secretgen-controller
secretgen-controller copied to clipboard
carvel-dev
Improve SecretTemplate to create secrets from different namespaces
Describe the problem/challenge you have We can create secrets from different Namespaces with SecretTemplate
Describe the solution you'd like Enable option in metadata to add namespace
Vote on this request
This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.
👍 "I would like to see this addressed as soon as possible" 👎 "There are other more important things to focus on right now"
We are also happy to receive and review Pull Requests if you would like to work on this issue.
Please provide some more details on current behavior and the expected behavior!
@felipenferri the Secret(Export|Import) CRD's responsibility is to facilitate and control cross-namespace usage of Secret resources. You can combine these with SecretTemplate to template a Secret from other Secrets you imported into the current Namespace. To work off of SecretTemplate's example in the docs and assuming that SecretExport exist for password and username, consider:
---
apiVersion: v1
kind: SecretImport
metadata:
name: password
namespace: my-ns
fromNamespace: other-ns
---
apiVersion: v1
kind: SecretImport
metadata:
name: username
namespace: my-ns
fromNamespace: other-ns
---
apiVersion: secretgen.carvel.dev/v1alpha1
kind: SecretTemplate
metadata:
name: new-secret
spec:
#! list of resources to read information off
inputResources:
- name: username-secret
ref:
apiVersion: v1
kind: Secret
name: username
- name: password-secret
ref:
apiVersion: v1
kind: Secret
name: password
#! the template that follows a subset of the Secret API
template:
#! data is used for templating in data that *is* base64 encoded, most likely Secrets.
data:
password: $(.password-secret.data.password)
username: $(.username-secret.data.username)
