TechQA.

OpenShift Base64Decode issues

62 views Asked by At

I'm facing this weird issue where the files I added to OpenShift secret and mounted on a volume gets corrupted or base64decoded wrong and doesn't work.

Did anyone ever encounter this kind of issue?

What I've tried is to create a secret using cli and add two files to it, and then mount the secret so that my app would see it. The files got uploaded. I compared my local base64encoded strings of the files with the ones in the secrets (encoded by OpenShift during upload) and they are identical. When I go to terminal and navigate to the folder where I mounted the files I can see them in correct location, but app doesn't work. Tried downloading the files from pod and testing them locally, and they still don't work.

          volumeMounts:
            - name: db2-ssl-connection 
              readOnly: true
              mountPath: /opt/app-root/app/secrets/db2
      volumes:
      - name: db2-ssl-connection
        secret:
          secretName: db2-cert-secret
          defaultMode: 420

What I've noticed is that the files downloaded from OpenShift are almost 2x bigger than the originals on my pc (the .kdb file went up from 59kB to 108.1kB and .sth file went up from 129 Bytes to 264 Bytes).

I also tried adding the base64Encoded strings of these files to HashiCorp Vault and load them from there but the result in openshift is identical like when mounting from secrets (the files size is the same, just the filenames gets converted to lowercase).

vault.hashicorp.com/agent-inject-secret-db2-ssl-secret_Test.kdb: secrets-engine/data/prefix/group/secrets/db2
vault.hashicorp.com/secret-volume-path-db2-ssl-secret_Test.kdb: /opt/app-root/app/secrets/
vault.hashicorp.com/agent-inject-template-db2-ssl-secret_Test.kdb: >
  {{ with secret "secrets-engine/data/prefix/group/secrets/db2" -}}
  {{ index .Data.data "db2-ssl-secret_Test.kdb" | base64Decode }}
  {{- end }}
vault.hashicorp.com/agent-inject-secret-db2-ssl-secret_Test.sth: secrets-engine/data/prefix/group/secrets/db2
vault.hashicorp.com/secret-volume-path-db2-ssl-secret_Test.sth: /opt/app-root/app/secrets/
vault.hashicorp.com/agent-inject-template-db2-ssl-secret_Test.sth: >
  {{ with secret "secrets-engine/data/prefix/group/secrets/db2" -}}
  {{ index .Data.data "db2-ssl-secret_Test.sth" | base64Decode }}
  {{- end }}
db2 openshift hashicorp-vault openshift-4
Original Q&A
0

There are 0 answers

Related Questions in DB2

Related Questions in OPENSHIFT

Related Questions in HASHICORP-VAULT

Related Questions in OPENSHIFT-4

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions