labels / annotation propagation doesn't work with helm chart #63
Description
Hi,
aws-secret-operator deployed from the helm chart does not have the recent CRD.
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
aws-secret-operator test 1 2022-08-26 14:35:41.937816 +0200 CEST deployed aws-secret-operator-0.2.3 0.5.2
when I try to apply the AWSSecret definition and create labels on the secret I get an error:
---
apiVersion: mumoshu.github.io/v1alpha1
kind: AWSSecret
metadata:
name: aws-secret1
labels:
app_name: test-app1
annotations:
app_name: test1
spec:
type: Opaque
metadata:
labels:
app_name: test-app1
stringDataFrom:
secretsManagerSecretRef:
secretId: Secret
versionId: xxxx
$ k apply -f awssecret.yaml
error: error validating "awssecret.yaml": error validating data: ValidationError(AWSSecret.spec): unknown field "metadata" in io.github.mumoshu.v1alpha1.AWSSecret.spec; if you choose to ignore these errors, turn validation off with --validate=false
It looks like the CRD installed via helm chart has an old CRD version which doesn't support the spec.metadata.labels/annotations
kg crd awssecrets.mumoshu.github.io -oyaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: "2022-08-26T12:35:38Z"
generation: 1
name: awssecrets.mumoshu.github.io
resourceVersion: "425710227"
uid: e1fbb32e-8ba5-4588-b04e-0476eabd3d09
spec:
conversion:
strategy: None
group: mumoshu.github.io
names:
kind: AWSSecret
listKind: AWSSecretList
plural: awssecrets
singular: awssecret
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: AWSSecret is the Schema for the awssecrets API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AWSSecretSpec defines the desired state of AWSSecret
properties:
dataFrom:
description: DataFrom data field is used to store arbitrary data,
encoded using base64.
properties:
secretsManagerSecretRef:
description: SecretsManagerSecretRef defines from which SecretsManager
Secret the Kubernetes secret is built See https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html
for the concepts
properties:
secretId:
description: SecretId is the SecretId a.k.a `--secret-id`
of the SecretsManager secret version
type: string
versionId:
description: VersionIdis the VersionId a.k.a `--version-id`
of the SecretsManager secret version
type: string
type: object
type: object
stringDataFrom:
description: StringDataFrom stringData field is provided for convenience,
and allows you to provide secret data as unencoded strings.
properties:
secretsManagerSecretRef:
description: SecretsManagerSecretRef defines from which SecretsManager
Secret the Kubernetes secret is built See https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html
for the concepts
properties:
secretId:
description: SecretId is the SecretId a.k.a `--secret-id`
of the SecretsManager secret version
type: string
versionId:
description: VersionIdis the VersionId a.k.a `--version-id`
of the SecretsManager secret version
type: string
type: object
type: object
type:
description: Used to facilitate programmatic handling of secret data.
type: string
type: object
status:
description: AWSSecretStatus defines the observed state of AWSSecret
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: AWSSecret
listKind: AWSSecretList
plural: awssecrets
singular: awssecret
conditions:
- lastTransitionTime: "2022-08-26T12:35:38Z"
message: no conflicts found
reason: NoConflicts
status: "True"
type: NamesAccepted
- lastTransitionTime: "2022-08-26T12:35:38Z"
message: the initial names have been accepted
reason: InitialNamesAccepted
status: "True"
type: Established
storedVersions:
- v1alpha1
I've updated manually the CRD
k apply -f https://raw.githubusercontent.com/mumoshu/aws-secret-operator/3d4b7715d7eb7a37ed0c03d610064dd942a34576/deploy/crds/mumoshu.github.io_awssecrets.yaml
customresourcedefinition.apiextensions.k8s.io/awssecrets.mumoshu.github.io configured
and it looks good now
k apply -f awssecret.yaml
awssecret.mumoshu.github.io/aws-secret1 configured
kg secret aws-secret1 -o yaml
apiVersion: v1
data:
AWSVersionId: xxxxx
password: xxxxx
username: xxxx
kind: Secret
metadata:
labels:
app_name: test-app1
name: aws-secret1
namespace: test
.
.
.
.
type: Opaque
It would be nice to fix the crd in the helm chart ;)
Also - documentation says about the https://github.com/mumoshu/aws-secret-operator#advanced-configuration to set the
spec.labels / spec.annotations but it should be spec.metadata.labels / spec.metadata.annotations