Kubectl 创建多行秘密
[英]Kubectl create multiline secret
问题描述
I'm trying to put a Service Account into a secret - I did it previously a year ago and it works but now - no matter how I approach it, the application doesn't see it right and says there is Input byte array has incorrect ending byte - When creating normal secret I know you've gotta do it with a new line so
我正在尝试将服务帐户保密 - 一年前我做过它并且它有效但现在 - 无论我如何处理它,应用程序都看不到它并说Input byte array has incorrect ending byte - 当创建普通秘密时,我知道你必须用一个新行来做,所以
echo -n "secret" | base64
and put that value in secret and apply, but my multiline file并将该值保密并应用,但我的多行文件
cat secret.json
{
"type": "service_account",
"project_id": "smth-smth",
"private_key_id": "blabla"
...
}
No matter how I approach - whether put it by hand like in the first example, or do it with无论我如何处理 - 无论是像第一个示例那样手动放置,还是使用
cat secret.json | base64
# or
base64 < secret.json
the secret is created but application throws秘密已创建但应用程序抛出
Constructor threw exception; nested exception is java.lang.IllegalArgumentException: Input byte array has incorrect ending byte at 3104
When I compare the new secret to the last one of the service account the difference is how the output looks like当我将新密码与服务帐户的最后一个密码进行比较时,不同之处在于 output 的样子
The working one is smth like this - when I try to decrypt the base64工作的是这样的 - 当我尝试解密 base64
echo -n "<long string of base64 encrypred sa> | base64 -D
{ "type": "service_account", "project_id": "blabla"... }
so it's in one line, and the new SA I try to decrypt is outputed in the format as in the file - so each part of json in new line - I tried manually putting it all in one line but without success所以它在一行中,我尝试解密的新 SA 以文件中的格式输出 - 所以 json 的每个部分在新行中 - 我尝试手动将它们全部放在一行中但没有成功
Anyone know?有人知道吗? how to put a multiline file in a secret (base64) properly?如何正确地将多行文件放入秘密(base64)中?
2 个解决方案
解决方案1
4 2020-08-04 13:17:40
The easiest way to create a secret from a file is to use kubectl create secret generic .从文件创建秘密的最简单方法是使用kubectl create secret generic 。
Put your file secret.json in a folder config and then run:将您的文件secret.json放在文件夹config中,然后运行:
kubectl create secret generic my-secret --from-file=config
You will get a secret my-secret with one key secret.json containing your file (which you can then mount to a pod volume).您将获得一个秘密my-secret和一个密钥secret.json包含您的文件(然后您可以将其安装到 pod 卷)。
解决方案2
1 2022-05-03 14:26:27
If you cannot create files an option is to write into a variable and then load the result into a --file-literal .如果您无法创建文件,一个选项是写入变量,然后将结果加载到--file-literal中。 This may be necessary because it seems kubectl either escapes newline characters \n when inside a quoted string and ignores them if no quotes are supplied.这可能是必要的,因为kubectl似乎要么在带引号的字符串中转义换行符\n ,要么在没有提供引号的情况下忽略它们。 When reading from a variable the \n are treated as expected.从变量中读取时, \n将按预期处理。
EDIT: With regards to multi-line strings do take care to use correct linefeed characters, as explained here .编辑:关于多行字符串,请注意使用正确的换行符, 如此处所述。 I ran into that when trying my answer at home:)我在家里尝试回答时遇到了这个问题:)
target_string=$(echo "string1\nstring2")
kubectl create secret generic your-secret-name --from-literal=your_key=$target_string
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.