kubernetes-reflector
kubernetes-reflector copied to clipboard
emberstack
Reflector skipping some namespaces
I have the below config for the secret.
secretTemplate:
annotations:
reflector.v1.k8s.emberstack.com/auto-reflects: cert-manager/demo-secret
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "" # Control destination namespaces
reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" # Auto create reflection for matching namespaces
reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "" # Control auto-reflection namespaces
reflector.v1.k8s.emberstack.com/reflected-version: ""
My clusters all namespaces.
❯ k get ns
NAME STATUS AGE
argocd Active 196d
cert-manager Active 212d
default Active 213d
gatekeeper Active 166d
homeassistant Active 113d
homebridge Active 116d
ingress-nginx Active 196d
kube-node-lease Active 213d
kube-public Active 213d
kube-system Active 213d
kubernetes-dashboard Active 194d
metallb-system Active 213d
openebs Active 194d
pihole Active 193d
vault Active 166d
2022-05-06 11:35:10.828 +00:00 [INF] (ES.Kubernetes.Reflector.Core.SecretMirror) Auto-reflected cert-manager/demo-secret where permitted. Created 0 - Updated 9 - Deleted 0 - Validated 0.
2022-05-06 11:35:11.837 +00:00 [INF] (ES.Kubernetes.Reflector.Core.SecretMirror) Patched default/demo-secret as a reflection of cert-manager/demo-secret
2022-05-06 11:35:11.847 +00:00 [INF] (ES.Kubernetes.Reflector.Core.SecretMirror) Patched gatekeeper/demo-secret as a reflection of cert-manager/demo-secret
2022-05-06 11:35:12.856 +00:00 [INF] (ES.Kubernetes.Reflector.Core.SecretMirror) Patched ingress-nginx/demo-secret as a reflection of cert-manager/demo-secret
2022-05-06 11:35:13.868 +00:00 [INF] (ES.Kubernetes.Reflector.Core.SecretMirror) Patched kube-node-lease/demo-secret as a reflection of cert-manager/demo-secret
2022-05-06 11:35:14.877 +00:00 [INF] (ES.Kubernetes.Reflector.Core.SecretMirror) Patched kube-public/demo-secret as a reflection of cert-manager/demo-secret
2022-05-06 11:35:15.889 +00:00 [INF] (ES.Kubernetes.Reflector.Core.SecretMirror) Patched kube-system/demo-secret as a reflection of cert-manager/demo-secret
2022-05-06 11:35:16.899 +00:00 [INF] (ES.Kubernetes.Reflector.Core.SecretMirror) Patched kubernetes-dashboard/demo-secret as a reflection of cert-manager/demo-secret
2022-05-06 11:35:17.910 +00:00 [INF] (ES.Kubernetes.Reflector.Core.SecretMirror) Patched metallb-system/demo-secret as a reflection of cert-manager/demo-secret
2022-05-06 11:35:18.921 +00:00 [INF] (ES.Kubernetes.Reflector.Core.SecretMirror) Patched openebs/demo-secret as a reflection of cert-manager/demo-secret
2022-05-06 11:40:49.008 +00:00 [INF] (ES.Kubernetes.Reflector.Core.NamespaceWatcher) Session closed. Duration: 00:40:12.5265326. Faulted: False.
2022-05-06 11:40:49.008 +00:00 [INF] (ES.Kubernetes.Reflector.Core.NamespaceWatcher) Requesting V1Namespace resources
as you can see argocd and other few namespaces don't show up in the logs as well there is no secret too.
@Rahulsharma0810 can you delete the reflector pod so it restarts and send me the logs from startup?
on top of it when I try to create a secret manually
kubectl get secret demo-secret --namespace=cert-manager -o yaml | sed 's/namespace: .\*/namespace: kubernetes-dashboard/' | kubectl apply -f -
in the logs
2022-05-06 11:58:52.575 +00:00 [INF] (ES.Kubernetes.Reflector.Core.SecretMirror) Created argocd/demo-secret as a reflection of cert-manager/demo-secret
Automatically marked as stale due to no recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
I'm also receiving the same behavior, after a while reflector 6.1.47 does not reflect the secrets I had set to replicate to all namespaces. The below is what I get after I restart the reflector pod, which does get the secrets replicated to the newly added namespaces:
2022-06-15 13:45:09.939 +00:00 [INF] () Starting host │
│ 2022-06-15 13:45:10.336 +00:00 [INF] (ES.Kubernetes.Reflector.Core.NamespaceWatcher) Requesting V1Namespace resources │
│ 2022-06-15 13:45:10.364 +00:00 [INF] (ES.Kubernetes.Reflector.Core.SecretWatcher) Requesting V1Secret resources │
│ 2022-06-15 13:45:10.382 +00:00 [INF] (ES.Kubernetes.Reflector.Core.ConfigMapWatcher) Requesting V1ConfigMap resources │
│ 2022-06-15 13:45:10.676 +00:00 [INF] (ES.Kubernetes.Reflector.Core.SecretMirror) Auto-reflected reflector/developer-ingress-tls where permitted. Created 1 - Updated 0 - Deleted 0 - Validated 12. │
│ 2022-06-15 13:45:10.764 +00:00 [INF] (ES.Kubernetes.Reflector.Core.SecretMirror) Created tf-live/developer-ingress-tls as a reflection of reflector/developer-ingress-tls │
│ 2022-06-15 13:45:10.852 +00:00 [INF] (ES.Kubernetes.Reflector.Core.SecretMirror) Auto-reflected reflector/cert-secret where permitted. Created 1 - Updated 0 - Deleted 0 - Validated 12. │
│ 2022-06-15 13:45:10.862 +00:00 [INF] (ES.Kubernetes.Reflector.Core.SecretMirror) Created tf-live/cert-secret as a reflection of reflector/cert-secret │
│ 2022-06-15 13:45:10.929 +00:00 [INF] (ES.Kubernetes.Reflector.Core.SecretMirror) Auto-reflected reflector/azurestorageaccount where permitted. Created 1 - Updated 0 - Deleted 0 - Validated 12. │
│ 2022-06-15 13:45:10.937 +00:00 [INF] (ES.Kubernetes.Reflector.Core.SecretMirror) Created tf-live/azurestorageaccount as a reflection of reflector/azurestorageaccount
Automatically marked as stale due to no recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Please try the new version. This issue should be fixed. Please reopen if this is still a problem (some scenarios are extremely hard to reproduce and help is required to validate the fix).