ObservedGeneration in status does not get updated when the SealedSecret is updated without errors
seb-metacommerce opened this issue · comments
Hi everyone,
Recently, after the changes to that file were made for the update logic, FluxCD isn't able to clear the health-check on the sealedsecret object. The code is here:
sealed-secrets/pkg/controller/controller.go
Line 418 in 83b15d2
In the updateSealedSecretsStatusConditions
function, I think it should take into account the ObservedGeneration
versus the current object Generation
. When the status hasn't changed (but the generation has), the status will not get updated and thus the observed generation will stay as it was.
In order to reproduce, you need to create a sealedsecret, then, in a second operation, add a value to the sealedsecret. You should end up with a Kubernetes object that looks like this:
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: "2023-10-30T13:49:28Z"
generation: 3
labels:
kustomize.toolkit.fluxcd.io/name: apps
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: seb-test-sealed-secret
namespace: workloads
resourceVersion: "111335696"
uid: 2592d78f-167c-4775-8533-d9860ed0dd0a
spec:
encryptedData:
SECRET_1: AgDEHJmv2BY/XEpyVZBspIFQ7V8cxomIwSFvAS6B0TEJlvmrJamWf7j1guzV97j2o/dEhD3l+uDSu4Hu3BxFmBoMyp0P1Rl3T5Tzfaw3YuX1mXksKMwhLsNk23vYKkb2mk/SGx137y0FmLanAIVBo+cO+8XWJJxSxrczxtWwhIXgY3FTodvERWX7iMTpVcyYdRJpMCfk3H9BfFRKowSUx+ifBO11IrbYXrXhou3Z8MK/gX31N36BJKh0QWKEF3iElBJEGo9SZ4p9Wn6xHFX4wLdRpCb/3sjhbUicmDqm3Xk1KgnPxdnsFxUA9SsCrS6qIuOJPY8hBvnp0a7+2AArqCoEbEgvdnlhZZ19tjso+x6blXX2tn+voKLG1BXoJC6zhaJCX44SXpIJlMLLG+Oez6QqaZHlbbpQsefW4jfTJMciA22OteBwYX/q2i1WZiT+U4qwsCeosO2Z0pateQitUPL3YO6icIlOB/nGjOmCQ3I/MuC3c3anNDhansGbciA+oOv2KFIImVTv9oFzlpTqOxWl1O04QuKgIiY5Pc+X/oVqx0Ae/Ugk4Vhad+tdgAb/dhybzREfL4GQj6KZjAcPVhPgtKf9ER7WKVbG7/Y7JSp+DFm4MfdE4QYHNxPIkw8YnagFAqveGSxdbvnp5c+CVrnRXkSfLOhNvlUNCiMrVBaywiW4Z2nFsoxgP1ve7FFMa6xyFmn8Qjwm
SECRET_2: AgAkFFoXcmEsKLFaWnfNSNeWK0WsviV5tXH7bRRGg9zlbiH7NscRVJ3URpgEEoEt7qtYvTsrF3EfHSd362V5bEh9ZjJwEfyyk2qq850bi1FB6J1YjFb/PgQl0xCHQKZuNHcCCUEFSkv8TJOv+bFi12eSwF9p2Sk5sBmfcsfmRIJBD8VXc2ZhCucZu0TR7gfCHiTmnnGHSe9VJiO7P6CWkIHy+soBcFeQn4yHYFHVI0eOW99uFCXSzssNsFjWbQB33DbAYNvZOigwsPcb8Ib+xuvZ+c2LEEdfEPO/Wb6Dl73C6jiHIWfEWLbYp7/sWCqXQZJNxrvw2YnPCHncc4v7kg6F2wXnSfebu1W5R5KAJjViIUngCnvHI3KB0K6LfaHxHSSQZPHGcTiMWXC8GGDextVpL78I5Ldg0jpyGG4fv6gEDpx0n4UaypOfu3KSx9/mhRQtohae84fbgSyVZP0SjB9weDcEh6rIOEMtde7alORsAlXO2lP3dtA12hPabce5uRHOPl4dBPqXX15Bpew+/WPh8dPnb+oiZzcCy2lOgB64EFofWXhvcU2S3/oxUhbmkRoVBI0qR2UUlg+IqHuOsOVyanh2/jgvYHUawOCieIDVPeLuqCmLMqE8Llzedx/aF22k+N0qduMlWSFE+H339orlCNch95TQcmTQT46Ga7sR6sQWLmDHH4lMPR/w1axbp17vx/7w9VpM
SECRET_3: AgBz6/xjUwZrM6zl41mHEj69UTuS7gqpbkbmEnVVydc+5ofDHaI7UTJbPVyB+Ov91RM1HMAC+xPu3zHu+TY8dEYXQQ5RZ/uj2Sgz8Md/Jl8vO8CAVCBoaThnEyoUe4imGlDHiVhx4Q21RLsnNIDL6Goh+AKhoL4HR3t9qquTRYU0GSL4DwTYKxTNJzL38PiPXJagEO6K5cgRCz0vNmtatiSHBYT1YDAFNJnZ/e+leUAR4Ol/vv2KK7/5oc+jk3N4v488KigrfO19R/ppGDDfg8t6gadAnqQxt4eA5IEqzIK//pl7I1zQLje48JU868gJ9L4z8SP68LmNuIFNHWHKd7tsgyBs88nEiNaUOThEsI6xA8KtiPf5Zi3OercMlk5IhYCgKWLbnfh0qp9Ii8TdxRMA2WIkzf967Z15bkQLO+ab8S1eP4IsGJan41BGMvuQP7ECXRUtUU7r505uju+LPWJB5wVVzsZoBUQnMT8VBG9h0Oyiv4e2Pk5VfDlDTtXVd2JDrniOyiiPV9SMtf/OV795gx090KAvnYalwJm51KAOcr2OTbbfugGJVSRdao+o6STXLytdqoOEIY7QlLWn/m5b/PlI8GqdKNseBJR0EWy2dhSUTWcnRMEm05bPxo7odfF1e8/Ewz/ARlXad6aoD8DZcL0luPq/zbM3OvnUa6KqEhMol214dltTllQMt658Ws5ex6Clx+Ak
template:
metadata:
name: seb-test-sealed-secret
namespace: workloads
type: Opaque
status:
conditions:
- lastUpdateTime: "2023-10-30T13:49:28Z"
status: "True"
type: Synced
observedGeneration: 1
I reverted my Helm Chart from 2.13.1
to 2.13.0
and now everything updates as it did before:
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: "2023-10-30T13:49:28Z"
generation: 4
labels:
kustomize.toolkit.fluxcd.io/name: apps
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: seb-test-sealed-secret
namespace: workloads
resourceVersion: "111362418"
uid: 2592d78f-167c-4775-8533-d9860ed0dd0a
spec:
encryptedData:
SECRET_1: AgAX8rEnXtAC3f5shwJPwwDqOalABnrQ2QePt0wERGfrj5yMNHXFYfXHwFJwWck3wQTNrO4PyAz0pIBwmQpvZP3A4O+xdO3JBXF3xyr1nutFAs6iB3fXRARHn6Ult/6NxF+ZcszNuvBJGOfbFDucNBE6OT28wHuO9YGYbjKf4dab4lFrmVv4lspZO5o+yxrgjBj+NhHt/ZXKquI/U9XqXzNGHeFD4cxAHkHnNRFjt7xTPFLcPnNSxwe2rcxiGkbzVwZGmKxJLPwstF4UG9TEEQlE13FyYToVwD+tDx1B0oxs3Jq9HKf70Y5iBv9WQLTslGB6MFraD8MFyaolaGdySL7kzk9V96WEDZm+XYwe/4GMo9EHIJCpclGuhsYML2SufgrLSSV2NqIVB5p+UinPMZN1qORjU8np5SuhzRCa/tf7aWFy6fukUxVo+nhsXRgp5t6KDfOtC9kWayFgokq7UyMz4BsgwtR3jM4b+7PI7HnlBt1nc1FAOqCVS8m5S/Bd7NY5Uwsj9bDPJTC3dzoPgkCmkTtH2fbNplNVpBO1kjsSIaqBfsMyDpECACkRcKQiXNBSlwtrp4ohsKOnhlt9t+2O7zxr8KnV34S9kNhkdzoD2cmEl4Z7GWOl79YVtzXMvNYZQhqU+ifYJzbg4nFhtRTp92Jg87nJJFJBhDF5FpI/19zGKDOAX16anQTDFn2Tl9azJgyVp68n
SECRET_2: AgCmXw1y4Tr+aVlGe3iBcT+pfO6MNbgSYuZk9t8BN6bjw10RS9coG5JL6LV/RT4eHynFtzNc86+MZDlVueRWQpaZwbBVZ97dsrgZH+NXDhdJg2oLCMU1T4BpUTTss2JQo+LK24cI8m+MKoEAwbGwqt1Dxqm5k0aN4u675gY86aTRb06dBo6o1ICtG2hvG733gclxO/+RQwAWibozYuDaOHzrTk7/YRk0L5E5XDuOXtpSqlZYS5dzlZYfBJbpsbaLJkBuvN1joiuz0KI7uM2kU121NyV46wbAY57oCB8Uv+2MFM+brAU88Ntx9wl1VhnpPhZ/dYRub/zmDjLWaZzgowfnKU9BSQzpYjVlLehXD13zaPf0mxLMjVWWVztoMajjhoUaBwCa0vyREEFwC+apC5kUKRvu8NuaLizVfg9+kMJPFrvtRgfY950OqrogwfMgPgK+dl0J/rrk2YmqsE2oh+MfUTaw8HA/FjdKGHfhQbanJeQJFIAD00JDOUgEhRd+IsRYD/wmQgNgPI55WIw6b+8dq49x3DmwgYE0dq9yQonmNQBNjpHYuZF1Ndi+1cDWTLF0LSnlBSiKKKudDaS7MFj12F5ohTiSx2HF+3IM9DSKkEitv8w+pkZUyacHa87PoR0cERMP8py1geOjMyLarIQ2u6VWrm9gW50vq0EeHN+mOcDHMKrLR+IiXeyQ4Fv5abgOCWbYoohY
SECRET_3: AgA7JsagdJI/jkJ8l0YaZMLCvWl+LTYlsNkiyxU+EXGyVxAbVUvF9r/B8B8OXPB4wtbbz9gBnsIz6DdBmaloSJYfe9oIGLYQqZM7et8//OQe0tJxsydlECWVdRg5FTM6bQ6iVJGi+RNmoQOP4BskJ6OT7MvY5EwAzGEhSCOyF2wIO7+0LotmJVW8n9zjhWCLoYewKfNaOywCpJWN+9Ba4nZNjvHx4yhicO3meoouhC6u9RTosmDDChqf+P7uLn8x6CkZXnmOREy7Nz3qTrnYmmzBPYiCyl6T4DBrTkc+bLb9UYMpmzH3NEBXBexYUSMSnV0qvaLbJi1uL0AndjjEpta5y/wA1WxWzRIJeOSidZHFvniKxKIUmejZG/OyBMtTUYA8og59o42Rp5IUJ33wh/sh2RDMuKHvX5U2nTPFN2yydBrR1rSV54SBZ04pWoACR/FGvpY+G/YTF+W5Gvhuj7TO2yr/SM0PJV659RaT5d3kzt9OmPWcVwM8OeKUtsFlUsbaiJd4TUJpngEpu8jxl5zWgUEotk4vt7SAEISoGZQXI1FviNAjrv4JIcuwWTLB7ObJWrR8SnHGqfnX4j4qw22VTttUsIRMgyfWgngRAncSrreiA+f02k8TJBDtrTj5PF897KXfVUMsYuJW3/azunb1qABYVPVJ60GcMfYZ1DQDA+OmdW3hpU906MOSzQ3TSOcR3wLV55A9
SECRET_4: AgB90XcHSCbFAqfjxFTa9EnlcRi2giDzkwnbQ+r9XvCiYiz66pYPJknG+edZywTANGlrQpwOaLvqmT21MMCxREU//bEzf3hkqxMNU5XHsP5TGdGgg30Y3U5Tw6UkQIuAkHUZdvMGJzeOiVXcwf2L7DfN6ptqpA8rjNYTa4DOBneGLqYFb0EEcTHpHKRD3tm/ZXpjVo2N4IsdtlxtHvfWrhv0ulaX+eOUkVymPMj+iG2AjyJ7WdXrhAP7591oyv2x8iB9NyzasBNifdBymVtj1jFyMJrv6cHc3cP1ISq1NcTql7s597STlG2LMWN1ylwJaqa17tKPxOjr1OpFQTqgLoZsZpwxf0ZjuwXQOF35/jqB/H3ubvznxI9verSX2dEbtThp6q1QNHmd8pltLD8cbm5JMjSbaPJZ6rSdKIoY4oefbBzvn6kEo9/MMDiJpd0ZJ6HX8iqhFzvjk4SEdXkUZZGoeUAx/wq6MPACpLNQAOAU1JFDNok/DKpC+C/lCgr7O1IfUVzJKNWGPwU89Kbn++iC1JjP/AcVO08Drp7lw1wma4pauUVRo14jv4e1iB3167bO3JFgyxZPReCF2lowqs+wdmGtuH0Tdcp+DXWPAg82wIKysLRGoLA7veNezga3GKLlglYR273dVd5lOFr0IyBDIX6xzCJiEAuUWI8koGWypAH5a0DQ6XDnfW1Ed/ms4yy1ke+FRjJf
template:
metadata:
creationTimestamp: null
name: seb-test-sealed-secret
namespace: workloads
type: Opaque
status:
conditions:
- lastUpdateTime: "2023-10-30T15:33:02Z"
status: "True"
type: Synced
observedGeneration: 4
PS: The code in FluxCD that triggered me to dig for this issue:
https://github.com/fluxcd/flux2/blob/e3605acc132153b6ebe4013447dbe3a36f5b8f9f/cmd/flux/status.go#L67
Hi, I think it is the same issue reported here: #1354 ^^
Hi, I think it is the same issue reported here: #1354 ^^
Yes, it's the same issue! This is the root cause though :)
Thanks for the fix!