How can I create Stringdata from data?

Question

How can I create Stringdata from data?

rubenssoto opened this issue 3 years ago · 6 comments

Hello,

Im using argocd, and I want to configure github repos and with argo 2.1 we should create secrets, but instead of data, this secrets has stringData.

Like this:

apiVersion: v1
kind: Secret
metadata:
  name: private-repo
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repository
stringData:
  url: https://github.com/argoproj/private-repo
  password: my-password
  username: my-usernam

I tried to have the same approach using external secrets

apiVersion: "kubernetes-client.io/v1"
kind: ExternalSecret
metadata:
  name: github-repo-token
  namespace: argocd
spec:
  backendType: systemManager
  data:
    - key: github_repo_token
      name: token
    - key: github_repo_token_user
      name: username
  template:
      metadata:
          labels:
              argocd.argoproj.io/secret-type: repository
      stringData:
        url: url_repo
        password: data.token
        username: data.username

Is it right? Because didnt work.

Anybody could help me with that?

Thank you

Answer 1 · 2021-08-19T17:29:01.000Z

You can use the lodash templates in the stringData like <%= data.token %> and <%= data.username %>

Answer 2 · 2021-11-03T01:30:53.000Z

@rubenssoto Have you made any progress on this? We're attempting to do the same thing as you are but for the life of me I can't figure out how to get the stringData field in the native Kubernetes secret to populate.

Answer 3 · 2021-11-19T10:15:20.000Z

Hey @kencieszykowski, I don't know if you resolved your issue but I had a problem with adding a cluster to ArgoCD declaratively, just like @rubenssoto with adding a repository. I thought that the secret must contain the stringData but it seems it can use data as long as you base64 encode the secret as the stringData should be.
The problem I had was that external-secrets when retrieving the secret put all the secret information into one key, i.e if you have this:

...
data:
    - key: /secret/path
      name: secretConfig

Your secret information will all be inside of the secretConfig, i.e this would create the k8s Secret with the following config:

...
data:
  secretConfig: eyJhd3NBdXR.....

And this won't work since the stringData expects to have different configuration, i.e key - value pairs. That's why you need to use the stringData templating, to get the right Secret configuration.
In my case I had to had the following stringData, check the docs for more info (https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters):

...
stringData:
  name: 'some-name'
  server: 'some-server'
  config: |
    {
      "login-config": {}
    }

So what I did was I added my secret config in AWS secrets manager as a JSON, i.e I converted the stringData - name: ... into JSON and I put it like that into a secret. I did this because the external-secrets controller uses lodash templating.

{
  "name": "some-name",
  "server": "some-server",
  "config": {
    "awsAuthConfig": {
      ...
    }
  }
}

So this was the external-secrets config I made to get the right config:

template:
    stringData:
      name: <%= JSON.parse(data.clusterConfig).name %>
      server: <%= JSON.parse(data.clusterConfig).server %>
      config: |
        <%= JSON.stringify(JSON.parse(data.clusterConfig).config) %>
data:
    - key: /secret/path
      name: clusterConfig

And this resulted in creating the secret with:

data:
  name: eyJhd3NBdXR.....
  server: eyJhd3NBdXR.....
  config: eyJhd3NBdXR.....

Answer 4 · 2022-01-27T22:58:17.000Z

I too had stumbled on the issue, it would be great to have stringData field by default but till then this is my workaround :)

--> secret in AWS Secrets Manager as a json

{
  "username": "<my_username>",
  "password": "<my_password>"
}

--> external secret

---
apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
  name: vikas
  namespace: argocd
spec:
  backendType: secretsManager
  region: ap-southeast-2
  template:
    stringData:
      name: codecommit
      type: git
      url: "https://git-codecommit.ap-southeast-2.amazonaws.com/v1/repos/<myrepo>"
  data:
  - key: arn:aws:secretsmanager:ap-southeast-2:111111111:secret:<my_secret>
    name: username
    property: username
  - key: arn:aws:secretsmanager:ap-southeast-2:111111111:secret:<my_secret>
    name: password
    property: password

--> secret created

apiVersion: v1
data:
  name: Y29kZWNvbW1pdA==
  password: SkdG....
  type: Z2l0
  url: aHR0c....
  username: Y25zb....
kind: Secret
metadata:
  name: vikas
  namespace: argocd
type: Opaque

Answer 5 · 2022-04-28T03:57:58.000Z

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.

Answer 6 · 2022-05-29T03:16:12.000Z

This issue was closed because it has been stalled for 30 days with no activity.