Marko Mikulicic
Marko Mikulicic
the user base for helm and sealed-secrets is very different. Chances are that a user who uses helm uses helm more than twice a year. Chances are that a user...
In theory it should just work if you have > 1 replicas, since most of the operation are at least in principle idempotent. However we didn't audit the code yet...
Tools like https://github.com/pusher/wave can help making sure that when eventually the secret gets updated, any dependent deployment gets updated. I wonder if sealed-secret should provide such a functionality natively
Putting a hash of the body of a dependency resource into an annotation of the deployment resource is a common trick some people use with helm or kubecfg. You can...
Yes, that's what I meant. If Spinnaker versioning works by adding a suffix to resource names, then you need to use the `namespace-wide` annotation since otherwise the sealed secrets controller...
I assume Spinnaker (or whoever is in charge of doing rollbacks) would manipulate the names of the resources you pass to it, which if you use sealed secrets are the...
> When a field’s referenced type and value match an incoming artifact’s type and name, the field’s value is replaced with the artifact’s reference Yeah it seems it uses heuristics...
(my personal habit is to managing rollbacks outside of k8s, i.e. literally pushing a previous snapshot of the manifests, usually literally reverting a git commit, with the same tooling I'd...
> Yeah, as I think about it more I don't see any way around making spinnaker sealed-secret-aware. Should Spinnaker be sealed-secret aware? Could you create an issue there and see...