https://github.com/gurghet/github-deploy-key-operator
Kubernetes operator that automatically manages GitHub Deploy Keys for your repositories
https://github.com/gurghet/github-deploy-key-operator
deployment-automation github-actions gitops kubernetes
Last synced: 9 months ago
JSON representation
Kubernetes operator that automatically manages GitHub Deploy Keys for your repositories
- Host: GitHub
- URL: https://github.com/gurghet/github-deploy-key-operator
- Owner: gurghet
- License: other
- Created: 2025-01-12T01:25:50.000Z (about 1 year ago)
- Default Branch: master
- Last Pushed: 2025-02-23T16:13:48.000Z (11 months ago)
- Last Synced: 2025-03-28T06:31:14.603Z (10 months ago)
- Topics: deployment-automation, github-actions, gitops, kubernetes
- Language: Python
- Homepage:
- Size: 60.5 KB
- Stars: 8
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# GitHub Deploy Key Operator
π Automatically manage GitHub Deploy Keys in your Kubernetes cluster
## Why?
Managing deploy keys across multiple repositories is a common challenge in GitOps:
- Manual key creation is error-prone
- Key rotation is often forgotten
- Tracking which keys belong to which clusters is difficult
This operator automates these tasks by:
1. Creating and rotating SSH keys automatically
2. Storing keys securely in Kubernetes secrets
3. Managing keys through Kubernetes resources
```
ββββββββββββββββ ββββββββββββββββ
β β 1οΈβ£ β β
β GitHubKey ββββββββββΆβ Operator β
β CRD β β β
β β β β
ββββββββββββββββ βββββββββ¬βββββββ
β
β 2οΈβ£
βΌ
ββββββββββββββββ
β Generate β
β SSH keypair β
βββββββββ¬βββββββ
β
3οΈβ£ β
βββββββββββββββββββ΄ββββββββββββββ
β β
βΌ βΌ
ββββββββββββββββ ββββββββββββββββ
β GitHub β β Kubernetes β
β Deploy Key β β Secret β
β (public) β β (private) β
ββββββββββββββββ ββββββββββββββββ
```
## Quick Start (5 minutes)
```bash
# 1. Add the Helm repository
flux create source helm github-deploy-key-operator \
--url=oci://ghcr.io/gurghet/github-deploy-key-operator \
--namespace=flux-system
# 2. Create GitHub token secret
kubectl create secret generic github-token \
--namespace=flux-system \
--from-literal=GITHUB_TOKEN=your_github_token
# 3. Install the operator
flux create helmrelease github-deploy-key-operator \
--namespace=flux-system \
--source=HelmRepository/github-deploy-key-operator \
--chart=github-deploy-key-operator \
--values='{"github":{"existingSecret":"github-token","existingSecretKey":"GITHUB_TOKEN"}}'
```
## Usage
Create a GitHubDeployKey resource:
```yaml
apiVersion: github.com/v1alpha1
kind: GitHubDeployKey
metadata:
name: my-repo-key
namespace: flux-system # or your preferred namespace
spec:
repository: "owner/repository"
title: "Kubernetes-managed deploy key"
readOnly: true # Recommended for security
```
The operator will:
- Generate a new SSH key pair
- Add the public key to your GitHub repository
- Store the private key in a Kubernetes secret
- Monitor and maintain the key's existence
## Security
- Private keys are stored only in Kubernetes secrets
- Deploy keys are read-only by default
- SSH keys use RSA 4096-bit encryption
- Automatic key rotation on CRD updates
- GitHub token needs only repo deploy key permissions
## Troubleshooting
Common issues:
1. **Key creation fails**: Check GitHub token permissions
2. **Pod fails to start**: Verify secret exists and is readable
3. **Key rotation fails**: Ensure old key exists in GitHub
For detailed configuration and advanced usage, see our [Helm chart documentation](charts/github-deploy-key-operator/values.yaml).
## Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
## License
Apache License 2.0