-
-
Notifications
You must be signed in to change notification settings - Fork 813
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PushSecret spec.template is not propagated with a Kubernetes cluster->cluster SecretStore #3443
Comments
What provider are you using? Using the kubernetes provider, |
I'm using the Kubernetes provider with External Secrets Operator v0.9.17. Given the following SecretStore apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: example-secretstore
spec:
provider:
kubernetes:
auth:
token:
bearerToken:
name: example-resource-name
key: token
remoteNamespace: argocd
server:
url: ".. api url .."
caProvider:
type: Secret
name: example-resource-name
key: ca.crt The following apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
name: ps-example
spec:
refreshInterval: 30m
secretStoreRefs:
- name: example-secretstore
kind: SecretStore
selector:
secret:
name: example-source-secret
template:
metadata:
labels:
app.kubernetes.io/part-of: argocd
data:
example-1: "test"
data:
- match:
secretKey: url
remoteRef:
remoteKey: example-remote-secret
property: url |
Does the |
@ron1 you can even do it - but then you need to address the generated template key (
|
I have the same issue, and neither |
Thanks for bumping this issue, i'll take a look at it. |
👋 Hello folks, i have a proposal in #3600, please take a look at the design, it should address all points raised in this issue. I'll leave the PR open for a couple of weeks to get feedback on the design. |
Do we have room for a simpler implementation than PR #3600 ? |
According to the documentation in https://external-secrets.io/v0.9.17/guides/pushsecrets/, PushSecret spec.template exists. However, nothing is copied with a Kubernetes cluster->cluster SecretStore.
External Secrets Operator v0.9.17
To Reproduce
Given the following PushSecret, only the attribute defined in
spec.data
is copied to the remote Secret.Nothing from
spec.template.metadata.labels
orspec.template.data
is copied to the remote Secret.I also tried what happens when
spec.data
is not present at all: then the remote Secret is not created at all even though PushSecret.status
showsmessage: PushSecret synced successfully
.Expected behavior
The
.spec.template
should be reflected to the remote Secret.Related
The text was updated successfully, but these errors were encountered: