[feature request] ResourceDistribution point at secret

Question

[feature request] ResourceDistribution point at secret

kfox1111 opened this issue 3 months ago · comments

What would you like to be added:

The ability for a ResourceDistribution to point at an existing secret to sync to other namespaces

Why is this needed:
Some tools such as cert-manager create the secret that needs to be synced to other namespaces. It can not easily be created in the ResourceDistribution object itself.

Zhen Zhang · Answer 1 · Thu May 09 2024 13:20:46 GMT+0800 (China Standard Time)

can you describe the use case in more detail ? what kind of secrets and why it should be sync to other namespaces? If ResourceDistribution can reference an existing secret, it will be a potential security problem. Kruise cannot tell whether the user has the privilege to read the existing secret, sync the secret to a namespace of an un-authorized user is dangerous.

kfox1111 · Answer 2 · Sun May 12 2024 04:12:27 GMT+0800 (China Standard Time)

https://cert-manager.io/docs/devops-tips/syncing-secrets-across-namespaces/ has the use case and a list of other tools doing the same thing.

stale · Answer 3 · Tue Aug 13 2024 06:39:03 GMT+0800 (China Standard Time)

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

kfox1111 · Answer 4 · Thu Aug 22 2024 21:50:18 GMT+0800 (China Standard Time)

Still an issue