Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Immutable ClusterSecrets #12

Open
sftim opened this issue Sep 3, 2020 · 2 comments
Open

Immutable ClusterSecrets #12

sftim opened this issue Sep 3, 2020 · 2 comments
Labels
enhancement New feature or request

Comments

@sftim
Copy link

sftim commented Sep 3, 2020

Support ClusterSecrets that create immutable Secrets.

This might require extra CustomResourceDefinition support for controlling field-level mutability; I haven't checked.
@zakkg3 zakkg3 added the enhancement New feature or request label Sep 6, 2020
@zakkg3
Copy link
Owner

zakkg3 commented Sep 6, 2020

This is not so far on the roadmap. But I'll leave the issue open to count upvotes. If its widely requested, we can discuss how to implement this :)

@zakkg3 zakkg3 added the wontfix This will not be worked on label Sep 10, 2020
@rustysys-dev
Copy link

Support ClusterSecrets that create immutable Secrets.

This might require extra CustomResourceDefinition support for controlling field-level mutability; I haven't checked.

I find this to be an interesting proposal but I would like to clarify the scope of this. Some topics that may be in-scope of this proposal.

  • all data fields of the ClusterSecrets can blanket set to immutable.
  • all data fields of the ClusterSecrets can be individually set to immutable.
  • matchNamespace and avoidNamespace fields are not immutable on ClusterSecrets with immutable data fields.
  • matchNamespace and avoidNamespace fields are immutable on ClusterSecrets with immutable data fields.
  • matchNamespace and avoidNamespace fields need to be explicitly set as immutable on ClusterSecrets.
  • secrets created by ClusterSecrets via the operator, if changed directly by someone will be corrected/reverted.

As I said, interesting proposal, I would love to hear any thoughts about the above points.

@zakkg3 zakkg3 removed the wontfix This will not be worked on label Nov 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sftim @zakkg3 @rustysys-dev