Add support for separate Kubernetes cluster SecretStore #69
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
Comments
mcavoyk
added
the
kind/feature
mcavoyk
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the solution you'd like
Add SecretStore for secrets store in another cluster (namespace or cluster-wide).
Describe alternatives you've considered
Moving secrets to cloud provider secret and each each cluster having a SecretStore which has authentication to the cloud provider store.
Additional context
Our use-case is that due to network partition, one cluster has access to a secret backend, but other clusters do not. The cluster with network access to the secret backend is accessible to other clusters, so this could provide a link if needed to secrets from the other cluster.
May need more thought, some ideas around only accessing explicit
Secretswhich already exist, or whether relayingExternalSecretsis allowed (e.g. ExternalSecret in Cluster B creates new ExternalSecret in cluster A which which has access, secret is propogated to cluster B to be used by workloads)./kind feature
The text was updated successfully, but these errors were encountered: