sealed-secrets icon indicating copy to clipboard operation
sealed-secrets copied to clipboard

Published 20 hours ago verified publisher icon bitnami-labs

Support unsealing into multiple namespaces

Open KlavsKlavsen opened this issue 2 years ago • 3 comments

Which component: Controller

Is your feature request related to a problem? Please describe. We have several containers that needs fetching from a password protected registry - and currently we have to have the SAME secret defined for each namespace we need them in.

We also have other secrets, which we have to duplicate in multiple namespaces

Describe the solution you'd like If we could put multiple namespace targets on 1 secret - that would make life so much easier :)

KlavsKlavsen avatar Aug 25 '22 12:08 KlavsKlavsen

You can try this as a workaround https://github.com/emberstack/kubernetes-reflector but it would be a really helpful feature

rowi1de avatar Nov 18 '22 15:11 rowi1de

Just to expand on @rowi1de correct answer.
To use kubernetes-reflector to duplicate your secrets across namespaces, you will need to add the following to SealedSecret manifest:

apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
  annotations:
    sealedsecrets.bitnami.com/cluster-wide: 'true'
  creationTimestamp: null
  name: ***
  namespace: default
spec:
  template:
    metadata:
      annotations:
        reflector.v1.k8s.emberstack.com/reflection-allowed: 'true'
        reflector.v1.k8s.emberstack.com/reflection-auto-enabled: 'true'
  encryptedData:
    ***: ***

Notice that we added the spec.template.metadata.annotations to add annotation to the created kind: Secret This will allow the reflector to duplicate the secret

ywarezk avatar Jun 10 '24 11:06 ywarezk

Found this related tool https://config-syncer.com/ (I haven't tried either yet).

willbush avatar Jun 22 '24 00:06 willbush