Closed Mrkazik99 closed 2 months ago
Mrkazik99
commented
2 months ago I think that this way will be enough for now since we do not have a separation on helm provided secrets (all secrets provided are accessible for all components). I will refactor secrets providing once I'll be working on that. And also we will need to create RBACs for clusters that are configured to revoking access for secrets by default, but this will be done soon also
dsonck92
commented
2 months ago I think that this way will be enough for now since we do not have a separation on helm provided secrets (all secrets provided are accessible for all components). I will refactor secrets providing once I'll be working on that. And also we will need to create RBACs for clusters that are configured to revoking access for secrets by default, but this will be done soon also
yeah, this must be done eventually, because the current system doesn't work for my cluster. Too much config duplication.
This is good, but do we want to specify service specific credentials, or do we want to split it by concept. Or in other words, do we want to do it the way it is currently done, or do we want to change it to something like:
storage.existingSecrets(for S3),mail.existingSecrets(for SMTP),database.existingSecrets, etc.