{"id":40953630,"url":"https://github.com/gen0sec/synapse-operator","last_synced_at":"2026-01-22T05:17:48.142Z","repository":{"id":322331696,"uuid":"1089083041","full_name":"gen0sec/synapse-operator","owner":"gen0sec","description":"Kubernetes operator for Synapse","archived":false,"fork":false,"pushed_at":"2026-01-16T09:29:35.000Z","size":252,"stargazers_count":0,"open_issues_count":4,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-16T23:47:35.153Z","etag":null,"topics":["arxignis","firewall","k8s","kubernetes","moat"],"latest_commit_sha":null,"homepage":"https://gen0sec.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gen0sec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-03T21:31:42.000Z","updated_at":"2026-01-15T09:08:44.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/gen0sec/synapse-operator","commit_stats":null,"previous_names":["arxignis/moat-operator","gen0sec/moat-operator","gen0sec/synapse-operator"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/gen0sec/synapse-operator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gen0sec%2Fsynapse-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gen0sec%2Fsynapse-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gen0sec%2Fsynapse-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gen0sec%2Fsynapse-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gen0sec","download_url":"https://codeload.github.com/gen0sec/synapse-operator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gen0sec%2Fsynapse-operator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28655593,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-22T01:17:37.254Z","status":"online","status_checked_at":"2026-01-22T02:00:07.137Z","response_time":144,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arxignis","firewall","k8s","kubernetes","moat"],"created_at":"2026-01-22T05:17:48.019Z","updated_at":"2026-01-22T05:17:48.135Z","avatar_url":"https://github.com/gen0sec.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"![Arxignis logo](./images/logo.png)\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/arxignis/synapse-operator/blob/main/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-Apache 2-green\" alt=\"License - Apache 2\"\u003e\u003c/a\u003e \u0026nbsp;\n  \u003ca href=\"https://github.com/arxignis/synapse-operator/actions?query=branch%3Amain\"\u003e\u003cimg src=\"https://github.com/arxignis/synapse-operator/actions/workflows/release.yaml/badge.svg\" alt=\"CI Build\"\u003e\u003c/a\u003e \u0026nbsp;\n  \u003ca href=\"https://github.com/arxignis/synapse-operator/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/release/arxignis/synapse-operator.svg?label=Release\" alt=\"Release\"\u003e\u003c/a\u003e \u0026nbsp;\n  \u003cimg alt=\"GitHub Downloads (all assets, all releases)\" src=\"https://img.shields.io/github/downloads/arxignis/synapse-operator/total\"\u003e \u0026nbsp;\n  \u003ca href=\"https://docs.arxignis.com/\"\u003e\u003cimg alt=\"Static Badge\" src=\"https://img.shields.io/badge/arxignis-documentation-page?style=flat\u0026link=https%3A%2F%2Fdocs.arxignis.com%2F\"\u003e\u003c/a\u003e \u0026nbsp;\n  \u003ca href=\"https://discord.gg/jzsW5Q6s9q\"\u003e\u003cimg src=\"https://img.shields.io/discord/1377189913849757726?label=Discord\" alt=\"Discord\"\u003e\u003c/a\u003e \u0026nbsp;\n  \u003ca href=\"https://x.com/arxignis\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/arxignis?style=flat\" alt=\"X (formerly Twitter) Follow\" /\u003e \u003c/a\u003e\n\u003c/p\u003e\n\n# Community\n[![Join us on Discord](https://img.shields.io/badge/Join%20Us%20on-Discord-5865F2?logo=discord\u0026logoColor=white)](https://discord.gg/jzsW5Q6s9q)\n[![Substack](https://img.shields.io/badge/Substack-FF6719?logo=substack\u0026logoColor=fff)](https://arxignis.substack.com/)\n\n\n## Synapse Operator (Go)\n\nThis Go operator watches Synapse configuration ConfigMaps and Secrets and keeps the running pods in sync by forcing a rollout any time config content changes. It relies on matching labels (default `app.kubernetes.io/name=synapse`) so it naturally plugs into Helm releases of Synapse.\n\n### How It Works\n- Reconciles ConfigMaps and Secrets that match the configured label selector.\n- Hashes the combined data across all matching config sources in the namespace, with optional per-key ignores (for example, hot-reloadable `upstreams.yaml`).\n- Patches Synapse workloads (Deployments, DaemonSets, StatefulSets) with the hash stored under `synapse.gen0sec.com/config-hash` by default.\n- Updating the annotation bumps the workload template hash, causing Kubernetes to roll the pods and pick up the new configuration.\n\n### Project Layout\n- `main.go` bootstraps a controller-runtime manager with health probes and optional namespace scoping.\n- `controllers/configmap_controller.go` contains the reconciliation logic and hashing helper.\n- `config/` holds a kustomize deployment (service account, RBAC, manager deployment). Replace `ghcr.io/example/synapse-operator:latest` with your published image.\n\n### Building\n```bash\nGOOS=linux GOARCH=amd64 go build -o bin/synapse-operator\n```\nAdjust the target architecture if you are building for another platform.\n\nTo containerize:\n```bash\ndocker build -t ghcr.io/\u003corg\u003e/synapse-operator:latest .\ndocker push ghcr.io/\u003corg\u003e/synapse-operator:latest\n```\nUpdate `config/manager.yaml` with the pushed image reference.\n\n### Deploying with Kustomize\n```bash\nkubectl apply -k config\n```\nThis creates the `synapse-system` namespace, service account, RBAC, and a single replica of the operator.\n\n### Testing From WSL (no commands executed yet)\n1. **Prepare tools** - ensure WSL has `docker`, `kubectl`, and `kind` (or `minikube`) installed and on `$PATH`.\n2. **Build \u0026 load the image** - inside WSL build the Linux image and use `kind load docker-image ghcr.io/\u003corg\u003e/synapse-operator:latest` (or push to a registry reachable by your cluster).\n3. **Create a test cluster** - `kind create cluster --name synapse`.\n4. **Deploy Synapse via Helm** - from `synapse-main/helm`, run `helm install synapse ./helm --namespace synapse --create-namespace`. This produces the ConfigMap and workloads with the expected labels.\n5. **Apply the operator manifests** - `kubectl apply -k ../synapse-operator/config`.\n6. **Trigger a config change** - edit the Synapse ConfigMap (`kubectl edit configmap synapse -n synapse`) or use `kubectl patch`.\n7. **Verify restart** - watch the rollout: `kubectl rollout status deployment/synapse -n synapse` and ensure pod annotation `synapse.gen0sec.com/config-hash` updates.\n\n### Helm Integration Notes\nThe Helm chart already labels both the ConfigMap and workloads with `app.kubernetes.io/name=synapse`. The operator leans on that selector to discover which objects belong together. When Helm updates config sources (e.g., via `helm upgrade`), the operator sees the new data, recalculates the hash, and patches the workloads so the change propagates without any manual restarts.\n\n### Configuration Flags\n- `--label-selector` - Label selector for config sources and workloads (default `app.kubernetes.io/name=synapse`).\n- `--config-hash-annotation` - Annotation key used for the hash (default `synapse.gen0sec.com/config-hash`).\n- `--ignore-configmap-keys` - Comma-separated ConfigMap keys to ignore when hashing (default `upstreams.yaml`).\n- `--ignore-secret-keys` - Comma-separated Secret keys to ignore when hashing (default empty).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgen0sec%2Fsynapse-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgen0sec%2Fsynapse-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgen0sec%2Fsynapse-operator/lists"}