search

external-secrets / kubernetes-external-secrets

Integrate external secret management systems with Kubernetes
MIT License
2.61k stars 403 forks source link

IBM-Cloud-Secret-Manager Arbitrary secret creating with wrong indentation #878

Closed chokhareganesh closed 2 years ago

chokhareganesh commented 2 years ago

Hi Team, I have followed https://github.com/ibm-cloud-docs/secrets-manager/blob/9d95ea9a8a94dbab7ce40fc56775fa277ccbe3c3/tutorials/kubernetes-secrets.md for integrating secret with Kubernetes cluster,

I have created a secret type as Arbitrary secret but when I access this secret inside K8S cluster its not preserving secret indentation/format

  1. secret I have created Arbitrary secret inside secret-manager (YAML object)
route:
  receiver: "watchdog"
  group_by: [ 'alertname', 'cluster', 'service' ]
  routes:
    - match:
        alertname: Watchdog
      receiver: "watchdog"
    - receiver: "slack_pagerduty"
receivers:
  - name: watchdog
  - name: slack_pagerduty
    slack_configs:
      - channel: #test
        api_url: https://hooks.slack.com/
        title: "{{ range .Alerts }}{{ .Annotations.summary }}\n{{ end }}"
        text: "{{ range .Alerts }}{{ .Annotations.description }}\n{{ end }}"
        send_resolved: true
    pagerduty_configs:
      - service_key: test-pager-key
  1. I have created external secret for above object inside K8s cluster
  2. The secret will look like as 
    {"payload":"route:\n  receiver: \"watchdog\"\n  group_by: [ 'alertname', 'cluster', 'service' ]\n  routes:\n    - match:\n        alertname: Watchdog\n      receiver: \"watchdog\"\n    - receiver: \"slack_pagerduty\"\nreceivers:\n  - name: watchdog\n  - name: slack_pagerduty\n    slack_configs:\n      - channel: #test\n        api_url: https://hooks.slack.com/\n        title: \"{{ range .Alerts }}{{ .Annotations.summary }}\\n{{ end }}\"\n        text: \"{{ range .Alerts }}{{ .Annotations.description }}\\n{{ end }}\"\n        send_resolved: true\n    pagerduty_configs:\n      - service_key: test-pager-key"}

    questions:

  3. why its created as json rater than yaml ? it not make any sense as it converting to json
  4. If I want to store as YAML how to use secrete manager for YAML configuration file ? I want to create exact same secret with same value which I stored inside Secret-Manager
chokhareganesh commented 2 years ago

Hi @Flydiverny we need your help here, Thanks

philippselle commented 2 years ago

Hi @chokhareganesh If you use external secret as follows:

apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
  name: arbitrary-secret
spec:
  backendType: ibmcloudSecretsManager
  data:
    - key: <secret-id>
      name: example
      property: payload
      secretType: arbitrary

You will get a secret, which contains your yaml input (even with the same indentation).

philippselle commented 2 years ago 
$ oc get secret arbitrary-secret -oyaml
apiVersion: v1
data:
  example: cm91dGU6CiAgcmVjZWl2ZXI6ICJ3YXRjaGRvZyIKICBncm91cF9ieTogWyAnYWxlcnRuYW1lJywgJ2NsdXN0ZXInLCAnc2VydmljZScgXQogIHJvdXRlczoKICAgIC0gbWF0Y2g6CiAgICAgICAgYWxlcnRuYW1lOiBXYXRjaGRvZwogICAgICByZWNlaXZlcjogIndhdGNoZG9nIgogICAgLSByZWNlaXZlcjogInNsYWNrX3BhZ2VyZHV0eSIKcmVjZWl2ZXJzOgogIC0gbmFtZTogd2F0Y2hkb2cKICAtIG5hbWU6IHNsYWNrX3BhZ2VyZHV0eQogICAgc2xhY2tfY29uZmlnczoKICAgICAgLSBjaGFubmVsOiAjdGVzdAogICAgICAgIGFwaV91cmw6IGh0dHBzOi8vaG9va3Muc2xhY2suY29tLwogICAgICAgIHRpdGxlOiAie3sgcmFuZ2UgLkFsZXJ0cyB9fXt7IC5Bbm5vdGF0aW9ucy5zdW1tYXJ5IH19XG57eyBlbmQgfX0iCiAgICAgICAgdGV4dDogInt7IHJhbmdlIC5BbGVydHMgfX17eyAuQW5ub3RhdGlvbnMuZGVzY3JpcHRpb24gfX1cbnt7IGVuZCB9fSIKICAgICAgICBzZW5kX3Jlc29sdmVkOiB0cnVlCiAgICBwYWdlcmR1dHlfY29uZmlnczoKICAgICAgLSBzZXJ2aWNlX2tleTogdGVzdC1wYWdlci1rZXk=
kind: Secret
metadata:
  name: arbitrary-secret
  namespace: default
type: Opaque
$ echo cm91dGU6CiAgcmVjZWl2ZXI6ICJ3YXRjaGRvZyIKICBncm91cF9ieTogWyAnYWxlcnRuYW1lJywgJ2NsdXN0ZXInLCAnc2VydmljZScgXQogIHJvdXRlczoKICAgIC0gbWF0Y2g6CiAgICAgICAgYWxlcnRuYW1lOiBXYXRjaGRvZwogICAgICByZWNlaXZlcjogIndhdGNoZG9nIgogICAgLSByZWNlaXZlcjogInNsYWNrX3BhZ2VyZHV0eSIKcmVjZWl2ZXJzOgogIC0gbmFtZTogd2F0Y2hkb2cKICAtIG5hbWU6IHNsYWNrX3BhZ2VyZHV0eQogICAgc2xhY2tfY29uZmlnczoKICAgICAgLSBjaGFubmVsOiAjdGVzdAogICAgICAgIGFwaV91cmw6IGh0dHBzOi8vaG9va3Muc2xhY2suY29tLwogICAgICAgIHRpdGxlOiAie3sgcmFuZ2UgLkFsZXJ0cyB9fXt7IC5Bbm5vdGF0aW9ucy5zdW1tYXJ5IH19XG57eyBlbmQgfX0iCiAgICAgICAgdGV4dDogInt7IHJhbmdlIC5BbGVydHMgfX17eyAuQW5ub3RhdGlvbnMuZGVzY3JpcHRpb24gfX1cbnt7IGVuZCB9fSIKICAgICAgICBzZW5kX3Jlc29sdmVkOiB0cnVlCiAgICBwYWdlcmR1dHlfY29uZmlnczoKICAgICAgLSBzZXJ2aWNlX2tleTogdGVzdC1wYWdlci1rZXk= | base64 --decode
route:
  receiver: "watchdog"
  group_by: [ 'alertname', 'cluster', 'service' ]
  routes:
    - match:
        alertname: Watchdog
      receiver: "watchdog"
    - receiver: "slack_pagerduty"
receivers:
  - name: watchdog
  - name: slack_pagerduty
    slack_configs:
      - channel: #test
        api_url: https://hooks.slack.com/
        title: "{{ range .Alerts }}{{ .Annotations.summary }}\n{{ end }}"
        text: "{{ range .Alerts }}{{ .Annotations.description }}\n{{ end }}"
        send_resolved: true
    pagerduty_configs:
      - service_key: test-pager-key
github-actions[bot] commented 2 years ago

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.

github-actions[bot] commented 2 years ago

This issue was closed because it has been stalled for 30 days with no activity.