Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove code setting name/namespace overriding secret templates #1547

Closed
wants to merge 1 commit into from

Conversation

tarikdem
Copy link

Description of the change

Currently, when specifying a template in a SealedSecret resource, metadata.name and metadata.namespace are ignored and the name and namespace from the source metadata is applied.

Benefits

Possibility to override the name and namespace of the generated Secret resource.

Possible drawbacks

The code that's overriding metadata.name and metadata.namespace is added before the templating functionality so I might be missing potential implications of this change. One thing that might be impactful is the fact that overriding the namespace might enable somebody to apply a secret to a namespace they don't have access to. If that is the case, the CRD should be updated to remove the namespace field from spec.template.metadata altogether.

Applicable issues

Additional information

Signed-off-by: Tarik Demirovic <demirovict@gmail.com>
@tarikdem
Copy link
Author

Closing this as I found the answer in the docs:

Note the SealedSecret and Secret must have the same namespace and name. This is a feature to prevent other users on the same cluster from re-using your sealed secrets. See the Scopes section for more info.

@tarikdem tarikdem closed this Jun 13, 2024
@tarikdem tarikdem deleted the templating-fix branch June 13, 2024 13:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

template.metadata.name ignored in sealed secret
1 participant