hashicorp
Setting `destination` -> `label` does not seem to set label on end secret
More of a question rather than a bug I'm sure because this feature is clearly documented so I am sure my config of the vaultstaticsecret is wrong.
I have the following yaml:
kind: VaultStaticSecret
metadata:
name: my-secret
namespace: my-namespace
spec:
destination:
create: true
labels:
app.kubernetes.io/component: secret-sync
app.kubernetes.io/managed-by: by-some-tool
app.kubernetes.io/name: my-secret
name: my-secret
overwrite: true
transformation:
excludeRaw: true
excludes:
- .*
templates:
.dockerconfigjson:
text: |
[...]
type: kubernetes.io/dockerconfigjson
hmacSecretData: true
mount: my-kv/kv-v2
namespace: my-namespace
path: hashicorp-vso/my-secret
and my expectation was i would see kube secret created with the labels:
app.kubernetes.io/component: secret-sync
app.kubernetes.io/managed-by: by-some-tool
app.kubernetes.io/name: my-secret
as per vso doc at https://github.com/hashicorp/vault-secrets-operator/blob/main/docs/api/api-reference.md#destination
but the end secret instead has:
"app.kubernetes.io/component": "secret-sync",
"app.kubernetes.io/managed-by": "hashicorp-vso",
"app.kubernetes.io/name": "vault-secrets-operator",
i.e. the managed-by and name is somehow not being set?
I thought it might be due to the fact i am setting:
create: true
overwrite: true
but the doc does seem to suggest this is fine. FYI, i've tried it with both non-existing secret (so creating it from scratch) as well as existing secret.
Is my config the problem here and also where are the values above coming from? (clearly from hashicorp-vso but i don't know where since i don't have that in any config)
version: hashicorp/vault-secrets-operator:0.5.2
