stop reporting metrics for removed sealedsecrets

[jfreeland]

trafficstars

Which component: controller

Describe the bug When a namespace that has a SealedSecret is removed the controller sees a change to the SealedSecret, tries to update it, cannot update it because the namespace is being removed, and begins reporting in metrics that the condition is Synced=-1.

To Reproduce Steps to reproduce the behavior:

# generate a sealedsecret for the relevant $test namespace
kubectl create namespace $test
kubectl apply -f $test_secret.yaml
# view logs, validate it's healthy
# validate healthy on metrics endpoint
kubectl delete namespace $test
# view logs, check metrics

Expected behavior I expect the controller to stop reporting metrics for SealedSecrets when they no longer exist.

Version of Kubernetes: validated on 1.32 and 1.33

• Output of kubectl version: n/a

# controller:
sealed-secrets-c64cdbc67-wtm2z controller time=2025-06-12T21:16:59.174Z level=INFO msg=Updating key=bloop/shaboom
sealed-secrets-c64cdbc67-wtm2z controller time=2025-06-12T21:16:59.206Z level=INFO msg="Event(v1.ObjectReference{Kind:\"SealedSecret\", Namespace:\"bloop\", Name:\"shaboom\", UID:\"dfbbfd5e-8768-4cad-81b5-4ea566620b39\", APIVersion:\"bitnami.com/v1alpha1\", ResourceVersion:\"7740398\", FieldPath:\"\"}): type: 'Normal' reason: 'Unsealed' SealedSecret unsealed successfully"
sealed-secrets-c64cdbc67-wtm2z controller time=2025-06-12T21:16:59.214Z level=INFO msg="update suppressed, no changes in spec" sealed-secret=bloop/shaboom
sealed-secrets-c64cdbc67-wtm2z controller time=2025-06-12T21:17:57.162Z level=INFO msg=Updating key=bloop/shaboom
sealed-secrets-c64cdbc67-wtm2z controller time=2025-06-12T21:17:57.189Z level=INFO msg="Event(v1.ObjectReference{Kind:\"SealedSecret\", Namespace:\"bloop\", Name:\"shaboom\", UID:\"dfbbfd5e-8768-4cad-81b5-4ea566620b39\", APIVersion:\"bitnami.com/v1alpha1\", ResourceVersion:\"7740401\", FieldPath:\"\"}): type: 'Warning' reason: 'ErrUpdateFailed' secrets \"shaboom\" is forbidden: unable to create new content in namespace bloop because it is being terminated"
sealed-secrets-c64cdbc67-wtm2z controller time=2025-06-12T21:17:57.195Z level=INFO msg="update suppressed, no changes in spec" sealed-secret=bloop/shaboom
sealed-secrets-c64cdbc67-wtm2z controller time=2025-06-12T21:17:57.195Z level=ERROR msg="Error updating, will retry" key=bloop/shaboom error="secrets \"shaboom\" is forbidden: unable to create new content in namespace bloop because it is being terminated"
sealed-secrets-c64cdbc67-wtm2z controller time=2025-06-12T21:17:57.200Z level=INFO msg=Updating key=bloop/shaboom
sealed-secrets-c64cdbc67-wtm2z controller time=2025-06-12T21:17:57.213Z level=ERROR msg="Error updating, will retry" key=bloop/shaboom error="secrets \"shaboom\" is forbidden: unable to create new content in namespace bloop because it is being terminated"
sealed-secrets-c64cdbc67-wtm2z controller time=2025-06-12T21:17:57.213Z level=INFO msg="Event(v1.ObjectReference{Kind:\"SealedSecret\", Namespace:\"bloop\", Name:\"shaboom\", UID:\"dfbbfd5e-8768-4cad-81b5-4ea566620b39\", APIVersion:\"bitnami.com/v1alpha1\", ResourceVersion:\"7740717\", FieldPath:\"\"}): type: 'Warning' reason: 'ErrUpdateFailed' secrets \"shaboom\" is forbidden: unable to create new content in namespace bloop because it is being terminated"
sealed-secrets-c64cdbc67-wtm2z controller time=2025-06-12T21:17:57.223Z level=INFO msg=Updating key=bloop/shaboom
sealed-secrets-c64cdbc67-wtm2z controller time=2025-06-12T21:17:57.237Z level=ERROR msg="Error updating, will retry" key=bloop/shaboom error="secrets \"shaboom\" is forbidden: unable to create new content in namespace bloop because it is being terminated"
sealed-secrets-c64cdbc67-wtm2z controller time=2025-06-12T21:17:57.237Z level=INFO msg="Event(v1.ObjectReference{Kind:\"SealedSecret\", Namespace:\"bloop\", Name:\"shaboom\", UID:\"dfbbfd5e-8768-4cad-81b5-4ea566620b39\", APIVersion:\"bitnami.com/v1alpha1\", ResourceVersion:\"7740717\", FieldPath:\"\"}): type: 'Warning' reason: 'ErrUpdateFailed' secrets \"shaboom\" is forbidden: unable to create new content in namespace bloop because it is being terminated"
sealed-secrets-c64cdbc67-wtm2z controller E0612 21:17:57.439573       1 event.go:359] "Server rejected event (will not retry!)" err="namespaces \"bloop\" not found" event="&Event{ObjectMeta:{shaboom.1848683f80f0e0bd  bloop    0 0001-01-01 00:00:00 +0000 UTC <nil> <nil> map[] map[] [] [] []},InvolvedObject:ObjectReference{Kind:SealedSecret,Namespace:bloop,Name:shaboom,UID:dfbbfd5e-8768-4cad-81b5-4ea566620b39,APIVersion:bitnami.com/v1alpha1,ResourceVersion:7740717,FieldPath:,},Reason:ErrUpdateFailed,Message:secrets \"shaboom\" is forbidden: unable to create new content in namespace bloop because it is being terminated,Source:EventSource{Component:sealed-secrets,Host:,},FirstTimestamp:2025-06-12 21:17:57.188935869 +0000 UTC m=+1282004.046096740,LastTimestamp:2025-06-12 21:17:57.237283369 +0000 UTC m=+1282004.094444230,Count:3,Type:Warning,EventTime:0001-01-01 00:00:00 +0000 UTC,Series:nil,Action:,Related:nil,ReportingController:sealed-secrets,ReportingInstance:,}"

# metrics:
root@toolbox-jfreeland:/# curl -s http://10.42.0.31:8081/metrics | grep sealed_secrets_controller_condition_info | grep shaboom
sealed_secrets_controller_condition_info{condition="Synced",name="shaboom",namespace="bloop",ss_app_kubernetes_io_instance=""} 1
root@toolbox-jfreeland:/# date && curl -s http://10.42.0.31:8081/metrics | grep sealed_secrets_controller_condition_info | grep shaboom
Thu Jun 12 21:18:34 UTC 2025
sealed_secrets_controller_condition_info{condition="Synced",name="shaboom",namespace="bloop",ss_app_kubernetes_io_instance=""} -1
root@toolbox-jfreeland:/# date && curl -s http://10.42.0.31:8081/metrics | grep sealed_secrets_controller_condition_info | grep shaboom
Thu Jun 12 21:19:43 UTC 2025
sealed_secrets_controller_condition_info{condition="Synced",name="shaboom",namespace="bloop",ss_app_kubernetes_io_instance=""} -1
root@toolbox-jfreeland:/#

Additional context

In one cluster I've got a SealedSecret reporting whose namespace has been gone for over a week.