Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

environment variables in curly brackets are interpreted as secrets #102

Open
ramonskie opened this issue Aug 19, 2022 · 0 comments
Open

environment variables in curly brackets are interpreted as secrets #102

ramonskie opened this issue Aug 19, 2022 · 0 comments
Labels
bug This issue describes a defect or unexpected behavior carvel-accepted This issue should be considered for future work and that the triage process has been completed hacktoberfest

Comments

@ramonskie
Copy link

environment variable within curly brackets are interpreted as a secret

we use a environment variable ${CREDHUB_POSTGRES_HOST} in our secret template +stringdata
see how we use it here.
https://github.com/cloudfoundry/bosh-community-stemcell-ci-infra/blob/main/config/credhub/secrets.yml#L77

a small example:

---
apiVersion: secretgen.carvel.dev/v1alpha1
kind: SecretTemplate
metadata:
  name: new-secret
spec:
  #! list of resources to read information off
  inputResources:
  - name: username-secret
    ref:
      apiVersion: v1
      kind: Secret
      name: username
  template:
    stringData:
      application.yml: |
        foo: bar
        address: "${CREDHUB_POSTGRES_HOST}"

secretgen controller is spitting out the following error

insertId: "mb8yqauemnbi5zgs"
jsonPayload: {
error: "templating stringData: unrecognized identifier CREDHUB_POSTGRES_HOST"
level: "error"
logger: "controller.sg-template"
msg: "Reconciler error"
name: "credhub-config"
namespace: "concourse"
stacktrace: "sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
	sigs.k8s.io/controller-runtime@v0.10.3/pkg/internal/controller/controller.go:227"
ts: 1660813208.7108898
}
labels: {5}
logName: "projects/cloud-foundry-310819/logs/stderr"
receiveTimestamp: "2022-08-18T09:00:15.000212012Z"
resource: {2}
severity: "ERROR"
timestamp: "2022-08-18T09:00:08.711057208Z"
}

see discussion at
https://kubernetes.slack.com/archives/CH8KCCKA5/p1660856228615859?thread_ts=1660813747.061909&cid=CH8KCCKA5

secretgen v0.10.3
@ramonskie ramonskie added bug This issue describes a defect or unexpected behavior carvel-triage This issue has not yet been reviewed for validity labels Aug 19, 2022
@joe-kimmel-vmw joe-kimmel-vmw added carvel-accepted This issue should be considered for future work and that the triage process has been completed and removed carvel-triage This issue has not yet been reviewed for validity labels Aug 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue describes a defect or unexpected behavior carvel-accepted This issue should be considered for future work and that the triage process has been completed hacktoberfest
Projects
Carvel
Status: Unprioritized
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ramonskie @joaopapereira @joe-kimmel-vmw