External Data cabundle should be referenceable from a secret 

The provider CRD expects the cabundle to be a [pem base64 encoded string](https://github.com/open-policy-agent/frameworks/blob/96753a21c26fe5d719dd8a9bd51435850c711a93/constraint/config/crds/externaldata.gatekeeper.sh_providers.yaml#L41C19-L41C19). Unfortunately, this doesn't work well for using tools like cert manager or vault to manage certs for us. 

We should allow the provider CRD to reference Kubernetes secrets and can instruct the controller to load them at runtime. The pattern is followed by other tools like [crossplane](https://github.com/crossplane-contrib/provider-kubernetes/blob/aa66b295e22b0a7b5956cb2c93e4b863bc20b880/package/crossplane.yaml#L16) (specifically [here](https://github.com/crossplane/crossplane-runtime/blob/8e87b2c47ee705f88b1224bff7b3eb8d1a071760/pkg/resource/providerconfig.go#L78)) and even built in the [ingress CRD](https://github.com/kubernetes/kubernetes/blob/98358b8ce11b0c1878ae7aa1482668cb7a0b0e23/pkg/apis/networking/types.go#L390). 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

External Data cabundle should be referenceable from a secret #345

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

External Data cabundle should be referenceable from a secret #345

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions