Can't access TLS certificates in GCP secrets
rozdestvenskiy opened this issue · 1 comments
I'm using GCP secret manager to store TLS certificates and keys for my project. And I want to use external-secrets to easy share them to pods. But when I try to get access from my Ingress pods, I've got this error:
Error while creating certificate store: failed to load X509 key pair: tls: failed to find any PEM data in certificate input
I checked this secret in kubectl and it cant get access to secret data, as I think:
Name: my-cert
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
But If i use another data in secret (not pem certificate) all is fine:
Name: creds
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
password: 16 bytes
username: 8 bytes
Here is the manifest for external secret:
apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
name: my-cert # name of the k8s external secret and the k8s secret
spec:
backendType: gcpSecretsManager
projectId: my-project-id
data:
- key: secret
property: tls.crt
name: tls.crt
- key: secret
property: tls.key
name: tls.key
Here is how my secret in GCP looks like:
{
"tls.crt":"here-is-my-cert",
"tls.key":"here-is-my-private-key"
}
Can somebody help me? Maybe it is kind of bug?
Looks like I fixed it by myself. Now I store key and cert in two different GCP secrets and here is manifest for external secret:
apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
name: my-cert # name of the k8s external secret and the k8s secret
spec:
backendType: gcpSecretsManager
projectId: my-project-id
data:
- key: ssl-cert
name: tls.crt
- key: ssl-key
name: tls.key