Bug 1385234 - RFE - Allow for global secrets in the 'openshift' project
Summary: RFE - Allow for global secrets in the 'openshift' project
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE
Version: 3.3.0
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: ---
: ---
Assignee: Derek Carr
QA Contact: Johnny Liu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-15 13:49 UTC by Nicholas Schuetz
Modified: 2022-03-24 13:50 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-03-12 13:54:36 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Nicholas Schuetz 2016-10-15 13:49:08 UTC 
Description of problem:
Allow secrets that are added to the 'openshift' project/namespace to be used in all projects.  Much in the same way that any template published in this namespace permeates down to all other projects.  This could be very useful when corps want to add a 'default' SSH key/secret for 'public' git projects that still require a valid internal user to authenticate.  This request comes from an FSI customer.

How reproducible:
create an SSH secret in -n openshift and then attempt a build in another project referencing that secret.  The build fails because the secret is not known to that project

-Nick
Comment 3 Eric Rich 2018-03-12 13:54:36 UTC 
This bug has been identified as a dated (created more than 3 months ago) bug. 
This bug has been triaged (has a trello card linked to it), or reviewed by Engineering/PM and has been put into the product backlog, 
however this bug has not been slated for a currently planned release (3.9, 3.10 or 3.11), which cover our releases for the rest of the calendar year. 

As a result of this bugs age, state on the current roadmap and PM Score (being below 70), this bug is being Closed - Differed, 
as it is currently not part of the products immediate priorities.

Please see: https://docs.google.com/document/d/1zdqF4rB3ea8GmVIZ7qWCVYUaQ7-EexUrQEF0MTwdDkw/edit for more details.
Comment 4 Darko Ostricki 2021-10-21 11:22:35 UTC 
We would be also very interested to have something like that .... can you tell if/in which release we can expect that this will be made available?
Comment 5 Vladislav Walek 2022-03-23 23:12:52 UTC 
(In reply to Darko Ostricki from comment #4)
> We would be also very interested to have something like that .... can you
> tell if/in which release we can expect that this will be made available?

Hello Darko,

per the comments above, the feature was dropped so it won't be available in any version.
Comment 6 Simon Reber 2022-03-24 13:05:04 UTC 
(In reply to Vladislav Walek from comment #5)
> (In reply to Darko Ostricki from comment #4)
> > We would be also very interested to have something like that .... can you
> > tell if/in which release we can expect that this will be made available?
> 
> Hello Darko,
> 
> per the comments above, the feature was dropped so it won't be available in
> any version.
The OpenShift Shared Resource CSI Driver introduced as Tech Preview in Openshift Container Platform 4.10 is potentially going into this direction and might provide the functionality you are looking for.

 - https://github.com/openshift/csi-driver-shared-resource
 - https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html#ocp-4-10-technology-preview
Comment 7 Darko Ostricki 2022-03-24 13:50:59 UTC 
@Simon Reber
Thx for making me aware of that ... indeed it looks exactly like what we were looking for. 
So all we need is a bit patience. 
thx
Note You need to log in before you can comment on or make changes to this bug.