reconciliation of older clusters broken due to added encryption key secrets

Question

reconciliation of older clusters broken due to added encryption key secrets

xh3b4sd opened this issue 7 years ago · 4 comments

I found the following error in the logs by accident. The cluster being reconciled is quite old but the processing fails because there is no encryption key yet. This is a perfect example of bad migration paths (none) and weak versioning on our side. Lets try to do this better in the future. I am not sure how we can fix this now.

{"caller":"github.com/giantswarm/aws-operator/vendor/github.com/giantswarm/randomkeytpr/service.go:90","debug":"searching secret: clusterKey=encryption, clusterID=7vzmd","time":"17-10-24 22:36:23.688"}
{"caller":"github.com/giantswarm/aws-operator/service/create/service.go:504","error":"error processing cluster '7vzmd': '[{/go/src/github.com/giantswarm/aws-operator/service/create/service.go:567: could not get keys from secrets: '[{/go/src/github.com/giantswarm/aws-operator/vendor/github.com/giantswarm/randomkeytpr/service.go:74: } {/go/src/github.com/giantswarm/aws-operator/vendor/github.com/giantswarm/randomkeytpr/service.go:143: timed out waiting for secrets} {/go/src/github.com/giantswarm/aws-operator/vendor/github.com/giantswarm/randomkeytpr/error.go:14: secrets retreival failed}]'} {execution failed}]'","time":"17-10-24 22:37:53.696"}

FYI @fgimenez @rossf7 @jgsqware

Answer 1 · 2017-10-25T08:30:18.000Z

ack @xh3b4sd thx! <3

Answer 2 · 2017-10-25T09:52:14.000Z

Should we move this to sig operator's inbox to keep track?

Answer 3 · 2017-10-25T09:55:00.000Z

Done. Thanks for the notice. <3

Answer 4 · 2017-11-13T16:26:41.000Z

I am closing this since the reconciliation is reworked and nobody will fix this error now. Since there are more and more new clusters and the reconciliation never did really work so far in AWS this should not be a big deal now.