Comments (8)
I wouldn't expect it to try create a secret in the same namespace as the seed.
I would expect to create a secret with a given name and then have that replicated to all new namespaces.
from registry-creds.
Why do you want that behaviour?
from registry-creds.
To keep the secrets' names consistent across namespaces.
Let me turn around the question: what is the technical reason to add registrycreds
suffix to each secret ?
from registry-creds.
I'm open to hearing why this is necessary.
Can you fill out the whole issue template this time?
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe all possible solutions, and which you suggest**
A clear and concise description of what you want to happen.
**Describe alternatives and workarounds that you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.
from registry-creds.
I agree here with @przemolb we have a secret called harbor-image-pull-secret
and then the secret that appears in each namespace is harbor-image-pull-secret-creds
.
I had to end up explaining to the development team why they should be using harbor-image-pull-secret-creds
as they found it misleading.
I think the easiest way to do this is for registry-creds
to simply bootstrap the other namespaces with the same secret name as the CRD references for consistency.
from registry-creds.
@swade1987 without a prefix, you could not have the image pull secret in the same namespace as the seed.
So let's say you had a seed called registry-creds in default
. How are you going to then have the controller manage that namespace? It cannot create the managed secret because it would already exist, in an unmanaged state. I'm open to suggestions.
from registry-creds.
Came here for this exact issue.
When thinking of replicating a secret across namespaces what comes to mind is copy the source everywhere else as is.
In a greenfield environment it would be totally fine to have an enforced suffix, but when you are trying to substitute a brute force (read copy it over on ci or whatever to a new ns) instead, then you can't have that suffix. Having the enforced suffix in this case would require updating a couple hundred manifests to use the different secret name instead of just replacing the old one.
from registry-creds.
/lock: inactive, raise your own issue as a GitHub Sponsor
from registry-creds.
Related Issues (20)
- create a ServiceAccount after the CRD applied the ServiceAccount is not updating by the operator HOT 3
- OOM with Default memory settings from manifest HOT 2
- RBAC permissions wider than needed HOT 12
- readme says uses $username but export cant change it HOT 1
- Add version and commit SHA to the binary HOT 3
- Operator does not react when a new ServiceAccount is created HOT 13
- Propose to work on feature - Propagate alterations/updates to the primary ClusterPullSecret HOT 4
- Support installation with helm HOT 8
- Exclude namespace(s) in configuration instead of annotations HOT 4
- registry-creds issues under kubernetes 1.20 HOT 2
- Remove any prefix/suffix from secret created across namespaces HOT 2
- Cannot run registry-creds with OOTB manifest - fails with `error initially creating leader election record` HOT 6
- If you use this software at work, become a sponsor.
- Image tags become unavailable HOT 1
- k8s 1.26 Support HOT 7
- MIssing permission on Role to get leases HOT 3
- unable to load in-cluster config
- CVE Remediation change HOT 2
- Remove pull secret reference from ServiceAccounts upon ClusterPullSecret deletion HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from registry-creds.