We Keep Coding

Value of Kubernetes secret in environment variable seems incorrect

I'm deploying a test application onto kubernetes on my local computer (minikube) and trying to pass database connection details into a deployment via environment variables.
I'm passing in these details using two methods - a ConfigMap and a Secret. The username (DB_USERNAME) and connection url (DB_URL) are passed via a ConfigMap, while the DB password is passed in as a secret (DB_PASSWORD).
My issue is that while the values passed via ConfigMap are fine, the DB_PASSWORD from the secret appears jumbled - like there's some encoding issue (see image below).
My deployment yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
name: nginx
envFrom:
- configMapRef:
name: gweb-cm
- secretRef:
name: password
My ConfigMap and Secret yaml
apiVersion: v1
data:
DB_URL: jdbc:mysql://mysql/test?serverTimezone=UTC
DB_USERNAME: webuser
SPRING_PROFILES_ACTIVE: prod
SPRING_DDL_AUTO: create
kind: ConfigMap
metadata:
name: gweb-cm
---
apiVersion: v1
kind: Secret
metadata:
name: password
type: Generic
data:
DB_PASSWORD: test
Not sure if I'm missing something in my Secret definition?

The secret value should be base64 encoded. Instead of test, use the output of
echo -n 'test' | base64
P.S. the Secret's type should be Opaque, not Generic

Concatenate String with Secret value HelmRelease Fluxcd, postgresql

I need a help with HelmRelease config, i need to concatenate secret value with string.
I have a feeling that I don't understand something in secret management.
What is the right approach to combine secret with string. I would most like to do it with printf function but I can't write secret as a variable.
Please give me some advice.
Data:
jdbcOverwrite.jdbcUrl: sonarqube.rds.ednpoint.aws.de. (base64 encoded get from secret)
string : jdbc:postgresql://
new value should look like: jdbcUrl: jdbc:postgresql://sonarqube.rds.ednpoint.aws.de
Sonarqube need to have fully Url:
helm.yaml`
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: sonarqube
spec:
serviceAccountName: ${SERVICE_ACCOUNT_NAME}
releaseName: sonarqube
interval: 25m
timeout: 20m
chart:
spec:
#repository: https://SonarSource.github.io/helm-chart-sonarqube
chart: sonarqube
version: 6.0.0
sourceRef:
kind: HelmRepository
name: sonarqube-repo
namespace: sonarqube
valuesFrom:
- kind: Secret
name: sonarqube-${ENVIRONMENT}-connection
valuesKey: username
targetPath: jdbcOverwrite.jdbcUsername
- kind: Secret
name: sonarqube-${ENVIRONMENT}-connection
valuesKey: password
targetPath: jdbcOverwrite.jdbcPassword
- kind: Secret
name: sonarqube-${ENVIRONMENT}-connection
valuesKey: endpoint
targetPath: jdbcOverwrite.jdbcUrl
Ideally, I would add a string to this variablejdbcOverwrite.jdbcUrl`, should I use Kustomize?
I would appreciate any guidance
I would appreciate any guidance

flux cannot find kustomization path, stat /tmp/XXXXX/kustomize/monitor-nats/overlays/dev: no such file or directory

I'm getting this error while trying flux reconcile kustomization monitor-nats.
here's more info
local k8s cluster version v1.23.4 created using kind create
inside main flux repo:
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: monitor-nats
namespace: flux-system
spec:
interval: 10s
path: ./kustomize/monitor-nats/overlays/dev
prune: true
sourceRef:
kind: GitRepository
name: monitor-nats
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
name: monitor-nats
namespace: flux-system
spec:
interval: 20s
ref:
branch: master
# url: ssh://git#github.com/XXX/fluxcd.git
url: https://github.com/XXX/fluxcd.git
secretRef:
name: nats-auth
from my monitor-nats application
cat kustomize/monitor-nats/overlays/dev/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- ../../bases

Kubernetes env variable not attached via PodDefault

I am working in kubeflow notebook server. I need to add some configurations which are environment variables. So that, I have decided create the configmap and the PodDefault.
apiVersion: v1
kind: ConfigMap
metadata:
name: test-configmap
namespace: app
data:
PLACE: /auth
USERNAME: root
PASSWORD: l3tm3in
This is my configmap file. I have attached this file in PodDefault object using below syntax
apiVersion: "kubeflow.org/v1alpha1"
kind: PodDefault
metadata:
name: test-configmap
namespace: app
spec:
selector:
matchLabels:
test-configmap: "true"
desc: "Test Configmap"
envFrom:
- configMapRef:
name: test-configmap
Actually the values are coming kubeflow configuration section. But it's not attached in the notebook(Pod)
Could anyone know about how to fix this issue?
Thanks in advance

I have never used kubeflow but based on the sourcecode, this should be the solution:
apiVersion: "kubeflow.org/v1alpha1"
kind: PodDefault
metadata:
name: test-configmap
namespace: app
spec:
selector:
matchLabels:
test-configmap: "true"
desc: "Test Configmap"
containers:
- envFrom:
- configMapRef:
name: test-configmap

Kubernetes Kustomize: replace variable in patch file

Given the following kustomize patch:
apiVersion: apps/v1
kind: Deployment
metadata:
name: flux
spec:
template:
spec:
containers:
- name: some-name
args:
- --some-key=some-value
...
- --git-url=https://user:${PASSWORD}#domain.de
I want to use kubectl apply -k and somehow pass a value for ${PASSWORD} which I can set from my build script.
The only solution I got to work so far was replacing the ${PASSWORD} with sed, but I would prefer a kustomize solution.

As #Jonas already suggested you should consider using Secret. It's nicely described in this article.
I want to use kubectl apply -k and somehow pass a value for
${PASSWORD} which I can set from my build script.
I guess your script can store the generated password as a variable or save it to some file. You can easily create a Secret as follows:
$ kustomize edit add secret sl-demo-app --from-literal=db-password=$PASSWORD
or from a file:
$ kustomize edit add secret sl-demo-app --from-file=file/path
As you can read in the mentioned article:
These commands will modify your kustomization.yaml and add a
SecretGenerator inside it.
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../base
patchesStrategicMerge:
- custom-env.yaml
- replica-and-rollout-strategy.yaml
secretGenerator:
- literals:
- db-password=12345
name: sl-demo-app
type: Opaque
kustomize build run in your project directory will create among others following Secret:
apiVersion: v1
data:
db-password: MTIzNDU=
kind: Secret
metadata:
name: sl-demo-app-6ft88t2625
type: Opaque
...
More details you can fine in the article.
If we want to use this secret from our deployment, we just have, like
before, to add a new layer definition which uses the secret.
For example, this file will mount the db-password value as
environement variables
apiVersion: apps/v1
kind: Deployment
metadata:
name: sl-demo-app
spec:
template:
spec:
containers:
- name: app
env:
- name: "DB_PASSWORD"
valueFrom:
secretKeyRef:
name: sl-demo-app
key: db.password
In your Deployment definition file it may look similar to this:
apiVersion: apps/v1
kind: Deployment
metadata:
name: flux
spec:
template:
spec:
containers:
- name: some-name
env:
- name: "PASSWORD"
valueFrom:
secretKeyRef:
name: git-secret
key: git.password
args:
- --some-key=some-value
...
- --git-url=https://user:${PASSWORD}#domain.de