IBM-Cloud-Secret-Manager Arbitrary secret creating with wrong indentation
chokhareganesh opened this issue · 5 comments
Hi Team,
I have followed https://github.com/ibm-cloud-docs/secrets-manager/blob/9d95ea9a8a94dbab7ce40fc56775fa277ccbe3c3/tutorials/kubernetes-secrets.md
for integrating secret with Kubernetes cluster,
I have created a secret type as Arbitrary secret but when I access this secret inside K8S cluster its not preserving secret indentation/format
- secret I have created Arbitrary secret inside secret-manager (YAML object)
route:
receiver: "watchdog"
group_by: [ 'alertname', 'cluster', 'service' ]
routes:
- match:
alertname: Watchdog
receiver: "watchdog"
- receiver: "slack_pagerduty"
receivers:
- name: watchdog
- name: slack_pagerduty
slack_configs:
- channel: #test
api_url: https://hooks.slack.com/
title: "{{ range .Alerts }}{{ .Annotations.summary }}\n{{ end }}"
text: "{{ range .Alerts }}{{ .Annotations.description }}\n{{ end }}"
send_resolved: true
pagerduty_configs:
- service_key: test-pager-key
- I have created external secret for above object inside K8s cluster
- The secret will look like as
{"payload":"route:\n receiver: \"watchdog\"\n group_by: [ 'alertname', 'cluster', 'service' ]\n routes:\n - match:\n alertname: Watchdog\n receiver: \"watchdog\"\n - receiver: \"slack_pagerduty\"\nreceivers:\n - name: watchdog\n - name: slack_pagerduty\n slack_configs:\n - channel: #test\n api_url: https://hooks.slack.com/\n title: \"{{ range .Alerts }}{{ .Annotations.summary }}\\n{{ end }}\"\n text: \"{{ range .Alerts }}{{ .Annotations.description }}\\n{{ end }}\"\n send_resolved: true\n pagerduty_configs:\n - service_key: test-pager-key"}
questions:
- why its created as json rater than yaml ? it not make any sense as it converting to json
- If I want to store as YAML how to use secrete manager for YAML configuration file ? I want to create exact same secret with same value which I stored inside Secret-Manager
Hi @Flydiverny we need your help here, Thanks
Hi @chokhareganesh
If you use external secret as follows:
apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
name: arbitrary-secret
spec:
backendType: ibmcloudSecretsManager
data:
- key: <secret-id>
name: example
property: payload
secretType: arbitrary
You will get a secret, which contains your yaml
input (even with the same indentation).
$ oc get secret arbitrary-secret -oyaml
apiVersion: v1
data:
example: cm91dGU6CiAgcmVjZWl2ZXI6ICJ3YXRjaGRvZyIKICBncm91cF9ieTogWyAnYWxlcnRuYW1lJywgJ2NsdXN0ZXInLCAnc2VydmljZScgXQogIHJvdXRlczoKICAgIC0gbWF0Y2g6CiAgICAgICAgYWxlcnRuYW1lOiBXYXRjaGRvZwogICAgICByZWNlaXZlcjogIndhdGNoZG9nIgogICAgLSByZWNlaXZlcjogInNsYWNrX3BhZ2VyZHV0eSIKcmVjZWl2ZXJzOgogIC0gbmFtZTogd2F0Y2hkb2cKICAtIG5hbWU6IHNsYWNrX3BhZ2VyZHV0eQogICAgc2xhY2tfY29uZmlnczoKICAgICAgLSBjaGFubmVsOiAjdGVzdAogICAgICAgIGFwaV91cmw6IGh0dHBzOi8vaG9va3Muc2xhY2suY29tLwogICAgICAgIHRpdGxlOiAie3sgcmFuZ2UgLkFsZXJ0cyB9fXt7IC5Bbm5vdGF0aW9ucy5zdW1tYXJ5IH19XG57eyBlbmQgfX0iCiAgICAgICAgdGV4dDogInt7IHJhbmdlIC5BbGVydHMgfX17eyAuQW5ub3RhdGlvbnMuZGVzY3JpcHRpb24gfX1cbnt7IGVuZCB9fSIKICAgICAgICBzZW5kX3Jlc29sdmVkOiB0cnVlCiAgICBwYWdlcmR1dHlfY29uZmlnczoKICAgICAgLSBzZXJ2aWNlX2tleTogdGVzdC1wYWdlci1rZXk=
kind: Secret
metadata:
name: arbitrary-secret
namespace: default
type: Opaque
$ echo cm91dGU6CiAgcmVjZWl2ZXI6ICJ3YXRjaGRvZyIKICBncm91cF9ieTogWyAnYWxlcnRuYW1lJywgJ2NsdXN0ZXInLCAnc2VydmljZScgXQogIHJvdXRlczoKICAgIC0gbWF0Y2g6CiAgICAgICAgYWxlcnRuYW1lOiBXYXRjaGRvZwogICAgICByZWNlaXZlcjogIndhdGNoZG9nIgogICAgLSByZWNlaXZlcjogInNsYWNrX3BhZ2VyZHV0eSIKcmVjZWl2ZXJzOgogIC0gbmFtZTogd2F0Y2hkb2cKICAtIG5hbWU6IHNsYWNrX3BhZ2VyZHV0eQogICAgc2xhY2tfY29uZmlnczoKICAgICAgLSBjaGFubmVsOiAjdGVzdAogICAgICAgIGFwaV91cmw6IGh0dHBzOi8vaG9va3Muc2xhY2suY29tLwogICAgICAgIHRpdGxlOiAie3sgcmFuZ2UgLkFsZXJ0cyB9fXt7IC5Bbm5vdGF0aW9ucy5zdW1tYXJ5IH19XG57eyBlbmQgfX0iCiAgICAgICAgdGV4dDogInt7IHJhbmdlIC5BbGVydHMgfX17eyAuQW5ub3RhdGlvbnMuZGVzY3JpcHRpb24gfX1cbnt7IGVuZCB9fSIKICAgICAgICBzZW5kX3Jlc29sdmVkOiB0cnVlCiAgICBwYWdlcmR1dHlfY29uZmlnczoKICAgICAgLSBzZXJ2aWNlX2tleTogdGVzdC1wYWdlci1rZXk= | base64 --decode
route:
receiver: "watchdog"
group_by: [ 'alertname', 'cluster', 'service' ]
routes:
- match:
alertname: Watchdog
receiver: "watchdog"
- receiver: "slack_pagerduty"
receivers:
- name: watchdog
- name: slack_pagerduty
slack_configs:
- channel: #test
api_url: https://hooks.slack.com/
title: "{{ range .Alerts }}{{ .Annotations.summary }}\n{{ end }}"
text: "{{ range .Alerts }}{{ .Annotations.description }}\n{{ end }}"
send_resolved: true
pagerduty_configs:
- service_key: test-pager-key
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.
This issue was closed because it has been stalled for 30 days with no activity.