Type of Kubernetes secret created by using OnePasswordItem
I am trying to define a OnePasswordItem to be used as part of our 1Password Secret Automation Workflow.
I noticed that the secret created is a Kubernetes Opaque secret. However, I want to create a kubernetes.io/dockerconfigjson (docker-registry) type of secret.
I found some articles from a year ago where you stated that only opaque secrets are supported. Has there been some changes is regard to that?
Please note, IMO having support for docker-registry type of secrets is a must if I am to actually use 1Password Secret Automation Workflow for cluster deployments.
Thanks in advance
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
Hey!
I am glad to announce that this has been released in v1.2.0 of the operator, which was released recently. You can now set
type
onOnePasswordItem
resources, which can be any of the Kubernetes secret types.For example:
apiVersion: onepassword.com/v1 kind: OnePasswordItem type: kubernetes.io/dockerconfigjson metadata: name: <item_name> #this name will also be used for naming the generated kubernetes secret spec: itemPath: "vaults/<vault_id_or_title>/items/<item_id_or_title>"
Let me know if that helps.
Joris
0 -
Is there any documentation for how to create a dockerconfigjson secret? What item type in 1Password do we use?
{"level":"error","ts":1651258391.7674685,"logger":"controller-runtime.controller","msg":"Reconciler error","controller":"onepassworditem-controller","request":"runtime/oim-messages-platform-registry","error":"Secret \"oim-messages-platform-registry\" is invalid: data[.dockerconfigjson]: Required value","stacktrace":"github.com/go-logr/zapr.(zapLogger).Error\n\t/workspace/vendor/github.com/go-logr/zapr/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).reconcileHandler\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:258\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).processNextWorkItem\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:232\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).worker\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:211\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90"}
0 -
I tried it with latest version
NAME STATUS CHART APP VERSION connect deployed connect-1.7.1 1.5.1
using:
apiVersion: onepassword.com/v1 kind: OnePasswordItem type: kubernetes.io/dockerconfigjson metadata: name: docker-registry-login annotations: operator.1password.io/auto-restart: "true" spec: itemPath: "vaults/dev/items/docker_login"
got the following error:
error: error validating "1password.yaml": error validating data: ValidationError(OnePasswordItem): unknown field "type" in com.onepassword.v1.OnePasswordItem; if you choose to ignore these errors, turn validation off with --validate=false
I did helm repo update and redeployed, and same thing. These are the available versions here.
❯ helm search repo 1password --versions NAME CHART VERSION APP VERSION DESCRIPTION 1password/connect 1.7.1 1.5.1 A Helm chart for deploying 1Password Connect an... 1password/connect 1.7.0 1.5.0 A Helm chart for deploying 1Password Connect an... 1password/connect 1.6.0 1.2.0 A Helm chart for deploying 1Password Connect an... 1password/connect 1.5.0 1.2.0 A Helm chart for deploying 1Password Connect an... 1password/connect 1.4.0 1.2.0 A Helm chart for deploying 1Password Connect an... 1password/connect 1.3.0 1.2.0 A Helm chart for deploying 1Password Connect an... 1password/connect 1.2.0 1.1.0 A Helm chart for deploying 1Password Connect an... 1password/connect 1.1.0 1.0.0 A Helm chart for deploying 1Password Connect an... 1password/connect 1.0.1 1.0.0 A Helm chart for deploying 1Password Connect an...
0 -
Hey @OlegDev,
The current version of the Helm chart (1.7.1) uses the version 1.1.0 of the Kubernetes operator. Starting from version 1.2.0, the operator supports configuring the Kubernetes secret type.
This thread also mentions that we have to make a new release of the Helm chart that uses the version of the operator that support configuring the Kubernetes secret type. We will let you know when we make the new release. 😊
Thank you for your patience.
0 -
Thank you for the update. I got it working, after cloning the repo and updating the Chart.yaml appVersion to "1.5.2" and operator version to "1.4.1".
0 -
Glad to hear that it worked for you @OlegDev. 🎉
You can monitor this thread to find out when we make a new release of the Helm chart with the latest versions of Connect, as well as the Kubernetes Operator.
0