0

following my previous question about dapr and k8s secrets. I have a k8s secret defined as follow:

apiVersion: v1
kind: Secret
metadata:
  name: secretstore
  namespace: my-namespace
type: Opaque
data:
  MY_KEY: <some base64>

I then defined a dpar component as:

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: secretstore
  namespace: my-namespace
spec:
  type: secretstores.kubernetes
  version: v1
  metadata: []

and gave the permission to access the secrets (according with dapr docs)

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: secret-reader
  namespace: my-namespace
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: dapr-secret-reader
  namespace: my-namespace
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: secret-reader
subjects:
- kind: ServiceAccount
  name: default

but with all of this, dapr cannot access the secret I want it to retrieve.

The error is

Stacktrace: {"Status":{"StatusCode":13,"Detail":"failed getting secret with key MY_KEY from secret store secretstore: secrets \"MY_KEY\" not found","DebugException":null},"StatusCode":13,"Trailers":[],"Message":"Status(StatusCode=\"Internal\", Detail=\"failed getting secret with key MY_KEY from secret store secretstore: secrets \"MY_KEY\" not found\")","Data":{},"InnerException":null,"HelpLink":null,"Source":"System.Private.CoreLib","HResult":-2146233088,"StackTrace":"   at Dapr.Client.DaprClientGrpc.GetSecretAsync(String storeName, String key, IReadOnlyDictionary`2 metadata, CancellationToken cancellationToken)"}

Any clue about what I am missing? I went through dapr documentation several times but I wan't able to find anything that could help. Thanks in advance!!

Domenico
  • 29
  • 6
  • This stacktrace indicates that the secret with the key MY_KEY was not found in the secret store . This could be due to a misconfiguration of the secret store. you have given the same name in the permission metadata as “ dapr-secret-reader” for role and rolebinding but as per this [dapr doc](https://docs.dapr.io/operations/components/component-secrets/#non-default-namespaces) you need to give a different name for role binding. Can you please have a check and let me know if you get any errors. – Hemanth Kumar Jan 25 '23 at 11:25
  • hi @HemanthKumar thanks for your reply. I made the change you suggested (and I changed the code in my question here), but the error remains the same. – Domenico Jan 25 '23 at 11:46
  • As error states "failed getting secret with key MY_KEY from secret store secretstore" seems to be an issue with creating in secret only. As per this [doc1](https://kubernetes.io/docs/concepts/configuration/secret/#secret-types) can you change the type of secrete and try it. My suggestion is to use type: kubernetes.io/dockercfg as you are using base64 encoded file. If you use opaque you need to mention username and password in the [secret itself](https://kubernetes.io/docs/concepts/configuration/secret/#use-cases) or try any other methods mentioned in the doc1 . – Hemanth Kumar Jan 25 '23 at 12:42
  • As per your previous Question's Answer suggestion, you can also use [auth secretstore](https://kubernetes.io/docs/concepts/configuration/secret/#basic-authentication-secret) to store the secret. – Hemanth Kumar Jan 25 '23 at 12:48
  • is your issue resolved ?if you are facing any error post it here. – Hemanth Kumar Jan 30 '23 at 06:56

0 Answers0