Closed Chr1stian closed 11 months ago
The proposed solution to this is to automatically mount the <app>-secret-manager-secrets
secret to the env
of myapp
. This way you do not need to concern yourself with the secret name until you're using kubectl, at which point you'll probably run a kubectl get secret
anyway to see them all.
You may want to also have myotherapp
in the my-app-with-secrets
namespace, also with a secret-manager-secrets
and so we need to avoid name collisions.
Another approach is to hand this responsibility over to our teams, but it will silently fail and make debugging presumably harder.
Will keep app prefix to avoid breaking changes and allowing multideploy to namespaces without race conditions for same name
From the example:
This generates the k8s secret with name
my-app-with-secrets-secret-manager-secrets
instead of just the expectedsecret-manager-secrets