Skip to content

Seeing "259 Updated: Updated Secret" events when no change is needed #3265

New issue
New issue
Closed
#3293
Closed
Seeing "259 Updated: Updated Secret" events when no change is needed#3265
#3293
Assignees
shuheiktgw
Labels
kind/bugCategorizes issue or PR as related to a bug.
@BrentOnRails

Description

@BrentOnRails
BrentOnRails
opened on Mar 15, 2024

Describe the bug
Kubernetes Events "259 Updated: Updated Secret" are emitted when secrets are synced, even when there is no change to apply/update.

  1. Is this expected behavior?
  2. Is it actually updating the secret when there is no change? Would validators run each time?

To Reproduce
Steps to reproduce the behavior:

  1. provide all relevant manifests
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  creationTimestamp: "2024-01-24T20:57:06Z"
  generation: 1
  name: foo
  namespace: foo
  resourceVersion: "12167057"
spec:
  dataFrom:
  - extract:
      conversionStrategy: Default
      decodingStrategy: None
      key: arn:aws:secretsmanager:us-east-1:foo:secret:bar
      version: AWSCURRENT
  refreshInterval: 1h
  secretStoreRef:
    kind: SecretStore
    name: foo
  target:
    creationPolicy: Owner
    deletionPolicy: Retain
    name: foo
status:
  binding:
    name: foo
  conditions:
  - lastTransitionTime: "2024-01-24T20:57:07Z"
    message: Secret was synced
    reason: SecretSynced
    status: "True"
    type: Ready
  refreshTime: "2024-03-15T15:00:52Z"
  syncedResourceVersion: 1-2f2c636d06132f67992c15a1daeb0afoo

apiVersion: v1
count: 1220
eventTime: null
firstTimestamp: "2024-01-24T20:57:07Z"
involvedObject:
  apiVersion: external-secrets.io/v1beta1
  kind: ExternalSecret
  name: foo
  namespace: foo
  resourceVersion: "7834"
  uid: b8caad8f-bd0b-4eec-aa11-9c4e80c63684
kind: Event
lastTimestamp: "2024-03-15T16:00:53Z"
message: Updated Secret
metadata:
  creationTimestamp: "2024-01-24T20:57:07Z"
  name: foo.bar
  namespace: foo
  resourceVersion: "12177033"
  uid: 3767cf4d-2228-4998-a1c4-93710d89a88a
reason: Updated
reportingComponent: ""
reportingInstance: ""
source:
  component: external-secrets
type: Normal
  1. provide the Kubernetes and ESO version
  • kubernetes v1.28.5-eks-5e0fdde
  • app.kubernetes.io/version: v0.9.1 │
  • helm.sh/chart: external-secrets-0.9.1

Expected behavior
I expect to only see "259 Updated: Updated Secret" when a secret is updated.

Additional context
It's not clear to me whether these events are intended. They directly correspond with SecretSynced status changes.

Metadata

Metadata

Assignees

Labels

kind/bugCategorizes issue or PR as related to a bug.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions