/

Kubernetes Secrets

Including details about Kubernetes Secrets in collected output


The secret collector can be used to include metadata about Secrets (and optionally the value) in the collected data. This collector can be included multiple times, referencing different Secrets.

Parameters

In addition to the shared collector properties, the secret collector accepts the following parameters:

name (Required if no selector)

The name of the Secret.

selector (Required if no name)

The selector to use to locate the Secrets.

namespace (Required)

The namespace where the Secret exists.

key (Optional)

A key within the Secret. Required if includeValue is true.

includeValue (Optional)

Whether to include the key value. Defaults to false.

Example Collector Definition

apiVersion: troubleshoot.sh/v1beta2
kind: SupportBundle
metadata:
  name: sample
spec:
  collectors:
    - secret:
        namespace: default
        name: my-secret
        includeValue: true
        key: password

Included resources

When this collector is executed, it will include the following file in a support bundle:

/secrets/[namespace]/[name]/[key].json

{
  "namespace": "default",
  "name": "my-secret",
  "key": "password",
  "secretExists": true,
  "keyExists": true,
  "value": "mypass"
}

If key is not set in the collector spec, the file will be created at:

/secrets/[namespace]/[name].json

If there is an error encountered, it will include the following file:

/secrets-errors/[namespace]/[name].json

[
  "secrets \"my-secret\" not found"
]
Edit on GitHub