kruise icon indicating copy to clipboard operation
kruise copied to clipboard

Published 20 hours ago verified publisher icon openkruise

[feature request] ResourceDistribution point at secret

Open kfox1111 opened this issue 9 months ago • 2 comments

What would you like to be added:

The ability for a ResourceDistribution to point at an existing secret to sync to other namespaces

Why is this needed: Some tools such as cert-manager create the secret that needs to be synced to other namespaces. It can not easily be created in the ResourceDistribution object itself.

kfox1111 avatar May 08 '24 23:05 kfox1111

can you describe the use case in more detail ? what kind of secrets and why it should be sync to other namespaces? If ResourceDistribution can reference an existing secret, it will be a potential security problem. Kruise cannot tell whether the user has the privilege to read the existing secret, sync the secret to a namespace of an un-authorized user is dangerous.

furykerry avatar May 09 '24 05:05 furykerry

https://cert-manager.io/docs/devops-tips/syncing-secrets-across-namespaces/ has the use case and a list of other tools doing the same thing.

kfox1111 avatar May 11 '24 20:05 kfox1111

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Aug 12 '24 22:08 stale[bot]

Still an issue

kfox1111 avatar Aug 22 '24 13:08 kfox1111