GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects β†’ TheYkk β†’ synator

TheYkk / synator

Licence: MIT license
Synator Kubernetes Secret and ConfigMap synchronizer

Programming Languages

python
139335 projects - #7 most used programming language
Dockerfile
14818 projects

Labels

kubernetessecrethacktoberfest

Projects that are alternatives of or similar to synator

Gg Shield
Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.
Stars: ✭ 708 (+555.56%)
Mutual labels:  secret
Hidden Secrets Gradle Plugin
πŸ”’ Deeply hide secrets on Android
Stars: ✭ 79 (-26.85%)
Mutual labels:  secret
Wordpress Android
WordPress for Android
Stars: ✭ 2,601 (+2308.33%)
Mutual labels:  secret
Guffer
Guffer tweets based on a daily schedule
Stars: ✭ 12 (-88.89%)
Mutual labels:  secret
Ksd
kubernetes secret decoder
Stars: ✭ 59 (-45.37%)
Mutual labels:  secret
Secret
send a message through a safe, private, and encrypted link that automatically expires to ensure your stuff does not remain online forever.
Stars: ✭ 83 (-23.15%)
Mutual labels:  secret
Kubesec
Secure Secret management for Kubernetes (with gpg, Google Cloud KMS and AWS KMS backends)
Stars: ✭ 547 (+406.48%)
Mutual labels:  secret
safekeeper
Command-line tool integrating with go:generate to replace substitute tokens with ENV variables value.
Stars: ✭ 63 (-41.67%)
Mutual labels:  secret
Talisman
By hooking into the pre-push hook provided by Git, Talisman validates the outgoing changeset for things that look suspicious - such as authorization tokens and private keys.
Stars: ✭ 1,155 (+969.44%)
Mutual labels:  secret
React Native Linkedin
πŸ”— React-Native LinkedIn, a simple LinkedIn login library for React-Native or Expo with WebView and Modal
Stars: ✭ 180 (+66.67%)
Mutual labels:  secret
Envchain
Environment variables meet macOS Keychain and gnome-keyring <3
Stars: ✭ 876 (+711.11%)
Mutual labels:  secret
Get Aws Profile Bash
Fetch AWS keys and secrets from ~/.aws/credentials using a simple bash script
Stars: ✭ 49 (-54.63%)
Mutual labels:  secret
Bank Vaults
A Vault swiss-army knife: a K8s operator, Go client with automatic token renewal, automatic configuration, multiple unseal options and more. A CLI tool to init, unseal and configure Vault (auth methods, secret engines). Direct secret injection into Pods.
Stars: ✭ 1,316 (+1118.52%)
Mutual labels:  secret
Wavevote
Voting system based on Ethereum
Stars: ✭ 22 (-79.63%)
Mutual labels:  secret
Secretlint
Pluggable linting tool to prevent committing credential.
Stars: ✭ 239 (+121.3%)
Mutual labels:  secret
Trufflehog
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
Stars: ✭ 6,225 (+5663.89%)
Mutual labels:  secret
Secretserver
Secret Server PowerShell Module
Stars: ✭ 82 (-24.07%)
Mutual labels:  secret
lockup
Lockup Gem
Stars: ✭ 111 (+2.78%)
Mutual labels:  secret
secret
A tiny secret store to keep your little secrets
Stars: ✭ 52 (-51.85%)
Mutual labels:  secret
Fugacious
OSSSM (awesome). Open source short-term secure messaging
Stars: ✭ 100 (-7.41%)
Mutual labels:  secret
View All Similar Projects βž”

Synator Kubernetes Secret and ConfigMap synchronizer

Sometimes we want to use secrets in different namespaces, unfortunately, we can’t do without any helper operators or manual copying because in kubernetes secrets and configmaps are namespace. We can copy secrets and configmaps when we have a couple of namespaces and secrets. But when we have dozens of namespaces, it can be very complicated.

Synator uses kopf python framework. Its easy to use.

Medium writeup

Deployment

It’s easy to use synator on K8s. All we have to do is deploy deploy.yml to Kubernetes.

Usage

Add annotation synator/sync=yes to Secret or ConfigMap. secret.yaml

Optionally add one of these annotations in include specific destination namespaces, or exclude the namespaces from the sync.

For only sync in this namespaces: synator/include-namespaces='namespace1,namespace2'

Sync all namespaces excludes this namespaces: synator/exclude-namespaces='kube-system,kube-node-lease'

secret.yaml

Reload pod when config upgraded

Add annotation synator/reload: "secret:example" to pod or deployment template When secret example updated busybox pod will reload

Note: For multiple secrte or configmap: synator/reload: "secret:example,secret:example2,configmap:example..."

apiVersion: apps/v1
kind: Deployment
metadata:
  name: busybox
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      name: busybox
  template:
    metadata:
      labels:
        name: busybox
      annotations:
        synator/reload: "secret:selam"
    spec:
      containers:
        - name: busybox
          image: busybox
          command:
            - "sleep"
            - "1h"

Triggers

  • When update config or secret
  • When create config or secret

Watching Namespaces

synator Operator installs with cluster wide permissions, however you can optionally control which namespaces it watches by by setting the WATCH_NAMESPACE environment variable.

WATCH_NAMESPACE can be omitted entirely, or a comma separated list of k8s namespaces.

  • WATCH_NAMESPACE="" will watch for resources across the entire cluster.
  • WATCH_NAMESPACE="foo" will watch for resources in the foo namespace.
  • WATCH_NAMESPACE="foo,bar" will watch for resources in the foo and bar namespace.

Build and deploy

Build docker image

docker build -t <usename>/synator:v1 .

Edit deploy.yml with your image name

kubectl apply -f deploy.yml
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].