You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We've encountered a critical issue with the BerglasSecretController in our Kubernetes setup where old secrets are deleted whenever an update fails. This behavior results in an inability to roll back to a previous state since the old secrets are no longer available.
Steps to Reproduce
Deploy an incorrectly configured BerglasSecret (e.g., invalid permissions).
Introduce a failure in the update process.
Observe that the old secret is deleted despite the update failure.
Expected Behavior
The expected behavior would be that if an update fails, the old secrets should not be deleted, preserving the ability to roll back to a previous state.
Actual Behavior
When an update fails, the old secrets are deleted, leaving no way to recover the previous secret values.
Possible Solution
A potential solution could be to implement a transactional mechanism where the old secrets are only deleted upon a successful update.
Here, the deletion is followed by a create operation, and failure at this step is problematic. Could we consider using a create-then-replace approach to simulate a transaction-like mechanism?
The text was updated successfully, but these errors were encountered:
Description
We've encountered a critical issue with the BerglasSecretController in our Kubernetes setup where old secrets are deleted whenever an update fails. This behavior results in an inability to roll back to a previous state since the old secrets are no longer available.
Steps to Reproduce
Expected Behavior
The expected behavior would be that if an update fails, the old secrets should not be deleted, preserving the ability to roll back to a previous state.
Actual Behavior
When an update fails, the old secrets are deleted, leaving no way to recover the previous secret values.
Possible Solution
A potential solution could be to implement a transactional mechanism where the old secrets are only deleted upon a successful update.
berglas-secret-controller/controllers/secret.go
Line 105 in dc69a1c
Here, the deletion is followed by a create operation, and failure at this step is problematic. Could we consider using a create-then-replace approach to simulate a transaction-like mechanism?
The text was updated successfully, but these errors were encountered: