Type of Kubernetes secret created by using OnePasswordItem

irena
irena
Community Member

I am trying to define a OnePasswordItem to be used as part of our 1Password Secret Automation Workflow.

I noticed that the secret created is a Kubernetes Opaque secret. However, I want to create a kubernetes.io/dockerconfigjson (docker-registry) type of secret.

I found some articles from a year ago where you stated that only opaque secrets are supported. Has there been some changes is regard to that?

Please note, IMO having support for docker-registry type of secrets is a must if I am to actually use 1Password Secret Automation Workflow for cluster deployments.

Thanks in advance


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Hey!

    I am glad to announce that this has been released in v1.2.0 of the operator, which was released recently. You can now set type on OnePasswordItem resources, which can be any of the Kubernetes secret types.

    For example:

    apiVersion: onepassword.com/v1
    kind: OnePasswordItem
    type: kubernetes.io/dockerconfigjson
    metadata:
      name: <item_name> #this name will also be used for naming the generated kubernetes secret
    spec:
      itemPath: "vaults/<vault_id_or_title>/items/<item_id_or_title>" 
    

    Let me know if that helps.

    Joris

  • daquino
    daquino
    Community Member

    Is there any documentation for how to create a dockerconfigjson secret? What item type in 1Password do we use?

    {"level":"error","ts":1651258391.7674685,"logger":"controller-runtime.controller","msg":"Reconciler error","controller":"onepassworditem-controller","request":"runtime/oim-messages-platform-registry","error":"Secret \"oim-messages-platform-registry\" is invalid: data[.dockerconfigjson]: Required value","stacktrace":"github.com/go-logr/zapr.(zapLogger).Error\n\t/workspace/vendor/github.com/go-logr/zapr/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).reconcileHandler\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:258\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).processNextWorkItem\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:232\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).worker\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:211\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90"}

  • OlegDev
    OlegDev
    Community Member
    edited May 2022

    I tried it with latest version

    NAME    STATUS          CHART           APP VERSION
    connect  deployed        connect-1.7.1   1.5.1      
    

    using:

    apiVersion: onepassword.com/v1
    kind: OnePasswordItem
    type: kubernetes.io/dockerconfigjson
    metadata:
      name: docker-registry-login
      annotations:
        operator.1password.io/auto-restart: "true"
    spec:
      itemPath: "vaults/dev/items/docker_login"
    

    got the following error:

    error: error validating "1password.yaml": error validating data: ValidationError(OnePasswordItem): unknown field "type" in com.onepassword.v1.OnePasswordItem; if you choose to ignore these errors, turn validation off with --validate=false
    

    I did helm repo update and redeployed, and same thing. These are the available versions here.

    ❯ helm search repo 1password --versions                            
    NAME                    CHART VERSION   APP VERSION     DESCRIPTION                                       
    1password/connect       1.7.1           1.5.1           A Helm chart for deploying 1Password Connect an...
    1password/connect       1.7.0           1.5.0           A Helm chart for deploying 1Password Connect an...
    1password/connect       1.6.0           1.2.0           A Helm chart for deploying 1Password Connect an...
    1password/connect       1.5.0           1.2.0           A Helm chart for deploying 1Password Connect an...
    1password/connect       1.4.0           1.2.0           A Helm chart for deploying 1Password Connect an...
    1password/connect       1.3.0           1.2.0           A Helm chart for deploying 1Password Connect an...
    1password/connect       1.2.0           1.1.0           A Helm chart for deploying 1Password Connect an...
    1password/connect       1.1.0           1.0.0           A Helm chart for deploying 1Password Connect an...
    1password/connect       1.0.1           1.0.0           A Helm chart for deploying 1Password Connect an...
    
  • Hey @OlegDev,

    The current version of the Helm chart (1.7.1) uses the version 1.1.0 of the Kubernetes operator. Starting from version 1.2.0, the operator supports configuring the Kubernetes secret type.

    This thread also mentions that we have to make a new release of the Helm chart that uses the version of the operator that support configuring the Kubernetes secret type. We will let you know when we make the new release. 😊

    Thank you for your patience.

  • OlegDev
    OlegDev
    Community Member

    Thank you for the update. I got it working, after cloning the repo and updating the Chart.yaml appVersion to "1.5.2" and operator version to "1.4.1".

  • Glad to hear that it worked for you @OlegDev. 🎉

    You can monitor this thread to find out when we make a new release of the Helm chart with the latest versions of Connect, as well as the Kubernetes Operator.

This discussion has been closed.