Uploaded image for project: 'OpenShift Pipelines'
  1. OpenShift Pipelines
  2. SRVKP-5873

[Downstream CI] R&D secrets sharing across namespaces

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • QA
    • None
    • 3
    • False
    • None
    • False

      Story (Required)

      As a CI cluster maintainer I want to lower maintenance burden as much as possible.

      Background (Required)

      1. When a new person joins team, we create a new private namespace for them using this script https://gitlab.cee.redhat.com/tekton/plumbing/-/blob/master/config/create-dev-namespace.sh?ref_type=heads. This must be done by cluster admin because the script needs access to the encrypted secrets
      2. When some secret is rotated/refreshed, we usually only update the secret in namespace pipelines-ci so pipelines ran in different namespaces might fail later and it's not immediately clear why they failed.

      Approach (Required)

      Research if SharedSecrets would help to solve these problems and assess how much work it would be to implement it on CI cluster.

      https://developers.redhat.com/articles/2024/04/26/how-share-secrets-across-red-hat-openshift-projects#

            Unassigned Unassigned
            ppitonak Pavol Pitoňák
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: