{"id":18733919,"url":"https://github.com/mgoltzsche/ktransform","last_synced_at":"2025-11-14T17:30:15.022Z","repository":{"id":57533572,"uuid":"279092094","full_name":"mgoltzsche/ktransform","owner":"mgoltzsche","description":"Experimental K8s CRD and controller to transform Secrets and ConfigMaps using jq queries","archived":false,"fork":false,"pushed_at":"2020-07-21T21:34:11.000Z","size":93,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-12-28T15:49:39.671Z","etag":null,"topics":["configmap","configmaps","controller","crd","gojq","jq","k8s","kubernetes","operator","secret","secrets","transform","transformation"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mgoltzsche.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-07-12T15:23:56.000Z","updated_at":"2021-12-03T15:36:24.000Z","dependencies_parsed_at":"2022-09-26T18:20:59.772Z","dependency_job_id":null,"html_url":"https://github.com/mgoltzsche/ktransform","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mgoltzsche%2Fktransform","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mgoltzsche%2Fktransform/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mgoltzsche%2Fktransform/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mgoltzsche%2Fktransform/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mgoltzsche","download_url":"https://codeload.github.com/mgoltzsche/ktransform/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239605079,"owners_count":19667004,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["configmap","configmaps","controller","crd","gojq","jq","k8s","kubernetes","operator","secret","secrets","transform","transformation"],"created_at":"2024-11-07T15:11:48.044Z","updated_at":"2025-11-14T17:30:14.953Z","avatar_url":"https://github.com/mgoltzsche.png","language":"Go","readme":"# ktransform\n\nKubernetes CRD and controller to transform Secrets and ConfigMaps using [jq](https://stedolan.github.io/jq/) queries.  \n\n## Installation\n\nInstall CRDs:\n```\nkubectl apply -k github.com/mgoltzsche/ktransform/deploy/crds\n```\n\nInstall the operator in the current namespace:\n```\nkubectl apply -k github.com/mgoltzsche/ktransform/deploy\n```\n\n## Usage\n\nThe following example transforms two docker registry Secrets and a ConfigMap into a [makisu config](https://github.com/uber/makisu#configuring-docker-registry) Secret.  \n\nCreate the input Secrets:\n```\nfor i in 1 2; do\n  kubectl create secret docker-registry regcred$i \\\n    --docker-server=registry${i}.example.org \\\n    --docker-username=usr --docker-password=pw$i \\\n    --docker-email=johndoe@example.org\ndone\n```\nCreate an input ConfigMap:\n```\nkubectl create configmap myconf \\\n  --from-literal=myconf=$'registries:\\n- registry0.example.org\\n- registry1.example.org' \\\n  --from-literal=myval=somevalue\n```\nMerge and convert all three resources to a single Secret:\n```\nkubectl apply -f - \u003c\u003c-EOF\napiVersion: ktransform.mgoltzsche.github.com/v1alpha1\nkind: SecretTransform\nmetadata:\n  name: dockertomakisuconf\nspec:\n  input:\n    secret1:\n      secret: regcred1\n    secret2:\n      secret: regcred2\n    config:\n      configMap: myconf\n  output:\n  - secret:\n      name: makisu-conf\n      type: Opaque\n    transformation:\n      primary: .config.myconf.object.registries[0]\n      secondary: .config.myconf.object.registries[1]\n      myval: .config.myval.string\n      makisu.conf: |\n        (.secret1[\".dockerconfigjson\"].object.auths * .secret2[\".dockerconfigjson\"].object.auths) |\n          with_entries(.value |= {\n            \".*\": {\n              security: {\n                basic: .auth | @base64d | split(\":\") | {\n                  username: .[0],\n                  password: .[1]\n                }\n              }\n            }\n          })\nEOF\n```\n\nA `SecretTransform`'s status is reflected in its `Synced` condition.\nIn case of an error this condition provides more information.  \n\nWhen the condition is met the Secret `makisu-conf` has been written:\n```\n$ kubectl get secret makisu-conf -o jsonpath='{.data.primary}' | base64 -d \u0026\u0026 echo\nregistry0.example.org\n$ kubectl get secret makisu-conf -o jsonpath='{.data.secondary}' | base64 -d \u0026\u0026 echo\nregistry1.example.org\n$ kubectl get secret makisu-conf -o jsonpath='{.data.myval}' | base64 -d \u0026\u0026 echo\nsomevalue\n$ kubectl get secret makisu-conf -o jsonpath='{.data.makisu\\.conf}' | base64 -d | jq .\n{\n  \"registry1.example.org\": {\n    \".*\": {\n      \"security\": {\n        \"basic\": {\n          \"password\": \"pw1\",\n          \"username\": \"usr\"\n        }\n      }\n    }\n  },\n  \"registry2.example.org\": {\n    \".*\": {\n      \"security\": {\n        \"basic\": {\n          \"password\": \"pw2\",\n          \"username\": \"usr\"\n        }\n      }\n    }\n  }\n}\n```\n\nWhen any input or output resource changes the transformation is reconciled.\nIf an input resource does not (yet) exist or is deleted the transformation is reconciled after 30 seconds.\n\n## Updating workloads referring to transformation outputs\n\nWhile ktransform continuously applies transformations when any input or output changes\nit does **not** update Deployments/StatefulSets/DaemonSets that refer to output resources.\nHowever this can be achieved using [wave](https://github.com/pusher/wave).\n\n## How to build\n```\nmake\n```\n\n## How to test\n\nRun unit tests:\n```\nmake unit-tests\n```\n\nRun e2e tests:\n```\nmake start-minikube\nmake e2e-tests\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmgoltzsche%2Fktransform","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmgoltzsche%2Fktransform","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmgoltzsche%2Fktransform/lists"}