Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replicatior keep track of removed secrets and loop for wildcard regex in replication-allowed-namespaces. #319

Open
hetii opened this issue Jan 4, 2024 · 0 comments
Open

Replicatior keep track of removed secrets and loop for wildcard regex in replication-allowed-namespaces. #319

hetii opened this issue Jan 4, 2024 · 0 comments
Labels
bug

Comments

@hetii
Copy link

hetii commented Jan 4, 2024
edited
Loading

Hi.

Let assume I have a such code:

apiVersion: v1
kind: Namespace
metadata:
  name: srcnamespace
---
apiVersion: v1
kind: Namespace
metadata:
  name: dstnamespace
---
apiVersion: v1
data:
  secret-token: ZXN5WkNjSXpIM3diWFVyUDhDQ2ZpUFYwCg==
kind: Secret
metadata:
  annotations:
    replicator.v1.mittwald.de/replication-allowed: "true"
    replicator.v1.mittwald.de/replication-allowed-namespaces: ^[^srcnamespace$].*$
    replicator.v1.mittwald.de/strip-labels: "true"
  labels:
    foo: bar
  name: my-src-secret
  namespace: srcnamespace
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
  name: my-dst-secret
  namespace: dstnamespace
  annotations:
    replicator.v1.mittwald.de/replicate-from: srcnamespace/my-src-secret
data: {}
---
apiVersion: v1
kind: Secret
metadata:
  name: my-dst-secret2
  namespace: dstnamespace
  annotations:
    replicator.v1.mittwald.de/replicate-from: srcnamespace/my-src-secret
data: {}

There are two issue.

  1. For src secret I need to use ^[^srcnamespace$].*$ regex otherwise replicator go into loop and recreate src secret all the time. I mean here when I use ".*" regex instead "^[^srcnamespace$].*$".
    The odd thing is that in my real scenario I get the loop for one of the old existing namespace as soon when I change regex to " .*", but I'm not able to reproduce this by above code, even when annotation are the same.
    I wil try to investigate it more and isolate this condition.

  2. When I remove my-dst-secret, my-dst-secret2 and edit by kubectl for label in my-src-secret then replicator somehow still raise logs like below:

time="2024-01-04T15:50:22Z" level=info msg="updating dependent Secret srcnamespace/my-src-secret -> dstnamespace/my-dst-secret" kind=Secret source=srcnamespace/my-src-secret
time="2024-01-04T15:50:22Z" level=info msg="updating dependent Secret srcnamespace/my-src-secret -> dstnamespace/my-dst-secret2" kind=Secret source=srcnamespace/my-src-secret

What is odd as dstnamespace/my-dst-secret and dstnamespace/my-dst-secret2 are no longer in cluster.

For issue 1, replicator should never touch source secrets.
For issue 2, replicator should not raise any message when destination secrets are removed for pull-base replication.

Regards.
@hetii hetii added the bug label Jan 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hetii