Re-evaluate naming of secrets
Closed this issue · 3 comments
I'm not sure whether secrets should be named after the domain that they belong to or the service that requested them.
For example, a service "admin" exists in different environments (admin.test.foo.com
and admin.prod.foo.com
). The service admin-external
requests the certificates.
This currently generates secrets named admin-test-foo-com-tls
and admin-prod-foo-com-tls
. This means that a webserver Deployment
resource configuration is different between the environments.
Is that sensible? Is it possible to retrieve volume names from a ConfigMap
? (i.e. having a ConfigMap
per environment that maps these, therefore still having sensible secret names and having resource reusability).
Last thought before sleeping: The annotations on services also differ between environments, so this is only one bit of the problem.