Spinnaker: Versioned secret not reference correctly

Created on 18 Oct 2018  路  3Comments  路  Source: spinnaker/spinnaker

Issue Summary:

I deployed versioned secret twice, so I have secret-v001 and secret-v002.
I deployed configmap, secret, and job by running Deploy Manifest stage and secret's version is v002.
However the version of deployed job has a volume with key secret-v001.

Cloud Provider(s):

kubernetes v2

Environment:

Spinnaker: v1.9.0

GKE
master: 1.10.6-gke.1
nodepool: 1.10.6-gke.1

Steps to Reproduce:

  1. Deploy manifest that has deployment with configmap, secret to versioning by running Deploy Manifest stage. configmap and secret will be v001.
  2. Update configmap, secret and re-deploy the manifest, and version will be v002.
  3. Deploy job with configmap, secret (v002) by running Deploy Manifest stage.
  4. describe pod for the job and its secret is still v001

Additional Details:

I annotated max-version-history with value 5.
I bind artifact (docker tag) by running Find Artifacts From Resource stage.

spec:
  completions: 1
  template:
    spec:
      containers:
      - name: testing
        image: testing
        imagePullPolicy: IfNotPresent
      volumes:
      - name: my-secret
        secret:
          secretName: secret

I try to bind secret-v002 with Find Artifacts From Resource, but no matching artifact found.

Manifest section 

Account: my-account
Namespace: my-app
Kind: secret
Name: secret

Produces Artifacts section 

Match against: custom
Type: kubernetes/secret
Name: secret
Version:
Location: my-app
Reference: secret

UPDATE on 2018.11.05

I have the same issue with configMap, too...
I can't run jobs with correct configMap and secret.

picture katsew

Most helpful comment

Also experiencing this problem, is there any known work around?

picture alexsniffin on 14 Dec 2018
👍3

All 3 comments

@lwander

Could you give me some advice or any workaround?
This is critical for me to run jobs...

I currently try these configurations.

Configuration stage

Trigger

Docker image
Set artifact constraints to docker image configured on expected artifact section.

Expected artifact

  1. manifest yaml file on GCS.
    a. It includes 1 job, 1 secret, some configmaps.

  2. docker image
    a. no use prior execution, no default artifact

Stages

Delete job stage

First, if the job already exists, delete it.

Deploy job stage

Select manifest source from expected artifact which I described above.
Configure expected artifact, docker image as a Req.Artifacts To Bind.

Execute

Manual.
Select Docker tag then run.

Result

It versioned, but version is incorrect.
It binds first version of the resources.

katsew picture katsew on 5 Nov 2018

Also experiencing this problem, is there any known work around?

alexsniffin picture alexsniffin on 14 Dec 2018
👍3

@lwander

I found that this is my mistake of configurations...sorry for my mistake.
I reference one secret from multiple pods, but their manifest is different.
I use helm to generate manifests, but their secret's value is not the same!
This is not spinnaker related problem, so I close this issue.

@alexsniffin
Maybe your problem is different from mine, please open another issue to solve yours.

katsew picture katsew on 20 Dec 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

hammett picture hammett  路  3Comments
WakeupTsai picture WakeupTsai  路  3Comments
jaypz picture jaypz  路  3Comments
GoverningCloud picture GoverningCloud  路  3Comments
axot picture axot  路  3Comments