Mirror your Kubernetes configs, secrets, and resources to other namespaces
source link: https://techno-tim.github.io/posts/k8s-reflector/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Mirror your Kubernetes configs, secrets, and resources to other namespaces
What is Reflector?
Reflector is a Kubernetes addon designed to monitor changes to resources (secrets and configmaps) and reflect changes to mirror resources in the same or other namespaces. Since secrets and configs are scoped to a single namespace, this helps you create and change resources in one namespace and “reflect” them to resources in other namespaces. This is especially helpful for things like certificates and configs that are needed in multiple namespaces. You can find the GitHub repo here!
Install
This might go without saying but you’ll want to be sure you have a working Kubernetes cluster! If you need help setting on up, check out my Ansible Playbook!
You’ll also want to be sure you have helm installed.
Then we’ll run:
helm repo add emberstack https://emberstack.github.io/helm-charts
helm repo update
helm upgrade --install reflector emberstack/reflector
This command will add the helm repo locally, then update the repo, then install reflector in your cluster.
Reflecting Resources
Now that it’s installed, all we need to do is add some annotations to “reflect” our resources to other namespaces.
Secrets
Let’s say you create the following Secret with the annotation below:
apiVersion: v1
kind: Secret
metadata:
name: some-secret
annotations:
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "namespace-1,namespace-2,namespace-[0-9]*"
data:
...
This will:
- create a
Secret - “reflect” the same secret to
namespace-1,namespace-2and all other namespaces that match the patternnamespace-[0-9]*
ConfigMaps
ConfigMaps are just as easy! Let’s say you have a ConfigMap with the following contents:
apiVersion: v1
kind: ConfigMap
metadata:
name: source-config-map
annotations:
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "namespace-1,namespace-2,namespace-[0-9]*"
data:
...
This will:
- create a
ConfigMap - “reflect” the same
ConfigMaptonamespace-1,namespace-2and all other namespaces that match the patternnamespace-[0-9]*
Certificates
This is the real reason I brought this chart into my cluster, was support for cert-manager certificates. There are many cases where I need to create the same certificate in multiple namespaces and rather than create them manually, I have reflector create them for me.
apiVersion: cert-manager.io/v1
kind: Certificate
...
spec:
secretTemplate:
annotations:
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "namespace-1,namespace-2,namespace-[0-9]*"
...
This will:
- create a
Certificate - “reflect” the same
Certificatetonamespace-1,namespace-2and all other namespaces that match the patternnamespace-[0-9]*
The benefit of doing it this way with cert-manager is that when your certificates are updated with something like Let’s Encrypt, all certificates you reflect are also updated! Of course you will only want to limit your reflections to other namespaces you trust. If you’d like to check out cert-manager see my post on how to install traefik and cert-manager!
Links
⚙️ See all the hardware I recommend at https://l.technotim.live/gear
🚀 Don’t forget to check out the 🚀Launchpad repo with all of the quick start source files
Recommend
-
87
README.md persp-mode Intro Perspectives for emacs, based on the perspective-el by Natalie Weizenbaum. But perspec...
-
74
除非特别声明,此文章内容采用知识共享署名 3.0许可,代码示例采用Apache 2.0许可。更多细节请查看我们的服务条款。
-
33
README.md manssh
-
10
Free Kubernetes Namespaces for EveryoneIntroducing Spot and Stateful Namespaces on RSaaS — Rancher Shared as a Service — on Auto-Pilot
-
4
Kubernetes Namespaces A NamespaceNamespace provides a way of organising or categorising resources in a Kubernetes cluster. Every resource you create is associated with a NamespaceNamespace...
-
7
README.md
-
9
How to fix Kubernetes namespaces stuck in the terminating state Sometimes the process to delete Kubernetes namespaces gets h...
-
7
Kubernetes 1.25: alpha support for running Pods with user namespacesMonday, October 03, 2022Authors: Rodrigo Campos (Microsoft), Giuseppe Scrivano (Red Hat)Kubernetes v1.25 introduces the su...
-
4
Troubleshooting Stuck Kubernetes Namespaces Posted Jul 16, 2023 by By Wolfgang Ofner 2 min readRecently, I have been exploring various Azure Arc extensions, and during the proce...
-
4
Kubernetes 1.30: Beta Support For Pods With User NamespacesMonday, April 22, 2024Authors: Rodrigo Campos Catelin (Microsoft), Giuseppe Scrivano (Red Hat), Sascha Grunert (Red Hat)Linux provi...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK