You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Currently it's not possible to create secret type kubernetes.io/tls and overwrite tls.key or tls.crt fields with transformations:
To Reproduce
Steps to reproduce the behavior:
Deploy some VaultPKISecret
apiVersion: secrets.hashicorp.com/v1beta1kind: VaultPKISecretmetadata:
name: ingress-certsnamespace: openshift-ingressspec:
destination:
type: kubernetes.io/tls # - When using this type, vso ignores transformation on `tls.crt` fieldcreate: truename: ingress-certsoverwrite: true# "\n" is required at the end of tls.crt - https://access.redhat.com/solutions/6984698transformation:
templates:
tls.crt: # this doesn't worktext: | {{- printf "%s\n%s\n" (get .Secrets "certificate") (get .Secrets "issuing_ca") -}}tls-crt: # this workstext: | {{- printf "%s\n%s\n" (get .Secrets "certificate") (get .Secrets "issuing_ca") -}}mount: pki_introle: ...commonName: "..."altNames: ["..."]ttl: 17520hformat: pemexpiryOffset: 720hvaultAuthRef: default
Application deployment:
vault-secrets-operator:
defaultVaultConnection:
# toggles the deployment of the VaultAuthMethod CRenabled: trueaddress: ...skipTLSVerify: falsecaCertSecret: root-cacontroller:
manager:
resources:
limits:
cpu: 500mmemory: 1024MikubeRbacProxy:
resources:
limits:
cpu: 500mmemory: 512Mi
Expected behavior
The ability to modify the tls.crt field in a Secret depends on the Secret's type. It works in the Opaque type but doesn't work in the kubernetes.io/tls type.
Environment
OpenShift (4.12) v1.25.16+6df2177
vault-secrets-operator version: 0.5.2
Additional context
RedHat OpenShift requires that tls.crt ends with newline.
…s.io/tls for VaultPKISecret (#658) (#659)
Skip overwriting tls.crt and tls.key when transformation templates are configured.
---------
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Describe the bug
Currently it's not possible to create secret type kubernetes.io/tls and overwrite tls.key or tls.crt fields with transformations:
To Reproduce
Steps to reproduce the behavior:
Application deployment:
Expected behavior
The ability to modify the tls.crt field in a Secret depends on the Secret's type. It works in the Opaque type but doesn't work in the kubernetes.io/tls type.
Environment
Additional context
RedHat OpenShift requires that tls.crt ends with newline.
The text was updated successfully, but these errors were encountered: