I have kubed
running in kubernetes for syncing secret to multiple namespace.
With
annotations:
kubed.appscode.com/sync: "cert-manager-tls=dev"
I was able to sync secret to dev
namespace. Now I want to copy same secret to more than one namespace. I tried following
1.
annotations:
kubed.appscode.com/sync: "cert-manager-tls=dev,cert-manager-tls=dev2"
annotations:
kubed.appscode.com/sync: "cert-manager-tls=dev,dev2"
this didn't worked at all.
3
annotations:
kubed.appscode.com/sync: "cert-manager-tls=dev"
kubed.appscode.com/sync: "cert-manager-tls=dev2"
This worked for namespace dev2
, but not for namespace dev
How can I get this working for two or more namespaces ?
You may try kubed.appscode.com/sync: ""
according to https://appscode.com/products/kubed/0.6.0-rc.0/guides/config-syncer/intra-cluster/
Say, you are using some Docker private registry. You want to keep its image pull secret synchronized across all namespaces of a Kubernetes cluster. Kubed can do that for you. If a ConfigMap or a Secret has the annotation kubed.appscode.com/sync: "", Kubed will create a copy of that ConfigMap/Secret in all existing namespaces. Kubed will also create this ConfigMap/Secret, when you create a new namespace.
UseCase: Let's imagine we want to synchronize an image-pull-secret that is managed in kube-system to other namespaces. (Pull secrets are namespace specific)
Option 1 is to sync the secret by default to ALL namespaces. So you need to add this annotation to the secret:
annotations:
kubed.appscode.com/sync: ""
Option 2 is to sync the secret to one or more (!!) specific namespaces. In this case you need to add custom value (it is up to you which value you use):
annotations:
kubed.appscode.com/sync: "pullsecret=bitbucket-dev"
For option 1 you don't need to do anything else on the namespace side, it is simply copied to all of them. For option 2 you need to label all namespaces where this secret should be available with your defined annotation value:
metadata:
labels:
pullsecret: bitbucket-dev
You can label multiple namespaces with this label. To each of them the secret is copied from kube-system.
Edit: TechnoCowboy is correct. I clarified my answer to avoid any confusion.
Generally, to replicate the secret to multiple (but not all) namespaces, you would need to add a label to the destination namespaces:
metadata:
labels:
cert-manager-tls: dev
So, the label is used by kubed to identify the destination namespaces.
You can see examples here: https://appscode.com/products/kubed/v0.11.0/guides/config-syncer/intra-cluster/#namespace-selector
However, I can see that there is a typo in the explanation. It says to add an annotation. This should be a label (as the following code also shows)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.