From cf7ec7dd64baf9e3d09f2210b9015fa9c402ea82 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Thu, 19 Oct 2023 06:58:35 -0500 Subject: [PATCH] postgresql: Fix pod secrets When migrating the `pod-secrets` Secret to a SealedSecret, I accidentally created it using the `--from-file` instead of `--from-env-file` argument to `kubectl secret create generic`. This had the effect of creating a single key named `pod.secrets` with the entire contents of the file as its value. This broke backups to MinIO, since the PostgreSQL containers could no longer read the credentials from the environment. Regenerating the SealedSecret with the correct arguments resolves this issue. --- postgresql/secrets.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/postgresql/secrets.yaml b/postgresql/secrets.yaml index 8e8427b..2a0cf98 100644 --- a/postgresql/secrets.yaml +++ b/postgresql/secrets.yaml @@ -34,7 +34,8 @@ metadata: app.kubernetes.io/part-of: postgresql spec: encryptedData: - pod.secrets: AgBbimCXtzoWjx7OJipclzaHjZ6KS2QUoZMLE/74ktdex6yuzYytKsb03Te3+FzhXxB3YO4vfV+QL/ZaAXPRGwBJm3Zd4Ya7fC5yb70qBZRov2WdteouujTqcDzXGGTN+Vpbq+oY1tk52Kxg9XtLKWj5Q/UZkVZvRgGZDriDHYuthesFON4Fgqv/cszsrRz+cdtpLXwixEsMAOuw6waDA9LiVeOlsQohyakR4YRCbXEUQtt4xvQU/yCbVAatOcjcir7ie17zt+RKUM7EAkP1WJITrRpajNNLhMvhJSCno2Hq8XrecCQ97ekwCYuY+Za1x8MT4H+AkYwrQGahKgTll0u2/G5hyvY0Gr+E0v2uB/tUfLgYWaE3jb9lmCz8XpP3gB26ccugLYHhDEupLnBLo9zQuNeOOZfXg+NLaZ8FyP0McEDQiZTWEXp6tXU4rjV05fmBvUUj66IJFOIeo8K3IWvIZHgrczWm0WauF9101GgJ6KAss1zZ3t9VBsAqJzSqbTbRZ7AJ+eOGHTJeyDddkq7NRL6xnbPvGTIBo5zrVNF2RpD8IPdGyf2Ll9ChMUWVmieic3t+haqAVXPhTD41zHl/BT4JXLjMxDw0EceeeTA09m3jNrDmJ56znrTsknvUIV5/DXAJPzv7vAnLk3p28R0fGGRLk3Gz9yT3uOpUOxRQ0cQLsda1XEW82soGyMl+Ow08v2nJRNWAtzOLHadF38sMlIBHCx3IZtf+PyeoF+2IS6sGX4OE5Y++py/OGpAcngixRsHD0SOeoIH6pRhjvpKarbdDkS/04SEL4/jQl3MPQmAfNzPJ8JqI+Ho= + AWS_ACCESS_KEY_ID: AgAm5l2RsBrB6z0pfYGGkLiuT0y38m2ZI4czBIwAGOfukIGecnYDvAJL+/zybZPVN+qSxCAwEZl52axJJWqFoIJBuMbkz3U7TwqqJwhkMxvIFtfemDCxDtvRDo0ag2zwLaMYIZ9s0WRBYivJUVNfOevn40sOPUNfvnpCG2CWOk/Weq2SY0K0NO9K8YBfdalXkd5kcEm3Yv//lk81fMnx2XVCJaEU2lmFL2xA8o0IIhTfGHVrxljbGVkuyGsRAsg+qh8bMN8nMA2dRhX9yd0MxZhd8S8PQj+Pxuc7LGrJiL25ZYJBCUMnjqIew+ZXasNlVa+y08vvj7JSGQL5I0dYb92b/WZeVAWFpqHVO7yXHr9UM5Mdf9JpjRYEvOuzlwKl0fpMGTmrXHmoCt8Ucu0pITfwjSGxJmtxdy+bReWw55W9ZET+9M/m40paU3R5eOWozL1/iMyQ5yVR2qAzyq1t2KGWypM2h4/HnsCgW4dmfIk7aidsw1P8KYsp2NXprjmR0K6jlS0wu/qWRrfB1cuo4ehymuW7mTnXRUnY1bAALYjpMZjlIX5T12saIuJgh2sYwDEskUEybYVrwx4CVquvGnO29NnyRmXnypOa0kg730UFRtWjdZGRhLlzRoUckUmQMQKLtegrxq7ctdtqXT5AYlIr6PiK1QWo2r9aGIhncqU1Uv8wtFO5V7HNjh94TV4ze57g9fT6BAIGthPTaAVjyvrH + AWS_SECRET_ACCESS_KEY: AgAv4sDeqinfcuzyQJL40l/+2q+1UA0N/90m6FrouIvZtf4egCJn8FFoyPdCvfZEa91i91w5/gdX/OrfOkVWN9nOMd4gGr96sNTKeXDWpkL1ZdhCh4iVgor9ICkJTyxp1pL16B+bPP6QMDTnt6sJ7XC8Cn2NLF8lbP/+ZQdCYRg67eEdLDIi5ecVS26JiAEJuAm6rE4FHOO4ddmMg3EZLMKkT4yAwHflXb4XhE7T3MD5FiNvuzHrnW9aVFNEl9HTv2ONrYNh7yH1FzMoqy9WaLtb/DLCz342LGdwLa5JaxC7c3528K4I43oNcWHabJrOlkJXOhFH8EIOX/nx6X+qveBNfb+BWAwgcMfH04+dYcnQ8BT1g+zhZOXV3TD+fLoSTCZ1aEulzaT0agGVw7jcLlhrGIGyE5aTSi3uRSG+cgynPSVEv6evwHqmbt5zS8eTKyuhIiCWM+CytTRpZfNCdqrZTY3yelN7z3SLtjB2qIvxEwkBJtU2/Ahgu7RzhJEFHMNE2CAL7bypToFRfyn52rUhqGY/DbP7E64S2ww+7tJI2UJ4L57RoxaCD3wyt/IIL40j0fMhj34swzvdl7VrNt3WxHF+Uc7LwRjFpO/CVZG5diNv48dOplWRuJOTJm6coIipgZu2NDudM/bPOV6ayMBSMxrchDPUO+D7zXVQ5Kpps7DAend6Mff2qDh1x/OpGp72rYNEoF7WEov0dHq+y12yWlEvItnFg9BX7G1A9OODNg== template: metadata: name: pod-secrets