-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kubernetes secret and base64 data #16625
Labels
kind/bug
Categorizes issue or PR as related to a bug.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
Comments
ancosma
added a commit
to ancosma/podman
that referenced
this issue
Nov 26, 2022
Merges stringData into data for secrets as in k8s. Closes containers#16269 Closes containers#16625 Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
ancosma
added a commit
to ancosma/podman
that referenced
this issue
Nov 26, 2022
Merges stringData into data for secrets as in k8s. Closes containers#16269 Closes containers#16625 Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
ancosma
added a commit
to ancosma/podman
that referenced
this issue
Nov 27, 2022
Merges stringData into data for secrets as in k8s. Fixes e2e tests, remove '\n' from base64 encoded data. Correct test to check that data in secret mounted file is decoded. Closes containers#16269 Closes containers#16625 Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
ancosma
added a commit
to ancosma/podman
that referenced
this issue
Nov 28, 2022
Merges stringData into data for secrets as in k8s. Fixes e2e tests, remove '\n' from base64 encoded data. Correct test to check that data in secret mounted file is decoded. Closes containers#16269 Closes containers#16625 Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
ancosma
added a commit
to ancosma/podman
that referenced
this issue
Nov 28, 2022
Merges stringData into data for secrets as in k8s. Fixes e2e tests, remove '\n' from base64 encoded data. Correct test to check that data in secret mounted file is decoded. Closes containers#16269 Closes containers#16625 Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
ancosma
added a commit
to ancosma/podman
that referenced
this issue
Nov 29, 2022
Merges stringData into data for secrets as in k8s. Fixes e2e tests, remove '\n' from base64 encoded data. Correct test to check that data in secret mounted file is decoded. Closes containers#16269 Closes containers#16625 Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
ancosma
added a commit
to ancosma/podman
that referenced
this issue
Dec 6, 2022
Fixes e2e tests, remove '\n' from base64 encoded data. Correct test to check that data in secret mounted file is decoded. Closes containers#16269 Closes containers#16625 Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
ancosma
added a commit
to ancosma/podman
that referenced
this issue
Dec 7, 2022
Fixes e2e tests, remove '\n' from base64 encoded data. Correct test to check that data in secret mounted file is decoded. Closes containers#16269 Closes containers#16625 Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
ancosma
added a commit
to ancosma/podman
that referenced
this issue
Dec 7, 2022
Fixes e2e tests, remove '\n' from base64 encoded data. Correct test to check that data in secret mounted file is decoded. Closes containers#16269 Closes containers#16625 Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
ancosma
added a commit
to ancosma/podman
that referenced
this issue
Dec 8, 2022
Fixes e2e tests, remove '\n' from base64 encoded data. Correct test to check that data in secret mounted file is decoded. Closes containers#16269 Closes containers#16625 Signed-off-by: Andrei Natanael Cosma <andrei@intersect.ro>
github-actions
bot
added
the
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
label
Sep 8, 2023
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
kind/bug
Categorizes issue or PR as related to a bug.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
Mounting/using a kubernetes secret does not behave the same as kubernetes.
A kubernetes secret value is is usually encoded in base64:
Mouting the above volume in a pod results in a file called "foo" with the conents "YmFy" instead of "bar".
Now there is a way to define non-base64 secret data by using
stringData
instead ofdata
:In this case podman ignores
stringData
entirely and no file gets created.Podman is dealing with
data
as if it wasstringData
and ignoringstringData
entirely, which is not the expected behaviour if your compare it to kubernetes.Steps to reproduce the issue:
Run
podman kube play --replace pod.yaml
"Get into the container":
odman exec -it mypod-app /bin/bash
Run
cat /etc/mysecret/foo
Describe the results you received:
This is what I get, the encoded base64 string, the expected value would be the decoded base64 value "bar".
Describe the results you expected:
This is the output I get from kubernetes (deploying the same yaml files):
I get the decoded value in my secret file which is what I would expect to happen in podman.
Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version
:Output of
podman info
:Package info (e.g. output of
rpm -q podman
orapt list podman
orbrew info podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)
Yes, I built it from the main branch and got the same results.
Additional environment details (AWS, VirtualBox, physical, etc.):
The text was updated successfully, but these errors were encountered: