Closed kfox1111 closed 2 weeks ago
furykerry
commented
4 months ago can you describe the use case in more detail ? what kind of secrets and why it should be sync to other namespaces? If ResourceDistribution can reference an existing secret, it will be a potential security problem. Kruise cannot tell whether the user has the privilege to read the existing secret, sync the secret to a namespace of an un-authorized user is dangerous.
kfox1111
commented
3 months ago https://cert-manager.io/docs/devops-tips/syncing-secrets-across-namespaces/ has the use case and a list of other tools doing the same thing.
stale[bot]
commented
3 weeks ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
kfox1111
commented
2 weeks ago Still an issue
What would you like to be added:
The ability for a ResourceDistribution to point at an existing secret to sync to other namespaces
Why is this needed: Some tools such as cert-manager create the secret that needs to be synced to other namespaces. It can not easily be created in the ResourceDistribution object itself.