argo-cd: SealedSecret status stuck "Progressing" even when unsealed successfully
Checklist:
- I’ve searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
- I’ve included steps to reproduce the bug.
- I’ve pasted the output of
argocd version.
Describe the bug
After upgrading to v2.0.0, SealedSecret resources are stuck in the “Progressing” state, even when the secret was unsealed successfully by the controller.
To Reproduce
- Install
quay.io/bitnami/sealed-secrets-controller:v0.15.0 - Create an Argo CD Application containing a
SealedSecretresource - Wait for the resource to be synced by Argo CD and unsealed by the controller
- The
SealedSecretmanaged by Argo CD has a “Progressing” health and “Waiting for Sealed Secret to be decrypted” as health details
Expected behavior
The SealedSecret health should be “Healthy”
Screenshots
The SealedSecret manifest:
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: >
{"apiVersion":"bitnami.com/v1alpha1","kind":"SealedSecret","metadata":{"annotations":{},"creationTimestamp":null,"labels":{"app.kubernetes.io/instance":"xxxx"},"name":"xxxxx","namespace":"xxxxx"},"spec":{"encryptedData":{"xxxxx"}}}}
creationTimestamp: '2021-03-29T17:40:00Z'
generation: 1
labels:
app.kubernetes.io/instance: secrets-v3-1
name: xxxxx
namespace: xxxxx
resourceVersion: '239233797'
selfLink: /apis/bitnami.com/v1alpha1/namespaces/xxxxx/sealedsecrets/xxxxx
uid: e66a6863-4b1d-43f2-96e0-fc687cdaabd6
spec:
encryptedData:
xxxxxxx
template:
metadata:
creationTimestamp: null
name: xxxxx
namespace: xxxxx
Version
{
"Version": "v2.0.0+f5119c0",
"BuildDate": "2021-04-07T06:00:33Z",
"GitCommit": "f5119c06686399134b3f296d44445bcdbc778d42",
"GitTreeState": "clean",
"GoVersion": "go1.16",
"Compiler": "gc",
"Platform": "linux/amd64",
"KsonnetVersion": "v0.13.1",
"KustomizeVersion": "v3.9.4 2021-02-09T19:22:10Z",
"HelmVersion": "v3.5.1+g32c2223",
"KubectlVersion": "v0.20.4",
"JsonnetVersion": "v0.17.0"
}
Logs
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 77
- Comments: 27 (7 by maintainers)
Commits related to this issue
- add update-status command arg to sealed secrets https://github.com/argoproj/argo-cd/issues/5991 — committed to joaofnds/foobar-infra by joaofnds 3 years ago
I can confirm that this works:
My
SealedSecret-s are no longer progressingThis might help:
Set the SEALED_SECRETS_UPDATE_STATUS variable to “1” in the sealed-secrets deployment yaml file https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.16.0/controller.yaml
Hey - you checked “I’ve searched the FAQ” but you seem to have missed https://argo-cd.readthedocs.io/en/stable/faq/#why-are-resources-of-type-sealedsecret-stuck-in-the-progressing-state 😃
Hi @haim-ari I had the same issue on argo-cd. Just upgraded sealed-secrets to 1.16.1 helm chart with the following value
commandArgs. then argocd stop progressing and reports Healthy.Hi @shibumi yes simply we are adding value to
commandArgsin values.yml of helm chart it is defined at https://github.com/bitnami-labs/sealed-secrets/blob/main/helm/sealed-secrets/templates/deployment.yaml#L49Yep, looks like this is fixed now in the latest v0.16.0 release. Either use the env var like @YevheniiPokhvalii mentioned or the
--update-statusflag. It should be on by default in v0.17.0.Hi @ismailyenigul @haim-ari @shibumi,
can confirm with the
commandArgsis working fine! Finally no Lua stuff needed 😃 thanks!Same here, after few rollouts it was stuck while waiting for something of sealed sealed secrets.
Updating from
1.6.xto1.7.3seems to fix it for me.