I'm setting up some service accounts and associated token secrets by dropping a manifest at

/var/lib/rancher/k3s/server/manifests

, but I'm only getting the last defined secret. In the manifest I use

generateName

to set the name of the secrets, so

name

is not set. That seems to result in k3s only creating the last one defined in the file. If I explicitly set

name

, all secrets are created. I have a feeling this worked before in an older cluster of mine (which has since been scrapped, so can't confirm), has there been any changes with regards to this in the last couple releases? (I'd say after 1.23 maybe?)

can you share what the manifest looks like? with as little redaction as possible

Not redacted at all, only changed some names. Original names are very similar 🙂

K3s actually uses a helper library to do the application: https://github.com/rancher/wrangler/blob/master/pkg/apply/desiredset.go It does use object names and namespaces to determine what needs to change. I’m not aware of anything that’s changed over there recently that would have broken use of resources with only the generateName set, and no name, but I wouldnt be surprised if it was never tested to work properly and either worked unreliably or was unintentionally regressed at some point.

I copied this runbook from the previously mentioned cluster, but I might not have had more than one service account at a time in that cluster, which would explain how it has worked then and not now. I can't remember why I needed

generateName

either, so I'll just use plain names for now. I'll create an issue for it anyway. Should I create it on the wrangler repo, or on k3s?

k3s

I guess this could hit any kind of resource, not just Secrets, since generateName is possible on all resources afaik ...

yep, any resource that supports GenerateName (which is all of them I think)