K
Q

Kubernetes: Putting JSON value in YAML file

12/10/2018

I am trying to create a secret from a JSON value but I keep getting this error executing "secrets.yaml" at <b64enc>: wrong type for value; expected string; got map[string]interface {} when I do helm install.

secrets.yaml

apiVersion: v1
kind: Secret
metadata:
  name: cloudsql-instance-credentials
  namespace: wp-{{ .Values.name }}
  labels:
    app: wp-{{ .Values.name }}
type: Opaque
data:
  credentials.json: {{ .Values.dbCred | b64enc }}

values.yaml

dbCred: {
  'type': '',
  'project_id': '',
  'private_key_id': '',
  'private_key': '-----BEGIN PRIVATE KEY-----\n\n-----END PRIVATE KEY-----\n',
  'client_email': '',
  'client_id': '',
  'auth_uri': '',
  'token_uri': '',
  'auth_provider_x509_cert_url': '',
  'client_x509_cert_url': ''
}
-- Kamil Kamili
google-kubernetes-engine
json
kubernetes
kubernetes-helm
yaml

Similar Questions

Request behind load-balancer
Network Policy whitelist IP
In which scenario kubernates pods can stop working?
How to access to the services in kubernetes cluster when ssh to another VMs via proxy?
Kubernetes: Restart pods when config map values change

4 Answers

12/10/2018

You can do as follow for your configuration:

apiVersion: v1
kind: Secret
metadata:
  name: cloudsql-instance-credentials
  namespace: wp-{{ .Values.name }}
  labels:
    app: wp-{{ .Values.name }}
type: Opaque
data:
  credentials.json: |-
     {{ include (print $.Template.BasePath "/_helper_conf.tpl") . | b64enc }}

Please note that when you are trying to inject configuration into secret ( espacially large ones ) you might need to use |-

you can also use a helper like

{{ include (print $.Template.BasePath "/_helper_conf.tpl") . | b64enc }}

Or even better, in you yaml configuration ( values.yml ) you can just write as follow:

dbCred:
  type: ''
  project_id: ''
  private_key_id: ''
  private_key: '-----BEGIN PRIVATE KEY-----\n\n-----END PRIVATE KEY-----\n'
  client_email: ''
  client_id: ''
  auth_uri: ''
  token_uri: ''
  auth_provider_x509_cert_url: ''
  client_x509_cert_url: ''

to use this sort of configuration you can check the object bellow:

apiVersion: v1
kind: Secret
metadata:
  name: cloudsql-instance-credentials
  namespace: wp-{{ .Values.name }}
  labels:
    app: wp-{{ .Values.name }}
type: Opaque
data:
  credentials.json: |-
     {{ toJson .Values.dbCred | b64enc }}

The use of this configuration is to provide an abstraction of the json provided and put it inside your values.yml

{{ toJson .Values.dbCred | b64enc }}

Note that this might be duplicated if you support multiple environments, so you might prefer to use a helper and some variables inside ( or tpl ) to avoid duplicated code

I hope this helps

-- hkhelil
Source: StackOverflow
12/10/2018

use double-quote("") before and after dbCred as below

dbCred: "{
  'type': '',
  'project_id': '',
  'private_key_id': '',
  'private_key': '-----BEGIN PRIVATE KEY-----\n\n-----END PRIVATE KEY-----\n',
  'client_email': '',
  'client_id': '',
  'auth_uri': '',
  'token_uri': '',
  'auth_provider_x509_cert_url': '',
  'client_x509_cert_url': ''
}"

Other things look okay.

-- Abu Hanifa
Source: StackOverflow
12/10/2018

You can fix this by changing {{ .Values.dbCred | b64enc }} to {{ toJson .Values.dbCred | b64enc }}

-- Ryan Dawson
Source: StackOverflow
12/10/2018

Alternatively, you can keep your credentials.json file inside chart directory, and access file inside your template

data:
  credentials.json: {{ .Files.Get "credentials.json" | b64enc }}
-- edbighead
Source: StackOverflow