{"id":31962065,"url":"https://github.com/openshift-pipelines/syncer-service","last_synced_at":"2026-04-15T23:32:11.940Z","repository":{"id":317156279,"uuid":"1066164605","full_name":"openshift-pipelines/syncer-service","owner":"openshift-pipelines","description":"A Kubernetes controller that synchronizes secrets between manager and worker nodes in multi-Kueue environments","archived":false,"fork":false,"pushed_at":"2026-04-10T07:20:40.000Z","size":11949,"stargazers_count":0,"open_issues_count":23,"forks_count":4,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-10T07:21:42.186Z","etag":null,"topics":["kubernetes","kueue","multi-kueue","multicluster","queueing","tekton","tekton-pipelines"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/openshift-pipelines.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-29T05:49:08.000Z","updated_at":"2026-04-02T03:13:24.000Z","dependencies_parsed_at":"2025-09-29T09:18:08.430Z","dependency_job_id":null,"html_url":"https://github.com/openshift-pipelines/syncer-service","commit_stats":null,"previous_names":["openshift-pipelines/secret-syncer","openshift-pipelines/syncer-service"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/openshift-pipelines/syncer-service","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift-pipelines%2Fsyncer-service","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift-pipelines%2Fsyncer-service/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift-pipelines%2Fsyncer-service/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift-pipelines%2Fsyncer-service/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/openshift-pipelines","download_url":"https://codeload.github.com/openshift-pipelines/syncer-service/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift-pipelines%2Fsyncer-service/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31865021,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-15T15:24:51.572Z","status":"ssl_error","status_checked_at":"2026-04-15T15:24:39.138Z","response_time":63,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubernetes","kueue","multi-kueue","multicluster","queueing","tekton","tekton-pipelines"],"created_at":"2025-10-14T16:14:56.783Z","updated_at":"2026-04-15T23:32:11.933Z","avatar_url":"https://github.com/openshift-pipelines.png","language":"Go","readme":"# Kueue Workload Controller\n\nA Knative-based Kubernetes controller that reconciles [Kueue](https://kueue.sigs.k8s.io/) Workload CRDs that are owned by Tekton PipelineRuns.\n\n## Overview\n\nThis controller watches Kueue Workload resources that are owned by Tekton PipelineRuns and automatically syncs required secrets from the hub cluster to spoke clusters. It enables seamless multi-cluster pipeline execution by ensuring PipelineRuns have the necessary authentication secrets available on their target clusters.\n\n## Features\n\n- **Automatic Secret Syncing**: Syncs Git authentication secrets from hub to spoke clusters\n- **Multi-Cluster Support**: Works with Kueue's MultiKueue for distributed workload execution\n- **Selective Processing**: Only handles Workloads owned by Tekton PipelineRuns\n- **Production Ready**: Includes RBAC, deployment manifests, and Docker support\n\n## Prerequisites\n\n- Go 1.22 or later\n- Kubernetes cluster with:\n  - [Kueue](https://kueue.sigs.k8s.io/) installed\n  - [Tekton Pipelines](https://tekton.dev/) installed\n- kubectl configured to access your cluster\n- Docker for building images\n\n## Installation\n\n### 1. Build and Vendor Dependencies\n\n```bash\nmake tidy    # Run go mod tidy\nmake vendor  # Run go mod vendor\n```\n\n### 2. Build Binary Locally\n\n```bash\nmake build\n```\n\n### 3. Build Docker Image\n\n```bash\n# Build for local architecture\nmake docker-build\n\n# Or build and push multi-arch image\nmake docker-buildx IMG=your-registry/workload-controller:latest\n```\n\n### 4. Deploy to Kubernetes\n\n```bash\n# Apply RBAC and deployment\nmake deploy\n\n# Check status\nmake status\n\n# View logs\nmake logs\n```\n\n## Development\n\n### Local Development\n\n```bash\n# Format code\nmake fmt\n\n# Run linters\nmake vet\n\n# Run tests\nmake test\n\n# Run controller locally (requires kubeconfig)\nmake run\n```\n\n### Quick Development Cycle\n\n```bash\n# Build, dockerize, and deploy in one command\nmake quick-deploy\n```\n\n## Configuration\n\n### Environment Variables\n\nThe controller reads these environment variables (set in `config/deployment.yaml`):\n\n- `SYSTEM_NAMESPACE`: Namespace where the controller runs\n- `CONFIG_LOGGING_NAME`: ConfigMap name for logging configuration\n- `CONFIG_OBSERVABILITY_NAME`: ConfigMap name for observability configuration\n- `METRICS_DOMAIN`: Domain for metrics reporting\n\n### RBAC Permissions\n\nThe controller requires access to:\n\n- Kueue Workloads (read and watch)\n- Tekton PipelineRuns (read and watch)\n- Secrets (full access for syncing across clusters)\n- MultiKueueClusters (read for cluster connection details)\n- ConfigMaps and Leases (for controller configuration and leader election)\n\n## How It Works\n\nWhen a PipelineRun is scheduled to run on a spoke cluster via Kueue MultiKueue:\n\n1. The controller detects the Workload resource associated with the PipelineRun\n2. Retrieves the Git authentication secret specified in the PipelineRun's annotations\n3. Syncs the secret from the hub cluster to the target spoke cluster\n4. Ensures the secret has proper ownership for lifecycle management\n\nThe PipelineRun can then access the authentication secret on the spoke cluster to clone repositories and execute pipeline tasks.\n\n## Makefile Targets\n\n```\nhelp          - Display available targets\nfmt           - Run go fmt\nvet           - Run go vet\ntest          - Run tests\nbuild         - Build binary\nrun           - Run locally\ntidy          - Run go mod tidy\nvendor        - Run go mod vendor\ndocker-build  - Build docker image\ndocker-push   - Push docker image\ndocker-buildx - Build multi-arch image\ndeploy        - Deploy to cluster\nundeploy      - Remove from cluster\nlogs          - Show controller logs\nstatus        - Show controller status\nclean         - Clean build artifacts\nall           - Full workflow: vendor, build, push, deploy\nquick-deploy  - Quick local development cycle\n```\n\n## Troubleshooting\n\n### Check Controller Status\n\n```bash\nkubectl get deployment workload-controller -n syncer-service\nkubectl get pods -n syncer-service -l app=workload-controller\n```\n\n### View Logs\n\n```bash\nkubectl logs -n syncer-service -l app=workload-controller -f\n```\n\n### Common Issues\n\n1. **Secrets not syncing**: Ensure PipelineRun has the `pipelinesascode.tekton.dev/git-auth-secret` annotation\n2. **Controller not starting**: Verify RBAC permissions and that Kueue and Tekton are installed\n3. **Image pull errors**: Ensure the controller image is pushed and accessible from your cluster\n\n## References\n\n- [Kueue Documentation](https://kueue.sigs.k8s.io/)\n- [Kueue MultiKueue](https://kueue.sigs.k8s.io/docs/concepts/multikueue/)\n- [Tekton Pipelines](https://tekton.dev/)\n\n## License\n\nSee LICENSE file for details.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenshift-pipelines%2Fsyncer-service","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenshift-pipelines%2Fsyncer-service","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenshift-pipelines%2Fsyncer-service/lists"}