-scratch-r1
  • Kubernetes: v1.24.14
  • Cloud provider or hardware configuration: Google Cloud

Additional context

AlbertoArconada avatar Oct 17 '23 15:10 AlbertoArconada

This issue has been marked as stale due to 60 days of inactivity. Stale issues will be closed after a further 30 days of inactivity; please remove the stale label in order to prevent this occurring.

github-actions[bot] avatar Dec 17 '23 00:12 github-actions[bot]

hey, thank you for reporting this issue. I believe there's value in providing compatibility with sealed secrets. I've marked this issue as never-stale. However, I don't have time to get to this issue any time soon. A contribution would be very welcome 🙂

Zerpet avatar Dec 18 '23 09:12 Zerpet

I'm experiencing the same issue..

MonicaMagoniCom avatar Feb 19 '24 14:02 MonicaMagoniCom