rancher
[SURE-7663] Image Pull Secrets management for HelmOps
Bundles may require the following types of secrets:
- Helm access secrets, referenced from a
HelmOp'sHelmSecretNamefield, for accessing a private Helm repository (done) - Image pull secrets, to pull images referenced by a chart
- Each chart may references multiple images, from different image registries
Can Fleet ease handling of those secrets, and if so how? This could involve:
- creation and propagation of secrets to downstream clusters
- consistent naming of secrets to help track them and ensure the right secret is used for the right purpose
- edge case: automated creation of Helm access secret from image pull secret, or the other way around, if both happen to point to the same (OCI) registry?
This needs further discussion to understand how much value there would be in Fleet handling this instead of, say, Rancher.
Hey, we are a Prime customer and are interested in this feature. This seems like a great idea to simplify cluster (secret) bootstrapping. We know of a community implementation which "abuses" the current Fleet functionalitys to achieve the described result (https://github.com/rptcloud/fleet-handshake)
Related to
- https://github.com/rancher/fleet/issues/3399
- https://github.com/rancher/fleet/issues/3617
This should be covered by https://github.com/rancher/fleet/issues/3617. Recheck in 2.14
2.14 May need monitoring of secrets and config maps, e.g. through #2085 (taking valuesFrom resources and credentials into account), for full support.