Issues Global-Secret Generated Secrets

[donydonald1]

None of the Global-secret generated works to log into applications

• external-secret failing to sync secrets across

+ kubectl get ExternalSecret --all-namespaces
NAMESPACE   NAME                    STORE            REFRESH INTERVAL   STATUS              READY
dex         dex-secrets             global-secrets   1h                 SecretSyncedError   False
gitea       gitea-admin-secret      global-secrets   1h                 SecretSynced        True
grafana     grafana-secrets         global-secrets   1h                 SecretSynced        True
paperless   paperless-secret        global-secrets   1h                 SecretSynced        True
renovate    renovate-secret         global-secrets   1h                 SecretSyncedError   False
tailscale   tailscale-auth          global-secrets   1h                 SecretSynced        True
zot         registry-admin-secret   global-secrets   1h                 SecretSynced        True      

• fetch sync secrets for each of the applications deployed and none appears to be able to log into or access the application.

+ kubectl get secret paperless.admin -n global-secrets -oyaml
apiVersion: v1
data:
  PAPERLESS_ADMIN_PASSWORD: ZT9OTjc4PjQzeGJcSSg2V08zb2YybWB4fEJmfW9ZS0U=
kind: Secret
metadata:
  creationTimestamp: "2024-04-19T18:03:43Z"
  name: paperless.admin
  namespace: global-secrets
  resourceVersion: "5659"
  uid: e95fdda6-59d2-4ffd-91eb-2e9c3f423796
type: Opaque 

• some secrets were not created by External-secrets

+ kubectl describe ExternalSecret renovate-secret -n renovate
Name:         renovate-secret
Namespace:    renovate
Labels:       argocd.argoproj.io/instance=renovate
Annotations:  <none>
API Version:  external-secrets.io/v1beta1
Kind:         ExternalSecret
Metadata:
  Creation Timestamp:  2024-04-19T19:35:18Z
  Generation:          1
  Resource Version:    54504
  UID:                 d21dcab9-a6e2-43dd-9bc4-fb7568eba952
Spec:
  Data:
    Remote Ref:
      Conversion Strategy:  Default
      Decoding Strategy:    None
      Key:                  gitea.renovate
      Metadata Policy:      None
      Property:             token
    Secret Key:             token
  Refresh Interval:         1h
  Secret Store Ref:
    Kind:  ClusterSecretStore
    Name:  global-secrets
  Target:
    Creation Policy:  Owner
    Deletion Policy:  Retain
    Template:
      Data:
        RENOVATE_TOKEN:  {{ .token }}
      Engine Version:    v2
      Merge Policy:      Replace
Status:
  Conditions:
    Last Transition Time:  2024-04-19T19:35:18Z
    Message:               could not get secret data from provider
    Reason:                SecretSyncedError
    Status:                False
    Type:                  Ready
Events:
  Type     Reason        Age                  From              Message
  ----     ------        ----                 ----              -------
  Warning  UpdateFailed  11m (x27 over 166m)  external-secrets  error retrieving secret at .data[0], key: gitea.renovate, err: secrets "gitea.renovate" not found  

+ kubectl describe ExternalSecret dex-secrets -n dex
Name:         dex-secrets
Namespace:    dex
Labels:       argocd.argoproj.io/instance=dex
Annotations:  <none>
API Version:  external-secrets.io/v1beta1
Kind:         ExternalSecret
Metadata:
  Creation Timestamp:  2024-04-19T19:23:15Z
  Generation:          1
  Resource Version:    48282
  UID:                 4aec384e-224c-460c-9db5-30ce304a22f2
Spec:
  Data:
    Remote Ref:
      Conversion Strategy:  Default
      Decoding Strategy:    None
      Key:                  kanidm.dex
      Metadata Policy:      None
      Property:             client_id
    Secret Key:             KANIDM_CLIENT_ID
    Remote Ref:
      Conversion Strategy:  Default
      Decoding Strategy:    None
      Key:                  kanidm.dex
      Metadata Policy:      None
      Property:             client_secret
    Secret Key:             KANIDM_CLIENT_SECRET
    Remote Ref:
      Conversion Strategy:  Default
      Decoding Strategy:    None
      Key:                  dex.grafana
      Metadata Policy:      None
      Property:             client_secret
    Secret Key:             GRAFANA_SSO_CLIENT_SECRET
    Remote Ref:
      Conversion Strategy:  Default
      Decoding Strategy:    None
      Key:                  dex.gitea
      Metadata Policy:      None
      Property:             client_secret
    Secret Key:             GITEA_CLIENT_SECRET
  Refresh Interval:         1h
  Secret Store Ref:
    Kind:  ClusterSecretStore
    Name:  global-secrets
  Target:
    Creation Policy:  Owner
    Deletion Policy:  Retain
    Name:             dex-secrets
Status:
  Conditions:
    Last Transition Time:  2024-04-19T19:23:21Z
    Message:               could not get secret data from provider
    Reason:                SecretSyncedError
    Status:                False
    Type:                  Ready
Events:
  Type     Reason        Age                   From              Message
  ----     ------        ----                  ----              -------
  Warning  UpdateFailed  103s (x28 over 173m)  external-secrets  error retrieving secret at .data[0], key: kanidm.dex, err: secrets "kanidm.dex" not found 

[khuedoan]

Duplicated with #155