Coder Social home page Coder Social logo

synator's Introduction

Synator Kubernetes Secret and ConfigMap synchronizer

Sometimes we want to use secrets in different namespaces, unfortunately, we can’t do without any helper operators or manual copying because in kubernetes secrets and configmaps are namespace. We can copy secrets and configmaps when we have a couple of namespaces and secrets. But when we have dozens of namespaces, it can be very complicated.

Synator uses kopf python framework. Its easy to use.

Medium writeup

Deployment

It’s easy to use synator on K8s. All we have to do is deploy deploy.yml to Kubernetes.

Usage

Add annotation synator/sync=yes to Secret or ConfigMap. secret.yaml

Optionally add one of these annotations in include specific destination namespaces, or exclude the namespaces from the sync.

For only sync in this namespaces: synator/include-namespaces='namespace1,namespace2'

Sync all namespaces excludes this namespaces: synator/exclude-namespaces='kube-system,kube-node-lease'

secret.yaml

Reload pod when config upgraded

Add annotation synator/reload: "secret:example" to pod or deployment template When secret example updated busybox pod will reload

Note: For multiple secrte or configmap: synator/reload: "secret:example,secret:example2,configmap:example..."

apiVersion: apps/v1
kind: Deployment
metadata:
  name: busybox
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      name: busybox
  template:
    metadata:
      labels:
        name: busybox
      annotations:
        synator/reload: "secret:selam"
    spec:
      containers:
        - name: busybox
          image: busybox
          command:
            - "sleep"
            - "1h"

Triggers

  • When update config or secret
  • When create config or secret

Watching Namespaces

synator Operator installs with cluster wide permissions, however you can optionally control which namespaces it watches by by setting the WATCH_NAMESPACE environment variable.

WATCH_NAMESPACE can be omitted entirely, or a comma separated list of k8s namespaces.

  • WATCH_NAMESPACE="" will watch for resources across the entire cluster.
  • WATCH_NAMESPACE="foo" will watch for resources in the foo namespace.
  • WATCH_NAMESPACE="foo,bar" will watch for resources in the foo and bar namespace.

Build and deploy

Build docker image

docker build -t <usename>/synator:v1 .

Edit deploy.yml with your image name

kubectl apply -f deploy.yml

synator's People

Contributors

mmiller1 avatar prajithp avatar theykk avatar vbotingnon avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

mmiller1 kareem-elsayed pjcafonso avaussant kratos81 lzarus tiermobility naidu-kjml prajithp vbotingnon gfiasco rituge cecotec jracollins almson slax81 jhaynie jinx-heniux hteo1337 vichaos iamrameshtk guerremdq

synator's Issues

Tag

Love the project. Would you consider creating a tag (any tag) in order for one to be able to create a “stable” link to install in a cluster?
Thanks!

Missing Licence

Could you please add a copy left license to this project? I would love to contribute some work if it is appropriately licensed.

Synator didn't recreate secrets after etcd re-init

We use a combination of sealed-secrets and synator.
After network downtime etcd cluster restarted.
Secrets were created in source namespace, but synator weren't create them in namespaces that on include-namespaces block.

Also, is it possible for synator: if we delete secret in source namespace to keep secrets in namespaces that specified on include-namespaces block?

Don't create secret when I sync

Hello,
Thanks for this tool, it is very useful for me to synchronize ConfigMaps.

I have a problem when I try to synchronize a secret, the ConfigMaps are created for me, but the secrets cannot be created.

Have there been any changes to the Kopf API lately that break this?

Thanks

Synator acting on a bunch of stuff with out the annotation

Synator is constantly trying to reload pods for a bunch of configmaps that don't have the 'synator/sync=yes' annotation. I'm not sure why.

[2021-10-28 14:28:21,961] kopf.objects         [INFO    ] [cluster-service-nginx-ingress/ingress-controller-leader-nginx-public] Handler 'reload_pod_config' succeeded.
[2021-10-28 14:28:21,962] kopf.objects         [INFO    ] [cluster-service-nginx-ingress/ingress-controller-leader-nginx-public] Updating is processed: 1 succeeded; 0 failed.

Name:         ingress-controller-leader-nginx-public
Namespace:    cluster-service-nginx-ingress
Labels:       <none>
Annotations:  control-plane.alpha.kubernetes.io/leader:
                {"holderIdentity":"ingress-nginx-public-controller-6b4f67cf8f-fqfvf","leaseDurationSeconds":30,"acquireTime":"2021-07-01T17:49:54Z","renew...
              kopf.zalando.org/last-handled-configuration:
                {"metadata":{"annotations":{"control-plane.alpha.kubernetes.io/leader":"{\"holderIdentity\":\"ingress-nginx-public-controller-6b4f67cf8f-f...

Data
====

BinaryData
====

Events:
  Type    Reason   Age    From  Message
  ----    ------   ----   ----  -------
  Normal  Logging  60m    kopf  Handler 'reload_pod_config' succeeded.
  Normal  Logging  60m    kopf  Updating is processed: 1 succeeded; 0 failed.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.