You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, I am in the process of building a homelab with fluxcd and I chose to use sealed-secrets for secret management.
I am trying to use flux diff to uncover issues before commiting them to git, however I am having an issue with it because of the sealed secrets.
I have a "sealed-secrets" kustomization that installs my sealed secret operator and SealedSecret resources, which are then decrypted by the operator into normal Secrets.
One of these Secrets is defined in another "app" flux Kustomization as a post-build substitution
I have defined that "app" depends on "sealed-secrets", so when applying it on the cluster everything works, but if I use flux diff kustomization -r (with all required parameters for it to recursively apply sealed-secrets and app from a "main" kustomization) it works if the secret already exists on the cluster, but not if it would be created by applying the SealedSecret resources.
Since I am pretty new to kubernetes and the whole ecosystem, I do not now if there is a way to make flux diff """understand"" that some operator will create a new resource based on one it applies. I was wondering if this is even possible with a server side apply dry run like flux diff does. Is it possible for the sealed-secrets operator to create the resource during the dry-run operation ? Or is it just impossible.
Or maybe there's a better way to do what I am trying to do here ?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hello, I am in the process of building a homelab with fluxcd and I chose to use sealed-secrets for secret management.
I am trying to use flux diff to uncover issues before commiting them to git, however I am having an issue with it because of the sealed secrets.
I have a "sealed-secrets" kustomization that installs my sealed secret operator and SealedSecret resources, which are then decrypted by the operator into normal Secrets.
One of these Secrets is defined in another "app" flux Kustomization as a post-build substitution
I have defined that "app" depends on "sealed-secrets", so when applying it on the cluster everything works, but if I use
flux diff kustomization -r(with all required parameters for it to recursively apply sealed-secrets and app from a "main" kustomization) it works if the secret already exists on the cluster, but not if it would be created by applying the SealedSecret resources.Since I am pretty new to kubernetes and the whole ecosystem, I do not now if there is a way to make
flux diff"""understand"" that some operator will create a new resource based on one it applies. I was wondering if this is even possible with a server side apply dry run like flux diff does. Is it possible for the sealed-secrets operator to create the resource during the dry-run operation ? Or is it just impossible.Or maybe there's a better way to do what I am trying to do here ?
Beta Was this translation helpful? Give feedback.
All reactions