Correct way to create a k8s secret?

Question

I am not sure if I'm interpreting the output from my container correctly, but I am seeing the following output from sequelize in the logs:

Nates-MacBook-Pro:k8s natereed$ docker logs 1a3e6141d050
...
(node:36) UnhandledPromiseRejectionWarning: SequelizeConnectionError: password authentication failed for user 
"postgres
"

It appears there is an extra newline character in the username, which should be "postgres". The database is configured with the environment variable $POSTGRESS_USERNAME (yes, I know it is mispelled, it is from another author).

src/config/config.ts:    "username": process.env.POSTGRESS_USERNAME

I shelled into the running container and checked that the environment variables are correctly set:

root@backend-feed-75c4f97d6-9tp2f:/usr/src/app# echo $POSTGRESS_USERNAME
postgres
root@backend-feed-75c4f97d6-9tp2f:/usr/src/app# echo $POSTGRESS_PASSWORD
...
root@backend-feed-75c4f97d6-9tp2f:/usr/src/app# echo $POSTGRESS_DB      
mydb

...

To create the secret and then apply, I ran:

echo "postgres" | openssl base64
(edit env-secret.yaml)
kubectl apply -f env-secret.yaml 

The contents of the secret:

apiVersion: v1
kind: Secret
metadata:
  name: env-secret
type: Opaque
data:
  POSTGRESS_USERNAME: cG9zdGdyZXMK
  POSTGRESS_PASSWORD: ...

Is this not the correct way to create the k8s secret?

Answer 1

The simple option:

apiVersion: v1
kind: Secret
metadata:
  name: env-secret
type: Opaque
stringData:
  POSTGRESS_USERNAME: myapp
  POSTGRESS_PASSWORD: supersecret

stringData takes plain strings instead of base-64 encoded []bytes.

Answer 2

echo "postgres" includes a newline at the end of the string which is also included in the encoded secret. Instead, use:

echo -n "postgres" | openssl base64

The -n flag suppresses the newline.