-
Notifications
You must be signed in to change notification settings - Fork 690
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
template.metadata.name ignored in sealed secret #1543
Comments
NOTE: the kubernetes version is a bit old (I have no control over that). However, the issue should also occur on newer clusters since it is the sealed secret operator that finally decides what the name of the generated secret should be. |
Just encountered this myself, guessing this is what's causing it: sealed-secrets/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go Lines 327 to 329 in 9439ac6
Is there a reason the name/namespace need to match the |
From the docs:
|
shouldn't the metadata.name configuration be removed then from the template? Having this parameter there suggests that it can be independently configured of the name of the sealedsecret. Right now it silently ignores the name. Alternatively, users could also be warned in the output of kubectl describe and in the status field of the secret. I realize the change would be downwards incompatible. |
Which component:
sealed secret controller: docker.io/bitnami/sealed-secrets-controller:0.26.3
Describe the bug
When creating a sealed secret with a setting of spec.template.metadata.name different from the name of the sealed secret, a secret is created with name equal to metadata.name of the sealed secret. The metadata.name from the template section is ignored.
To Reproduce
Create a sealed secret.
Add an override for metadata.name in the template section. Example:
Now a secret named 'passwordsecret-ss' is created, not the expected secret 'passwordsecret'.
Expected behavior
In the above example, a secret with name 'passwordsecret' should be created.
Version of Kubernetes:
kubectl version:
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: