jwtracy
commented
3 years ago You can use the lodash templates in the stringData like <%= data.token %> and <%= data.username %>
Closed rubenssoto closed 2 years ago
jwtracy
commented
3 years ago You can use the lodash templates in the stringData like <%= data.token %> and <%= data.username %>
kencieszykowski
commented
2 years ago @rubenssoto Have you made any progress on this? We're attempting to do the same thing as you are but for the life of me I can't figure out how to get the stringData field in the native Kubernetes secret to populate.
Mr-istov
commented
2 years ago Hey @kencieszykowski, I don't know if you resolved your issue but I had a problem with adding a cluster to ArgoCD declaratively, just like @rubenssoto with adding a repository. I thought that the secret must contain the stringData but it seems it can use data as long as you base64 encode the secret as the stringData should be.
The problem I had was that external-secrets when retrieving the secret put all the secret information into one key, i.e if you have this:
...
data:
- key: /secret/path
name: secretConfigYour secret information will all be inside of the secretConfig, i.e this would create the k8s Secret with the following config:
...
data:
secretConfig: eyJhd3NBdXR.....And this won't work since the stringData expects to have different configuration, i.e key - value pairs. That's why you need to use the stringData templating, to get the right Secret configuration.
In my case I had to had the following stringData, check the docs for more info (https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters):
...
stringData:
name: 'some-name'
server: 'some-server'
config: |
{
"login-config": {}
}So what I did was I added my secret config in AWS secrets manager as a JSON, i.e I converted the stringData - name: ... into JSON and I put it like that into a secret. I did this because the external-secrets controller uses lodash templating.
{
"name": "some-name",
"server": "some-server",
"config": {
"awsAuthConfig": {
...
}
}
}So this was the external-secrets config I made to get the right config:
template:
stringData:
name: <%= JSON.parse(data.clusterConfig).name %>
server: <%= JSON.parse(data.clusterConfig).server %>
config: |
<%= JSON.stringify(JSON.parse(data.clusterConfig).config) %>
data:
- key: /secret/path
name: clusterConfigAnd this resulted in creating the secret with:
data:
name: eyJhd3NBdXR.....
server: eyJhd3NBdXR.....
config: eyJhd3NBdXR.....
vikas027
commented
2 years ago I too had stumbled on the issue, it would be great to have stringData field by default but till then this is my workaround :)
{
"username": "<my_username>",
"password": "<my_password>"
}---
apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
name: vikas
namespace: argocd
spec:
backendType: secretsManager
region: ap-southeast-2
template:
stringData:
name: codecommit
type: git
url: "https://git-codecommit.ap-southeast-2.amazonaws.com/v1/repos/<myrepo>"
data:
- key: arn:aws:secretsmanager:ap-southeast-2:111111111:secret:<my_secret>
name: username
property: username
- key: arn:aws:secretsmanager:ap-southeast-2:111111111:secret:<my_secret>
name: password
property: passwordapiVersion: v1
data:
name: Y29kZWNvbW1pdA==
password: SkdG....
type: Z2l0
url: aHR0c....
username: Y25zb....
kind: Secret
metadata:
name: vikas
namespace: argocd
type: Opaque
github-actions[bot]
commented
2 years ago This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.
github-actions[bot]
commented
2 years ago This issue was closed because it has been stalled for 30 days with no activity.
Hello,
Im using argocd, and I want to configure github repos and with argo 2.1 we should create secrets, but instead of data, this secrets has stringData.
Like this:
I tried to have the same approach using external secrets
Is it right? Because didnt work.
Anybody could help me with that?
Thank you