Skip to content

Prevent double secret cloning from helmSecretName and downstreamResources #5364

Description

@p-se

In case of AppCo charts, the credentials are used for both, fetching the charts and pulling the images. In that case, helmSecretName and downstreamResources of HelmOp point to the same secret and Fleet clones both twice to the cluster namespace on the upstream cluster. That should be prevented. If the secret in helmSecretName is also in downstreamResources, the mechanism for cloning helmSecretName should be skipped. This also preserves backward compatibility with helmSecretName and allows users to be explicit about when helmSecretName should also be copied to downstream clusters.

Should only be implemented after #5262 so that the copy of resources to downstream clusters can also be refused if Fleet doesn't own the downstream resource.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    🆕 New

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions