Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Track source sercret for changes. #36

Open
zakkg3 opened this issue Apr 17, 2022 · 6 comments
Open

Track source sercret for changes. #36

zakkg3 opened this issue Apr 17, 2022 · 6 comments
Assignees
@zakkg3
Labels
enhancement New feature or request UnderDev

Comments

@zakkg3
Copy link
Owner

zakkg3 commented Apr 17, 2022

When using the source secret form another secret, we have to track for changes in the source and react to them.
for the use case at #35
@zakkg3 zakkg3 added the enhancement New feature or request label Apr 17, 2022
@zakkg3 zakkg3 added this to the 0.0.9 milestone Apr 17, 2022
@zakkg3 zakkg3 self-assigned this Apr 17, 2022
@sa-ChristianAnton
Copy link

+1
would love to see this implemented. I am wanting to use ClusterSecret to replicate secrets created by operators, containing CA certs, credentials (crunchydata pgo, strimzi kafka) or others to other namespaces where the actual applications accessing these reside. The source secrets might at some point change, and ClusterSecrets taking care of updating the secret on "the other side" would be awesome!

@MarkCupitt
Copy link

Voting for this as well, we are using secrets generated by the Zalando PostgreSQL Operator, which is in its own namespace, however, consumers of the database services live ion other namespaces.

The Zalando operator implements automatic secret rotation, hence the need to monitor and propagate changes

We will also be looking at a Hashicorp Vault integration via the External Secrets Manager Operator, in this use case, the Vault will rotate the secret and we need it have it propagate via ClusterSecret if wee can

@MarkCupitt
Copy link

IN case anyone else is interested, we intend to also use ClusterSecret with https://github.com/stakater/Reloader to trigger pod and deployment restarts on secret rotations

@cedvan
Copy link

cedvan commented Sep 22, 2022

Hi, news to this feature ?

I want use Cluster Secret but I use Sealed Secret, and so without watch source secret is not possible 😢 .

I am not python developer to help sorry

@izzm
Copy link

izzm commented May 9, 2023

IN case anyone else is interested, we intend to also use ClusterSecret with https://github.com/stakater/Reloader to trigger pod and deployment restarts on secret rotations

I tried do that way, but get a secret {sec_name} already exist in namesace message on restart and secret is not updated.

@zakkg3 zakkg3 modified the milestones: 0.0.9, 0.0.10 May 25, 2023
@zakkg3
Copy link
Owner Author

zakkg3 commented Sep 5, 2023

IN case anyone else is interested, we intend to also use ClusterSecret with https://github.com/stakater/Reloader to trigger pod and deployment restarts on secret rotations

I tried do that way, but get a secret {sec_name} already exist in namesace message on restart and secret is not updated.

this pr: #78 . introduces "REPLACE_EXISTING" var. When is set to true. all existing secrets will be replaced/updated.

@axel7083 axel7083 mentioned this issue Sep 12, 2023
Merged
8 tasks
@zakkg3 zakkg3 removed this from the 0.0.10 milestone Sep 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zakkg3 zakkg3

Labels
enhancement New feature or request UnderDev
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@izzm @cedvan @MarkCupitt @zakkg3 @sa-ChristianAnton