i am using S3 as source and before pushing the data to S3 i am encrypting the data with kms key.
i have added a irsa role to decrypt the kms key to the kustomization controller service account. but kustomize controller is failing to decode the data.
getting error:
"error":"failed to decode Kubernetes YAML from /tmp/kustomization-3479328615/resources/prod/org_ns79.yaml: MalformedYAMLError: yaml: control characters are not allowed "}
i am using S3 as source and before pushing the data to S3 i am encrypting the data with kms key. i have added a irsa role to decrypt the kms key to the kustomization controller service account. but kustomize controller is failing to decode the data.
getting error: "error":"failed to decode Kubernetes YAML from /tmp/kustomization-3479328615/resources/prod/org_ns79.yaml: MalformedYAMLError: yaml: control characters are not allowed"}
here is the complete code
package main
import ( "bytes" "encoding/gob" "fmt" "io/fs" "io/ioutil" "log" "time"
)
type Organization struct { APIVersion string
yaml:"apiVersion"
Kind stringyaml:"kind"
Metadata Metadatayaml:"metadata"
Spec Specyaml:"spec"
Status Statusyaml:"status"
}type Metadata struct { Annotations map[string]interface{}
yaml:"annotations"
CreationTime time.Timeyaml:"creationTimestamp"
Generation intyaml:"generation"
Name stringyaml:"name"
ResourceVersion stringyaml:"resourceVersion"
UID stringyaml:"uid"
}type Spec struct { ConfigRef ConfigRef
yaml:"configRef"
OrganizationType stringyaml:"organizationType"
Scopes []Scopeyaml:"scopes"
}type ConfigRef struct { Name string
yaml:"name"
}type Scope struct { AccessMode string
yaml:"accessMode"
AuthClientRef AuthClientRefyaml:"authClientRef"
IsolationRef IsolationRefyaml:"isolationRef"
}type AuthClientRef struct { Name string
yaml:"name"
}type IsolationRef struct { Name string
yaml:"name"
Namespace stringyaml:"namespace,omitempty"
}type Status struct { Conditions []Condition
yaml:"conditions"
}type Condition struct { LastTransitionTime time.Time
yaml:"lastTransitionTime"
Message stringyaml:"message"
ObservedGeneration intyaml:"observedGeneration"
Reason stringyaml:"reason"
Status stringyaml:"status"
Type stringyaml:"type"
}func main() {
}
func WriteToAExternalFile(filename string, data []byte, perm fs.FileMode) error { err := ioutil.WriteFile(filename, data, perm) if err != nil { fmt.Println("Error writing YAML file:", err) return err }
}
func StructToBytes(org Organization) ([]byte, error) { var buffer bytes.Buffer encoder := gob.NewEncoder(&buffer) err := encoder.Encode(org) if err != nil { return nil, err } return buffer.Bytes(), nil }
func BytesToStruct(data []byte) (*Organization, error) { var org Organization buffer := bytes.NewBuffer(data) decoder := gob.NewDecoder(buffer) err := decoder.Decode(&org) if err != nil { return nil, err } return &org, nil }
func encryptDataWithKMS(data []byte, keyID string) ([]byte, error) { // Create a new session sess, err := session.NewSession(&aws.Config{ Region: aws.String("us-east-1"), // Optionally provide credentials, leave this out to use default credentials. // Credentials: credentials.NewStaticCredentials("YOUR_AWS_ACCESS_KEY_ID", "YOUR_AWS_SECRET_ACCESS_KEY", ""), }) if err != nil { fmt.Println("Error creating session:", err) return nil, err } // Create a KMS client kmsClient := kms.New(sess)
}
func updateOrg(org Organization) Organization {
}
func uploadFileToS3(bucketName, fileName string, fileContent []byte) error { // Create a new AWS session sess, err := session.NewSession(&aws.Config{ Region: aws.String("us-east-1"), // Optionally provide credentials, leave this out to use default credentials. // Credentials: credentials.NewStaticCredentials("YOUR_AWS_ACCESS_KEY_ID", "YOUR_AWS_SECRET_ACCESS_KEY", ""), }) if err != nil { fmt.Println("Error creating session:", err) return err }
}
1.is it a valid approach?
apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: flux-test-kustomization namespace: flux-test-1 spec: interval: 1m sourceRef: kind: Bucket name: my-bucket namespace: flux-system path: /resources/prod prune: true