Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → emberstack → Kubernetes Reflector

emberstack / Kubernetes Reflector

Licence: mit

Custom Kubernetes controller that can be used to replicate secrets, configmaps and certificates.

Labels

kubernetes kubernetes-cluster kubectl controller secrets kubernetes-controller

Projects that are alternatives of or similar to Kubernetes Reflector

active-monitor

Provides deep monitoring and self-healing of Kubernetes clusters

Stars: ✭ 135 (+4.65%)

Mutual labels: kubernetes-cluster, kubernetes-controller

admission-webhook-example-with-openfaas

Use OpenFaaS functions as Kubernetes Validating Admission Webhook

Stars: ✭ 24 (-81.4%)

Mutual labels: kubernetes-cluster, kubectl

GPU-Kubernetes-Guide

How to setup a production-grade Kubernetes GPU cluster on Paperspace in 10 minutes for $10

Stars: ✭ 34 (-73.64%)

Mutual labels: kubernetes-cluster, kubectl

kubectl-janitor

List Kubernetes objects in a problematic state

Stars: ✭ 48 (-62.79%)

Mutual labels: kubernetes-cluster, kubectl

Geodesic

🚀 Geodesic is a DevOps Linux Distro. We use it as a cloud automation shell. It's the fastest way to get up and running with a rock solid Open Source toolchain. ★ this repo! https://slack.cloudposse.com/

Stars: ✭ 629 (+387.6%)

Mutual labels: kubernetes-cluster, kubectl

aksctl

An easy to use CLI for AKS cluster

Stars: ✭ 46 (-64.34%)

Mutual labels: kubernetes-cluster, kubectl

kubectl-gopass

Plugin for kubectl to support reading and writing secrets directly from/to gopass

Stars: ✭ 28 (-78.29%)

Mutual labels: secrets, kubectl

kubernetes-starterkit

A launchpad for developers to learn Kubernetes from scratch and deployment of microservices on a kubernetes cluster.

Stars: ✭ 39 (-69.77%)

Mutual labels: kubernetes-cluster, kubectl

Rak8s

Stand up a Raspberry Pi based Kubernetes cluster with Ansible

Stars: ✭ 354 (+174.42%)

Mutual labels: kubernetes-cluster, kubectl

Azure Key Vault To Kubernetes

Azure Key Vault to Kubernetes (akv2k8s for short) makes it simple and secure to use Azure Key Vault secrets, keys and certificates in Kubernetes.

Stars: ✭ 253 (+96.12%)

Mutual labels: controller, secrets

kubeadm-vagrant

Setup Kubernetes Cluster with Kubeadm and Vagrant

Stars: ✭ 49 (-62.02%)

Mutual labels: kubernetes-cluster, kubectl

Instance Manager

Create and manage instance groups with Kubernetes

Stars: ✭ 95 (-26.36%)

Mutual labels: kubernetes-cluster, kubernetes-controller

carvel-secretgen-controller

secretgen-controller provides CRDs to specify what secrets need to be on Kubernetes cluster (to be generated or not)

Stars: ✭ 54 (-58.14%)

Mutual labels: controller, secrets

kubehelper

KubeHelper - simplifies many daily Kubernetes cluster tasks through a web interface. Search, analysis, run commands, cron jobs, reports, filters, git synchronization and many more.

Stars: ✭ 200 (+55.04%)

Mutual labels: kubernetes-cluster, kubectl

vault-sidecar-injector

Kubernetes admission webhook for secure, seamless and dynamic handling of secrets in your applications

Stars: ✭ 55 (-57.36%)

Mutual labels: secrets, kubernetes-controller

rak8s

Stand up a Raspberry Pi based Kubernetes cluster with Ansible

Stars: ✭ 362 (+180.62%)

Mutual labels: kubernetes-cluster, kubectl

Primehub

A toil-free multi-tenancy machine learning platform in your Kubernetes cluster

Stars: ✭ 160 (+24.03%)

Mutual labels: kubernetes-cluster, kubectl

K8s In 30mins

Learn how to set up the Kubernetes cluster in 30 mins and deploy the application inside the cluster.

Stars: ✭ 172 (+33.33%)

Mutual labels: kubernetes-cluster, kubectl

kubeseal-webgui

This is a python based webapp for using Bitnami-Sealed-Secrets in a web-ui.

Stars: ✭ 27 (-79.07%)

Mutual labels: secrets, kubernetes-cluster

Kubectl Trace

Schedule bpftrace programs on your kubernetes cluster using the kubectl

Stars: ✭ 1,194 (+825.58%)

Mutual labels: kubernetes-cluster, kubectl

View All Similar Projects ➔

Reflector

Reflector is a Kubernetes addon designed to monitor changes to resources (secrets and configmaps) and reflect changes to mirror resources in the same or other namespaces.

Supports amd64, arm and arm64

Extensions

Reflector includes a cert-manager extension used to automatically annotate created secrets and allow reflection. See the cert-manager extension usage below for more details.

Support

If you need help or found a bug, please feel free to open an Issue on GitHub (https://github.com/emberstack/kubernetes-reflector/issues).

You can also join our Slack workspace and talk to us:

Deployment

Reflector can be deployed either manually or using Helm (recommended).

Prerequisites

Kubernetes 1.14+
Helm 3 (if deployed using Helm)

Deployment using Helm

Use Helm to install the latest released chart:

$ helm repo add emberstack https://emberstack.github.io/helm-charts
$ helm repo update
$ helm upgrade --install reflector emberstack/reflector

You can customize the values of the helm deployment by using the following Values:

Parameter	Description	Default
`nameOverride`	Overrides release name	`""`
`fullnameOverride`	Overrides release fullname	`""`
`image.repository`	Container image repository	`emberstack/kubernetes-reflector`
`image.tag`	Container image tag	`Same as chart version`
`image.pullPolicy`	Container image pull policy	`IfNotPresent`
`configuration.logging.minimumLevel`	Logging minimum level	`Information`
`rbac.enabled`	Create and use RBAC resources	`true`
`serviceAccount.create`	Create ServiceAccount	`true`
`serviceAccount.name`	ServiceAccount name	release name
`livenessProbe.initialDelaySeconds`	`livenessProbe` initial delay	`5`
`livenessProbe.periodSeconds`	`livenessProbe` period	`10`
`readinessProbe.initialDelaySeconds`	`readinessProbe` initial delay	`5`
`readinessProbe.periodSeconds`	`readinessProbe` period	`10`
`resources`	Resource limits	`{}`
`nodeSelector`	Node labels for pod assignment	`{}`
`tolerations`	Toleration labels for pod assignment	`[]`
`affinity`	Node affinity for pod assignment	`{}`

Find us on Helm Hub

Manual deployment

Each release (found on the Releases GitHub page) contains the manual deployment file (reflector.yaml).

$ kubectl apply -f https://github.com/emberstack/kubernetes-reflector/releases/latest/download/reflector.yaml

Usage

1. Annotate the source secret or configmap

Add reflector.v1.k8s.emberstack.com/reflection-allowed: "true" to the resource annotations to permit reflection to mirrors.
Add reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "<list>" to the resource annotations to permit reflection from only the list of comma separated namespaces or regular expressions. If this annotation is omitted or is empty, all namespaces are allowed.

Automatic mirror creation:

Reflector can create mirrors with the same name in other namespaces automatically. The following annotations control if and how the mirrors are created:

Add reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" to the resource annotations to automatically create mirrors in other namespaces. Note: Requires reflector.v1.k8s.emberstack.com/reflection-allowed to be true since mirrors need to able to reflect the source.
Add reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "<list>" to the resource annotations specify in which namespaces to automatically create mirrors. If this annotation is omitted or is empty, all namespaces are allowed. Note: Namespaces in this list will also be checked by reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces since mirrors need to be in namespaces from where reflection is permitted.

Important: If the source is deleted, automatic mirrors are deleted. Also if either reflection or automirroring is turned off or the automatic mirror's namespace is no longer a valid match for the allowed namespaces, the automatic mirror is deleted.

Important: Reflector will skip any conflicting resource when creating auto-mirrors. If there is already a resource with the source's name in a namespace where an automatic mirror is to be created, that namespace is skipped and logged as a warning.

Example source secret:

apiVersion: v1
kind: Secret
metadata:
 name: source-secret
 annotations:
   reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
   reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "namespace-1,namespace-2,namespace-[0-9]*"
data:
 ...

Example source configmap:

apiVersion: v1
kind: ConfigMap
metadata:
 name: source-config-map
 annotations:
   reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
   reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "namespace-1,namespace-2,namespace-[0-9]*"
data:
 ...

2. Annotate the mirror secret or configmap

Add reflector.v1.k8s.emberstack.com/reflects: "<source namespace>/<source name>" to the mirror object. The value of the annotation is the full name of the source object in namespace/name format.

Note: Add reflector.v1.k8s.emberstack.com/reflected-version: "" to the resource annotations when doing any manual changes to the mirror (for example when deploying with helm or re-applying the deployment script). This will reset the reflected version of the mirror.

Example mirror secret:

apiVersion: v1
kind: Secret
metadata:
 name: mirror-secret
 annotations:
   reflector.v1.k8s.emberstack.com/reflects: "default/source-secret"
data:
 ...

Example mirror configmap:

apiVersion: v1
kind: ConfigMap
metadata:
 name: mirror-config-map
 annotations:
   reflector.v1.k8s.emberstack.com/reflects: "default/source-config-map"
data:
 ...

3. Done!

Reflector will monitor any changes done to the source objects and copy the following fields:

data for secrets
data and binaryData for configmaps Reflector keeps track of what was copied by annotating mirrors with the source object version.

`cert-manager` extension

Supported cert-manager version: 0.11.0 or higher.

Reflector can automatically annotate secrets created by cert-manager by annotating the Certificate object. This allows for issued certificates (example: wildcard certificates) to be reused in other namespaces and permit automatic updates of mirrors on certificate renewal.

Add reflector.v1.k8s.emberstack.com/secret-reflection-allowed to the certificate annotations. Reflector will automatically annotate the resulting secret with reflector.v1.k8s.emberstack.com/reflection-allowed.
Add reflector.v1.k8s.emberstack.com/secret-reflection-allowed-namespaces: "<list>" to the certificate annotations. Reflector will automatically annotate the resulting secret with reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces.
Add reflector.v1.k8s.emberstack.com/secret-reflection-auto-enabled: "true" to the certificate annotations. Reflector will automatically annotate the resulting secret with reflector.v1.k8s.emberstack.com/reflection-auto-enabled.
Add reflector.v1.k8s.emberstack.com/secret-reflection-auto-namespaces: "<list>" to the certificate annotations. Reflector will automatically annotate the resulting secret with reflector.v1.k8s.emberstack.com/reflection-auto-namespaces.

In the following example, the generated secret certificate-secret will be annotated with the reflector.v1.k8s.emberstack.com/reflection-allowed and reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces based on the certificate annotations.

apiVersion: cert-manager.io/v1alpha1
kind: Certificate
metadata:  
  name: some-certificate
  annotations:
    reflector.v1.k8s.emberstack.com/secret-reflection-allowed: "true"
    reflector.v1.k8s.emberstack.com/secret-reflection-allowed-namespaces: "namespace-1,namespace-2,namespace-[0-9]*"
spec:
  secretName: certificate-secret
  ...

Example mirror certificate secret:

apiVersion: v1
kind: Secret
metadata:
  name: mirror-certificate-secret
  annotations:
    reflector.v1.k8s.emberstack.com/reflects: "default/certificate-secret"
data:
  ...

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 129

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (8) 🔗