allow global specification of "secret keys" to be given to any KD cluster #534
Labels
Priority: Low
Project: Cluster Reconcile
beyond simple xlate of model to K8s spec
Project: KD Admin
post-deployment admin tasks & config
Type: Enhancement
Comments
joel-bluedata
added
Priority: High
Type: Enhancement
Project: Cluster Reconcile
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A particular cluster may have a piece of infrastructure used by all (or most) KD clusters that requires using an encrypted secret. The decryption key may not be known by the user deploying the KD cluster, or it may just be inconvenient to have to specify it for each KD cluster launch.
We should add a feature for the KD global config for specifying named secret-keys that will be populated into any launched KD cluster.
As a first cut we can prrovide this feature in a way that globally applies to any KD cluster. Future refinements/additions to the feature could include more granular targeting of secret keys such as per-namespace or per-apptype. We should think a little about how that would be represented just so that we don't design the global feature in a way that makes those future refinmenets awkward.
The text was updated successfully, but these errors were encountered: