Open skomp opened 2 years ago
This issue is now marked as stale because it hasn't seen activity for a while. Add a comment or it will be closed soon.
Closing this issue as it hasn't seen activity for a while. Please add a comment @mentioning a maintainer to reopen.
We don't currently set any namespace annotations for external secrets but should provide a sensible default.
Use Case
When adding a namespace, we should automatically add a namespace annotation for external secrets with a proper scope to a path in the AWS Secrets Manager.
Proposed Solution
Implement an admission controller that whenever a namespace is created, attaches an annotation for external secrets and also checks that no more external secrets annotations are added. For instance, when creating namespace
a
, an external secrets annotation to give access to secrets with the prefix/k8s/a/.*
as well as an annotation allowing for global secrets, e.g.,/k8s/global/.*
.Other
This might serve as an inspiration: https://aws.amazon.com/blogs/containers/building-serverless-admission-webhooks-for-kubernetes-with-aws-sam/
This is a :rocket: Feature Request