{"id":13560714,"url":"https://github.com/emberstack/kubernetes-reflector","last_synced_at":"2026-04-28T23:00:58.220Z","repository":{"id":38331931,"uuid":"182091994","full_name":"emberstack/kubernetes-reflector","owner":"emberstack","description":"Custom Kubernetes controller that can be used to replicate secrets, configmaps and certificates.","archived":false,"fork":false,"pushed_at":"2026-04-25T07:56:52.000Z","size":400,"stargazers_count":1578,"open_issues_count":1,"forks_count":120,"subscribers_count":11,"default_branch":"main","last_synced_at":"2026-04-25T09:31:20.913Z","etag":null,"topics":["cert-manager","certificate","configmap","controller","k8s","kubectl","kubernetes","kubernetes-cluster","kubernetes-controller","secrets"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/emberstack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-04-18T13:23:06.000Z","updated_at":"2026-04-25T07:53:45.000Z","dependencies_parsed_at":"2024-02-25T13:37:49.380Z","dependency_job_id":"c731697c-941c-4731-afa6-cab38611321e","html_url":"https://github.com/emberstack/kubernetes-reflector","commit_stats":null,"previous_names":[],"tags_count":176,"template":false,"template_full_name":null,"purl":"pkg:github/emberstack/kubernetes-reflector","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emberstack%2Fkubernetes-reflector","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emberstack%2Fkubernetes-reflector/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emberstack%2Fkubernetes-reflector/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emberstack%2Fkubernetes-reflector/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/emberstack","download_url":"https://codeload.github.com/emberstack/kubernetes-reflector/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emberstack%2Fkubernetes-reflector/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32401038,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-28T19:38:08.556Z","status":"ssl_error","status_checked_at":"2026-04-28T19:37:55.688Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cert-manager","certificate","configmap","controller","k8s","kubectl","kubernetes","kubernetes-cluster","kubernetes-controller","secrets"],"created_at":"2024-08-01T13:00:48.929Z","updated_at":"2026-04-28T23:00:58.211Z","avatar_url":"https://github.com/emberstack.png","language":"C#","readme":"# Reflector\nReflector is a Kubernetes addon designed to monitor changes to resources (secrets and configmaps) and reflect changes to mirror resources in the same or other namespaces.\n\n[![Pipeline](https://github.com/emberstack/kubernetes-reflector/actions/workflows/pipeline.yaml/badge.svg)](https://github.com/emberstack/kubernetes-reflector/actions/workflows/pipeline.yaml)\n[![Release](https://img.shields.io/github/release/emberstack/kubernetes-reflector.svg?style=flat-square)](https://github.com/emberstack/kubernetes-reflector/releases/latest)\n[![Docker Image](https://img.shields.io/docker/image-size/emberstack/kubernetes-reflector/latest?style=flat-square)](https://hub.docker.com/r/emberstack/kubernetes-reflector)\n[![Docker Pulls](https://img.shields.io/docker/pulls/emberstack/kubernetes-reflector?style=flat-square)](https://hub.docker.com/r/emberstack/kubernetes-reflector)\n[![license](https://img.shields.io/github/license/emberstack/kubernetes-reflector.svg?style=flat-square)](LICENSE)\n\n\n\u003e Supports `amd64`, `arm` and `arm64`\n\n## Support\nIf you need help or found a bug, please feel free to open an Issue on GitHub (https://github.com/emberstack/kubernetes-reflector/issues). \n\n## Deployment\n\nReflector can be deployed either manually or using Helm (recommended).\n\n### Prerequisites\n- Kubernetes 1.22+\n- Helm 3.8+ (if deployed using Helm)\n\n#### Deployment using Helm\n\nUse Helm to install the latest released chart:\n```shellsession\n$ helm upgrade --install reflector oci://ghcr.io/emberstack/helm-charts/reflector\n```\nor\n```shellsession\n$ helm repo add emberstack https://emberstack.github.io/helm-charts\n$ helm repo update\n$ helm upgrade --install reflector emberstack/reflector\n```\n\nYou can customize the values of the helm deployment by using the following Values:\n\n| Parameter | Description | Default |\n| ---------------------------------------- | ------------------------------------------------ | ------------------------------------------------------------------------------------------------ |\n| `nameOverride` | Overrides release name | `\"\"` |\n| `namespaceOverride` | Overrides namespace | `\"\"` |\n| `fullnameOverride` | Overrides release fullname | `\"\"` |\n| `image.repository` | Container image repository | `emberstack/kubernetes-reflector` (also available: `ghcr.io/emberstack/kubernetes-reflector`) |\n| `image.tag` | Container image tag | `Same as chart version` |\n| `image.pullPolicy` | Container image pull policy | `IfNotPresent` |\n| `configuration.logging.minimumLevel` | Logging minimum level | `Information` |\n| `configuration.watcher.timeout` | Maximum watcher lifetime in seconds | `` |\n| `configuration.watcher.excludedNamespaces` | Comma-separated list of namespace glob patterns to exclude from reflection processing. Supports `*` (any characters) and `?` (single character). Example: `\"ephie-*,kube-system,*-temp\"` | `` |\n| `configuration.kubernetes.skipTlsVerify` | Skip TLS verify when connecting the the cluster | `false` |\n| `rbac.enabled` | Create and use RBAC resources | `true` |\n| `serviceAccount.create` | Create ServiceAccount | `true` |\n| `serviceAccount.name` | ServiceAccount name | _release name_ |\n| `livenessProbe.initialDelaySeconds` | `livenessProbe` initial delay | `5` |\n| `livenessProbe.periodSeconds` | `livenessProbe` period | `10` |\n| `readinessProbe.initialDelaySeconds` | `readinessProbe` initial delay | `5` |\n| `readinessProbe.periodSeconds` | `readinessProbe` period | `10` |\n| `startupProbe.failureThreshold` | `startupProbe` failure threshold | `10` |\n| `startupProbe.periodSeconds` | `startupProbe` period | `5` |\n| `resources` | Resource limits | `{}` |\n| `nodeSelector` | Node labels for pod assignment | `{}` |\n| `tolerations` | Toleration labels for pod assignment | `[]` |\n| `affinity` | Node affinity for pod assignment | `{}` |\n| `priorityClassName` | `priorityClassName` for pods | `\"\"` |\n \n\u003e Find us on [Artifact Hub](https://artifacthub.io/packages/search?org=emberstack)\n\n\n#### Manual deployment\nEach release (found on the [Releases](https://github.com/emberstack/kubernetes-reflector/releases) GitHub page) contains the manual deployment file (`reflector.yaml`).\n\n```shellsession\n$ kubectl -n kube-system apply -f https://github.com/emberstack/kubernetes-reflector/releases/latest/download/reflector.yaml\n```\n\n\n## Usage\n\n### 1. Annotate the source `secret` or `configmap`\n \n - Add `reflector.v1.k8s.emberstack.com/reflection-allowed: \"true\"` to the resource annotations to permit reflection to mirrors.\n - Add `reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: \"\u003clist\u003e\"` to the resource annotations to permit reflection from only the list of comma separated namespaces or regular expressions. Note: If this annotation is omitted or is empty, all namespaces are allowed.\n - Add `reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces-selector: \"\u003cselector\u003e\"` to the resource annotations to permit reflection only to namespaces matching the given Kubernetes label selector (e.g. `env=production`, `team in (a,b)`). If both this and `reflection-allowed-namespaces` are set, a namespace matches if it satisfies either condition.\n\n #### Automatic mirror creation:\n Reflector can create mirrors with the same name in other namespaces automatically. The following annotations control if and how the mirrors are created:\n - Add `reflector.v1.k8s.emberstack.com/reflection-auto-enabled: \"true\"` to the resource annotations to automatically create mirrors in other namespaces. Note: Requires `reflector.v1.k8s.emberstack.com/reflection-allowed` to be `true` since mirrors need to able to reflect the source.\n - Add `reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: \"\u003clist\u003e\"` to the resource annotations specify in which namespaces to automatically create mirrors. Note: If this annotation is omitted or is empty, all namespaces are allowed. Namespaces in this list will also be checked by `reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces` since mirrors need to be in namespaces from where reflection is permitted.\n - Add `reflector.v1.k8s.emberstack.com/reflection-auto-namespaces-selector: \"\u003cselector\u003e\"` to the resource annotations to select namespaces for automatic mirrors using a Kubernetes label selector. If both this and `reflection-auto-namespaces` are set, a namespace matches if it satisfies either condition.\n\n \u003e Important: If the `source` is deleted, automatic mirrors are deleted. Also if either reflection or automirroring is turned off or the automatic mirror's namespace is no longer a valid match for the allowed namespaces, the automatic mirror is deleted.\n\n \u003e Important: Reflector will skip any conflicting resource when creating auto-mirrors. If there is already a resource with the source's name in a namespace where an automatic mirror is to be created, that namespace is skipped and logged as a warning.\n \n Example source secret:\n ```yaml\n apiVersion: v1\n kind: Secret\n metadata:\n name: source-secret\n annotations:\n reflector.v1.k8s.emberstack.com/reflection-allowed: \"true\"\n reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: \"namespace-1,namespace-2,namespace-[0-9]*\"\n reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces-selector: \"env=production\"\n data:\n ...\n ```\n\n Example source configmap:\n ```yaml\n apiVersion: v1\n kind: ConfigMap\n metadata:\n name: source-config-map\n annotations:\n reflector.v1.k8s.emberstack.com/reflection-allowed: \"true\"\n reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: \"namespace-1,namespace-2,namespace-[0-9]*\"\n reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces-selector: \"env=production\"\n data:\n ...\n ```\n\n### 2. Annotate the mirror secret or configmap\n\n - Add `reflector.v1.k8s.emberstack.com/reflects: \"\u003csource namespace\u003e/\u003csource name\u003e\"` to the mirror object. The value of the annotation is the full name of the source object in `namespace/name` format.\n\n \u003e Note: Add `reflector.v1.k8s.emberstack.com/reflected-version: \"\"` to the resource annotations when doing any manual changes to the mirror (for example when deploying with `helm` or re-applying the deployment script). This will reset the reflected version of the mirror.\n \n Example mirror secret:\n ```yaml\n apiVersion: v1\n kind: Secret\n metadata:\n name: mirror-secret\n annotations:\n reflector.v1.k8s.emberstack.com/reflects: \"default/source-secret\"\n data:\n ...\n ```\n \n Example mirror configmap:\n ```yaml\n apiVersion: v1\n kind: ConfigMap\n metadata:\n name: mirror-config-map\n annotations:\n reflector.v1.k8s.emberstack.com/reflects: \"default/source-config-map\"\n data:\n ...\n ```\n\n### 3. Done!\n Reflector will monitor any changes done to the source objects and copy the following fields:\n - `data` for secrets\n - `data` and `binaryData` for configmaps\n Reflector keeps track of what was copied by annotating mirrors with the source object version.\n\n - - - -\n\n\n\n## `cert-manager` support\n\n\u003e Since version 1.5 of cert-manager you can annotate secrets created from certificates for mirroring using `secretTemplate` (see https://cert-manager.io/docs/usage/certificate/).\n\n```yaml\napiVersion: cert-manager.io/v1\nkind: Certificate\n...\nspec:\n secretTemplate:\n annotations:\n reflector.v1.k8s.emberstack.com/reflection-allowed: \"true\"\n reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: \"\"\n ...\n ```\n\n=======\n\u003e Since version 1.15 of cert-manager you can annotate `Ingress` to create secrets created from certificates for mirroring using `cert-manager.io/secret-template` annotation (see https://github.com/cert-manager/cert-manager/pull/6839).\n```yaml\napiVersion: networking.k8s.io/v1\nkind: Ingress\n...\nmetadata:\n annotations:\n cert-manager.io/cluster-issuer: letsencrypt-prod\n cert-manager.io/secret-template: |\n {\"annotations\": {\"reflector.v1.k8s.emberstack.com/reflection-allowed\": \"true\", \"reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces\": \"\"}}\n ...\n```\n","funding_links":[],"categories":["C# #","👋 Introduction","C#"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Femberstack%2Fkubernetes-reflector","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Femberstack%2Fkubernetes-reflector","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Femberstack%2Fkubernetes-reflector/lists"}