Skip to content
/ replicator Public

Replicates resources to namespaces

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nais/replicator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

198 Commits
.github
.github
 
 
api/v1
api/v1
 
 
charts
charts
 
 
config
config
 
 
controllers
controllers
 
 
hack
hack
 
 
internal
internal
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.tool-versions
.tool-versions
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
PROJECT
PROJECT
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

replicator

Kubernetes operator that replicates resources, with templating functionality to namespaces matching the provided label selector

Templating

In the templated resources, you can use variables on the form [[ .Values.<key> ]]. Values can either be:

  • set directly in the ReplicationConfig resource in spec.templateValues.values (simplest)
  • contained in a secret referred to by spec.templateValues.secrets (if it's a secret)

Optionally you can base64 encode the value inserted in the template by: [[ index .Values "key" | b64enc ]]

If the value is specific for the namespace you can pick out labels or annotations in the target namespace by enumerating them in spec.templateValues.namespace.{labels,annotations}

  • If keys are formatted as url, e.g. foo.bar.acme/key, they will be normalized into key

Example

apiVersion: nais.io/v1
kind: ReplicationConfig
metadata:
  name: team-resources
spec:
  namespaceSelector:
    matchExpressions:
      - key: team
        operator: Exists
    #matchLabels:
    #  team-namespace: "true"
  templateValues:
    values: 
      project: abc-123
    secrets:
      - name: secret-containing-value
      - name: secret-containing-tls-cert
      - name: secret-that-doesnt-exist-yet
        validate: false
    namespace:
      labels:
        - team
      annotations:
        - beam
  resources:
    - template: |
        kind: Secret
        apiVersion: v1
        type: kubernetes.io/Opaque
        metadata:
          name: replicator-secret
        stringData:
          apiKey: [[ .Values.apikey ]] # loaded from secret-containing-value
    - template: |
        kind: Secret
        apiVersion: v1
        type: kubernetes.io/tls
        metadata:
          name: replicator-tls-secret
        data:
          tls.key: [[ index .Values "tls.key" | b64enc ]] # loaded from secret-containing-tls-cert
          tls.crt: [[ index .Values "tls.crt" | b64enc ]] # loaded from secret-containing-tls-cert
    - template: |
        apiVersion: core.cnrm.cloud.google.com/v1beta1
        kind: ConfigConnectorContext
        metadata:          
          name: configconnectorcontext.core.cnrm.cloud.google.com
        spec:
          googleServiceAccount: cnrm-[[ .Values.team ]]@[[ .Values.project ]].iam.gserviceaccount.com

Force reconciliation of resource

If you want to trigger a reconciliation of a ReplicationConfig, patch the ReplicationConfig resource and remove the status.synchronizationHash field using this command:

kubectl patch repconf <name> \
  --type=json \
  --subresource=status \
  -p '[{"op": "remove", "path": "/status/synchronizationHash"}]'

About

Replicates resources to namespaces

Topics

kubernetes kubernetes-operator nais-core

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 15

Languages