K
Q

Any other options for fetching the passwords without decoding from teamcity

1/30/2020

I need to pull the value of the passwords which was defined in the TeamCity .currently I used the secrets.yaml to store the passwords. for implementing it I have converted the password into 64bit code value. and save it.seems its very difficult for me to update it every time. Do we have any options for updating it dynamically?

First thing I have tried like this:

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
data:
  CassandraSettings__CassandraPassword: [[ .Environment ]]-abc-cassandra-password

but it becomes failed during the deployment. later I had tried like this , here I converted the password into 64bit encoded value.

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
data:
  CassandraSettings__CassandraPassword: S2V5czJUaGVLMW5nZDBt

as of now, I get the result.

my question is that, do we have any other option for fetching the value from TeamCity during deployment without converting the values.I need to update secrets.yaml dynamically. This is the output that i get currently. results

is it possible to define the data like this

CassandraSettings__CassandraPassword: [[ .Environment ]]-abc-cassandra-password
-- Riby Varghese
deployment
devops
kubernetes
kubernetes-secrets
teamcity

Similar Questions

Pods are going into "Image Pull Back Off" error while deployed through JenkinsX
Method to install Elastic Search to Azure Kubernetes Services
Generate docker-compose.yaml from Helm charts
Kubernetes : Launch a single container inside existing cluster, for running cron jobs

1 Answer

1/30/2020

As i understand instead of data you need to work with stringData which will allow you to provide secret data as unencoded strings.

stringData is a write-only convenience field which is not output when retrieving Secrets

Example :

secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: mysecret-test
stringData:
  CassandraSettings__CassandraPassword: Passw0rd

Create Secret

$ kubectl create -f secret.yaml
secret/mysecret-test created

$ kubectl describe secrets mysecret-test
Name:         mysecret-test
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
CassandraSettings__CassandraPassword:  8 bytes

Fetch Secret yaml and NOTE the data field is base64 encoded for you.

$ kubectl get secrets mysecret-test -o yaml

apiVersion: v1
data:
  CassandraSettings__CassandraPassword: UGFzc3cwcmQ=
kind: Secret
metadata:
  creationTimestamp: "2020-01-30T13:24:11Z"
  name: mysecret-test
  namespace: default
  resourceVersion: "3733024"
  selfLink: /api/v1/namespaces/default/secrets/mysecret-test
  uid: 718278c5-0e8e-4861-ae23-7e107209c338
type: Opaque

Encoded data field value is same as stringData field passed quick check as below

$ echo UGFzc3cwcmQ= | base64 -d
Passw0rd

Or Use an imperative command like this to generate a secret.yaml with encoded value of literal passed. Below I defined one of the literal as export variable for test.

$ export PASS=Passw0rd

$ echo $PASS
  Passw0rd

$ kubectl create secret generic mysecret --from-literal=CassandraSettings__CassandraPassword=$PASS--dry-run -o yaml > secret.yaml

$ cat secret.yaml
apiVersion: v1
data:
  CassandraSettings__CassandraPassword: UGFzc3cwcmQ=
kind: Secret
metadata:
  creationTimestamp: null
  name: mysecret
-- DT.
Source: StackOverflow