Description
Which component:
controller helm chart versions >= https://github.com/bitnami-labs/sealed-secrets/releases/tag/helm-v2.1.2 (all versions after 2022-01-27)
Introduced by: eabb451
Describe the bug
The docs state:
A value of
0will deactivate automatic key renewal. Of course, you may have a valid use case for deactivating automatic sealing key renewal but experience has shown that new users often tend to jump to conclusions that they want control over key renewal, before fully understanding how sealed secrets work.
Just to make sure I'm not coming across as someone in that new users callout - I've been operating with sealed secrets for probably 5+ years now (:heart:), and my use case is that we have a fleet of clusters where one cluster performs cert renewal and another mechanism (external-secrets) distributes those certs across the other clusters. I need the recipient clusters to not renew their certs.
To Reproduce
- Run the command
helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets - Run the command
helm repo update sealed-secrets - Run the command
$ helm template sealed-secrets sealed-secrets/sealed-secrets --set=keyrenewperiod=0 --dry-run \ $ | yq 'select(.kind == "Deployment") | .spec.template.spec.containers[0].args' [ "--update-status", "--key-prefix", "sealed-secrets-key", "--listen-addr", ":8080", "--listen-metrics-addr", ":8081" ]
- This
yqis https://github.com/kislyuk/yq, not mikefarah's
- This
Expected behavior
Expected to see --key-renew-period=0 in the output of the helm template.
Root cause:
This happens because the if-condition in the helm template evaluates to if 0 which is false.
Version of Kubernetes:
$ kubectl version
Client Version: v1.33.0
Kustomize Version: v5.6.0
Server Version: v1.32.3-eks-bcf3d70Additional context
This might apply to a few other CLI arguments, but maybe only key renew period has use cases where 0 is an acceptable value.