Compare commits

...
Sign in to create a new pull request.

1 commit

Author SHA1 Message Date
IvanHunters
fdbb6fdfd7
fix(harbor): mark credentials Secret with user-secret label
The Helm-managed harbor-{name}-credentials Secret was not visible
through the TenantSecrets API because the lineage webhook compared the
real Secret name against the rendered template "{{ .name }}-credentials"
(which becomes "{name}-credentials" without the "harbor-" HelmRelease
prefix), failed to match, and labelled the Secret as
internal.cozystack.io/tenantresource=false.

Adopt the same pattern Bucket and RabbitMQ already use: stamp the
user-facing Secret with apps.cozystack.io/user-secret=true and add a
matchLabels rule alongside the existing resourceNames entry in the
ApplicationDefinition. The webhook now matches via labels instead of
relying on Secret-name templating, so the Secret is properly marked
tenantresource=true and surfaces in tenant-aware clients.

Signed-off-by: IvanHunters <ivan.okhotnikov@aenix.io>
2026-04-29 20:47:09 +03:00
2 changed files with 4 additions and 0 deletions

View file

@ -27,6 +27,8 @@ apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-credentials
labels:
apps.cozystack.io/user-secret: "true"
stringData:
admin-password: {{ $adminPassword | quote }}
redis-password: {{ $redisPassword | quote }}

View file

@ -33,6 +33,8 @@ spec:
include:
- resourceNames:
- "{{ .name }}-credentials"
- matchLabels:
apps.cozystack.io/user-secret: "true"
services:
exclude: []
include: