This feature is available in Enterprise Edition only. It might significantly change in the future. Currently, it's not intended to be used without special assistance from Flant.

This module copies secrets to all namespaces.

It facilitates the copying of secrets required to pull images and to provision Ceph’s RBDs as part of the CI process.

How does it work?

This module monitors the secrets (with the secret-copier.deckhouse.io/enabled: "" label) in the default namespace for changes.

  • The module copies such a secret to all namespaces after it is created;
  • When a secret is changed, its new contents are also propagated to all namespaces;
  • When a secret gets deleted, its copies are deleted from all namespaces;
  • The module restores the original content of a copy of a secret in the application namespace if it gets modified;
  • The module copies all the secrets (that have the secret-copier.deckhouse.io/enabled: "" label) of the default namespace to any newly created namespace;

Also, it synchronizes the secrets every night and makes sure they are identical to those in the default namespace.

What do I need to configure?

All you need to do is to create a secret with the secret-copier.deckhouse.io/enabled: "" label in the default namespace.