Problem description
Currently all encrypted secrets such as CAs, ssh keys, Dex client secrets, etc. are managed as part of the management cluster. As sub-clusters are added to multi-tenant sites, there needs to be a mechanism to manage secrets specific to individual sub-clusters.
Proposed change
Provide a mechanism to generate and encrypt secrets specific to an individual sub-cluster.
Provide a mechanism to provide external secrets specific to an individual sub-cluster.
All secrets must be encrypted at rest and encryption key for sub-cluster may be the same or different from one used in management cluster.
Problem description Currently all encrypted secrets such as CAs, ssh keys, Dex client secrets, etc. are managed as part of the management cluster. As sub-clusters are added to multi-tenant sites, there needs to be a mechanism to manage secrets specific to individual sub-clusters.
Proposed change