{"id":46259230,"url":"https://github.com/powerhome/keess","last_synced_at":"2026-03-04T01:16:34.318Z","repository":{"id":185402864,"uuid":"668435809","full_name":"powerhome/keess","owner":"powerhome","description":"Keep secrets and configmaps syncronized across clusters and namespaces","archived":false,"fork":false,"pushed_at":"2026-02-21T06:08:06.000Z","size":442,"stargazers_count":6,"open_issues_count":10,"forks_count":1,"subscribers_count":24,"default_branch":"main","last_synced_at":"2026-02-21T13:26:35.511Z","etag":null,"topics":["pac","sre"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/powerhome.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-07-19T19:57:56.000Z","updated_at":"2026-01-26T19:12:43.000Z","dependencies_parsed_at":null,"dependency_job_id":"ebf68d1b-1736-41eb-996a-745c0a7c9f17","html_url":"https://github.com/powerhome/keess","commit_stats":null,"previous_names":["powerhome/keess"],"tags_count":22,"template":false,"template_full_name":null,"purl":"pkg:github/powerhome/keess","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/powerhome%2Fkeess","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/powerhome%2Fkeess/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/powerhome%2Fkeess/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/powerhome%2Fkeess/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/powerhome","download_url":"https://codeload.github.com/powerhome/keess/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/powerhome%2Fkeess/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30068005,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-04T01:03:42.280Z","status":"ssl_error","status_checked_at":"2026-03-04T01:03:23.410Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["pac","sre"],"created_at":"2026-03-04T01:16:33.793Z","updated_at":"2026-03-04T01:16:34.309Z","avatar_url":"https://github.com/powerhome.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# Keess: Kubernetes Secrets, ConfigMaps, and Services Synchronization\n\nKeess (Keep Stuff Synchronized) is a versatile command-line tool designed to synchronize secrets, configmaps, and services across different namespaces and Kubernetes clusters. Built with simplicity and efficiency in mind, it ensures that your Kubernetes environments are consistently updated, secure, and easy to manage.\n\n## Features\n\n- **Cross-Namespace Synchronization**: Effortlessly sync secrets, configmaps, and services across multiple namespaces within a single Kubernetes cluster.\n- **Inter-Cluster Synchronization**: Extend your synchronization capabilities to multiple clusters, keeping your configurations consistent across different environments.\n- **Service Synchronization**: Sync services across clusters using Cilium Global Services, enabling seamless cross-cluster service access.\n- **Secure and Reliable**: Implements robust mechanisms to securely transfer sensitive information, ensuring data integrity and confidentiality.\n- **Automation**: Automates the synchronization process, reducing manual overhead and minimizing human error.\n- **Customizable**: Offers flexible command line options and Kubernetes annotations to tailor the synchronization process to your specific needs.\n- **Efficient Monitoring**: Provides detailed logs for tracking operations and auditing changes.\n\n## Getting Started\n\n### Prerequisites\n\n- Kubernetes cluster setup\n- kubectl installed and configured\n- Helm (optional, for Helm chart deployment)\n\n### Installation\n\nRefer to the previous section on installing Keess via binaries, source, or Helm.\n\n### Configuration\n\n#### Using Configuration Files\n\nCreate a `.keess.yaml` configuration file as previously described or specify the path using the `--config` flag.\n\n#### Using Command Line Flags\n\nKeess supports various command line flags for on-the-fly configuration:\n\n```shell\n./keess run --logLevel debug --localCluster my-cluster --kubeConfigPath /path/to/kubeconfig\n```\n\nFor a full list of available flags, use:\n\n```shell\n./keess --help\n```\n\n### Configuring Synchronization\n\nKeess uses Kubernetes labels and annotations to manage synchronization of Secrets and ConfigMaps.\n\n#### Enable Synchronization\n\nAdd a label to your Secret or ConfigMap to indicate the synchronization type:\n\n- For namespace synchronization: `keess.powerhrg.com/sync: namespace`\n- For cluster synchronization: `keess.powerhrg.com/sync: cluster`\n\n#### Namespace Synchronization\n\nConfigure which namespaces to synchronize with:\n\n- All namespaces: `keess.powerhrg.com/namespaces-names: all`\n- Specific namespaces: `keess.powerhrg.com/namespaces-names: namespacea, namespaceb`\n- Based on labels: `keess.powerhrg.com/namespace-label: keess.powerhrg.com/sync=\"true\"`\n\n#### Cluster Synchronization\n\nSpecify the remote clusters for synchronization: `keess.powerhrg.com/clusters: clustera, clusterb`\n\n#### Service Synchronization\n\nKeess supports synchronizing services across clusters using Cilium Global Services. This feature enables applications in one cluster to access services in another cluster as if they were local.\n\n**Prerequisites:**\n\n- Cilium CNI with ClusterMesh enabled on all participating clusters\n- Services must have the `service.cilium.io/global: \"true\"` annotation\n\nSince it depends on Cilium, it's disabled by default. You need to pass `--enableServiceSync=true` to enable it\n\n**Configuration:**\n\n1. Add the sync label to your service: `keess.powerhrg.com/sync: cluster`\n2. Add the clusters annotation: `keess.powerhrg.com/clusters: clustera, clusterb`\n3. Ensure the service has the Cilium global annotation: `service.cilium.io/global: \"true\"`\n\n**Example:**\n\n```yaml\napiVersion: v1\nkind: Service\nmetadata:\n  name: mysql-svc\n  namespace: my-namespace\n  labels:\n    keess.powerhrg.com/sync: \"cluster\"\n  annotations:\n    service.cilium.io/global: \"true\"\n    keess.powerhrg.com/clusters: \"cluster-b, cluster-c\"\nspec:\n  ports:\n  - name: mysql\n    port: 3306\n    protocol: TCP\n    targetPort: 3306\n  selector:\n    app.kubernetes.io/component: mysql\n  type: ClusterIP\n```\n\nKeess will automatically create service references in the target clusters with:\n\n- Same name and namespace as the source service\n- Cilium annotations for global service configuration\n- Empty selector (no local endpoints)\n- Keess management labels and annotations\n\n**Note:** Service synchronization only supports cluster-level sync. Namespace-level sync for services is not supported.\n\n## Debugging and Profiling\n\nYou can turn on debug level log message by setting `--logLevel debug`.\n\nAlso, Keess includes optional runtime profiling support via Go's pprof package for performance analysis and debugging. To enable the pprof server, use the `--enablePprof` flag.\n\nWhen using the Helm chart, enable those by setting:\n\n```yaml\nlogLevel: debug\nenablePprof: true\n```\n\n**Security Note:** Only enable pprof in development or controlled environments, as it exposes runtime information that could be sensitive.\n\n### Using Profiling\n\nWhen enabled, the pprof server starts on port 6060 and provides the following endpoints:\n\n- `http://localhost:6060/debug/pprof/` - Main pprof index\n- `http://localhost:6060/debug/pprof/goroutine` - Goroutine analysis\n- `http://localhost:6060/debug/pprof/profile` - CPU profiling\n- `http://localhost:6060/debug/pprof/heap` - Memory profiling\n\nExample commands:\n\n```shell\n# Analyze current goroutines\ngo tool pprof http://localhost:6060/debug/pprof/goroutine\n\n# Capture 30-second CPU profile\ngo tool pprof http://localhost:6060/debug/pprof/profile?seconds=30\n\n# View memory allocation\ngo tool pprof http://localhost:6060/debug/pprof/heap\n\n# Quick goroutine dump\ncurl http://localhost:6060/debug/pprof/goroutine?debug=1\n```\n\n## Contributing\n\nContributions are welcome! Please refer to our [Contributing Guidelines](CONTRIBUTING.md) for more information.\n\n## Support\n\nIf you encounter any issues or have questions, please file an issue on the [GitHub Issues page](https://github.com/your-repo/keess/issues).\n\n## License\n\nKeess is open-source software licensed under the MIT license. See the [LICENSE](LICENSE) file for details.\n\n## Local testing\n\nSee [tests/README.md](tests/README.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpowerhome%2Fkeess","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpowerhome%2Fkeess","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpowerhome%2Fkeess/lists"}