azure-key-vault-to-kubernetes icon indicating copy to clipboard operation
azure-key-vault-to-kubernetes copied to clipboard

Published 20 hours ago verified publisher icon SparebankenVest

[BUG] Custom annotations and labels on secret is cleared on update

Open theggelund opened this issue 1 year ago • 1 comments

Note: Make sure to check out known issues (https://akv2k8s.io/troubleshooting/known-issues/) before submitting

Components and versions Select which component(s) the bug relates to with [X].

[ x ] Controller, version: 1.6.0 (docker image tag) [ ] Env-Injector (webhook), version: 1.6.0 (docker image tag) [ ] Other

Describe the bug When akv2k8s updates an existing k8s secret that has annotations and labels, the annotations and labels are removed.

Looks like annotations and labels are taken from the AzureKeyVaultSecret object instead of from the existing secret. https://github.com/SparebankenVest/azure-key-vault-to-kubernetes/blob/647b7156685907bb1c5257c9e0596f4eab355165/cmd/azure-keyvault-controller/controller/secret.go#L224

To Reproduce

  1. Create a kubernetes secret with labels and annotations
apiVersion: v1
kind: Secret
metadata:
  name: repo-github
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repository
  annotations:
    managed-by: argocd.argoproj.io
data:
  dummy: YWJjCg==
type: Opaque
  1. Create AzureKeyVaultSecret
apiVersion: spv.no/v2beta1
kind: AzureKeyVaultSecret
metadata:
  name: dummy-secret
  namespace: argocd
spec:
  output:
    secret:
      dataKey: dummy
      name: repo-github
  vault:
    name: myvault
    object:
      name: dummy
      type: secret
  1. Inspect the updated secret object and see that there are no annotations and labels

Expected behavior Akv2k8s should only update the secret data, not any other information on the object.

Workaround Set annotations and labels on AzureKeyVaultSecret object.

theggelund avatar Dec 11 '23 21:12 theggelund

faced the same problem

quazeeee avatar Dec 14 '23 23:12 quazeeee