Init

Signed-off-by: Kaan Karakaya <[email protected]>

Dockerfile

@@ -0,0 +1,7 @@
+FROM python:3.8-slim
+
+RUN pip install kopf kubernetes
+
+ADD . /src
+
+CMD kopf run /src/handlers.py

deploy.yml

@@ -0,0 +1,60 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: synator
+  namespace: default
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: synator
+rules:
+- apiGroups: [""]
+  resources: ["secrets", "configmaps"]
+  verbs: ["*"]
+- apiGroups: [events.k8s.io]
+  resources: [events]
+  verbs: [create]
+- apiGroups: [""]
+  resources: [events]
+  verbs: [create]
+- apiGroups: [""]
+  resources: ["namespaces", "pods", "replicasets"]
+  verbs: ["get"]
+- apiGroups: [""]
+  resources: ["namespaces"]
+  verbs: ["list", "watch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: synator
+subjects:
+- kind: ServiceAccount
+  name: synator
+  namespace: default
+roleRef:
+  kind: ClusterRole
+  name: synator
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: synator
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: synator
+  template:
+    metadata:
+      labels:
+        name: synator
+    spec:
+      serviceAccountName: synator
+      containers:
+        - name: synator
+          image: theykk/synator:v0.10

handlers.py

@@ -0,0 +1,44 @@
+import kopf
+import kubernetes
+
+
+@kopf.on.create('', 'v1', 'secrets', labels={'synator/sync': 'yes'})
+@kopf.on.update('', 'v1', 'secrets', labels={'synator/sync': 'yes'})
+def updateSecret(body, meta, spec, status, old, new, diff, **kwargs):
+    print("SYNC SECRET ", meta.name)
+    api = kubernetes.client.CoreV1Api()
+    namespace_response = api.list_namespace()
+    namespaces = [nsa.metadata.name for nsa in namespace_response.items]
+    namespaces.remove('kube-public')
+    namespaces.remove('kube-node-lease')
+    namespaces.remove(meta.namespace)
+
+    secret = api.read_namespaced_secret(meta.name, meta.namespace)
+    secret.metadata.labels.pop('synator/sync')
+    secret.metadata.resource_version = None
+    for ns in namespaces:
+        secret.metadata.namespace = ns
+        api.create_namespaced_secret(
+            ns, secret
+        )
+
+
+@kopf.on.create('', 'v1', 'configmaps', labels={'synator/sync': 'yes'})
+@kopf.on.update('', 'v1', 'configmaps', labels={'synator/sync': 'yes'})
+def updateConfigMap(body, meta, spec, status, old, new, diff, **kwargs):
+    print("SYNC CFG ", meta.name)
+    api = kubernetes.client.CoreV1Api()
+    namespace_response = api.list_namespace()
+    namespaces = [nsa.metadata.name for nsa in namespace_response.items]
+    namespaces.remove('kube-public')
+    namespaces.remove('kube-node-lease')
+    namespaces.remove(meta.namespace)
+
+    cfg = api.read_namespaced_config_map(meta.name, meta.namespace)
+    cfg.metadata.labels.pop('synator/sync')
+    cfg.metadata.resource_version = None
+    for ns in namespaces:
+        cfg.metadata.namespace = ns
+        api.create_namespaced_config_map(
+            ns, cfg
+        )