0

我正在尝试在一个简单的应用程序上实现 Helm Secrets。我想使用 Helm Secrets 插件安装应用程序。这是我的加密模板/secrets.yaml 文件:

apiVersion: ENC[AES256_GCM,data:Hcs=,iv:U+0hlPz+L5HP0SqWmzJgxNftRYNc3BTHeYetefrDxQo=,tag:AXwtAjcHv8VsL1PC8XjOmA==,type:str]
kind: ENC[AES256_GCM,data:YLEC3Zg/,iv:L3CL9DzUEHEKlucZcY+Su+OYKC+1VCTvVEFcc0iX7RI=,tag:sS7rauZq1nYpAA/gesA66Q==,type:str]
metadata:
    name: ENC[AES256_GCM,data:KQvvSmDMSw==,iv:LvXweR3aTgVTc9IAa3f6uJHbpHGf2jYHtGWq629Yqdo=,tag:AXIrhiEjhAXlDNmFyYKyPg==,type:str]
    labels:
        app: ENC[AES256_GCM,data:2GbBtSKC4Y7sYxw=,iv:zGmUTLcYwjUvZ0VAmw92e63na/+lsOlP16RD9LjcKjE=,tag:fR5QPK6587K1peod5nf4BA==,type:str]
type: ENC[AES256_GCM,data:B2WQyYNe,iv:S0q8nzu5pDGAem5KuB4aRRq9tOtpThOgshxn8iwGmq8=,tag:pV2JsX14j6433XBLpwdUhQ==,type:str]
data:
    password: ENC[AES256_GCM,data:p6/fadwzX+vx10yc,iv:OIckX7T72t+5lHvAX2r8ybFPQ8Yrc4po4G3Y/BJyT3s=,tag:fuGxBTl3XLInvXew4quc6g==,type:str]
sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    lastmodified: '2019-09-02T10:13:37Z'
    mac: ENC[AES256_GCM,data:zlqeKsbTdyBUoXnbhyXOAeCuIrdzO9AL2ydwUGFNd5ZFG+BbibstqosxZ1vnGZip58JQaK7e3ewibWj/CD7Ev2crTEk2jpEfbqYSp17s3hYpefNUe2esGKfb6/E0FgcdC2onxHKwv1CnHEGh5DwQdBT6JIfTvialEG1DKmYVcLY=,iv:aoqvOl0xUP6JBvtmOEDwD5Ejq3AmgJ/tUouPPf7AJZU=,tag:IsnFW8Lu/+v7xQth4cW++A==,type:str]
    pgp:
    -   created_at: '2019-09-02T10:13:37Z'
        enc: |
            -----BEGIN PGP MESSAGE-----

            hQIMA+GCaQB9sLS8AQ//dYLstPngZwDPenAGvb7xasCQSa7g5Qv81I3vg0kI1YoM
            Ydhpf9QrG3YKIZMlMTmu1X6wiFVZI74Ig0telatqYl2RoUKWtDKfyHPlUgSVd+yx
            lcouwrzU745alGSPIIgWFwoSnprzTNGXjWlafBIq++uCjlr7MQ/SvgZ0oOTOQvOh
            vq0f+BXbJ2MIX4rCeuL6TsJA71sohLnfbBS7Y3/Ci7Wo0//TnqTvOt0/OWPcvBF4
            4+WmUT6mSfsakYht5inSWWatvaXNCf7j/i/YAjzy9Jyzs/9OyozFrnvnqtbVDeQ6
            mnppoW0iCT9z6P6AzzivB3xkk/dMC66ym2VhwtHs73xqpg4DDesGVdC1aQCgUleG
            PQ8WHW4JduoS9rF81Pmb0IEy/VGjB5WlUYgl0yygc/hki7coBlN5d/k3o2DcO3L3
            g0tdEFML0Uhmt3VbW/b63D4+NIt8Sc64JkZs/0du/a5v4kI8RaNhh6LF1678K9+9
            Sxa2x4YcyTNQcxVnJBTyMrthTKk5F+X2rPUwglhjaC9Ag5OizbjQMYRhCX+Sa8to
            RWYGbiVcOmdBwd/eUXjTCm1vXMrrV5oq1C0jsBz5SOj1HoIM17WHcyEFveUG2tj1
            nSqCRYQaJj2g1yj6yKpm9wNH6aNTaHqmWm6lBzHP2LLzWNmFE7FuDtlVXx/urczS
            WAG88jN9VRblOlMfqjmwgkbqG9Zp0oV6AgtqOYe/91xdNPQomJzEEyTvezLQwdAt
            buTSOrbZzy3TN9jX/6GySpGDXwrUOFrM+uDHVmPKt6a/Fr+TPgJDYLw=
            =IqOl
            -----END PGP MESSAGE-----
        fp: 6E7DB0D1CA47AC3C09F70B10410AC2AFD3DA7DE1
    unencrypted_suffix: _unencrypted
    version: 3.3.1

未加密的文件如下所示:

apiVersion: v1
kind: Secret
metadata:
    name: db-pass
    labels:
        app: mariadbtest
type: Opaque
data:
    password: UGFzc3dkMiE=

如果我helm secrets install --name=webtest . -f templates/secrets.yaml使用未加密的秘密文件运行,它可以正常工作,但是当我尝试使用加密的文件运行它时,它会给我这个错误:

Error: validation failed: unable to recognize "": no matches for kind "ENC[AES256_GCM,data:Y8GlCcMF,iv:y+v+BrbvoTd9Yx3sVwYTyJ2SCgHW5uh+Ph7aOXsIoR8=,tag:pe7S1fepnKXqvJaVRdcvKQ==,type:str]" in version "ENC[AES256_GCM,data:/Eg=,iv:KqccclIvL3+uhcgGACum5kJQ4pzHNTRjqBRQ4Zs3rCM=,tag:Rk9YL7kz3sAsa7WhNdaOeA==,type:str]"

有什么解决办法吗?提前致谢

4

1 回答 1

0

看起来您的helm-secrets插件无法正常工作,并且由于某种原因不会在将templates/secrets.yaml文件的加密版本中存在的值传递给之前解密它们,helm install并且它无法将这些仍然加密的值识别为有意义的东西对它来说,错误消息本身似乎很明显。

我假设您通过helm secrets enc templates/secrets.yaml在同一系统上使用相同的 gpg 密钥创建了加密文件版本,对吗?

你是用安装的helm plugin install https://github.com/futuresimple/helm-secrets吗?

是否helm secrets view templates/secrets.yaml正确返回文件的未加密版本?请确保您没有错过本文中描述的任何步骤

于 2019-09-03T15:45:45.050 回答