This repository has been archived by the owner on Jul 26, 2022. It is now read-only.
Multitenancy: Allow to watch ExternalSecrets using annotation #549
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello,
This PR is 2 of 2 PRs to address support for multitenancy. The first PR is #548
This PR adds a new option that allows to scope KES access by ExternalSecrets using annotation.
i.e. each ExternalSecret can tell which KES is responsible to manage that ExternalSecret.
This feature doesn't fix any security concerns like #548, but in combination with #548 it allows to have namespace scoped KES and global KES at the same time. So if there are 2 KES, there is no need to set namespaces for both of them as described in the other PR.
The feature implementation is done, and also the unit test. I just need to update the docs.