studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(data): remove empty data field from OpenBao placeholder Secret

Browse Source 
kubectl apply --server-side was managing the `data: {}` field, which
caused it to wipe the key/root-token entries written by the seed script
on subsequent applies. Removing the field entirely means server-side
apply never touches data, so seed-written keys survive re-applies.
This commit is contained in:
Sienna Meridian Satterwhite
2026-03-02 18:32:02 +00:00
parent e3336ff2a9
commit 361661e965
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
base/data/openbao-keys-placeholder.yaml
View File

@@ -1,9 +1,10 @@
# Placeholder secret — replaced by the init script after `bao operator init`.
# Exists so the auto-unseal sidecar's volume mount doesn't block pod startup.
# Placeholder secret — seed script writes real key/root-token data after init.
# Exists so the auto-unseal sidecar volume mount doesn't block pod startup.
# `data` is intentionally omitted so server-side apply never manages (or wipes)
# the key fields written by the seed script.
apiVersion: v1
kind: Secret
metadata:
name: openbao-keys
namespace: data
type: Opaque
data: {}