Kubernetes Secret and Configmap sync
Hi,
Today I want to talk about why I wrote k8s secret sync operator and how did I Code it.
Sometimes we want to use secrets in different namespaces, unfortunately, we can’t do without any helper operators or manual copying because in kubernetes secrets and configmaps are namespace. We can copy secrets and configmaps when we have a couple of namespaces and secrets. But when we have dozens of namespaces, it can be very complicated. Because of that, I wrote a small Kubernetes Operator with python and Kopf. The name of the project is Synator, which I shared as open source on Github, you can view here.
I wanted to choose an easy framework for writing the K8s operator for the first time. Kopf is perfect for this. Helm documentation is very good and very easy to use. I used the Kubernetes Python client to communicate with the Kubernetes API.
It’s easy to use synator on K8s. All we have to do is deploy deploy.yml to Kubernetes.
Inside this YAML are ServiceAccount, ClusterRole, and Deployment. ServiceAccount and ClusterRole are required to communicate with the Kubernetes API, which generates tokens for us and inject them directly into the pod.
After deploying synator, we can start the synchronization process by adding synator/sync=yes annotation to the Secret or ConfigMap we want.
If we only want to copy to specific namespaces, synator/include-namespaces= ‘namespace1,namespace2’ can be done with the annotation.
If we do not want it copied to specific namespaces, we can use the synator/exclude-namespaces=’kube-system, kube-node-lease’ annotation.
Finally, I want to talk about the feature I added. Restart the pod when the secret or ConfigMap is refreshed.
To do this, we just need to add synator/reload: “secret:example” to the pod template.
Thank you for reading my article. Have a nice work day.
