Problem with escaping password with special characters in Kubernetes cloudsql

2/12/2019

I was following this tutorial for deploying Django App to Kubernetes Cluster. I've created cloudsql credentials and exported them as in the tutorial

export DATABASE_USER=<your-database-user>
export DATABASE_PASSWORD=<your-database-password>

However my password was generated by LastPass and contains special characters, which are striped out in Kubernetes Pod thus making the password incorrect.

This is my password (altered, just showing the special chars) 5bb4&sL!EB%e

So i've tried various ways of exporting this string, echoing it out always show correct password, however in Kubernetes Dashboard the password is always incorrect (Also altered in DevTools, but some chars are just stripped out)

enter image description here

Things I've tried

export DATABASE_PASSWORD=
#x27;5bb4&sL\!EB\%e'
export DATABASE_PASSWORD='5bb4&sL!EB%e'

Echoing is always good but kubernetes is always stripping it.

Deploying with skaffold deploy

EDIT:

After hint I've tried to store the password in base64 encoding form, however I suspect it only applies to local scope, as the password in Kubernetes Dashboard is still the same, I suspect that I need to regenerate the certificate to make this work remotely on gke cluster?

enter image description here

So the env variables are for local and credentials in cloud sql proxy are the ones that are being used and misinterpreted? Where are those files by the way?

EDIT2:

I've just found out that indeed the gke cluster in using the credentials json rather than the exported variables. The configuration json already contains the password in base64 encoded form, HOWEVER it is base64 encode of string which still is missing special characters. Looks like the only way out is to generate new credentials without specials characters, that looks like a bug, doesnt it?

-- Josef Korbel
bash
google-cloud-sql
kubernetes
skaffold

1 Answer

2/12/2019

You should base64 encode your password before passing it into the pod so that special characters are encoded in a way that they can be preserved.

In bash you can do this with:

export DATABASE_PASSWORD=`echo [ACTUAL_PASSWORD_HERE] | base64`

You'll then need to ensure that the Django app settings.py uses a base64 decode before applying the password to its internal variable.

So in the tutorial you linked to, the line

'PASSWORD': os.getenv('DATABASE_PASSWORD'),

would need to change to:

'PASSWORD': base64.b64decode(os.getenv('DATABASE_PASSWORD')),

-- Paul Annetts
Source: StackOverflow