$ kaf generate-secret.yaml
$ k get secret my-internal-secret -n kubecf -ojsonpath='{.data.password}' | base64 --decode
CDVIqCF7LY6dLyEGq10BrzaZfRWGDl8dxSV4vuVz8eDGga8AoP84SEc22Ben25mM
Now rotate secret:
$ kaf rotate-my-internal-secret.yaml
But the secret doesn't change
$ k get secret my-internal-secret -n kubecf -ojsonpath='{.data.password}' | base64 --decode
CDVIqCF7LY6dLyEGq10BrzaZfRWGDl8dxSV4vuVz8eDGga8AoP84SEc22Ben25mM
The rotation logs from cf-operator show an error:
cf-operator-9cc8f98dd-kxglp cf-operator 2020-01-31T00:33:43.011Z DEBUG boshdeployment-reconciler reference/reconciles.go:88 Listing BOSHDeployment in namespace 'kubecf' for 'rotate-my-internal-secret'
cf-operator-9cc8f98dd-kxglp cf-operator 2020-01-31T00:33:43.011Z DEBUG secret-rotation-reconciler quarkssecret/secret_rotation_controller.go:43Create predicate passed for 'rotate-my-internal-secret'
cf-operator-9cc8f98dd-kxglp cf-operator 2020-01-31T00:33:43.011Z INFO secret-rotation-reconciler quarkssecret/secret_rotation_reconciler.go:50Reconciling QuarksSecret rotation kubecf/rotate-my-internal-secret
cf-operator-9cc8f98dd-kxglp cf-operator 2020-01-31T00:33:43.011Z DEBUG quarks-statefulset-reconciler reference/reconciles.go:88 Listing QuarksStatefulSet in namespace 'kubecf' for 'rotate-my-internal-secret'
cf-operator-9cc8f98dd-kxglp cf-operator 2020-01-31T00:33:43.013Z DEBUG controller-runtime.manager.events recorder/recorder.go:52 Normal {"object": {"kind":"ConfigMap","namespace":"kubecf","name":"rotate-my-internal-secret","uid":"df2651fb-36d0-461b-935c-eba73d95f619","apiVersion":"v1","resourceVersion":"36898"}, "reason": "Predicates", "message": "{\"reconciliationObjectName\":\"rotate-my-internal-secret\",\"reconciliationObjectKind\":\"corev1.ConfigMap\",\"predicateObjectName\":\"rotate-my-internal-secret\",\"predicateObjectKind\":\"corev1.ConfigMap\",\"namespace\":\"kubecf\",\"message\":\"Create predicate passed for 'rotate-my-internal-secret'\",\"type\":\"Predicates\"}"}
cf-operator-9cc8f98dd-kxglp cf-operator 2020-01-31T00:33:43.027Z DEBUG controller-runtime.controller controller/controller.go:242 Successfully Reconciled {"controller": "secret-rotation-controller", "request": "kubecf/rotate-my-internal-secret"}
cf-operator-9cc8f98dd-kxglp cf-operator 2020-01-31T00:33:43.027Z DEBUG quarks-secret-reconciler quarkssecret/quarkssecret_controller.go:65 Update predicate passed for 'my-internal-secret'
cf-operator-9cc8f98dd-kxglp cf-operator 2020-01-31T00:33:43.027Z INFO quarks-secret-reconciler quarkssecret/quarkssecret_reconciler.go:86 Reconciling QuarksSecret kubecf/my-internal-secret
cf-operator-9cc8f98dd-kxglp cf-operator 2020-01-31T00:33:43.027Z DEBUG quarks-secret-reconciler controller/controller.go:216 Resource 'my-internal-secret' is in meltdown, requeue reconcile after 30s
cf-operator-9cc8f98dd-kxglp cf-operator 2020-01-31T00:33:43.027Z DEBUG controller-runtime.manager.events recorder/recorder.go:52 Normal {"object": {"kind":"QuarksSecret","namespace":"kubecf","name":"my-internal-secret","uid":"78df9c53-50cf-4ad9-b256-8a533d9f9f7b","apiVersion":"quarks.cloudfoundry.org/v1alpha1","resourceVersion":"36900"}, "reason": "Predicates", "message": "{\"reconciliationObjectName\":\"my-internal-secret\",\"reconciliationObjectKind\":\"qsv1a1.QuarksSecret\",\"predicateObjectName\":\"my-internal-secret\",\"predicateObjectKind\":\"qsv1a1.QuarksSecret\",\"namespace\":\"kubecf\",\"message\":\"Update predicate passed for 'my-internal-secret'\",\"type\":\"Predicates\"}"}
cf-operator-9cc8f98dd-kxglp cf-operator 2020-01-31T00:33:43.027Z DEBUG controller-runtime.manager.events recorder/recorder.go:52 Normal {"object": {"kind":"QuarksSecret","namespace":"kubecf","name":"my-internal-secret","uid":"78df9c53-50cf-4ad9-b256-8a533d9f9f7b","apiVersion":"quarks.cloudfoundry.org/v1alpha1","resourceVersion":"36900"}, "reason": "Meltdown", "message": "Resource 'my-internal-secret' is in meltdown, requeue reconcile after 30s"}