I was working on a client who prefer to use azure flex volume to retrieve secret from Azure Key Vault. And they only want to setup SPN links to the secret in the namespace.
So I was working on a solution try to link everything together. The first problem I was facing is the kvcred secret needs to be present in all the namespaces need the access to AKV (literally all namespaces other than the ones that don’t use AKV) In this case, I keep the infrastructure stuff separate from the application secret. So I only keep two namespace – kube-system and istio-system away from getting a secret by default.
OK, here the problem comes in. How to get the secret copy across from one namespace to another namespace? We use helm to manage our namespace creation. And in this case, I just need a script that copy the secret from the source namespace to the destination namespace. Problem Solved.
So I created a deployment.yaml in my namespace helm chart, and then make it run the copy-secret image to copy the secret from source namespace to destination namespace.
I’ve done the work, I will create a github repo to put the code in. The link will be update here soon.
