Deleting secret is not reflected kamussecret object

Question

Deleting secret is not reflected kamussecret object

ragsonline opened this issue 5 years ago · 6 comments

Describe the bug
After deleting the secret created through CRD Object KamusSecret- Unable to re-create the secret with the same name as Kamus fails with error kamussecrets.soluto.com "secret" already exists

Versions used
Kamus (API images): soluto.com/v1alpha2
Kamus CLI: 0.3.0
Chart version: kamus-0.4.6
KMS provider: AWS KMS
Kubernetes flavour and version: (e.g. OpenShift Origin 3.9)
Docker-for-Desktop

To Reproduce
Steps to reproduce the behavior:

Create secret using KamusSecret Kind
Delete secret
Re-creating the same secret fails as "kumasecret" already exists

Expected behavior

Should be this way that deleting kuberentes secret should also delete kumas secret.

Answer 1 · 2020-02-25T06:09:21.000Z

It's kinda expected - KamusSecret is managing the Secret, not the other way around. So, if you delete the KamusSecret the secret will be deleted - but if delete the secret the state will be invalid: Kamus think the secret exists (because KamusSecret exists).

Can you share more about the error you had? WDYM Re-creating the same secret ? How?

Answer 2 · 2020-02-25T06:23:33.000Z

Thanks for your prompt response @omerlh
What I meant about that error is because the KumaSecret object is not deleted or exists.

if I do, kubectl apply or create -f kumasecret.yaml that I used to create in the first place says already exists.

which now means. we need to delete and recreate KumaSecret object if we need to reuse the manifest file

Answer 3 · 2020-02-25T06:39:45.000Z

Not following... So - you deleted the secret. Does the KamusSecret exist after deletion? Did you try to create the secret manually? Or, did you try to apply again the manifest and it failed because KamusSecret object exist, but the secret not?

If so, we can open another PR - asking that Kamus will watch Secrets managed by Kamus, and if such a secret is deleted it will recreate it. Does that makes sense?

Answer 4 · 2020-02-26T23:17:31.000Z

Below are the steps i followed.
@omerlh

KamusSecret manifest to create the secret

cat kamu-secret.yaml 
apiVersion: "soluto.com/v1alpha2"
kind: KamusSecret
metadata:
  name: this-kamus-secret-v2
  namespace: test
stringData:
  key: 
serviceAccount: kamus-example-sa

kubectl create -f kamu-secret.yaml
kamussecret.soluto.com/this-kamus-secret-v2 created
List KamusSecret and Kube Secret

kubectl get secret this-kamus-secret-v2
NAME TYPE DATA AGE
this-kamus-secret-v2 Opaque 1 26s

kubectl get kamussecret this-kamus-secret-v2
NAME AGE
this-kamus-secret-v2 35s

Delete Kubernetes Secret Object

kubectl delete secret this-kamus-secret-v2
secret "this-kamus-secret-v2" deleted

Still KamusSecret exists ---- [ now understood this is expected ]
kubectl get kamussecret
NAME AGE
this-kamus-secret-v2 2m49s

6. Trying to run the same manifest file to create the secret[ failed due to above step ]

kubectl create -f kamu-secret.yaml
Error from server (AlreadyExists): error when creating "kamu-secret.yaml": kamussecrets.soluto.com "this-kamus-secret-v2" already exists

Answer 5 · 2020-02-27T06:01:33.000Z

Yes, as I said earlier – this is expected. As long as the KamusSecret exists, Kamus assume that the secret exists. So to fix the state, you need first to delete the KamusSecret and then re-create it. This is just a workaround, can you please file another issue? I think that Kamus should “watch” for missing Secrets managed by KamusSecret, and we should fix that… Also – I do hope that the key you put on GitHub is not sensitive ☺ If so – please delete it! From: ragsonline <notifications@github.com> Reply-To: Soluto/kamus <reply@reply.github.com> Date: Thursday, 27 February 2020 at 1:17 To: Soluto/kamus <kamus@noreply.github.com> Cc: Omer Levi Hevroni <omerl@soluto.com>, Mention <mention@noreply.github.com> Subject: Re: [Soluto/kamus] Deleting secret is not reflected kamussecret object (#451) Below are the steps i followed. 1. KamusSecret manifest to create the secret apiVersion: "soluto.com/v1alpha2" kind: KamusSecret metadata: name: this-kamus-secret-v2 namespace: test stringData: key: env$AQIDAHj62ep3X3tHLsS0CEMtJtKUJGfkthgc0ux5ttRiB7ebLQFFPoyYt3JZ1kHXd6cuQCsWAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMxiKwIh4fRclG6AuLAgEQgDtL4hw401nSeiK/71EaUh3zom+6rZjU4TmjIleP/hDSKzWFP1YWl9oPmIUuXaUVtXnNi5fsMAHI4jQU5g==$oTZTShqWrnY9pO6l4eLlyQ==:9z9BrgdLIAJ3KPevPX2InQ== serviceAccount: kamus-example-sa``` 2. kubectl create -f kamu-secret.yaml kamussecret.soluto.com/this-kamus-secret-v2 created 3. List KamusSecret and Kube Secret kubectl get secret this-kamus-secret-v2 NAME TYPE DATA AGE this-kamus-secret-v2 Opaque 1 26s kubectl get kamussecret this-kamus-secret-v2 NAME AGE this-kamus-secret-v2 35s 4. Delete Kubernetes Secret Object kubectl delete secret this-kamus-secret-v2 secret "this-kamus-secret-v2" deleted 5. Still KamusSecret exists ---- [ now understood this is expected ] kubectl get kamussecret NAME AGE this-kamus-secret-v2 2m49s 6. Trying to run the same manifest file to create the secret[ failed due to above step ] kubectl create -f kamu-secret.yaml Error from server (AlreadyExists): error when creating "kamu-secret.yaml": kamussecrets.soluto.com "this-kamus-secret-v2" already exists — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#451?email_source=notifications&email_token=ABTLGWDYNVSNXNPP6ET37E3RE32AXA5CNFSM4K23E4RKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOENCIQXQ#issuecomment-591693918>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABTLGWBSAWKJWX47TUGF5FLRE32AXANCNFSM4K23E4RA>.

Answer 6 · 2020-05-20T05:58:59.000Z

Closing as #457 is more accurate.