Create a ClusterSecretStore for RHEL #9636
Conversation
🤖 Gemini AI Assistant AvailableHi @hugares! I'm here to help with your pull request. You can interact with me using the following commands: Available Commands
How to Use
PermissionsOnly OWNER, MEMBER, or COLLABORATOR users can trigger my responses. This ensures secure and appropriate usage. This message was automatically added to help you get started with the Gemini AI assistant. Feel free to delete this comment if you don't need assistance. |
|
🤖 Hi @hugares, I've received your request, and I'm working on it now! You can track my progress in the logs for more details. |
| data: {} | ||
|
|
There was a problem hiding this comment.
we should probably get rid of this field, argo might get upset when the data field gets populated
| metadata: | ||
| name: rhel-appsre-vault-approle | ||
| annotations: | ||
| argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true |
There was a problem hiding this comment.
Since this seems to be a common annotation to all resources, should this get applied as an annotation in the kustomization.yaml manifest?
|
/hold unhold when ready to merge |
RHEL needs to extract secrets from same vault in more than one namespace. Create a cluster level store for them since user can only create namespace stores. This is similar to what we did for Insights. Since this store is on internal cluster, configure to extract directly from internal vault. To do so, inject the trusted-ca into the appsre-vault namespace and get the approle secret from our own vault. KFLUXINFRA-2706 Signed-off-by: Hugo Ares <[email protected]>
hugares
force-pushed
the
hares-rhel--css
branch
from
b728eaf to
6da085b
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: enkeefe00, hugares, jpopelka, mshaposhnik, sadlerap The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
5 participants
RHEL needs to extract secrets from same vault in more than one namespace. Create a cluster level store for them since user can only create namespace stores. This is similar to what we did for Insights.
Since this store is on internal cluster, configure to extract directly from internal vault. To do so, inject the trusted-ca into the appsre-vault namespace and get the approle secret from our own vault.
KFLUXINFRA-2706