Comments (5)
For anyone finding an issue with this, here's a working example with the previous behavior:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: replicator-deployment
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
app: replicator
spec:
serviceAccountName: replicator
containers:
- name: replicator
image: quay.io/mittwald/kubernetes-replicator:v1.0.0
command: ["/replicator"]
args: ["--allow-all"]
from kubernetes-replicator.
Specifying args: ["--resync-period=1m" ]
in the deployment fixed my issue
from kubernetes-replicator.
Is the behaviour about secret not existing expected?
Nope, this should not happen. Are the two secrets (source and target) created simultaneously? The replicator is working on a local cache; maybe it took a while to catch up.
Do you have a way in mind to mimic previous behavior not needing origin secret to have replicator annotations?
Yes, it's even already implemented, although not broadly advertised. You can start the replicator with the -allow-all
flag to restore the previous behaviour -- that we consider to be not totally secure (at least in a cluster with potentially untrustworthy actors).
Regarding the breaking change in behaviour; up until recently, this controller was still in an alpha release. At the same time, it was desirable for us to change this controller's behaviour to a more secure default -- meaning to explicitly whitelist which secrets could be replicated to which target (reasoning by a contributor in #2). We felt that the best time to introduce such a breaking change was while still in alpha; however, we could have communicated the breaking change more clearly -- sorry if it broke your setup.
Btw, we have stable release out by now, so we'll do our very best to avoid any future breaking changes from now on.
Let me know if this helped you with your question.
from kubernetes-replicator.
Awesome, thank you for the quick reply!
I'm aware about it being in alpha before, that's the reason of the "kind of".
I was just pointed out that cert-manager only updates the secret so no issues with annotations.
Thanks again!
from kubernetes-replicator.
I'm still getting this issue even with the "--allow-all" args as lucascollino showed above:
kubectl logs -nkube-system replicator-deployment-b795b874b-n5tcm
2019/06/20 13:29:58 using in-cluster configuration
2019/06/20 13:29:58 running config map controller
2019/06/20 13:29:58 running secret controller
2019/06/20 13:29:58 secret development-tkdb/tkdb-secret is replicated from kube-certificates/dev-tkdb-com-tls-2
2019/06/20 13:29:58 could not get secret kube-certificates/dev-tkdb-com-tls-2: does not exist
from kubernetes-replicator.
Related Issues (20)
- New Release Timeline? HOT 1
- How to reduce log level to warning from info HOT 10
- how often does the controller check secrets for changes and re-synch? HOT 1
- Allow setting an arbitrary name for the copied Secret resource
- Configurable object types only being replicated HOT 4
- Replication fails randomly on different namespaces during initial startup
- ServiceAccount replication doesn't preserve annotations HOT 1
- Secrets has been deployed with khelm and ArgoCD wants to delete it
- Support replication for Custom Resource
- Proposal: "Pull-based" Replication Using Service Account for Kubernetes-Replicator
- Question Regarding Kubernetes-Replicator's Version Support Policy HOT 1
- fix: secret is replicated to only partial namespaces HOT 1
- secret tls not replicated HOT 2
- not reliable replication
- Allow to disable secret overwrite. Use annotation to protect original values of existing secret in target namespace HOT 1
- Replicatior keep track of removed secrets and loop for wildcard regex in replication-allowed-namespaces.
- Failed to watch secrets: Stream Error
- Helm chart down? HOT 1
- Apply for listing in ArtifactHub
- Publish controller and application specific metrics
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes-replicator.