Exclude keys from reflected secret

[StFS]

I assume the answer is no since I find nothing about this in the documentation but I was wondering whether it was possible to exclude certain keys when reflecting a secret.

My specific use case is when I use cert-manager to create a certificate which in turn generates a Secret containing the ca.crt, tls.crt and tls.key keys. I would like to reflect this secret to different namespaces but there is no need to reflect the tls.key there, I only need the tls.crt and ca.crtvalues.

I think this could be a nice feature to have so if (like I assume) the answer to my question is that this is not supported, then we can consider this issue a feature request ;)

[winromulus]

@StFS there is no such functionality currently built-in. Reflector would also have to be aware if the secret type validation would pass (some secret types require some keys to always be present).
Reflector currently just copies the data without any manipulation.

[L1ghtman2k]

Can this be reopened & turned into a feature request/enhancement? There is an equivalent ticket open for kubernetes-replicator mittwald/kubernetes-replicator#248. In my specific case, I have created my own CA with cert-manager, and I would like to propagate ca.crt across all namespaces, so that clients can verify the remote cert against the ca.crt

I imagine for tls type secrets, unspecified fields can be defaulted to empty strings.

Edit: It seems like my specific usecase is addressed via https://cert-manager.io/docs/trust/trust-manager/