Allow to disable secret overwrite. Use annotation to protect original values of existing secret in target namespace

Question

Allow to disable secret overwrite. Use annotation to protect original values of existing secret in target namespace

francardoso93 opened this issue a year ago · 1 comments

My team is using kubernetes-replicator in the Initium project to do a push based secret replication. We're facing issues to avoid that existing secrets get overwritten. That's what happens: When the source secret has the same name of an existing secret in target, the target one gets replaced. Source is always the source of true.
I understand that to be the default behavior, but I'd like to propose to make this configurable, as it's currently a blocker for us.

Suggested solution:
Replicator checks an annotation at target secret, that can disable the default behavior. Then, it doesn't replicate values from source to that specific annotated secret.
eg: replicator.v1.mittwald.de/protect-from-overwrite: true

We're available to collaborate by doing this implementation if you agree.

Answer 1 · 2023-11-09T19:07:32.000Z

cc @LucaLanziani