APIcast deployment through the operator fails when using sealed secrets

Solution Unverified - Updated -

Issue

When deploying APIcast via the apicast-operator it is sometimes required to create the adminPortalCredentialsRef secret a head of time. For example when using sealed secrets.

The APIcast-operator will use the preexisting secret, but it also attempts to take ownership of the secret. In the case of a sealed secrets operator this results in a conflict error being logged in the operator:

{"level":"error","ts":1637155738.007716,"logger":"controller-runtime.manager.controller.apicast","msg":"Reconciler error","reconciler group":"apps.3scale.net","reconciler kind":"APIcast","name":"apicast-staging","namespace":"apicast-dev","error":"Object apicast-dev/staging-3scaleportal-secret is already owned by another SealedSecret controller staging-3scaleportal-secret","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/remote-source/deps/gomod/pkg/mod/github.com/go-logr/zapr@v0.2.0/zapr.go:132\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.7.2/pkg/internal/controller/controller.go:267\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.7.2/pkg/internal/controller/controller.go:235\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1.1\n\t/remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.7.2/pkg/internal/controller/controller.go:198\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext.func1\n\t/remote-source/deps/gomod/pkg/mod/k8s.io/apimachinery@v0.19.14/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/remote-source/deps/gomod/pkg/mod/k8s.io/apimachinery@v0.19.14/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/remote-source/deps/gomod/pkg/mod/k8s.io/apimachinery@v0.19.14/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/remote-source/deps/gomod/pkg/mod/k8s.io/apimachinery@v0.19.14/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext\n\t/remote-source/deps/gomod/pkg/mod/k8s.io/apimachinery@v0.19.14/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.UntilWithContext\n\t/remote-source/deps/gomod/pkg/mod/k8s.io/apimachinery@v0.19.14/pkg/util/wait/wait.go:99"}

Environment

  • Red Hat 3scale API Management
    • 2.10 On-premises
    • 2.11 On-premises

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content