Unable to create secret in kubernetes: "Secret is invalid: data[.dockerconfigjson]: Invalid value: "": invalid character 'e'

Question

Does anyone know what am I doing wrong with my kubernetes secret yaml and why its not able to successfully create one programatically?

I am trying to programmatically create a secret in Kubernetes cluster with credentials to pull an image from a private registry but it is failing with the following:

"Secret "secrettest" is invalid: data[.dockerconfigjson]: Invalid value: "<secret contents redacted>": invalid character 'e' looking for beginning of value"

This is the yaml I tried to use to create the secret with. It is yaml output from a secret previously created in my kubernetes cluster using the command line except without a few unnecessary properties. So I know this is valid yaml:

apiVersion: v1
data:
  .dockerconfigjson: eyJhdXRocyI6eyJoZWxsb3dvcmxkLmF6dXJlY3IuaW8iOnsidXNlcm5hbWUiOiJoZWxsbyIsInBhc3N3b3JkIjoid29ybGQiLCJhdXRoIjoiYUdWc2JHODZkMjl5YkdRPSJ9fX0=
kind: Secret
metadata:
  name: secrettest
  namespace: default
type: kubernetes.io/dockerconfigjson

This is the decoded value of the ".dockerconfigjson" property which seems to be throwing the error but not sure why if the value is supposed to be encoded per documentation:

{"auths":{"helloworld.azurecr.io":{"username":"hello","password":"world","auth":"aGVsbG86d29ybGQ="}}}

According to the documentation, my yaml is valid so Im not sure whats the issue: Customize secret yaml

Note: I tried creating the Secret using the Kubernetes client and "PatchNamespacedSecretWithHttpMessagesAsync" in C#

Referenced documentaion: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

Answer 1

I found my issue. I was trying to create the Secret object using

Yaml.LoadAllFromString()

which was double encoding my .dockerconfigjson value. The weird part was the if the value wasnt encoded, it would fail. So I had to just manually create the Secret object instead of reading from a yaml file.

Answer 2

I was getting similar error when I was trying to create secret using client-go. The error actually tells that the encoded string has invalid e at the beginning of the value (so may be it's expecting '{' this at the beginning ).To solve this, the value should not be encoded into base64. Just use it as it is and that will be encoded later.