K
Q

How can I resolve the "error decoding from json: illegal base64 data at input byte 0" for Kubernetes secrets?

10/18/2019

I currently am working on adding a new secret for our project which usually stores secrets in Kubernetes. I pretty much mimicked all the other secrets that I could find, so it would seem that everything should be correct. However, it's not working and giving me for: "kubernetes/template/secrets.yml": error decoding from json: illegal base64 data at input byte 0. I'm not sure if this is an issue from within Kubernetes or from my script.

The secrets file looks something like this:

secrets.yml

apiVersion: v1
kind: Secret
metadata:
type: Opaque
data:
  SECRET_A: {SECRET_A}
  SECRET_B: {SECRET_B}

deployk8.sh

set -e

sed -i "s,{SECRET_A},${SECRET_A},g" kubernetes/template/secrets.yml
sed -i "s,{SECRET_B},${SECRET_B},g" kubernetes/template/secrets.yml # The new one

kubectl --record --namespace=${...} --token ${...} --cluster ${...} apply -f kubernetes/template/secrets.yml

When I run kubectl get secret my-secret -o json, I get something similar to this:

{
    "apiVersion": "v1",
    "data": {
        "SECRET_A": "abcdefghijklmnopqrstuvwxyz123456",
        "SECRET_B": "abcdefghijklmnopqrstuvwxyz1234567890abcd"
    },
    "kind": "Secret",
    "metadata": {
        "annotations": {
            "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"data\":{\"SECRET_A\":\"abcdefghijklmnopqrstuvwxyz123456\"},\"kind\":\"Secret\",\"metadata\":{\"annotations\":{\"kubernetes.io/change-cause\":\"kubectl apply --record=true --namespace=ns --token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx --cluster=my_cluster --filename=kubernetes/template/secrets.yml\"},\"labels\":{\"app\":\"my-app\",\"env\":\"dev\"},\"name\":\"my-app-dev\",\"namespace\":\"ns\"},\"type\":\"Opaque\"}\n",
            "kubernetes.io/change-cause": "kubectl apply --record=true --namespace=ns --token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx--cluster=my_cluster --filename=kubernetes/template/secrets.yml"
        },
        "creationTimestamp": "20XX-XX-XXTXX:XX:XXZ",
        "labels": {
            "app": "my-app",
            "env": "dev"
        },
        "name": "my-app-dev",
        "namespace": "ns",
        "resourceVersion": "0000000000",
        "selfLink": "/api/v1/namespaces/ns/secrets/my-app-dev",
        "uid": "00000000-0000-0000-0000-000000000000"
    },
    "type": "Opaque"
}

The entire error looks something like this:

  kubectl --record --namespace=${...} --token ${...} --cluster ${...} apply -f 
  kubernetes/template/secrets.yml
  Error from server: error when applying patch:
  [inset output from above, but with:
    {\"SECRET_A\":\"abcdefghijklmnopqrstuvwxyz123456\",\"SECRET_B\":\"$SECRET_B\"}]
  to:
  [transformed output from above, but with:
    Object: &{map["apiVersion":"v1" "data":map["SECRET_A":"abcdefghijklmnopqrstuvwxyz123456\" "SECRET_B":"abcdefghijklmnopqrstuvwxyz1234567890abcd"]]

I would really appreciate any help in figuring this out!

-- Chloe Bennett
json
kubernetes
yaml

Similar Questions

kubernetes UnexpectedAdmissionError after rollout
Kubernetes Ingress backend subpath
AWS CLI login with environment variables assuming a specific role
i.s.client.config.discovery.NodeChecker : Error executing NodesInfo
Moving from Docker Compose to Kubernetes, storing configuration on persistent volumes
I am trying to pass the metric of a gRPC protocol to kubernetes istio. I am using java spring boot

2 Answers

10/21/2019

You could use the stringData field like described here. That way you do not have to base64 the input. Note the field is write-only.

-- bjartek
Source: StackOverflow
10/21/2019

I think I found a resolution to my issue. It turns out that my environmental variable that I was pulling from that changed (i.e. SECRET_B should have been just been B). So, technically, SECRET_B didn't exist. Changing this managed to fix my issue. Thank you to everyone who tried to help!

-- Chloe Bennett
Source: StackOverflow