Skip to content

RMQ operator can't import secrest created by External-secrets operator #929

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
KyriosGN0 opened this issue Jan 14, 2025 · 3 comments
Open

RMQ operator can't import secrest created by External-secrets operator #929

KyriosGN0 opened this issue Jan 14, 2025 · 3 comments
Labels
bug Something isn't working

Comments

@KyriosGN0
Copy link

Describe the bug

RMQ operator wants to set ownerRef on imported secrets to user

To Reproduce

Steps to reproduce the behavior:
create a secret with ownerRef (like with external-secrets and setting the creationPolicy to Owner)
create rmq user with imported secret
the user will throw an error in its status, claming it can't take ownership of the secret

Expected behavior
the operator should not take control of imported secrets

Screenshots

If applicable, add screenshots to help explain your problem.

Version and environment information

  • Messaging Topology Operator: 1.15.0
  • RabbitMQ: 3.13.7
  • RabbitMQ Cluster Operator: 1.15.0
  • Kubernetes: 1.30.5
  • Cloud provider or hardware configuration: GKE

Additional context

Add any other context about the problem here.
@KyriosGN0 KyriosGN0 added the bug Something isn't working label Jan 14, 2025
@github-actions GitHub Actions
Copy link

This issue has been marked as stale due to 60 days of inactivity. Stale issues will be closed after a further 30 days of inactivity; please remove the stale label in order to prevent this occurring.

@github-actions github-actions bot added the stale label Mar 16, 2025
@KyriosGN0
Copy link
Author

KyriosGN0 commented Mar 16, 2025
edited
Loading

Not stale

@github-actions github-actions bot removed the stale label Mar 17, 2025
@Zerpet
Copy link
Member

Zerpet commented Mar 17, 2025

I don't see how the user controller could be setting an owner reference on an external secret, given that it doesn't even watch them, see:

messaging-topology-operator/main.go

Lines 234 to 246 in 870860b

if err = (&controllers.TopologyReconciler{
Client: mgr.GetClient(),
Type: &topology.User{},
Log: ctrl.Log.WithName(controllers.UserControllerName),
Scheme: mgr.GetScheme(),
Recorder: mgr.GetEventRecorderFor(controllers.UserControllerName),
RabbitmqClientFactory: rabbitmqclient.RabbitholeClientFactory,
KubernetesClusterDomain: clusterDomain,
WatchTypes: []client.Object{},
ReconcileFunc: &controllers.UserReconciler{Client: mgr.GetClient(), Scheme: mgr.GetScheme()},
ConnectUsingPlainHTTP: usePlainHTTP,
MaxConcurrentReconciles: maxConcurrentReconciles,
}).SetupWithManager(mgr); err != nil {

messaging-topology-operator/controllers/topology_controller.go

Lines 224 to 229 in 870860b

if len(r.WatchTypes) == 0 {
return ctrl.NewControllerManagedBy(mgr).
For(r.Type).
WithOptions(controller.Options{MaxConcurrentReconciles: r.MaxConcurrentReconciles}).
Complete(r)
}

Some YAML to reproduce the problem would be most welcome.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Zerpet @KyriosGN0