"Progressing" events when SealedSecrets resources are unchanged #1611
Description
This happens only to SealedSecrets for me, which I find very weird.
This then sends duplicate notifications in discord, which I use with the flux notification controller
Discord notifications (at each reconciliation cycle) :
kustomization/secrets-sealed-staging-apps-podinfo-step-install.flux-system
SealedSecret/apps-podinfo/podinfo-secret configured
SealedSecret/apps-podinfo/podinfo-secret4 configured
originRevision
develop@sha1:4758a0a7296735b03dea41cb9097b0529009dc8e
env
staging
revision
staging@sha256:a2e63e84b4a9d5cccaaa66a02a2455703d224466cb2811d652f0f3dbc648ecb3
PodInfo secret with --show-managed-fields (it's a test secret so I didn't redact anything)
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: "2026-03-02T17:00:47Z"
generation: 2
labels:
kustomize.toolkit.fluxcd.io/name: secrets-sealed-staging-apps-podinfo-step-network
kustomize.toolkit.fluxcd.io/namespace: flux-system
managedFields:
- apiVersion: bitnami.com/v1alpha1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:labels:
f:kustomize.toolkit.fluxcd.io/name: {}
f:kustomize.toolkit.fluxcd.io/namespace: {}
f:spec:
f:encryptedData:
f:username: {}
f:template:
f:metadata:
f:name: {}
f:namespace: {}
f:type: {}
manager: kustomize-controller
operation: Apply
time: "2026-03-03T07:42:54Z"
- apiVersion: bitnami.com/v1alpha1
fieldsType: FieldsV1
fieldsV1:
f:status:
.: {}
f:conditions: {}
f:observedGeneration: {}
manager: controller
operation: Update
subresource: status
time: "2026-03-02T20:58:43Z"
name: podinfo-secret
namespace: apps-podinfo
resourceVersion: "625990"
uid: 414842f5-5f1c-4337-97c8-1be580860f84
spec:
encryptedData:
username: AgDOqiCDlylyMKF3/YPJD/H+CTPhwfvJRk/VYcE6MvVOBaPkbvpzfSJPfyygFgGwRHpuRZfcBXSLH5EMWAzQYdb9ZiG89J574noa836WXtr2Andxj1BwWiCuL87Ixx5qS2tmd6UGu0jG2VTW6FFxCHH7kpahwpQ3659sXLIXzYzvbG4VXe/qeMDgPAKJ/mWQffkOKHARfr8KdRcMsqmCqFVwFoz19WZKlG/48FIJ026Cm0tqiO1NTcO7GEybkxno5IBbkBr2u1Ob0mhsqHb+YXtpVKuUjEKsKH76myeQVTqfQP59JnG9ZWQmgOrwcDIHO6+X5SC/Gw0xfazAFeEcsaujtEXUugsx3HOs+RC6WrgDEE4UeHbsM7ikHg/tG7yLkfHcFkaQCwLqpgRQwwcUcNU826i2+KKeqPFZ15+SaBOYaYj1P4yAHhuN8euPKvmxWEwgo3DfUGB1WmqlN3RfrGcyYH1oHDkgXextCa3BmoWC67YFISfPS5RUD7m50ryw5Mhk094EnWu4RTo6u62N/PI9fqaOEh15XIe97GRQ25X/mI76ZXbkP4TnWB4ps5ipJS2PmU6MZJPnGE7TyI0UPnO7mwFmkqqSXgSiIoHX/ex3fz/NlqsjqYJaQCWA70ecqr2xI521Ze7rROKq0SzlGNFIlmyRBcHVm7aaQ5z6fBWTXm8yYAwUupV+yrwrbNESVzFPcCXj0ZIkZr4=
template:
metadata:
name: podinfo-secret
namespace: apps-podinfo
type: Opaque
status:
conditions:
- lastTransitionTime: "2026-03-02T20:58:43Z"
lastUpdateTime: "2026-03-02T20:58:43Z"
status: "True"
type: Synced
observedGeneration:
Kustomize controller logs for the problematic secrets :
{"level":"info","ts":"2026-03-03T07:46:44.580Z","msg":"All dependencies are ready, proceeding with reconciliation","controller":"kustomization","controllerGroup":"kustomize.toolkit.fluxcd.io","controllerKind":"Kustomization","Kustomization":{"name":"secrets-sealed-staging-apps-podinfo-step-install","namespace":"flux-system"},"namespace":"flux-system","name":"secrets-sealed-staging-apps-podinfo-step-install","reconcileID":"1cd3997a-7895-4add-b34d-5140182c8fcd"}
{"level":"info","ts":"2026-03-03T07:46:44.742Z","msg":"server-side apply completed","controller":"kustomization","controllerGroup":"kustomize.toolkit.fluxcd.io","controllerKind":"Kustomization","Kustomization":{"name":"secrets-sealed-staging-apps-podinfo-step-install","namespace":"flux-system"},"namespace":"flux-system","name":"secrets-sealed-staging-apps-podinfo-step-install","reconcileID":"1cd3997a-7895-4add-b34d-5140182c8fcd","output":{"SealedSecret/apps-podinfo/podinfo-secret":"configured","SealedSecret/apps-podinfo/podinfo-secret4":"configured"},"revision":"staging@sha256:a2e63e84b4a9d5cccaaa66a02a2455703d224466cb2811d652f0f3dbc648ecb3"}
{"level":"info","ts":"2026-03-03T07:46:44.843Z","msg":"Reconciliation finished in 271.655639ms, next run in 1m0s","controller":"kustomization","controllerGroup":"kustomize.toolkit.fluxcd.io","controllerKind":"Kustomization","Kustomization":{"name":"secrets-sealed-staging-apps-podinfo-step-install","namespace":"flux-system"},"namespace":"flux-system","name":"secrets-sealed-staging-apps-podinfo-step-install","reconcileID":"1cd3997a-7895-4add-b34d-5140182c8fcd","revision":"staging@sha256:a2e63e84b4a9d5cccaaa66a02a2455703d224466cb2811d652f0f3dbc648ecb3"}
Logs for a kustomization without issues
{"level":"info","ts":"2026-03-03T07:46:26.213Z","msg":"server-side apply completed","controller":"kustomization","controllerGroup":"kustomize.toolkit.fluxcd.io","controllerKind":"Kustomization","Kustomization":{"name":"apps-podinfo-namespace","namespace":"flux-system"},"namespace":"flux-system","name":"apps-podinfo-namespace","reconcileID":"049c8570-08c2-49e2-9b1e-6cda501479ab","output":{"Namespace/apps-podinfo":"unchanged"},"revision":"staging@sha256:9d651edd6f79f3717c865ccaedd756c08a5c206ed19b390dcadf3f1b512c8641"}
{"level":"info","ts":"2026-03-03T07:46:26.325Z","msg":"Reconciliation finished in 216.604516ms, next run in 1m0s","controller":"kustomization","controllerGroup":"kustomize.toolkit.fluxcd.io","controllerKind":"Kustomization","Kustomization":{"name":"apps-podinfo-namespace","namespace":"flux-system"},"namespace":"flux-system","name":"apps-podinfo-namespace","reconcileID":"049c8570-08c2-49e2-9b1e-6cda501479ab","revision":"staging@sha256:9d651edd6f79f3717c865ccaedd756c08a5c206ed19b390dcadf3f1b512c8641"}
This is my only exclusion in my discord notification config : "^Dependencies.*"
I'm having trouble understanding why this only happens to sealed secrets