Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Forum Discussion
Type of Kubernetes secret created by using OnePasswordItem
I am trying to define a OnePasswordItem to be used as part of our 1Password Secret Automation Workflow.
I noticed that the secret created is a Kubernetes Opaque secret. However, I want to create a kubernetes.io/dockerconfigjson (docker-registry) type of secret.
I found some articles from a year ago where you stated that only opaque secrets are supported. Has there been some changes is regard to that?
Please note, IMO having support for docker-registry type of secrets is a must if I am to actually use 1Password Secret Automation Workflow for cluster deployments.
Thanks in advance
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Glad to hear that it worked for you @OlegDev. š
You can monitor this thread to find out when we make a new release of the Helm chart with the latest versions of Connect, as well as the Kubernetes Operator.
Hey @OlegDev,
The current version of the Helm chart (1.7.1) uses the version 1.1.0 of the Kubernetes operator. Starting from version 1.2.0, the operator supports configuring the Kubernetes secret type.
This thread also mentions that we have to make a new release of the Helm chart that uses the version of the operator that support configuring the Kubernetes secret type. We will let you know when we make the new release. š
Thank you for your patience.
I tried it with latest version
NAME STATUS CHART APP VERSION
connect deployed connect-1.7.1 1.5.1
using:
apiVersion: onepassword.com/v1
kind: OnePasswordItem
type: kubernetes.io/dockerconfigjson
metadata:
name: docker-registry-login
annotations:
operator.1password.io/auto-restart: "true"
spec:
itemPath: "vaults/dev/items/docker_login"
got the following error:
error: error validating "1password.yaml": error validating data: ValidationError(OnePasswordItem): unknown field "type" in com.onepassword.v1.OnePasswordItem; if you choose to ignore these errors, turn validation off with --validate=false
I did helm repo update and redeployed, and same thing. These are the available versions here.
āÆ helm search repo 1password --versions
NAME CHART VERSION APP VERSION DESCRIPTION
1password/connect 1.7.1 1.5.1 A Helm chart for deploying 1Password Connect an...
1password/connect 1.7.0 1.5.0 A Helm chart for deploying 1Password Connect an...
1password/connect 1.6.0 1.2.0 A Helm chart for deploying 1Password Connect an...
1password/connect 1.5.0 1.2.0 A Helm chart for deploying 1Password Connect an...
1password/connect 1.4.0 1.2.0 A Helm chart for deploying 1Password Connect an...
1password/connect 1.3.0 1.2.0 A Helm chart for deploying 1Password Connect an...
1password/connect 1.2.0 1.1.0 A Helm chart for deploying 1Password Connect an...
1password/connect 1.1.0 1.0.0 A Helm chart for deploying 1Password Connect an...
1password/connect 1.0.1 1.0.0 A Helm chart for deploying 1Password Connect an...
Is there any documentation for how to create a dockerconfigjson secret? What item type in 1Password do we use?
{"level":"error","ts":1651258391.7674685,"logger":"controller-runtime.controller","msg":"Reconciler error","controller":"onepassworditem-controller","request":"runtime/oim-messages-platform-registry","error":"Secret \"oim-messages-platform-registry\" is invalid: data[.dockerconfigjson]: Required value","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/workspace/vendor/github.com/go-logr/zapr/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:258\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:232\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:211\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90"}
Hey!
I am glad to announce that this has been released in v1.2.0 of the operator, which was released recently. You can now set
typeonOnePasswordItemresources, which can be any of the Kubernetes secret types.For example:
apiVersion: onepassword.com/v1
kind: OnePasswordItem
type: kubernetes.io/dockerconfigjson
metadata:
name: <item_name> #this name will also be used for naming the generated kubernetes secret
spec:
itemPath: "vaults/<vault_id_or_title>/items/<item_id_or_title>"
Let me know if that helps.
Joris
