stackoom
  简体   繁体   中英

Kubectl create multiline secret

 原文  2020-08-04 11:51:28       kubernetes/ google-kubernetes-engine/ kubernetes-helm/ kubectl

Question

I'm trying to put a Service Account into a secret - I did it previously a year ago and it works but now - no matter how I approach it, the application doesn't see it right and says there is Input byte array has incorrect ending byte - When creating normal secret I know you've gotta do it with a new line so

echo -n "secret" | base64

and put that value in secret and apply, but my multiline file

cat secret.json
{
  "type": "service_account",
  "project_id": "smth-smth",
  "private_key_id": "blabla"
...
}

No matter how I approach - whether put it by hand like in the first example, or do it with

cat secret.json | base64

# or 

base64 < secret.json

the secret is created but application throws

Constructor threw exception; nested exception is java.lang.IllegalArgumentException: Input byte array has incorrect ending byte at 3104

When I compare the new secret to the last one of the service account the difference is how the output looks like

The working one is smth like this - when I try to decrypt the base64

echo -n "<long string of base64 encrypred sa> | base64 -D
    { "type": "service_account", "project_id": "blabla"... }

so it's in one line, and the new SA I try to decrypt is outputed in the format as in the file - so each part of json in new line - I tried manually putting it all in one line but without success

Anyone know? how to put a multiline file in a secret (base64) properly?

2 answers

solution1
 4  2020-08-04 13:17:40

The easiest way to create a secret from a file is to use kubectl create secret generic .

Put your file secret.json in a folder config and then run:

kubectl create secret generic my-secret --from-file=config

You will get a secret my-secret with one key secret.json containing your file (which you can then mount to a pod volume).

solution2
 1  2022-05-03 14:26:27

If you cannot create files an option is to write into a variable and then load the result into a --file-literal . This may be necessary because it seems kubectl either escapes newline characters \n when inside a quoted string and ignores them if no quotes are supplied. When reading from a variable the \n are treated as expected.

EDIT: With regards to multi-line strings do take care to use correct linefeed characters, as explained here . I ran into that when trying my answer at home:)

target_string=$(echo "string1\nstring2")
kubectl create secret generic your-secret-name --from-literal=your_key=$target_string

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to create a multy-key Kubernetes secret from an external secret? terraform create k8s secret from gcp secret Secret Manager- To create the secret of a secret_name which is out there already and used by production application AWS CLI Secrets Manager Create Secret Create Azure Key Vault backed secret scope in Databricks with AAD Token AWS Secret manager does not allow me to create a secret for a RDS read-replica Trying to create secret in Azure Key Vault using Azure Functions How to create client secret for Azure Service Principal using Terraform How to create a CloudRun with terraform export a secret as env var? How to create an AWS secret of type other using cdk
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM