How can I create Stringdata from data?
rubenssoto opened this issue · 6 comments
Hello,
Im using argocd, and I want to configure github repos and with argo 2.1 we should create secrets, but instead of data, this secrets has stringData.
Like this:
apiVersion: v1
kind: Secret
metadata:
name: private-repo
namespace: argocd
labels:
argocd.argoproj.io/secret-type: repository
stringData:
url: https://github.com/argoproj/private-repo
password: my-password
username: my-usernam
I tried to have the same approach using external secrets
apiVersion: "kubernetes-client.io/v1"
kind: ExternalSecret
metadata:
name: github-repo-token
namespace: argocd
spec:
backendType: systemManager
data:
- key: github_repo_token
name: token
- key: github_repo_token_user
name: username
template:
metadata:
labels:
argocd.argoproj.io/secret-type: repository
stringData:
url: url_repo
password: data.token
username: data.username
Is it right? Because didnt work.
Anybody could help me with that?
Thank you
You can use the lodash templates in the stringData like <%= data.token %>
and <%= data.username %>
@rubenssoto Have you made any progress on this? We're attempting to do the same thing as you are but for the life of me I can't figure out how to get the stringData
field in the native Kubernetes secret to populate.
Hey @kencieszykowski, I don't know if you resolved your issue but I had a problem with adding a cluster to ArgoCD declaratively, just like @rubenssoto with adding a repository. I thought that the secret must contain the stringData
but it seems it can use data
as long as you base64 encode the secret as the stringData
should be.
The problem I had was that external-secrets
when retrieving the secret put all the secret information into one key, i.e if you have this:
...
data:
- key: /secret/path
name: secretConfig
Your secret information will all be inside of the secretConfig
, i.e this would create the k8s Secret
with the following config:
...
data:
secretConfig: eyJhd3NBdXR.....
And this won't work since the stringData
expects to have different configuration, i.e key - value pairs. That's why you need to use the stringData
templating, to get the right Secret
configuration.
In my case I had to had the following stringData
, check the docs for more info (https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters):
...
stringData:
name: 'some-name'
server: 'some-server'
config: |
{
"login-config": {}
}
So what I did was I added my secret config in AWS secrets manager as a JSON, i.e I converted the stringData
- name: ...
into JSON and I put it like that into a secret. I did this because the external-secrets
controller uses lodash
templating.
{
"name": "some-name",
"server": "some-server",
"config": {
"awsAuthConfig": {
...
}
}
}
So this was the external-secrets
config I made to get the right config:
template:
stringData:
name: <%= JSON.parse(data.clusterConfig).name %>
server: <%= JSON.parse(data.clusterConfig).server %>
config: |
<%= JSON.stringify(JSON.parse(data.clusterConfig).config) %>
data:
- key: /secret/path
name: clusterConfig
And this resulted in creating the secret with:
data:
name: eyJhd3NBdXR.....
server: eyJhd3NBdXR.....
config: eyJhd3NBdXR.....
I too had stumbled on the issue, it would be great to have stringData
field by default but till then this is my workaround :)
--> secret in AWS Secrets Manager as a json
{
"username": "<my_username>",
"password": "<my_password>"
}
--> external secret
---
apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
name: vikas
namespace: argocd
spec:
backendType: secretsManager
region: ap-southeast-2
template:
stringData:
name: codecommit
type: git
url: "https://git-codecommit.ap-southeast-2.amazonaws.com/v1/repos/<myrepo>"
data:
- key: arn:aws:secretsmanager:ap-southeast-2:111111111:secret:<my_secret>
name: username
property: username
- key: arn:aws:secretsmanager:ap-southeast-2:111111111:secret:<my_secret>
name: password
property: password
--> secret created
apiVersion: v1
data:
name: Y29kZWNvbW1pdA==
password: SkdG....
type: Z2l0
url: aHR0c....
username: Y25zb....
kind: Secret
metadata:
name: vikas
namespace: argocd
type: Opaque
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.
This issue was closed because it has been stalled for 30 days with no activity.