-
Feature
-
Resolution: Unresolved
-
Major
-
None
-
None
-
False
-
-
False
-
-
Goals
As a DevOps engineer, I need to synchronize the secrets required for pipeline execution to the designated spoke clusters, so that any scheduled PipelineRun has the necessary credentials to access resources and run successfully.
Requirements
| Requirements | Notes | IS MVP |
| Clusters in the fleet can either hub and/or spoke | Yes | |
| Spoke will get synchronized with the secrets needed for PipelineRun | Yes | |
| System required secrets, like SCM tokens for Pac, will be populated from Hub | Yes | |
| User-defined secrets can be synchronized from a external secret store through ESO | No |
Out of scope
- WebConsole dedicated UX for secret management
- Support of non-OpenShift clusters
Dependencies
- Use Kueue APis for job queueing
- Use ESO to integrate with external secret stores, such as Hashicorp Vault.
Assumptions
- The User has two or more OpenShift clusters
- OpenShift Pipelines and Kueue installed in every cluster
- ESO for secrets enabled in the Spoke clusters
Done Checklist
- Requirements are met
- Non-functional properties of the Feature have been validated (such as performance, resource, UX, security or privacy aspects)
- User Journey automation is delivered
- Support and SRE teams are provided with enough skills to support the feature in production environment
- informs
-
SRVKP-8959 productize secret-syncer
-
- To Do
-
-
-
- To Do
-
-
-
- To Do
-