search

Azure / azure-service-operator

Azure Service Operator allows you to create Azure resources using kubectl
https://azure.github.io/azure-service-operator/
MIT License
724 stars 196 forks source link

Feature: Secrets created by ASO should have configurable annotations #1398

Open matthchr opened 3 years ago

matthchr commented 3 years ago

As originally requested in #1396, @EdYa was looking for a way to allow another namespace access to the secret created by a PostgreSQLUser.

I could imagine that annotation support for secrets could be quite helpful. If we could add some annotations for kubernetes-reflector then we could mirror the secrets to the correct namespace.

An example of what this might look like:

apiVersion: azure.microsoft.com/v1alpha1
kind: PostgreSQLUser
metadata:
  name: psqluser
spec:
  server: psqlserver
  dbName: psqldb
  resourceGroup: myrg
  secretConfig:
    metadata:
      annotations:
        my-annotation: "foo"

We have other fields which are often applicable for secrets as well, such as KeyVaultToStoreSecrets. It's possible that it would make sense to move this value into this secretConfig at some point in the future as well.

matthchr commented 1 year ago

We're still somewhat interested in this but there hasn't been a lot of user need yet, so going to leave this issue open and see if anybody finds it desirable.

theunrepentantgeek commented 1 year ago

Still somewhat interested but haven't seen any demand as yet.

matthchr commented 9 months ago

No change from what @theunrepentantgeek said.

matthchr commented 6 months ago

Still no change from this:

Still somewhat interested but haven't seen any demand as yet.