This module copies Secrets to all namespaces.
It facilitates the copying of Secrets required to pull images and to provision Ceph’s RBDs as part of the CI process.
How does it work?
This module monitors the Secrets (with the secret-copier.deckhouse.io/enabled: ""
label) in the default
namespace for changes.
- The module copies such a Secret to all namespaces after it is created.
- When a Secret is changed, its new contents are also propagated to all namespaces.
- When a Secret is deleted, its copies are deleted from all namespaces.
- The module restores the original content of a copy of a Secret in the application namespace if it gets modified.
- The module copies all the Secrets (that have the
secret-copier.deckhouse.io/enabled: ""
label) of thedefault
namespace to any newly created namespace.
Additionally, it synchronizes the Secrets every night, ensuring they are identical to those in the default
namespace.
What do I need to configure?
All you need to do is to create a Secret with the secret-copier.deckhouse.io/enabled: ""
label in the default
namespace.
Note! The working namespace for the module is
default
, Secrets will be copied only from it. Secrets with the secret-copier.deckhouse.io/enabled: “” label created in other namespaces will be automatically deleted when the module is enabled.
How to synchronize Secret to some selected namespaces instead of all namespaces?
Specify namespace label-selector in the value of the secret-copier.deckhouse.io/target-namespace-selector
annotation. For example: secret-copier.deckhouse.io/target-namespace-selector: "app=custom"
. The module will create a copy of that Secret in all namespaces that matches the label-selector.