https://github.com/blakelead/nsinjector

Deploy resources to Kubernetes namespaces automatically
https://github.com/blakelead/nsinjector

controller injector kubernetes namespace

Last synced: 3 months ago
JSON representation

Deploy resources to Kubernetes namespaces automatically

• Host: GitHub
• URL: https://github.com/blakelead/nsinjector
• Owner: blakelead
• License: apache-2.0
• Created: 2020-06-24T11:07:15.000Z (almost 6 years ago)
• Default Branch: master
• Last Pushed: 2023-01-19T16:42:08.000Z (over 3 years ago)
• Last Synced: 2025-02-25T06:43:26.514Z (over 1 year ago)
• Topics: controller, injector, kubernetes, namespace
• Language: Go
• Homepage:
• Size: 64.5 KB
• Stars: 39
• Watchers: 2
• Forks: 12
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# nsinjector

**nsinjector** is a Kubernetes controller that automatically deploys resources into a namespace when it is created.

Here's a blog post I wrote about it: [Deploy Kubernetes resources automatically with nsinjector

](https://blog.blakelead.com/posts/2020/10/12/nsinjector/).

## How to use it

You can find a chart with an example `values.yaml` file in `deploy/helm`.

With helm3, you can deploy it with:

```bash

helm install nsinjector-controller ./deploy/helm

```

Alternatively, you can manually deploy manifest stored in `deploy/k8s`:

```bash

# Deploy CRD first. If your cluster is >= v1.16, you can use namespaceresourcesinjector-crd-1.16.yaml instead

kubectl apply -f deploy/k8s/namespaceresourcesinjector-crd.yaml

# Deploy the controller

kubectl apply -f deploy/k8s/nsinjector-controller.yaml

# Then deploy an injector custom resource

# This is the file that you'll want to customize to your needs

kubectl apply -f deploy/k8s/namespaceresourcesinjector.yaml

```

## Example

When a namespace starting with `dev-` is created, the following resource will automatically inject a role and rolebinding in it:

```yaml

kind: NamespaceResourcesInjector

apiVersion: blakelead.com/v1alpha1

metadata:

  name: nri-test

spec:

  namespaces:

  - dev-.*

  excludedNamespaces:

  - dev-excluded-.* 

  resources:

  - |

    apiVersion: rbac.authorization.k8s.io/v1

    kind: Role

    metadata:

      name: dev-role

    rules:

      - apiGroups: [""]

        resources: ["pods","pods/portforward", "services", "deployments", "ingresses"]

        verbs: ["list", "get"]

      - apiGroups: [""]

        resources: ["pods/portforward"]

        verbs: ["create"]

      - apiGroups: [""]

        resources: ["namespaces"]

        verbs: ["list", "get"]

  - |

    apiVersion: rbac.authorization.k8s.io/v1

    kind: RoleBinding

    metadata:

      name: dev-rolebinding

    subjects:

    - kind: User

      name: dev

    roleRef:

      kind: Role

      name: dev-role

      apiGroup: rbac.authorization.k8s.io

```

- `namespaces`:  a list of namespace names or regex

- `excludedNamespaces`: a list of namespace names or regex to be excluded

- `resources`: a list of any Kubernetes resources

## Contributing

Although this project is currently used in production, it is relatively young and has not been extensively tested. Suggestions and contributions are therefore very welcome.