ClusterSecret icon indicating copy to clipboard operation
ClusterSecret copied to clipboard

Published 20 hours ago verified publisher icon zakkg3

Track source sercret for changes.

Open zakkg3 opened this issue 2 years ago • 6 comments

When using the source secret form another secret, we have to track for changes in the source and react to them. for the use case at #35

zakkg3 avatar Apr 17 '22 13:04 zakkg3

+1 would love to see this implemented. I am wanting to use ClusterSecret to replicate secrets created by operators, containing CA certs, credentials (crunchydata pgo, strimzi kafka) or others to other namespaces where the actual applications accessing these reside. The source secrets might at some point change, and ClusterSecrets taking care of updating the secret on "the other side" would be awesome!

sa-ChristianAnton avatar Apr 22 '22 22:04 sa-ChristianAnton

Voting for this as well, we are using secrets generated by the Zalando PostgreSQL Operator, which is in its own namespace, however, consumers of the database services live ion other namespaces.

The Zalando operator implements automatic secret rotation, hence the need to monitor and propagate changes

We will also be looking at a Hashicorp Vault integration via the External Secrets Manager Operator, in this use case, the Vault will rotate the secret and we need it have it propagate via ClusterSecret if wee can

MarkCupitt avatar Jul 25 '22 01:07 MarkCupitt

IN case anyone else is interested, we intend to also use ClusterSecret with https://github.com/stakater/Reloader to trigger pod and deployment restarts on secret rotations

MarkCupitt avatar Jul 25 '22 02:07 MarkCupitt

Hi, news to this feature ?

I want use Cluster Secret but I use Sealed Secret, and so without watch source secret is not possible :cry: .

I am not python developer to help sorry

cedvan avatar Sep 22 '22 16:09 cedvan

IN case anyone else is interested, we intend to also use ClusterSecret with https://github.com/stakater/Reloader to trigger pod and deployment restarts on secret rotations

I tried do that way, but get a secret {sec_name} already exist in namesace message on restart and secret is not updated.

izzm avatar May 09 '23 14:05 izzm

IN case anyone else is interested, we intend to also use ClusterSecret with https://github.com/stakater/Reloader to trigger pod and deployment restarts on secret rotations

I tried do that way, but get a secret {sec_name} already exist in namesace message on restart and secret is not updated.

this pr: https://github.com/zakkg3/ClusterSecret/pull/78 . introduces "REPLACE_EXISTING" var. When is set to true. all existing secrets will be replaced/updated.

zakkg3 avatar Sep 05 '23 06:09 zakkg3