kustomize-controller
kustomize-controller copied to clipboard
configMapGenerator and secretGenerator with encrypted files don't work in kind: Component
I tried to use a SOPS-encrypted environment file with secretGenerator in a Component like the following:
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
secretGenerator:
- name: my-secret
envs:
- config.enc.env
.sops.yaml
:
creation_rules:
- path_regex: .*\.enc\.env$
pgp: xxxx
The config.enc.env
file is properly encrypted as dotenv
file When However, when configuration is applied to the cluster, the contents of the secret are not properly decrypted:
apiVersion: v1
data:
MY_SECRET_ACCESS_KEY: xxx_encrypted_data_xxx
sops_lastmodified: xxx
sops_mac: xxx
sops_pgp__list_0__map_created_at: xxx
sops_pgp__list_0__map_enc: xxx=
sops_pgp__list_0__map_fp: xxx==
sops_unencrypted_suffix: xxx
sops_version: My43LjE=
kind: Secret
metadata:
name: my-secret-852b7kc8hf
The expected result is the following and I'm able to achieve it the moment I change the kind
and apiVersion
value in kustomization.yaml
to Kustomization
:
apiVersion: v1
data:
MY_SECRET_ACCESS_KEY: decrypted_data
kind: Secret
We don’t support any alpha features of Kustomize nor any alpha APIs. You can use the generators with the v1beta1 kind Kustomization.
Thank you for the information, that makes sense.
I have the same problem 😓.
Because flux supports components for other features, is there any plan to fix this bug?
Thank you for your help and support, flux is a wonderful piece of software 😇