YuvalShAz
commented
8 months ago Hi nihit001raj, I have looked into this issue and have reproduced the behavior you detail in your comment with a few key assumptions:
- I assume your secret is JSON in nature (this is because of how your env is currently loading: {"NEW_RELIC_LICENSE_KEY":"xxxxxxxxxxxxxxxx”})
- I assume all-else-equal re: the choice of image, image pull policy, etc… (between your implementation and mine)
- I assume that when you “comment[ed] out test_name” you had added it back in somewhere else. This field is needed or the following error is reported:
Given these assumptions my conclusion is that you most likely need to use the jmesPath parameter when ingesting a secret object (ctrl-f “jmesPath” in README.md). This automatically parses your json secret and gives each key-path you have specified an alias which can be used to create a kube-secret which can then be used to create an env variable. (This produces the behavior NEW_RELIC_LICENSE_KEY":"xxxxxxxxxxxxxxxx)
Without using this jmesPath specifier, the secret will indeed be ingested as if it were a raw string (not json formatted) and loaded into the env with the name you specify in the deployment file. (This produces the behavior test_name={"NEW_RELIC_LICENSE_KEY":"xxxxxxxxxxxxxxxx”})
I am using below secretproviderclass and it is creating secret and loading it as an env in pod but the format is not correct.
apiVersion: secrets-store.csi.x-k8s.io/v1 kind: SecretProviderClass metadata: name: pp-dev-pp-webapp namespace: pp-dev spec: provider: aws secretObjects:
volumes:
test_name={"NEW_RELIC_LICENSE_KEY":"xxxxxxxxxxxxxxxx"}
but it should be in format
NEW_RELIC_LICENSE_KEY":"xxxxxxxxxxxxxxxx
Tried editing secretstoredriver and deployment by commenting out test_name reference but it did not help