Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Preserve annotations and labels on SealedSecret objects #1625

Open
shinebayar-g opened this issue Nov 4, 2024 · 1 comment
Open

Preserve annotations and labels on SealedSecret objects #1625

shinebayar-g opened this issue Nov 4, 2024 · 1 comment
Assignees
Labels
triage Issues/PRs that need to be reviewed

Comments

@shinebayar-g
Copy link

Which component:
0.27.1

Is your feature request related to a problem? Please describe.
Sealed Secrets is often used with ArgoCD/Flux. In ArgoCD, argocd.argoproj.io/sync-wave annotation is used everywhere to control the priority of the git sync operation. Because SealedSecret object doesn't preserve any annotations and labels, it requires manual update of the json file after running kubeseal command.

Describe the solution you'd like
Easiest solution would be just preserve the same annotations and labels from the kubeseal input secret.

Describe alternatives you've considered
N/A

Additional context

Input secret

{
    "kind": "Secret",
    "apiVersion": "v1",
    "metadata": {
        "name": "s3-access",
        "namespace": "loki",
        "annotations": {
            "argocd.argoproj.io/sync-wave": "-10"
        }
    },
    "stringData": {
        "foo": "bar"
    }
}

Output SealedSecret

{
  "kind": "SealedSecret",
  "apiVersion": "bitnami.com/v1alpha1",
  "metadata": {
    "name": "s3-access",
    "namespace": "loki",
    "annotations": {                           
          "argocd.argoproj.io/sync-wave": "-10"  // This is what we want
    },                                            
    "creationTimestamp": null
  },
  "spec": {
    "template": {
      "metadata": {
        "name": "s3-access",
        "namespace": "loki",
        "creationTimestamp": null,
        "annotations": {
          "argocd.argoproj.io/sync-wave": "-10"
        }
      }
    },
    "encryptedData": {
      "foo": "AgBNnuq7/9OG+...."
    }
  }
}

The previous feature request was closed incorrectly. #460

@shinebayar-g shinebayar-g added the triage Issues/PRs that need to be reviewed label Nov 4, 2024
@kimdre
Copy link

kimdre commented Nov 29, 2024

We also have this issue when we try to assign labels to metadata.labels, instead the labels get moved down to spec.template.metadata.labels

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
triage Issues/PRs that need to be reviewed
Projects
None yet
Development

No branches or pull requests

3 participants