The Secret Sync Operator is an example Kubernetes operator that will synchronize Kubernetes secrets that you annotate with target secrets that you designate.

In your day-to-day operation of Kubernetes clusters, you might need to move TLS secrets around your cluster namespaces so that your workloads can access the secrets. For example, if you take advantage of the new Network Load Balancer (NLB) features provided in the IBM Cloud Kubernetes Service to create a generated hostname for your Load Balancer type services complete with TLS certificates, you’ll find that new TLS secret in the default namespace. While that might work for you, what if you actually need that secret in the istio-system namespace because you’re trying to secure your Istio IngressGateway service?

Generally speaking, that means you’ll have to duplicate the secret into the namespace where you need it and then remember to do it again on an ongoing basis because the certificates within the TLS secret will expire. The original certificate will be updated automatically in the default namespace but that doesn’t update the copy that you made.

The Secret Sync Operator

Wouldn’t it be nice to have a way to tell your Kubernetes cluster: “Hey, I want you to copy this secret over there and then make sure the copy is updated whenever the original secret is updated”? Well, now you can!

Released as a sample Kubernetes Operator and included in our kube-samples GitHub repository, you can now deploy this operator in your cluster and starting syncing your secrets where you need them. Try it out and let know me know if you have questions.

Questions or comments

You can engage our team in Slack by registering here and joining the discussion in the #general and #secret-sync-operator channels on our public IBM Cloud Kubernetes Service Slack.


More from Cloud

IBM Cloud inactive identities: Ideas for automated processing

4 min read - Regular cleanup is part of all account administration and security best practices, not just for cloud environments. In our blog post on identifying inactive identities, we looked at the APIs offered by IBM Cloud Identity and Access Management (IAM) and how to utilize them to obtain details on IAM identities and API keys. Some readers provided feedback and asked on how to proceed and act on identified inactive identities. In response, we are going lay out possible steps to take.…

IBM Cloud VMware as a Service introduces multitenant as a new, cost-efficient consumption model

4 min read - Businesses often struggle with ongoing operational needs like monitoring, patching and maintenance of their VMware infrastructure or the added concerns over capacity management. At the same time, cost efficiency and control are very important. Not all workloads have identical needs and different business applications have variable requirements. For example, production applications and regulated workloads may require strong isolation, but development/testing, training environments, disaster recovery sites or other applications may have lower availability requirements or they can be ephemeral in nature,…

IBM accelerates enterprise AI for clients with new capabilities on IBM Z

5 min read - Today, we are excited to unveil a new suite of AI offerings for IBM Z that are designed to help clients improve business outcomes by speeding the implementation of enterprise AI on IBM Z across a wide variety of use cases and industries. We are bringing artificial intelligence (AI) to emerging use cases that our clients (like Swiss insurance provider La Mobilière) have begun exploring, such as enhancing the accuracy of insurance policy recommendations, increasing the accuracy and timeliness of…

IBM NS1 Connect: How IBM is delivering network connectivity with premium DNS offerings

4 min read - For most enterprises, how their users access applications and data is an essential part of doing business, and how they service those application and data responses has a direct correlation to revenue generation.    According to We Are Social’s Digital 2023 Global Overview Report, there are 5.19 billion people around the world using the internet in 2023. There’s an imperative need for businesses to trust their networks to deliver meaningful content to address customer needs.  So how responsive is the…