Skip to content
Kubernetes controller for synchronizing secrets & config maps across namespaces
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.

ConfigMap & Secret replication for Kubernetes

Docker Repository on Quay Build Status

This repository contains a custom Kubernetes controller that can be used to make secrets and config maps available in multiple namespaces.


Using Helm

$ helm upgrade --install kubernetes-replicator ./deploy/helm-chart/kubernetes-replicator


$ # Create roles and service accounts
$ kubectl apply -f
$ # Create actual deployment
$ kubectl apply -f


1. Create the source secret

If a secret or configMap needs to be replicated to other namespaces, annotations should be added in that object permitting replication.

  • Add annotation with value true indicating that the object can be replicated.

  • Add annotation. Value of this annotation should contain a comma separated list of permitted namespaces or regular expressions. For example namespace-1,my-ns-2,app-ns-[0-9]*: in this case replication will be performed only into the namespaces namespace-1 and my-ns-2 as well as any namespace that matches the regular expression app-ns-[0-9]*.

    apiVersion: v1
    kind: Secret
      annotations: "true" "my-ns-1,namespace-[0-9]*"
      key1: <value>

2. Create empty secret

Add the annotation to any Kubernetes secret or config map object. The value of that annotation should contain the the name of another secret or config map (using <namespace>/<name> notation).

apiVersion: v1
kind: Secret
  annotations: default/some-secret
data: {}

The replicator will then copy the data attribute of the referenced object into the annotated object and keep them in sync.

You can’t perform that action at this time.