We have some process which create some artifices in specific namespace in k8s, one of the artifacts is a secret which is created in this namespace (e.g. ns1). The problem is that this secret needs to be used also from different namespace (apps in ns1 and ns2 needs to use it ) , which option do I have in this case? Should I copy the secret to ns2 (not sure if this is right option from security perspective ), is there a good pattern/direction/tool which can help for such case ?
i would suggest the checking out : https://github.com/zakkg3/ClusterSecret
Cluster secret automate the process the cloning the secrets across the namespaces.
when you need a secret in more than one namespace. you have to:
1- Get the secret from the origin namespace.
2- Edit the the secret with the new namespace.
3- Re-create the new secret in the new namespace.
This could be done with one command:
kubectl get secret <secret-name> -n <source-namespace> -o yaml \
| sed s/"namespace: <source-namespace>"/"namespace: <destination-namespace>"/\
| kubectl apply -n <destination-namespace> -f -
Clustersecrets automates this. It keep track of any modification in your secret and it will also react to new namespaces.