447 questions
0
votes
0
answers
43
views
C# secret access on local and Kubernites
I am looking for a way to access my secrets from Kubernetes and locally in my C# project.
Locally I have my secrets.json:
{
"OpenAi": {
"Key": "<Key>"
},
}
...
1
vote
1
answer
34
views
Auto certificate expiration date check in .jks in Kubernetes secret
I have certificates stored in .jks file. The jks keystore is in the Kubernetes secret.
Is there any way to check the expiration date in Kubernetes itself?
For TLS certificates, we use X.509 exporter ...
- 11
0
votes
1
answer
63
views
How can I set up secrets with GKE?
I have a .env file of many of the secrets used in a python container running on GKE, but os.getenv() always returns None. Is it possible to load these secrets into GKE, where they can be accessed by ...
2
votes
2
answers
85
views
AKS addon: azure-keyvault-secrets-provider is unable to sync k8s secret
1)We have enabled addons for azure keyvault by issuing below command on AKS:
az aks enable-addons --addons azure-keyvault-secrets-provider --name CLUSTER-NAME --resource-group RESOURCE-GROUP-NAME
...
- 913
0
votes
0
answers
74
views
Skaffold before and after deploy hooks when decrypting secrets in before hook and using kustomize
According to the Skaffold lifecycle hooks documentation, I have added the following before and after hooks to my skaffold.yaml:
deploy:
kubectl:
hooks:
before:
- host:
...
- 9,067
1
vote
0
answers
45
views
Terraform often tries to update kubernetes_secret with a resource "id"
I have many clusters with many secrets in each cluster. I am using Terraform to manage these clusters.
Every now and then when I run a plan when there are no changes of any kind to the code, terraform ...
- 376
0
votes
1
answer
68
views
Creating K8s Secrets and Jobs dynamically - replacing sensitive placeholder values
In my Github Actions workflow, I am trying to dynamically create one K8s Job, and K8s Secret or Configmap per schema, in a list that I’m fetching from Snowflake.
I’m looking for the best way is to ...
- 611
0
votes
0
answers
26
views
Register ConfigConnector created cluster in ArgoCD
I am trying to setup an environment with GKE, ConfigConnector and ArgoCD.
I have management cluster where I installed ArgoCD and ConfigConnector. Then I use ConfigConnector to create a new GKE cluster ...
- 1,378
0
votes
1
answer
403
views
External Secrets unable to read plain text
Hi I have an external Secrets created that I want to read the secrets from SSM Parameter.
However this secrets are stored as string rather than JSON format.
I'm getting this error:
unable to ...
- 731
0
votes
1
answer
159
views
How to create kubernetes generic secret without base64 encoding?
for example I'm creating a kubernetes generic secret using following:
kubectl create secret generic passwords \
--from-literal=TestUser='mypass' -n mynamespace
And I will get the following secret:
# ...
0
votes
0
answers
133
views
How to use securityConfigSecret in Opensearch with admin password being a sensitive value
I'm trying to use a set of roles with custom-defined permissions and OIDC as authentication backend for the OpenSearch cluster deployed using opensearch-operator. I also want to have the password for ...
1
vote
1
answer
132
views
Is there a way to mount only the file from k8s secret to a pod without disturbing the existing files in the location?
I am trying to mount a file secret.txt from the secret to location /opt/tomcat/conf/secret.txt. there are other files at the same location e.g. /opt/tomcat/conf/creds.txt that I want to retain.
This ...
0
votes
1
answer
81
views
How to mount specific fields in secretmanager using secretstore csi driver
Trying to mount only specific keys from the aws secretmanager as file to the pods using below.
Value of aws secret mytestsecret:
{"key1": "value1", "key2": "value2&...
- 140
0
votes
1
answer
127
views
Is it possible to hide pod-mounted kubernetes secrets?
I have the following question, at my work I have secrets stored in a keyvault and I consume them through a secretProviderClass mounted on a pod path.
They ask me if it is possible that when entering ...
0
votes
2
answers
51
views
K8S secret usage in SQLCMD password is always empty
Im trying to connect to an SQL server using K8S secret for password but no matter what syntax or method i want to use the password always empty. If i hard code the password everything works fine.
I ...
- 1
0
votes
1
answer
221
views
Helm mount a set of confimaps or secrets dynamically
I have a use case for a helm deployment to mount a set of configmaps (it can be also secrets) which are present in the system already.
The configmaps follow a pattern *-version. As the name suggests, ...
- 1,002
1
vote
1
answer
78
views
Proper way to mount some files from secret with specified name
I have an external secret that contains certificate, keystore and truststore generated by cert-manager. So it contains keystore.jks, truststore.jks + some other files.
I need to use this keystore.jks ...
- 6,479
-1
votes
1
answer
490
views
How to enable https on AKS hosted ASP.NET Core 6 Web API?
I am working on enabling https on AKS hosted ASP.NET Core 6 Web API. I found various samples online and I have couple questions around it. I am sharing part of relevant code here. Hope someone can ...
- 7,772
0
votes
1
answer
76
views
Issue with Linking Secrets in Kubernetes Deployment YAML
Description
Blockquote
I'm trying to deploy an application using Kubernetes and Helm. My goal is to link environment variables from a Kubernetes Secret to my deployment. However, I'm encountering ...
- 13
0
votes
1
answer
337
views
Injecting secrets into Kubernetes pods via Vault Agent containers [closed]
how to inject secrets into Kubernetes pods via Vault Agent containers using env variables
Hello everyone, I need your help. I'm trying to perform secret injection via Vault into a Kubernetes cluster, ...
- 11
1
vote
2
answers
2k
views
Azure Kubernetes Service with csi secret store error fetching the secrets-store-creds
I have an Azure Kubernetes Service cluster running. And part of setting the environment variables for my pod, i installed the csi-secret-store-provider-azure with helm chart. The first deployment was ...
- 1,499
2
votes
2
answers
215
views
Nuxt3 get environment variables from Kubernetes Secrets
I'm using Nuxt3 with K8 and want to pass some secrets using Kubernetes Secrets to my Nuxt3 app.
I cannot set the environment variables in my Docker container directly, because the container is public.
...
- 375
0
votes
0
answers
120
views
Use kubernetes secrets as jenkins credentials without a respin
I'm looking for a way to use kubernetes secrets in my jenkins helm release and be able to update/add credentials without having to respin the instance. Currently it works when using plain text and can ...
0
votes
0
answers
98
views
how to change ownership and file permissions for the secrets copied using secrets-store-csi-driver
I am not able to change the ownership of the files when mounted using secrets-store-csi-driver.
the files are getting mounted as root with readonly permissions and 644 mode.
Whereas I want to change ...
- 65
0
votes
2
answers
1k
views
kubectl create secret command to identify if the created secret is existing or not existing then if it is existing it will not create secret
I want to use the kubectl create secret command to identify if the created secret is existing or not existing then if it is existing it will not create the existing secret.
currently I have this ...
- 55
0
votes
0
answers
102
views
Kubernetes Secret Store CSI Driver
I want to use Kubernetes Secret Store CSI driver to store and encrypt Kubernetes secrets. I want to use the secret values in the Configmap manifest files of some of the pods. How do I do it. Below is ...
- 315
0
votes
0
answers
128
views
Why am I getting errors in this simple kubernetes hashicorp vault operator test project?
For a school assignment I have to (as a part of many things) implement Hashicorp's Vault Secret Operator. I'm using a guide for this on baeldung (https://www.baeldung.com/spring-vault-kubernetes-...
- 1
0
votes
0
answers
314
views
How to protect kms:CreateGrant permission while encryption AWS EKS secrets
I have to encrypt k8s secrets in AWS EKS cluster. To achieve this, I have created a KMS key with the following key policy which allows kms:CreateGrant permission to my IAM role only when the ...
- 1,359
0
votes
0
answers
609
views
How to access a secret injected into a Kubernetes pod with Vault?
I am new to using Kubernetes. I have a Kubernetes cluster with 8 microservices, and all services are deployed using Helm charts. While I specify some parameters in values.yaml, such as database ...
1
vote
1
answer
211
views
How to remove ownerRef from kubernetes secret using kopf
can you please help me with the problem I'm facing? I use an kubernetes operator based on python and kopf for copying secrets from a namespace to one or more other namespaces, based on annotations. ...
0
votes
0
answers
665
views
AWS KMS permission issue : User not authorized to perform kms:CreateGrant (Service: EKS StatusCode: 400)
I am writing this question here after exploring couple of days around it.
My application creates AWS EKS cluster, Now I am trying to also encrypt my EKS secrets using KMS key, But I am getting below ...
- 1,359
0
votes
0
answers
195
views
Trouble Pulling Images from Self-Hosted Private GitLab Registry in Kubeflow Pipelines on k3s/WSL2
I am new on Kubernetes and Kubeflow and trying to pull images from my self hosted private gitlab registry in Kubeflow Pipelines. This is my pipeline:
@container_component
def container_component_trial(...
- 39
0
votes
1
answer
292
views
Is there a way to reference a kubernetes secret in a Kong plugin yaml file?
I have a Kong introspection plugin and would like the introspection url to pull the data from a kubernetes secret. Is this possible?
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
...
- 13
0
votes
1
answer
453
views
How to concatinate random generated string in Kubernetes secret yaml
I have MongoDB and the backend pod needed to be running in the cluster. I want to generate the random password for Mongodb and use it as a connection string in my backend. Here is what my K8s secret ...
0
votes
1
answer
256
views
Bash - Iterate over map from k8s secrets call
I am requesting the details of a k8s secret:
kubectl get secret mySecret -o jsonpath='{.data}'
The answer of the call gives me the following map:
'map[first_password:ZXhhbXBsZQ0K second_password:...
- 39
0
votes
0
answers
603
views
dapr | failed getting app id either from the URL path or the header dapr-app-id
I want to use a Java client to retrieve the dapr secrets. but I am getting exceptions while invoking. not sure where to set the dapr-app-id to resolve the issue. Help would be appriticated.
below is ...
- 132
1
vote
3
answers
226
views
transforming configMapKeyRef into secretKeyRef with jq
Here is my deploy input
{
"apiVersion": "apps/v1",
"kind": "Deployment",
"spec": {
"replicas": 1,
"selector": {
...
0
votes
1
answer
226
views
Keep formating of data in kubernetes secret
I am deploying Matomo to Kubernetes. I have a config file that contains database credentials. I would like to create a secret from the config file and mount it to the pod.
I can´t figure out a way to ...
- 195
-1
votes
1
answer
508
views
Error in setup of Kubernetes Secret for C# application in pod
I'm trying to save the database credentials in Kubernetes secret. This will be picked through yaml file of kubernetes depoloyment.yaml.
This is how i created the secret in kubernetes master node:
...
- 311
0
votes
1
answer
540
views
k8s docker hub login credentials is not working
The problem is this:
I have a cluster on Kubernetes with containerd as container runtime and Docker Hub Registry, where I store my private images, also master node on linux centos 7.
I logged in to ...
- 1
0
votes
0
answers
25
views
Double define kubernetesPodUtils
I'm trying to do a Spring Boot app deployed on GKE. It uses an application.yml file. I use a K8s configmap to map the dev/stage/prod file as needed. Spring sees it as a normal app, not a k8s app.
I ...
- 1,167
0
votes
1
answer
870
views
Add contents of a file to an existing Kubernetes secret
I have an existing generic Kubernetes secret that exported as YAML (using kubectl get secret -o yaml > secret.yaml), looks like this:
kind: Secret
apiVersion: v1
type: Opaque
metadata:
name: some-...
- 1,477
1
vote
1
answer
369
views
How to list all resource to secret mappings?
I am looking for a kubectl command that will list everywhere a secret is referenced.
Example output:
deploymentABC - secretkeyname1
deploymentXYZ - secretkeyname2
statefulset123 - secretkeyname1
I ...
- 320
0
votes
0
answers
211
views
Helm: Protect cred info in file in secret
My search foo isn't strong on this question and I couldn't find any answers that helped. I have a bit of an inception-style question in setting up a helm chart with secrets keys that are files with ...
- 148
10
votes
0
answers
2k
views
Kustomize: How to Reference Name of a Secret Generated by secretGenerator in Deployment When Hash Suffix is Added?
Problem Summary:
I am using Kustomize to generate a secret using secretGenerator, and I need to reference this secret in a Deployment. Kustomize is appending a unique hash suffix to the secret name, ...
- 143
0
votes
0
answers
369
views
Kubernetes secret csi driver restrict secrets in pod
I am using Kubernetes CSI Secret store driver to connect my AKS to my Keyvault. When mounting my the class inside my pods, the volume contains all the secrets (specified in the class yaml).
These ...
- 502
0
votes
0
answers
307
views
How do I store and manage jks files in a way that would be easy to edit them
I have a few java applications that use JKS files for storing client private keys for things like DB certificates. Once these certificates get renewed I'd like an easy way to edit jks file, and ...
- 47
0
votes
1
answer
100
views
Deployment not running due to ImagePullBackOff reason
I'm trying to create a deployment that is pulling a container image from a private registry.
My deployment.yaml file:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
namespace: my-...
- 43
-2
votes
2
answers
464
views
Issue when trying to create secrets in Openshift : must be set with the mounted {} file path inside '/opt/app-root/src/' ###
I am using OpenShift V4 and trying to create a secret called artifactory-credential which contains Username and Password and is of type 'Opaque'.
I am passing the Username and Password to a secret....
- 533
1
vote
1
answer
822
views
mounting secret to kubernetes pod with file extension
I have a secret that I am trying to mount with a .yml extension on its name. Is there a way to do this? I have the following external secret (changed values to dummies):
apiVersion: external-secrets....
