Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

postBuild substituteFrom secret envsubst error YAMLToJSON #4830

Open
rcarre opened this issue Jun 7, 2024 · 2 comments
Open

postBuild substituteFrom secret envsubst error YAMLToJSON #4830

rcarre opened this issue Jun 7, 2024 · 2 comments

Comments

@rcarre
Copy link

rcarre commented Jun 7, 2024
edited
Loading

Describe the bug

Flux kustomization postBuild failing with error message postBuild 'post build failed for ''sourceSecret'': envsubst error: YAMLToJSON: yaml: line 8: did not find expected alphabetic or numeric character'

The postBuild substitution works fine with secret values not starting with character * in plain text

However when encoded in base64, there is no special character but who knows the way Flux does manage the secret value substitution: in plain text (then we have special characters) or in base64 ?

Steps to reproduce

Here is the source yaml secret snippet

apiVersion: v1
data:
  password: KlFyMU4nSylAbSNXLSR7eTtkbCg=
kind: Secret
metadata:
  name: sourceSecret
  namespace: myNamespace

Here is yaml Flux kusto snippet

---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
 name: myService
 namespace: myNamespace
spec:
 path: ./myPath
 postBuild:
   substituteFrom:
   - kind: Secret
     name: sourceSecret

Here is the target yaml secret snippet

---
apiVersion: v1
kind: Secret
metadata:
  name: targetSecret
stringData:
  password: ${password}
type: Opaque

Expected behavior

Expected the target secret workload

---
apiVersion: v1
data:
  password: KlFyMU4nSylAbSNXLSR7eTtkbCg=
kind: Secret
metadata:
  name: targetSecret
type: Opaque

Screenshots and recordings

Also gave a try with this target secret yaml syntax

---
apiVersion: v1
kind: Secret
metadata:
  name: targetSecret
stringData:
  password: ${quote}${password}${quote}
type: Opaque

### OS / Distro

N/A

### Flux version

2.3.0

### Flux check

N/A

### Git provider

_No response_

### Container Registry provider

_No response_

### Additional context

_No response_

### Code of Conduct

- [X] I agree to follow this project's Code of Conduct
@rcarre
Copy link
Author

rcarre commented Jun 13, 2024

Does anyone have an idea at which step and the way I should escape the leading * for password key value ? Thx

@JordanP
Copy link

JordanP commented Oct 8, 2024

I have the same issue with dns, trying to pass a wildcard dns name that starts with *.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JordanP @rcarre