Kubernetes Controller to distribute Secrets to new Namespace on Kubernetes.
- Kubernetes 1.6 or above
$ git clone [email protected]:wantedly/k8nskel.git
$ cd k8nskel
$ make deps
$ makeDocker image is available at quay.io/wantedly/k8nskel.
| Name | Description | Default value |
|---|---|---|
| K8NSKEL_ORIGIN | Name of the namespace from which the secret is copied. | "k8nskel-origin" |
| K8NSKEL_IGNORE_DEST | CSV list of namespaces that does not reflect secrets in K8NSKEL_ORIGIN is added/modified/deleted. It is not reflected in K8NSKEL_ORIGIN by default. |
"kube-public,kube-system" |
| K8NSKEL_EXCLUDE_SECRETS | CSV list of secrets that does not reflect secrets in K8NSKEL_ORIGIN is added/modified/deleted. If this value empty, k8nskell sync all secrets in K8NSKEL_ORIGIN |
"" |
k8nskel copies all secrets in K8NSKEL_ORIGIN namespace to the new namespace.
Also, when secrets in K8NSKEL_ORIGIN is created/modified/deleted, it reflects its secrets to other namespaces than namespace set to K8NSKEL_IGNORE_DEST.
- Create
K8NSKEL_ORIGINnamespace.
# e.g.
$ kubectl create namespace k8nskel-origin- Create
k8nskeldeployment.
# e.g.
$ kubectl run --rm -i k8nskel --image=quay.io/wantedly/k8nskel:latest- Create a secret.
# e.g.
$ kubectl --namespace k8nskel-origin create secret generic secret1 --from-literal=key1=supersecret- Create a new namespace.
# e.g.
$ kubectl create namespace new-namespace- Get secrets of new namespace. The secret created earlier should be displayed.
# e.g.
$ kubectl --namespace k8nskel-origin get secret- Add a secret in
K8NSKEL_ORIGIN. The same secret should have been added to other namespaces.
# e.g.
$ kubectl --namespace k8nskel-origin create secret generic secret2 --from-literal=key2=supersecret
$ kubectl --namespace new-namespace get secret- Modify a secret in
K8NSKEL_ORIGIN. The same secret should have been modified in other namespaces.
# e.g.
$ kubectl --namespace k8nskel-origin edit secret secret2
$ kubectl --namespace new-namespace describe secret secret2- Delete a secret in
K8NSKEL_ORIGIN. The same secret should have been deleted from other namespaces.
# e.g.
$ kubectl --namespace k8nskel-origin delete secret secret2
$ kubectl --namespace new-namespace get secret- Namespace manifest sample:
apiVersion: v1
kind: Namespace
metadata:
name: k8nskel-origin- Deployment manifest sample:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: k8nskel
namespace: k8nskel-origin
labels:
name: k8nskel
spec:
replicas: 1
template:
metadata:
name: k8nskel
labels:
name: k8nskel
spec:
containers:
- name: k8nskel
image: quay.io/wantedly/k8nskel:latest