create secret in a different namespace

Options
parksidemx
parksidemx
Community Member
in Secrets Automation

When use 1password k8s connector and operator running in namespaceA, how do I map onepassworditem to secret in namespaceB in the same cluster.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:No 1Password Annotations found

Comments

  • James_1P
    James_1P
    Options

    Hi!

    There are two requirements to have the operator running in one namespace but creating secrets in another namespace.

    First the operator needs to be configured to watch both namespaceA and namespaceB. If you deployed the operator with helm this can be done by providing a custom list to the operator.watchNamespace variable (more details). If you deployed the operator directly you can see the configuration docs for details on setting the WATCH_NAMESPACE variable.

    Once the operator is watching namespaceA and namespaceB you can create a secret in namespaceB by setting metadata.namespace on the OnePasswordItem CRD, or by annotating a deployment or pod in namespaceB with the operator.1password.io/item-path annotation.

  • parksidemx
    parksidemx
    Community Member
    Options

    For operator.watchNamespace do I add value as "ns1, ns2", or "[ns1, ns2]"? Thx!

  • James_1P
    James_1P
    Options

    For operator.watchNamespace it is expecting an array so I beleive it is the latter, "[ns1, ns2]"

    You can also use a values.yaml file to store the configuration in a file with formatting like

    operator:
    watchNamespace:
        - ns1
        - ns2

    and then reference that file in your helm install command with -f values.yaml

This discussion has been closed.