Open monotek opened 4 years ago
kfox1111
commented
4 years ago +1. Was going to ask the same thing.
I've been running clusters where I have a user namespace <project> and a supporting namespace we manage for the user <project>-admin. I'd like to sync secrets managed in the <project>-admin namespace (cert-manager generated/managed) into the <project> namespace. So I'd need a way to specify just the namespace I want it to go into.
rpahli
commented
4 years ago wolud it also be an option to add an annotation to a single secret with the list of namespaces? I'm currently thinking how to solve it and also be flexible.
kfox1111
commented
4 years ago That could be another option, but does run into problems with cert-manager specifically: https://github.com/jetstack/cert-manager/issues/2576
rpahli
commented
4 years ago ok I will think about it. Thank's for your answer.
monotek
commented
4 years ago @rpahli Ping :)
monotek
commented
4 years ago @kfox1111 you maybe could use kubed (https://github.com/appscode/kubed) as a workaround
kfox1111
commented
4 years ago @monotek, no it won't work. See referenced issue above.
TL;DR
I want to place a Cert-Manager Certificate request in a namespace called
Secret-replicator will just about work, but only needs to sync from
kfox1111
commented
4 years ago Looks like this may be implemented already? https://github.com/kiwigrid/secret-replicator/commit/cacb280b725192249dfb9881a665307905c580cf
Is there a plan to cut a new release soon with this in place?
Thanks! Kevin
kfox1111
commented
4 years ago Actually, I hit another snag. This only looks to be able to run across all namespaces. I'd be wanting to use it to watch one namespace and syncronize into a second namespace and have multiple instances of secret-replicator running in parallel looking at nonoverlapping namespaces.
currently only exclude is possible which means you need to know all namespaces you want to have excluded.
a new env var NAMESPACE_INCLUDE should be available. default should be "all".