k8nskel

Kubernetes Controller to distribute Secrets to new Namespace on Kubernetes.

Requirements

Kubernetes 1.6 or above

Installation

From source

$ git clone git@github.com:wantedly/k8nskel.git
$ cd k8nskel
$ make deps
$ make

Docker image

Docker image is available at quay.io/wantedly/k8nskel.

Environment variables

Name	Description	Default value
K8NSKEL_ORIGIN	Name of the namespace from which the secret is copied.	"k8nskel-origin"
K8NSKEL_IGNORE_DEST	CSV list of namespaces that does not reflect secrets in `K8NSKEL_ORIGIN` is added/modified/deleted. It is not reflected in `K8NSKEL_ORIGIN` by default.	"kube-public,kube-system"
K8NSKEL_EXCLUDE_SECRETS	CSV list of secrets that does not reflect secrets in `K8NSKEL_ORIGIN` is added/modified/deleted. If this value empty, k8nskell sync all secrets in `K8NSKEL_ORIGIN`	""

Usage

k8nskel copies all secrets in K8NSKEL_ORIGIN namespace to the new namespace.
Also, when secrets in K8NSKEL_ORIGIN is created/modified/deleted, it reflects its secrets to other namespaces than namespace set to K8NSKEL_IGNORE_DEST.

Workflow example

Create K8NSKEL_ORIGIN namespace.

# e.g.
$ kubectl create namespace k8nskel-origin

Create k8nskel deployment.

# e.g.
$ kubectl run --rm -i k8nskel --image=quay.io/wantedly/k8nskel:latest

Create a secret.

# e.g.
$ kubectl --namespace k8nskel-origin create secret generic secret1 --from-literal=key1=supersecret

Create a new namespace.

# e.g.
$ kubectl create namespace new-namespace

Get secrets of new namespace. The secret created earlier should be displayed.

# e.g.
$ kubectl --namespace k8nskel-origin get secret

Add a secret in K8NSKEL_ORIGIN. The same secret should have been added to other namespaces.

# e.g.
$ kubectl --namespace k8nskel-origin create secret generic secret2 --from-literal=key2=supersecret
$ kubectl --namespace new-namespace get secret

Modify a secret in K8NSKEL_ORIGIN. The same secret should have been modified in other namespaces.

# e.g.
$ kubectl --namespace k8nskel-origin edit secret secret2
$ kubectl --namespace new-namespace describe secret secret2

Delete a secret in K8NSKEL_ORIGIN. The same secret should have been deleted from other namespaces.

# e.g.
$ kubectl --namespace k8nskel-origin delete secret secret2
$ kubectl --namespace new-namespace get secret

Manifest sample

Namespace manifest sample:

apiVersion: v1
kind: Namespace
metadata:
  name: k8nskel-origin

Deployment manifest sample:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: k8nskel
  namespace: k8nskel-origin
  labels:
    name: k8nskel
spec:
  replicas: 1
  template:
    metadata:
      name: k8nskel
      labels:
        name: k8nskel
    spec:
      containers:
        - name: k8nskel
          image: quay.io/wantedly/k8nskel:latest

Name		Name	Last commit message	Last commit date
Latest commit History 55 Commits
.github		.github
script		script
.dockerignore		.dockerignore
.editorconfig		.editorconfig
.gitignore		.gitignore
Dockerfile		Dockerfile
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
client.go		client.go
go.mod		go.mod
go.sum		go.sum
main.go		main.go
renovate.json		renovate.json

License

wantedly/k8nskel

Folders and files

Latest commit

History

Repository files navigation

k8nskel

Requirements

Installation

From source

Docker image

Environment variables

Usage

Workflow example

Manifest sample

About

Topics

Resources

License

Stars

Watchers

Forks

Languages