Skip to content
This repository has been archived by the owner on Feb 23, 2022. It is now read-only.

add option to replicate only to defined namespaces #9

Open
monotek opened this issue Mar 2, 2020 · 9 comments
Open

add option to replicate only to defined namespaces #9

monotek opened this issue Mar 2, 2020 · 9 comments
Assignees

Comments

@monotek
Copy link
Contributor

monotek commented Mar 2, 2020

currently only exclude is possible which means you need to know all namespaces you want to have excluded.

a new env var NAMESPACE_INCLUDE should be available.
default should be "all".

@kfox1111
Copy link

kfox1111 commented Mar 17, 2020

+1. Was going to ask the same thing.

I've been running clusters where I have a user namespace <project> and a supporting namespace we manage for the user <project>-admin. I'd like to sync secrets managed in the <project>-admin namespace (cert-manager generated/managed) into the <project> namespace. So I'd need a way to specify just the namespace I want it to go into.

@rpahli
Copy link
Collaborator

rpahli commented Mar 17, 2020

wolud it also be an option to add an annotation to a single secret with the list of namespaces? I'm currently thinking how to solve it and also be flexible.

@kfox1111
Copy link

That could be another option, but does run into problems with cert-manager specifically:
cert-manager/cert-manager#2576

@rpahli
Copy link
Collaborator

rpahli commented Mar 17, 2020

ok I will think about it. Thank's for your answer.

@rpahli rpahli mentioned this issue Mar 20, 2020
@monotek
Copy link
Contributor Author

monotek commented Jul 2, 2020

@rpahli Ping :)

@monotek
Copy link
Contributor Author

monotek commented Jul 28, 2020

@kfox1111
you maybe could use kubed (https://github.com/appscode/kubed) as a workaround

@kfox1111
Copy link

@monotek, no it won't work. See referenced issue above.

TL;DR
I want to place a Cert-Manager Certificate request in a namespace called -admin where we manage stuff on behalf of users. In there is an ingress-nginx running in there that watches namespace . In single namespace mode, ingress-nginx only watches for tls certificates in that namespace and cert-manager will only create certificate secrets in the same namespace as the certificate object. What this means, is I need a way of syncing a secret from one namespace to another. In addition, cert-manager doesn't support annotating/labeling secrets it creates. So Kubed wont work as it must have labels.

Secret-replicator will just about work, but only needs to sync from -admin to , not to every other namespace.

@kfox1111
Copy link

Looks like this may be implemented already?
cacb280

Is there a plan to cut a new release soon with this in place?

Thanks!
Kevin

@kfox1111
Copy link

Actually, I hit another snag. This only looks to be able to run across all namespaces. I'd be wanting to use it to watch one namespace and syncronize into a second namespace and have multiple instances of secret-replicator running in parallel looking at nonoverlapping namespaces.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants