Clone Secrets with Rancher 2.6

Before Rancher 2.6, you could create a ("project-unbound") secret in the All namespace. Rancher made those secrets available to all projects and namespaces.

This feature was deprecated deprecated with Rancher 2.6 for a good reason, as it breaks recommended namespace isolation.

To achieve this same goal:

  1. Copy the secrets using the Rancher UI:

  2. Then clone the desired secret and into the target namespace (ie. namespace uat).

    clonesecret 1blur

    clonesecret 2blur

values.yml

This is good to know when needed in the values.yml file under the useExistingSecret field as it will provide the activation key secret for the target environment.

...
magnoliaAuthor:
  replicas: 1
  restartPolicy: Always
  redeploy: true
  contextPath: /author
  webarchive:
    repository: {{ .Env.CI_REGISTRY_IMAGE }}/magnolia-webapp
    tag: "{{ .Env.GIT_TAG | quote }}"
  bootstrap:
    password: "<password>"
  activation:
    useExistingSecret: True (1)
    secret:
      name: activation-key
      key: activation-secret
...
magnoliaPublic:
  replicas: 2
  restartPolicy: Always
  contextPath: /
  webarchive:
    repository: {{ .Env.CI_REGISTRY_IMAGE }}/magnolia-webapp
    tag: "{{ .Env.GIT_TAG | quote }}"
  bootstrap:
    password: "<password>"
  activation:
    useExistingSecret: True (1)
    secret:
      name: activation-key
      key: activation-secret
...
1 The activation key is handled by the bootstrapper container. This keeps magnoliaAuthor and magnoliaPublic in sync.
Feedback

PaaS

×

Location

This widget lets you know where you are on the docs site.

You are currently perusing through the Magnolia PaaS docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules