Please vote on this pull request by adding a š reaction to the original pull request comment to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request
This PR is adding the possibility to have workspacesecrets per namespace if the TFCO is run to watch all namespaces (when there is --k8s-watch-namespace=<namespace> command line option specified). This allows to have multiple teams, where each team occupies one namespace, to have their own secrets that are passed to Terraform. This PR needs to be rebased once the PR #129 is merged to remove most of the changes in the CRD.
The secret is referenced in the Workspace using the spec.secretName:
...
spec:
secretName: mysecret
...
The secret referenced by with the spec.secretName must be located in the same namespace like the Workspace resource. Those secrets are merged with the workspace secret in the namespace where TFCO is installed and that is mounted into the container using the spec.secretsMountPath.
jtyr
commented
2 years ago
Community Note
This PR is adding the possibility to have
workspacesecretsper namespace if the TFCO is run to watch all namespaces (when there is--k8s-watch-namespace=<namespace>command line option specified). This allows to have multiple teams, where each team occupies one namespace, to have their own secrets that are passed to Terraform. This PR needs to be rebased once the PR #129 is merged to remove most of the changes in the CRD.The secret is referenced in the
Workspaceusing thespec.secretName:The secret referenced by with the
spec.secretNamemust be located in the same namespace like theWorkspaceresource. Those secrets are merged with the workspace secret in the namespace where TFCO is installed and that is mounted into the container using thespec.secretsMountPath.Release note for CHANGELOG: