henderiw
commented
1 month ago There are different elements to consider here.
- input in the config CR. Here we will create a reference to a secret which will be used to substitute the data with the information from the secret before sending the data down to the data-server
- information coming back from running config. We will add some fields in the schema CR to indicate the sensitive paths such that the yang model remains untouched.
- information in the deviations should also be hidden based on the paths configured in 2.
Provide an ability to store a config but mask the sensitive data and leverage secrets in Kubernetes to retrieve the data and substitute the values once deployed to the cluster