科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>google cloud platform - Kubernetes external-secret.io operator can not unmarshal GCP secret value stored as plain text - Stack O

    google cloud platform - Kubernetes external-secret.io operator can not unmarshal GCP secret value stored as plain text - Stack O

    programmeradmin2浏览0评论

    Created GCP secret and stored plain text value e.g. userpassword

    Created and applied external-secrets.io yaml manifest as shown below

    apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: test-ext-secret-gcp
  namespace: myplatform
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: secret-store
  target:
    name: db-readonly-userpass
  dataFrom:
      # GCP Secrets Manager secret name
    - extract:
        key: gcp-db-readonly-userpass

    When doing kubectl describe, it gives error unable to unmarshal secret: invalid character 'u' looking for beginning of value

    How to read the plain text GCP secret value and load as kubernetes secret using external-secrets.io operator?

    Created GCP secret and stored plain text value e.g. userpassword

    Created and applied external-secrets.io yaml manifest as shown below

    apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: test-ext-secret-gcp
  namespace: myplatform
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: secret-store
  target:
    name: db-readonly-userpass
  dataFrom:
      # GCP Secrets Manager secret name
    - extract:
        key: gcp-db-readonly-userpass

    When doing kubectl describe, it gives error unable to unmarshal secret: invalid character 'u' looking for beginning of value

    How to read the plain text GCP secret value and load as kubernetes secret using external-secrets.io operator?

    • kubernetes
    • google-cloud-platform
    • google-kubernetes-engine
    • external-secrets-operator
    • external-secrets
    Share Improve this question edited Feb 7 at 18:34 danronmoon 3,8735 gold badges35 silver badges58 bronze badges asked Feb 7 at 1:22 deepdivedeepdive 11k3 gold badges33 silver badges41 bronze badges 1
    • Try remoteRef: and see if it works? – aaa Commented Feb 7 at 1:40
    Add a comment  | 

    1 Answer 1

    Reset to default 0

    The first commenter has succinctly pointed you in the right direction - the dataFrom field requires the secret data to be in JSON format [1]. Since your data is plain text you got that general Go error.

    To get the raw secret value you can indeed use remoteRef field as shown in this example [2].

    [1] https://external-secrets.io/latest/guides/all-keys-one-secret/
    [2] https://external-secrets.io/latest/provider/google-secrets-manager/#creating-external-secret

    继续浏览有关 的文章

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论