Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature request] ResourceDistribution point at secret #1612

Open
kfox1111 opened this issue May 8, 2024 · 2 comments
Open

[feature request] ResourceDistribution point at secret #1612

kfox1111 opened this issue May 8, 2024 · 2 comments
Assignees
@FillZpp
Labels
kind/feature-request

Comments

@kfox1111
Copy link

kfox1111 commented May 8, 2024

What would you like to be added:

The ability for a ResourceDistribution to point at an existing secret to sync to other namespaces

Why is this needed:
Some tools such as cert-manager create the secret that needs to be synced to other namespaces. It can not easily be created in the ResourceDistribution object itself.
@furykerry
Copy link
Member

can you describe the use case in more detail ? what kind of secrets and why it should be sync to other namespaces? If ResourceDistribution can reference an existing secret, it will be a potential security problem. Kruise cannot tell whether the user has the privilege to read the existing secret, sync the secret to a namespace of an un-authorized user is dangerous.

@kfox1111
Copy link
Author

https://cert-manager.io/docs/devops-tips/syncing-secrets-across-namespaces/ has the use case and a list of other tools doing the same thing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@FillZpp FillZpp

Labels
kind/feature-request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@furykerry @kfox1111 @FillZpp