Workflow Fails to Schedule

  • Ensure the Workflow CRD is installed:
kubectl get crd workflows.external-secrets.io
  • Verify RBAC permissions for the controller in the target namespace.

Step Errors and Logs

  • Inspect WorkflowRun status and events:
kubectl describe workflowrun <name> -n <namespace>
  • Check controller logs for error messages:
kubectl logs deployment/external-secrets-enterprise-controller -n <namespace>

Templating Issues

  • Invalid Go template expressions will cause step failures.
  • Validate templates locally.
  • Use <debug> steps to emit context data during runs.

Secret Pull/Push Failures

  • Pull: Confirm SecretStore name and access credentials are correct.
  • Push: Ensure destination storeRef exists and has write permissions.

Scheduling and Concurrency

  • For spec.schedule.every, validate duration format (e.g., "30m", "1h").
  • Loop jobs with concurrency: 0 run unlimited parallel iterations—monitor controller resource usage.

General Tips

  • Use the <Note> component in definitions to add run-time annotations.
  • Incrementally add jobs and steps, verifying each run to isolate issues.
  • Refer to the Workflow API spec for detailed field descriptions.