Home > front end >  How to create kubernetes secret with multiple values for one key?
How to create kubernetes secret with multiple values for one key?

Time:11-21

This is how I'm trying to create a secret for my kubernetes mongodb, which gets deployed using the bitnami mongodb helm chart:

apiVersion: v1
kind: Secret
metadata:
  name: mongodb-secret
  namespace: mongodb
  labels:
    app.kubernetes.io/component: mongodb
type: Opaque
data: 
  mongodb-root-password: 'encoded value'
  mongodb-passwords: '???'
  mongodb-metrics-password: 'encoded value'
  mongodb-replica-set-key: 'encoded value'

The helm chart values.yaml says:

auth:
  ## MongoDB(®) custom users and databases
  ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#creating-a-user-and-database-on-first-run
  ## @param auth.usernames List of custom users to be created during the initialization
  ## @param auth.passwords List of passwords for the custom users set at `auth.usernames`
  ## @param auth.databases List of custom databases to be created during the initialization
  ##
  usernames: []
  passwords: []
  databases: []
  ## @param auth.existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`)
  ## NOTE: When it's set the previous parameters are ignored.
  ##
  existingSecret: ""

So passwords is an array of strings for each username and each database.

How do I have to implement these multiple passwords in my secret?

The helm template should give me a hint, but I don't understand it: secret.yaml

Or is it a simple string with all passwords separated by , and encoded?

CodePudding user response:

Should be something like:

auth:
  usernames: ["bob", "alice"]
  passwords: ["bobpass", "alicepass"]
  databases: ["bobdb", "alicedb"]

If you want to pass those on the cli --set flag instead, you should be able to use curly braces as per this comment: https://github.com/helm/helm/issues/1987#issuecomment-280497496 - like:

--set auth.usernames={bob,alice},auth.passwords={bobpass,alicepass},auth.databases={bobdb,alicedb}

This would produce a secret like following - which you can check with helm template command:

---
# Source: mongodb/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
  name: release-name-mongodb
  namespace: default
  labels:
    app.kubernetes.io/name: mongodb
    helm.sh/chart: mongodb-13.4.4
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: mongodb
type: Opaque
data:
  mongodb-root-password: "Uk1tZThhYzNFZg=="
  mongodb-passwords: "Ym9icGFzcyxhbGljZXBhc3M="
---

You can decode mongodb-passwords, using:

echo -n Ym9icGFzcyxhbGljZXBhc3M= | base64 -d

and notice that it looks as following: bobpass,alicepass

Also note that there seems to be an option to have mongodb.createSecret flag set to false and creating that secret manually (which may be more secure depending on the exact workflow).

Page link:https//www.codepudding.com/frontend/617591.html

Prev:Node Mongo Express - I can register a user but I cannot login
Next:Invalid reference format error while trying to pull image from docker
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding