https://github.com/TheYkk/synator

Synator Kubernetes Secret and ConfigMap synchronizer
https://github.com/TheYkk/synator

hacktoberfest kubernetes secret

Last synced: 21 days ago
JSON representation

Synator Kubernetes Secret and ConfigMap synchronizer

• Host: GitHub
• URL: https://github.com/TheYkk/synator
• Owner: TheYkk
• License: mit
• Created: 2020-08-24T11:48:12.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2024-01-16T12:30:42.000Z (over 1 year ago)
• Last Synced: 2025-04-08T16:18:33.386Z (25 days ago)
• Topics: hacktoberfest, kubernetes, secret
• Language: Python
• Homepage:
• Size: 45.9 KB
• Stars: 118
• Watchers: 3
• Forks: 23
• Open Issues: 5
• Metadata Files:
  • Readme: Readme.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-repositories - TheYkk/synator - Synator Kubernetes Secret and ConfigMap synchronizer (Python)

README

        
# Synator Kubernetes Secret and ConfigMap synchronizer

Sometimes we want to use secrets in different namespaces, unfortunately, we can’t do without any helper operators or manual copying because in kubernetes secrets and configmaps are namespace. We can copy secrets and configmaps when we have a couple of namespaces and secrets. But when we have dozens of namespaces, it can be very complicated. 

Synator uses [kopf](https://github.com/nolar/kopf) python framework. Its easy to use.

[Medium writeup](https://itnext.io/kubernetes-secret-and-configmap-sync-6c6b9f906b0d)

## Deployment

It’s easy to use synator on K8s. All we have to do is deploy [deploy.yml](https://github.com/TheYkk/synator/blob/master/deploy.yml) to Kubernetes.

## Usage

Add annotation `synator/sync=yes` to Secret or ConfigMap. 

![secret.yaml](https://miro.medium.com/max/2400/1*3gXBYpff106HREtJuWIu0Q.png)

Optionally add one of these annotations in include specific destination

namespaces, or exclude the namespaces from the sync.

For only sync in this namespaces:

`synator/include-namespaces='namespace1,namespace2'`

Sync all namespaces excludes this namespaces:

`synator/exclude-namespaces='kube-system,kube-node-lease'`

![secret.yaml](https://miro.medium.com/max/2400/1*UH4iTu3Gg6DkofHyX2KDHg.png)

## Reload pod when config upgraded

Add annotation `synator/reload: "secret:example"` to pod or deployment template

When secret example updated busybox pod will reload

Note: For multiple secrte or configmap:

`synator/reload: "secret:example,secret:example2,configmap:example..."`

```

apiVersion: apps/v1

kind: Deployment

metadata:

  name: busybox

  namespace: default

spec:

  replicas: 1

  selector:

    matchLabels:

      name: busybox

  template:

    metadata:

      labels:

        name: busybox

      annotations:

        synator/reload: "secret:selam"

    spec:

      containers:

        - name: busybox

          image: busybox

          command:

            - "sleep"

            - "1h"

```

## Triggers

 - When update config or secret

 - When create config or secret

## Watching Namespaces

synator Operator installs with cluster wide permissions, however you can optionally control which namespaces it watches by by setting the WATCH_NAMESPACE environment variable.

`WATCH_NAMESPACE` can be omitted entirely, or a comma separated list of k8s namespaces.

- `WATCH_NAMESPACE=""` will watch for resources across the entire cluster.

- `WATCH_NAMESPACE="foo"` will watch for resources in the foo namespace.

- `WATCH_NAMESPACE="foo,bar"` will watch for resources in the foo and bar namespace.

## Build and deploy

Build docker image

```

docker build -t /synator:v1 .

```

Edit deploy.yml with your image name

```

kubectl apply -f deploy.yml

```