Sealed secret is not working when you have the kubernetes secret parse the data using the stringData using the yml file
KasunKulathunga opened this issue · comments
Which component:
kubeseal
Describe the bug
If a Kubernetes secret include a file to parse the value as the string data then it is not working as expected.
To Reproduce
Using the logstash operator configuration and trying to encrypt the logstash secret using the selaed secret and use the secret in the logstash configuration.
Create a Kubernetes secret as below using the string data including the file.
apiVersion: v1
kind: Secret
metadata:
name: logstash-pipeline
namespace: elastic
stringData:
pipelines.yml: |-
- pipeline.id: beats-server
config.string: |
input { beats { port => 5044 codec => json }}
output {
if [Source_App][name] == 'headltesssystemlogs' {
pipeline { send_to => headlesssystemlogs }
}
- Go to '...'
Go to the location that this file included - Run the command '....'
kubeseal apply -f - convert the secret to the sealed secret and then deploy to the kubernetes cluster
kubectl apply -f <selead_secret.yml> - Wait for '....'
Run the command - See error
After deploying the sealed secret when use by the logstash configuration to mount the secret this is not working properly
Expected behavior
After apply the sealed secret to the kubernetes cluster this should be working with the logstash configuration without any issue
Version of Kubernetes:
- Output of
kubectl version
:
(paste your output here)
Hi,
I tried that out of curiosity and it worked without a problem for me ^^
This is the result of kubeseal
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: logstash-pipeline
namespace: playground
spec:
encryptedData:
pipelines.yml: AgB2BQaPmVrbOmPA94Sp6SBldN1LlA2siTyLttTWU3QEOfLgpZa3GP8GDm0kCRpo/XzTpZnSA5hdBbENbwpGg6IdbMkxoyZ290ruGLIEkF+r+/G0sHE66gGuQd1QQpUFCms86Ey8Evg5dLRBpnqc5DBRIfTn9fGawmjAy00YT3UevBpe6GiVtqIziLTtjCUdZ2togGeDzO4xktLyuGMCVuLMDB2aO4UJb7C/mmxcZLJtIOTuEQV4Ep8vM3W5YzIxtvuKmS+505z/+WHf786iFPsC89PgMsnS9ZGdVOJIow5YX0nBVWHaNZz1LxPJMgGoycnsmOUqXWwRVRQCcPWQ1YGNMOdW1PxVdEMJvmpSuIbxY2RmguWlZiFKWICGQAKQnVTh8u634rMHdWL4eThVRV+eInjJOb+dBfdbfiJnR+3zfgsJgIF+HK************************************************xt8vRye6G7lV8hrvVs6B6e2da7crW5ylhpFKlqNae6DBJ8D1a8vw8YnLgOcfRh/vK23nUp9QlVF7Lf/R0rjTpfb+IfiRp3q5rH1v7xHhaeSDMu/UR4sgJt6lpiLLUM7ZggIV0Ua6DBbVmMOkRFYiNLY=
template:
metadata:
creationTimestamp: null
name: logstash-pipeline
The apply
command is successful
$ k apply -f temp_sealed.yml
sealedsecret.bitnami.com/logstash-pipeline created
And the content is intact
$ kyaml get secrets logstash-pipeline | yq .'data."pipelines.yml"' | base64 -d
- pipeline.id: beats-server
config.string: |
input { beats { port => 5044 codec => json }}
output {
if [Source_App][name] == 'headltesssystemlogs' {
pipeline { send_to => headlesssystemlogs }%
Could it be simply an indentation issue? Here is my YAML file
apiVersion: v1
kind: Secret
metadata:
name: logstash-pipeline
stringData:
pipelines.yml: |-
- pipeline.id: beats-server
config.string: |
input { beats { port => 5044 codec => json }}
output {
if [Source_App][name] == 'headltesssystemlogs' {
pipeline { send_to => headlesssystemlogs }
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
Due to the lack of activity in the last 7 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.