@@ -172,12 +172,31 @@ func main() {
172172 }
173173 catalogClient := catalogclient .New (cl , cache .NewFilesystemCache (catalogsCachePath , httpClient ))
174174
175+ // We use the systemNamespaceMapper to globally use the system namespace for storing release secrets.
176+ // This ensures that we do not leak implementation details into user namespaces.
177+ //
178+ // NOTE: When we add support for use of service accounts, we will use this controller's service account
179+ // to manage the release secrets. That way, we won't leak our implementation's RBAC requirements
180+ // to users either.
181+ systemNamespaceMapper := helmclient .ObjectToStringMapper (func (obj client.Object ) (string , error ) {
182+ return systemNamespace , nil
183+ })
175184 installNamespaceMapper := helmclient .ObjectToStringMapper (func (obj client.Object ) (string , error ) {
176185 ext := obj .(* ocv1alpha1.ClusterExtension )
177186 return ext .Spec .InstallNamespace , nil
178187 })
179188 cfgGetter , err := helmclient .NewActionConfigGetter (mgr .GetConfig (), mgr .GetRESTMapper (),
180- helmclient .StorageNamespaceMapper (installNamespaceMapper ),
189+ // We use a custom storage driver for two reasons:
190+ // 1. We need to chunk secrets to avoid hitting etcd limits on the size of a single object.
191+ // 2. We need to avoid using the same storage driver as the Helm CLI to avoid conflicts and
192+ // accidental inheritance of behavior (e.g. adoption of a Helm CLI-created release by
193+ // operator-controller)
194+ helmclient .StorageDriverMapper (helmclient .ChunkedSecretsStorageDriver (
195+ "operator-controller" ,
196+ 1048576 , // Use 1MB chunks
197+ helmclient.SecretsStorageDriverOpts {
198+ StorageNamespaceMapper : systemNamespaceMapper ,
199+ })),
181200 helmclient .ClientNamespaceMapper (installNamespaceMapper ),
182201 )
183202 if err != nil {
0 commit comments