The Secret Sync Operator is an example Kubernetes operator that will synchronize Kubernetes secrets that you annotate with target secrets that you designate.

In your day-to-day operation of Kubernetes clusters, you might need to move TLS secrets around your cluster namespaces so that your workloads can access the secrets. For example, if you take advantage of the new Network Load Balancer (NLB) features provided in the IBM Cloud Kubernetes Service to create a generated hostname for your Load Balancer type services complete with TLS certificates, you’ll find that new TLS secret in the default namespace. While that might work for you, what if you actually need that secret in the istio-system namespace because you’re trying to secure your Istio IngressGateway service?

Generally speaking, that means you’ll have to duplicate the secret into the namespace where you need it and then remember to do it again on an ongoing basis because the certificates within the TLS secret will expire. The original certificate will be updated automatically in the default namespace but that doesn’t update the copy that you made.

The Secret Sync Operator

Wouldn’t it be nice to have a way to tell your Kubernetes cluster: “Hey, I want you to copy this secret over there and then make sure the copy is updated whenever the original secret is updated”? Well, now you can!

Released as a sample Kubernetes Operator and included in our kube-samples GitHub repository, you can now deploy this operator in your cluster and starting syncing your secrets where you need them. Try it out and let know me know if you have questions.

Questions or comments

You can engage our team in Slack by registering here and joining the discussion in the #general and #secret-sync-operator channels on our public IBM Cloud Kubernetes Service Slack.

More from Cloud

SRG Technology drives global software services with IBM Cloud VPC under the hood

4 min read - Headquartered in Ft. Lauderdale, Florida, SRG Technology LLC. (SRGT) is a software development company supporting the education, healthcare and travel industries. Their team creates data systems that deliver the right data in real time to customers around the globe. Whether those customers are medical offices and hospitals, schools or school districts, government agencies, or individual small businesses, SRGT addresses a wide spectrum of software services and technology needs with round-the-clock innovative thinking and fresh approaches to modern data problems. The…

4 min read

IBM Tech Now: May 30, 2023

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 77 This episode, we're covering the following topics: IBM Watson Code Assistant IBM Hybrid Cloud Mesh IBM Event Automation Stay plugged in You can check out the IBM Blog Announcements for a full rundown…

< 1 min read

Strengthening cybersecurity in life sciences with IBM and AWS

7 min read - Cloud is transforming the way life sciences organizations are doing business. Cloud computing offers the potential to redefine and personalize customer relationships, transform and optimize operations, improve governance and transparency, and expand business agility and capability. Leading life science companies are leveraging cloud for innovation around operational, revenue and business models. According to a report on mapping the cloud maturity curve from the EIU, 48% of industry executives said cloud has improved data access, analysis and utilization, 45% say cloud…

7 min read

Kubernetes version 1.27 now available in IBM Cloud Kubernetes Service

< 1 min read - We are excited to announce the availability of Kubernetes version 1.27 for your clusters that are running in IBM Cloud Kubernetes Service. This is our 22nd release of Kubernetes. With our Kubernetes service, you can easily upgrade your clusters without the need for deep Kubernetes knowledge. When you deploy new clusters, the default Kubernetes version remains 1.25 (soon to be 1.26); you can also choose to immediately deploy version 1.27. Learn more about deploying clusters here. Kubernetes version 1.27 In…

< 1 min read