我正在尝试在一个简单的应用程序上实现 Helm Secrets。我想使用 Helm Secrets 插件安装应用程序。这是我的加密模板/secrets.yaml 文件:
apiVersion: ENC[AES256_GCM,data:Hcs=,iv:U+0hlPz+L5HP0SqWmzJgxNftRYNc3BTHeYetefrDxQo=,tag:AXwtAjcHv8VsL1PC8XjOmA==,type:str]
kind: ENC[AES256_GCM,data:YLEC3Zg/,iv:L3CL9DzUEHEKlucZcY+Su+OYKC+1VCTvVEFcc0iX7RI=,tag:sS7rauZq1nYpAA/gesA66Q==,type:str]
metadata:
name: ENC[AES256_GCM,data:KQvvSmDMSw==,iv:LvXweR3aTgVTc9IAa3f6uJHbpHGf2jYHtGWq629Yqdo=,tag:AXIrhiEjhAXlDNmFyYKyPg==,type:str]
labels:
app: ENC[AES256_GCM,data:2GbBtSKC4Y7sYxw=,iv:zGmUTLcYwjUvZ0VAmw92e63na/+lsOlP16RD9LjcKjE=,tag:fR5QPK6587K1peod5nf4BA==,type:str]
type: ENC[AES256_GCM,data:B2WQyYNe,iv:S0q8nzu5pDGAem5KuB4aRRq9tOtpThOgshxn8iwGmq8=,tag:pV2JsX14j6433XBLpwdUhQ==,type:str]
data:
password: ENC[AES256_GCM,data:p6/fadwzX+vx10yc,iv:OIckX7T72t+5lHvAX2r8ybFPQ8Yrc4po4G3Y/BJyT3s=,tag:fuGxBTl3XLInvXew4quc6g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
lastmodified: '2019-09-02T10:13:37Z'
mac: ENC[AES256_GCM,data:zlqeKsbTdyBUoXnbhyXOAeCuIrdzO9AL2ydwUGFNd5ZFG+BbibstqosxZ1vnGZip58JQaK7e3ewibWj/CD7Ev2crTEk2jpEfbqYSp17s3hYpefNUe2esGKfb6/E0FgcdC2onxHKwv1CnHEGh5DwQdBT6JIfTvialEG1DKmYVcLY=,iv:aoqvOl0xUP6JBvtmOEDwD5Ejq3AmgJ/tUouPPf7AJZU=,tag:IsnFW8Lu/+v7xQth4cW++A==,type:str]
pgp:
- created_at: '2019-09-02T10:13:37Z'
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA+GCaQB9sLS8AQ//dYLstPngZwDPenAGvb7xasCQSa7g5Qv81I3vg0kI1YoM
Ydhpf9QrG3YKIZMlMTmu1X6wiFVZI74Ig0telatqYl2RoUKWtDKfyHPlUgSVd+yx
lcouwrzU745alGSPIIgWFwoSnprzTNGXjWlafBIq++uCjlr7MQ/SvgZ0oOTOQvOh
vq0f+BXbJ2MIX4rCeuL6TsJA71sohLnfbBS7Y3/Ci7Wo0//TnqTvOt0/OWPcvBF4
4+WmUT6mSfsakYht5inSWWatvaXNCf7j/i/YAjzy9Jyzs/9OyozFrnvnqtbVDeQ6
mnppoW0iCT9z6P6AzzivB3xkk/dMC66ym2VhwtHs73xqpg4DDesGVdC1aQCgUleG
PQ8WHW4JduoS9rF81Pmb0IEy/VGjB5WlUYgl0yygc/hki7coBlN5d/k3o2DcO3L3
g0tdEFML0Uhmt3VbW/b63D4+NIt8Sc64JkZs/0du/a5v4kI8RaNhh6LF1678K9+9
Sxa2x4YcyTNQcxVnJBTyMrthTKk5F+X2rPUwglhjaC9Ag5OizbjQMYRhCX+Sa8to
RWYGbiVcOmdBwd/eUXjTCm1vXMrrV5oq1C0jsBz5SOj1HoIM17WHcyEFveUG2tj1
nSqCRYQaJj2g1yj6yKpm9wNH6aNTaHqmWm6lBzHP2LLzWNmFE7FuDtlVXx/urczS
WAG88jN9VRblOlMfqjmwgkbqG9Zp0oV6AgtqOYe/91xdNPQomJzEEyTvezLQwdAt
buTSOrbZzy3TN9jX/6GySpGDXwrUOFrM+uDHVmPKt6a/Fr+TPgJDYLw=
=IqOl
-----END PGP MESSAGE-----
fp: 6E7DB0D1CA47AC3C09F70B10410AC2AFD3DA7DE1
unencrypted_suffix: _unencrypted
version: 3.3.1
未加密的文件如下所示:
apiVersion: v1
kind: Secret
metadata:
name: db-pass
labels:
app: mariadbtest
type: Opaque
data:
password: UGFzc3dkMiE=
如果我helm secrets install --name=webtest . -f templates/secrets.yaml
使用未加密的秘密文件运行,它可以正常工作,但是当我尝试使用加密的文件运行它时,它会给我这个错误:
Error: validation failed: unable to recognize "": no matches for kind "ENC[AES256_GCM,data:Y8GlCcMF,iv:y+v+BrbvoTd9Yx3sVwYTyJ2SCgHW5uh+Ph7aOXsIoR8=,tag:pe7S1fepnKXqvJaVRdcvKQ==,type:str]" in version "ENC[AES256_GCM,data:/Eg=,iv:KqccclIvL3+uhcgGACum5kJQ4pzHNTRjqBRQ4Zs3rCM=,tag:Rk9YL7kz3sAsa7WhNdaOeA==,type:str]"
有什么解决办法吗?提前致谢