A Kubernetes operator to sync secrets between namespaces
The operator will read the secret from a defined source and ensure the secret is synced to defined targets. Which can be one or more namespaces.
This operator is build using the operator-sdk framework
For more information about the operator-sdk, see the docs
This project includes a Makefile to run common tasks.
To build the docker image and push the operator image to docker registry, use:
make docker-build docker-push IMG=mwillemsma/synced-secret-operator:0.0.2Deploy the operator to your cluster.
Check and verify bundle/manifests for a collection of manifests which you can apply to your cluster.
kubectl apply -f bundle/manifestsTo sync a secret from authorative-namespace/docker to namespaces [a,b,c] deploy a custom resource SyncedSecret, see example manifest below:
secret_v1alpha1_syncedsecret_docker.yaml:
---
apiVersion: secret.willemsma.it/v1alpha1
kind: SyncedSecret
metadata:
name: syncedsecret-docker
spec:
source: authorative-namespace/docker
targets:
- a/synced-from-authorative-namespace-docker
- b/synced-from-authorative-namespace-docker
- c/synced-from-authorative-namespace-docker
To apply the manifest and let the operator manage this secret, run:
kubectl apply -f config/samples/secret_v1alpha1_syncedsecret_docker.yamlSee config/samples/ for other examples.
Testing the operator can be done using minikube or any other development cluster.
Create a cluster
minikube start -p dev --memory 3092 --cpus 2 --kubernetes-version=1.23.1Run molecule to deploy the resources to k8s
OPERATOR_IMAGE=mwillemsma/synced-secrets-operator molecule convergeVerify the operator
OPERATOR_IMAGE=mwillemsma/synced-secrets-operator molecule verifyIf you want to see this operator in action, click the image and watch the demo below (youtube video)
Create a new version of the bundle.
operator-sdk generate bundle --input-dir config --version 0.0.2