ClusterSecret icon indicating copy to clipboard operation
ClusterSecret copied to clipboard

Published 20 hours ago verified publisher icon zakkg3

Immutable ClusterSecrets

Open sftim opened this issue 5 years ago • 2 comments

Support ClusterSecrets that create immutable Secrets.

This might require extra CustomResourceDefinition support for controlling field-level mutability; I haven't checked.

sftim avatar Sep 03 '20 15:09 sftim

This is not so far on the roadmap. But I'll leave the issue open to count upvotes. If its widely requested, we can discuss how to implement this :)

zakkg3 avatar Sep 06 '20 17:09 zakkg3

Support ClusterSecrets that create immutable Secrets.

This might require extra CustomResourceDefinition support for controlling field-level mutability; I haven't checked.

I find this to be an interesting proposal but I would like to clarify the scope of this. Some topics that may be in-scope of this proposal.

  • all data fields of the ClusterSecrets can blanket set to immutable.
  • all data fields of the ClusterSecrets can be individually set to immutable.
  • matchNamespace and avoidNamespace fields are not immutable on ClusterSecrets with immutable data fields.
  • matchNamespace and avoidNamespace fields are immutable on ClusterSecrets with immutable data fields.
  • matchNamespace and avoidNamespace fields need to be explicitly set as immutable on ClusterSecrets.
  • secrets created by ClusterSecrets via the operator, if changed directly by someone will be corrected/reverted.

As I said, interesting proposal, I would love to hear any thoughts about the above points.

rustysys-dev avatar Oct 01 '20 22:10 rustysys-dev