Skip to content

Copying Secrets and Configmaps across Tenant Namespaces via TGI#

Bill is a cluster admin who wants to map a docker-pull-secret, present in a build namespace, in tenant namespaces where certain labels exists.

First, Bill creates a template:

apiVersion: tenantoperator.stakater.com/v1alpha1
kind: Template
metadata:
  name: docker-pull-secret
resources:
  resourceMappings:
    secrets:
      - name: docker-pull-secret
        namespace: build

Once the template has been created, Bill makes a TemplateGroupInstance referring to the Template he wants to deploy with MatchLabels:

apiVersion: tenantoperator.stakater.com/v1alpha1
kind: TemplateGroupInstance
metadata:
  name: docker-secret-group-instance
spec:
  template: docker-pull-secret
  selector:
    matchLabels:
      kind: build
  sync: true

Afterward, Bill can see that secrets has been successfully mapped in all matching namespaces.

kubectl get secret docker-pull-secret -n bluesky-anna-aurora-sandbox
NAME             STATE    AGE
docker-pull-secret    Active   3m

kubectl get secret docker-pull-secret -n alpha-dave-aurora-sandbox
NAME             STATE    AGE
docker-pull-secret    Active   3m

Mapping Resources within Tenant Namespaces via TI#

Anna is a tenant owner who wants to map a docker-pull-secret, present in bluseky-build namespace, to bluesky-anna-aurora-sandbox namespace.

First, Bill creates a template:

apiVersion: tenantoperator.stakater.com/v1alpha1
kind: Template
metadata:
  name: docker-pull-secret
resources:
  resourceMappings:
    secrets:
      - name: docker-pull-secret
        namespace: bluesky-build

Once the template has been created, Anna creates a TemplateInstance in bluesky-anna-aurora-sandbox namespace, referring to the Template.

apiVersion: tenantoperator.stakater.com/v1alpha1
kind: TemplateInstance
metadata:
  name: docker-secret-instance
  namespace: bluesky-anna-aurora-sandbox
spec:
  template: docker-pull-secret
  sync: true

Afterward, Bill can see that secrets has been successfully mapped in all matching namespaces.

kubectl get secret docker-pull-secret -n bluesky-anna-aurora-sandbox
NAME             STATE    AGE
docker-pull-secret    Active   3m