Skip to content

Template environment substitution (e.g. from Flux) breaks Kubernetes Secrets #687

New issue
New issue
Open
#731
Open
Template environment substitution (e.g. from Flux) breaks Kubernetes Secrets#687
#731
Labels
kind/enhancementImprove something existing
@xvzf

Description

@xvzf
xvzf
opened on Mar 30, 2022

We're using Flux Substitution in combination with tk export in order to pass in some externally managed references and template secrets out of other secrets

e.g. the tanka rendered manifest

apiVersion: v1
kind: Secret
metadata:
  name: test
stringData:
  TEST_INT: ${SOME_INT}

with the variable SOME_INT="1234" would be substituted to

apiVersion: v1
kind: Secret
metadata:
  name: test
stringData:
  TEST_INT: 1234

which is not a valid Kubernetes secret. With Kustomize I used to prevent this by quoting those references:

apiVersion: v1
kind: Secret
metadata:
  name: test
stringData:
  TEST_INT: "${SOME_INT}"

Is this something worth exploring Tanka or an edge case you don't want to support? As mitigation we're now setting SOME_INT="'1234'" which is not very elegant :-)

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/enhancementImprove something existing

    Type

    No type

    Projects

    Tanka

    Status

    In discussion

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions