-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Template environment substitution (e.g. from Flux) breaks Kubernetes Secrets #687
Comments
Do you have some jsonnet example that i can use to reproduce? |
sure!
renders to:
|
so this is really the yaml marshaler deciding it does not need to quote this, right? seems like there is a way to enforce quoting: go-yaml/yaml#556 not sure how practical it is though, it might require traversing every single manifest looking for such replacement directives. in case it turns out too heavy for tanka, it might be feasible to handle it in a separate binary that gets the piped input from tanka though |
@sh0rez exactly, I've been thinking about a simple |
I'll create a PR the following days |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Probably not stale. 30 days is aggressive. It sometimes takes me months to circle back to a OSS PR. |
Still not stale, did not find the time yet! |
fixes grafana#687 Signed-off-by: Matthias Riegler <me@xvzf.tech>
fixes grafana#687 Signed-off-by: Matthias Riegler <me@xvzf.tech>
PR is up @sh0rez Would be great if you can test it on your code-bases as well. I bet they are generating a bit more than ours |
We're using Flux Substitution in combination with
tk export
in order to pass in some externally managed references and template secrets out of other secretse.g. the tanka rendered manifest
with the variable
SOME_INT="1234"
would be substituted towhich is not a valid Kubernetes secret. With Kustomize I used to prevent this by quoting those references:
Is this something worth exploring Tanka or an edge case you don't want to support? As mitigation we're now setting
SOME_INT="'1234'"
which is not very elegant :-)The text was updated successfully, but these errors were encountered: