Reputation: 1397
I have yaml which I used to create a secret using below command.
kubectl create secret generic -n <NAMESPACE> gitlab-openid-connect --from-file=provider=provider.yaml
below is Provider.yaml
name: 'openid_connect'
label: 'OpenID SSO Login'
name: 'openid_connect'
scope: ['openid','profile','email']
response_type: 'code'
issuer: ''
discovery: true
client_auth_method: 'basic'
identifier: ''
secret: '<keycloak clientID secret>'
redirect_uri: ''
I want to convert it into a Secret yaml file so that I can run kubectl apply -f provider.yaml
I tried to create below file but it does not work, provider-new.yaml
apiVersion: v1
kind: Secret
type: Opaque
name: 'openid_connect'
label: 'OpenID SSO Login'
scope: ['openid','profile','email']
response_type: 'code'
issuer: 'url'
discovery: true
client_auth_method: 'basic'
identifier: 'identifier'
secret: 'secret-key'
redirect_uri: 'url'
Upvotes: 3
Views: 6980
Reputation: 1403
To make this work you need to use --from-env-file
instead --from-file
. And the file containing the variables should be in the plain text.
To create a Secret from one or more files, use --from-file or --from-env-file. The file must be plaintext, but the extension of the file does not matter.
When you create the Secret using --from-file, the value of the Secret is the entire contents of the file. If the value of your Secret contains multiple key-value pairs, use --from-env-file instead.
File provider.yaml
with variables:
scope= ['openid','profile','email']
response_type= 'code'
issuer= 'url'
discovery= true
client_auth_method= 'basic'
identifier= 'identifier'
secret= 'secret-key'
redirect_uri= 'url'
kubectl create secret generic -n default gitlab-openid-connect --from-env-file=provider.yaml
apiVersion: v1
client_auth_method: ICdiYXNpYyc=
discovery: IHRydWU=
identifier: ICdpZGVudGlmaWVyJw==
issuer: ICd1cmwn
redirect_uri: ICd1cmwn
response_type: ICdjb2RlJw==
scope: IFsnb3BlbmlkJywncHJvZmlsZScsJ2VtYWlsJ10=
secret: ICdzZWNyZXQta2V5Jw==
kind: Secret
creationTimestamp: null
name: gitlab-openid-connect
namespace: default
Another thing is that isn't possible to establish a hierarchy in the secret data scope, so the following isn't gonna work:
identifier= 'identifier'
secret= 'secret-key'
redirect_uri= 'url'
source: google cloud
Upvotes: 7