Home > Back-end >  Unable to deploy Kubernetes secrets using Helm
Unable to deploy Kubernetes secrets using Helm

Time:06-23

I'm trying to create my first Helm release on an AKS cluster using a GitLab pipeline, but when I run the following command

- helm upgrade server ./aks/server
      --install
      --namespace demo
      --kubeconfig ${CI_PROJECT_DIR}/.kube/config
      --set image.name=${CI_PROJECT_NAME}/${CI_PROJECT_NAME}-server
      --set image.tag=${CI_COMMIT_SHA}
      --set database.user=${POSTGRES_USER}
      --set database.password=${POSTGRES_PASSWORD}

I receive the following error:

"Error: Secret in version "v1" cannot be handled as a Secret: v1.Secret.Data: 
decode base64: illegal base64 data at input byte 8, error found in #10 byte of ..."

It looks like something is not working with the secrets file, but I don't understand what.

The secret.yaml template file is defined as follows:

apiVersion: v1
kind: Secret
metadata:
  name: server-secret
  namespace: demo
type: Opaque
data:
  User: {{ .Values.database.user }}
  Host: {{ .Values.database.host }}
  Database: {{ .Values.database.name }}
  Password: {{ .Values.database.password }}
  Port: {{ .Values.database.port }}

I will also add the deployment and the service .yaml files.

deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Values.app.name }}
  labels:
    app: {{ .Values.app.name }}
spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      tier: backend
      stack: node
      app: {{ .Values.app.name }}
  template:
    metadata:
      labels:
        tier: backend
        stack: node
        app: {{ .Values.app.name }}
    spec:
      containers:
        - name: {{ .Values.app.name }}
          image: "{{ .Values.image.name }}:{{ .Values.image.tag }}"
          imagePullPolicy: IfNotPresent
          env:
          - name: User
            valueFrom:
              secretKeyRef:
                name: server-secret
                key: User
                optional: false
          - name: Host
            valueFrom:
              secretKeyRef:
                name: server-secret
                key: Host
                optional: false
          - name: Database
            valueFrom:
              secretKeyRef:
                name: server-secret
                key: Database
                optional: false
          - name: Password
            valueFrom:
              secretKeyRef:
                name: server-secret
                key: Password
                optional: false
          - name: Ports
            valueFrom:
              secretKeyRef:
                name: server-secret
                key: Ports
                optional: false
          resources:
            limits:
              cpu: "1"
              memory: "128M"
          ports:
            - containerPort: 3000

service.yaml

apiVersion: v1
kind: Service
metadata:
  name: server-service
spec:
  type: ClusterIP
  selector:
    tier: backend
    stack: node
    app: {{ .Values.app.name }}
  ports:
    - protocol: TCP
      port: 3000
      targetPort: 3000

Any hint?

CodePudding user response:

You have to encode secret values to base64

Check the doc encoding-functions

Try below code

apiVersion: v1
kind: Secret
metadata:
  name: server-secret
  namespace: demo
type: Opaque
data:
  User: {{ .Values.database.user | b64enc }}
  Host: {{ .Values.database.host | b64enc }}
  Database: {{ .Values.database.name | b64enc }}
  Password: {{ .Values.database.password | b64enc }}
  Port: {{ .Values.database.port | b64enc }}

Else use stringData instead of data

stringData will allow you to create the secrets without encode to base64

Check the example in the link

apiVersion: v1
kind: Secret
metadata:
  name: server-secret
  namespace: demo
type: Opaque
stringData:
  User: {{ .Values.database.user | b64enc }}
  Host: {{ .Values.database.host | b64enc }}
  Database: {{ .Values.database.name | b64enc }}
  Password: {{ .Values.database.password | b64enc }}
  Port: {{ .Values.database.port | b64enc }}
  • Related