Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secrets generated from custom resources don't use the default controller's encoding #63

Closed
akolosov-a opened this issue Nov 23, 2021 · 0 comments · Fixed by #64
Closed

Secrets generated from custom resources don't use the default controller's encoding #63

akolosov-a opened this issue Nov 23, 2021 · 0 comments · Fixed by #64
Labels
bug

Comments

@akolosov-a
Copy link

Describe the bug
When kubernetes-secret-generator controller is explicitly configured to use some encoding different from base64 then the secrets generated from custom resources with no encoding field specified are still created with base64 encoding.

To Reproduce

  1. Deploy kubernetes-secret-generator controller with the parameter to use e.g. hex encoding by default.
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kubernetes-secret-generator
  namespace: kube-system
  labels:
    app: kubernetes-secret-generator
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: kubernetes-secret-generator
  template:
    metadata:
      labels:
        app: kubernetes-secret-generator
    spec:
      serviceAccountName: kubernetes-secret-generator
      containers:
      - name: kubernetes-secret-generator
        image: quay.io/mittwald/kubernetes-secret-generator:v3.3.4
        command:
        - kubernetes-secret-generator
        ports:
        - containerPort: 8080
          name: http
        env:
        - name: WATCH_NAMESPACE
          value: ''
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: OPERATOR_NAME
          value: kubernetes-secret-generator
        - name: SECRET_ENCODING
          value: hex
  1. Create a custom resource for string secret with no encoding specified.
apiVersion: secretgenerator.mittwald.de/v1alpha1
kind: StringSecret
metadata:
  name: the-secret-crd
spec:
  fields:
  - fieldName: password
  1. Check the encoding of the generated secret (it is not the hex encoding which is configured for controller):
$ kubectl get secret the-secret-crd -o jsonpath='{.data.password}' | base64 --decode
wjjH7N8AJqOSL4UXIo46sYJHuy9pPYYd+j4evnoe

Expected behavior
The expected behaviour is similar to the secrets which items are generated with the annotations - the default encoding is used if no secret-generator.v1.mittwald.de/encoding annotation is specified. E.g. this is the password generated in the secret generated with annotations:

$ kubectl describe secret the-secret
Name:         the-secret
Namespace:    default
Labels:       <none>
Annotations:  secret-generator.v1.mittwald.de/autogenerate: password
              secret-generator.v1.mittwald.de/autogenerate-generated-at: 2021-11-23T13:25:22Z
              secret-generator.v1.mittwald.de/secure: yes
              secret-generator.v1.mittwald.de/type: string

Type:  Opaque

Data
====
password:  40 bytes

$ kubectl get secret the-secret -o jsonpath='{.data.password}' | base64 --decode
a9838164a615daa23a2731aedc36ece46021e6da

Environment:

  • Kubernetes version: 1.20.12
  • kubernetes-secret-generator version: v3.3.4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

use default encoding in crd controller mittwald/kubernetes-secret-generator
1 participant
@akolosov-a