This repository contains a custom Kubernetes controller that can be used to make secrets and config maps available in multiple namespaces.
$ helm upgrade --install kubernetes-replicator ./deploy/helm-chart/kubernetes-replicator
$ # Create roles and service accounts
$ kubectl apply -f https://raw.githubusercontent.com/mittwald/kubernetes-replicator/master/deploy/rbac.yaml
$ # Create actual deployment
$ kubectl apply -f https://raw.githubusercontent.com/mittwald/kubernetes-replicator/master/deploy/deployment.yaml
If a secret or configMap needs to be replicated to other namespaces, annotations should be added in that object permitting replication.
-
Add
replicator.v1.mittwald.de/replication-allowed
annotation with valuetrue
indicating that the object can be replicated. -
Add
replicator.v1.mittwald.de/replication-allowed-namespaces
annotation. Value of this annotation should contain a comma separated list of permitted namespaces or regular expressions. For examplenamespace-1,my-ns-2,app-ns-[0-9]*
: in this case replication will be performed only into the namespacesnamespace-1
andmy-ns-2
as well as any namespace that matches the regular expressionapp-ns-[0-9]*
.apiVersion: v1 kind: Secret metadata: annotations: replicator.v1.mittwald.de/replication-allowed: "true" replicator.v1.mittwald.de/replication-allowed-namespaces: "my-ns-1,namespace-[0-9]*" data: key1: <value>
Add the annotation replicator.v1.mittwald.de/replicate-from
to any Kubernetes secret or config map object. The value of that annotation should contain the the name of another secret or config map (using <namespace>/<name>
notation).
apiVersion: v1
kind: Secret
metadata:
annotations:
replicator.v1.mittwald.de/replicate-from: default/some-secret
data: {}
The replicator will then copy the data
attribute of the referenced object into the annotated object and keep them in sync.