SecretSync Enterprise

It provides semantics to sync Kuberentes Secrets from management cluster to leaf clusters.

apiVersion: capi.weave.works/v1alpha1
kind: SecretSync
metadata:
  name: my-dev-secret-syncer
  namespace: default
spec:
  clusterSelector:
    matchLabels:
      environment: dev
  secretRef:
    name: my-dev-secret
  targetNamespace: my-namespace

Specification

The documentation for the api version capi.weave.works/v1alpha1

type SecretSync struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              SecretSyncSpec   `json:"spec,omitempty"`
	Status            SecretSyncStatus `json:"status,omitempty"`
}

// SecretSyncSpec
type SecretSyncSpec struct {
	// Label selector for Clusters. The Clusters that are
	// selected by this will be the ones affected by this SecretSync.
	// It must match the Cluster labels. This field is immutable.
	// Label selector cannot be empty.
	ClusterSelector metav1.LabelSelector `json:"clusterSelector"`
	// SecretRef specifies the Secret to be bootstrapped to the matched clusters
	// Secret must be in the same namespace of the SecretSync object
	SecretRef v1.LocalObjectReference `json:"secretRef"`
	// TargetNamespace specifies the namespace which the secret should be bootstrapped in
	// The default value is the namespace of the referenced secret
	//+optional
	TargetNamespace string `json:"targetNamespace,omitempty"`
}

// SecretSyncStatus secretsync object status
type SecretSyncStatus struct {
	// SecretVersions a map contains the ResourceVersion of the secret of each cluster
	// Cluster name is the key and secret's ResourceVersion is the value
	SecretVersions map[string]string `json:"versions"`
}