Add Admission Controller to enforce Namespace Annotations for External Secrets #388
Open
1 of 2 tasks
Labels
Comments
|
This issue is now marked as stale because it hasn't seen activity for a while. Add a comment or it will be closed soon. |
|
Closing this issue as it hasn't seen activity for a while. Please add a comment @mentioning a maintainer to reopen. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We don't currently set any namespace annotations for external secrets but should provide a sensible default.
Use Case
When adding a namespace, we should automatically add a namespace annotation for external secrets with a proper scope to a path in the AWS Secrets Manager.
Proposed Solution
Implement an admission controller that whenever a namespace is created, attaches an annotation for external secrets and also checks that no more external secrets annotations are added. For instance, when creating namespace
a, an external secrets annotation to give access to secrets with the prefix/k8s/a/.*as well as an annotation allowing for global secrets, e.g.,/k8s/global/.*.Other
This might serve as an inspiration: https://aws.amazon.com/blogs/containers/building-serverless-admission-webhooks-for-kubernetes-with-aws-sam/
This is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: