June 12, 2019 By John Pape < 1 min read

The Secret Sync Operator is an example Kubernetes operator that will synchronize Kubernetes secrets that you annotate with target secrets that you designate.

In your day-to-day operation of Kubernetes clusters, you might need to move TLS secrets around your cluster namespaces so that your workloads can access the secrets. For example, if you take advantage of the new Network Load Balancer (NLB) features provided in the IBM Cloud Kubernetes Service to create a generated hostname for your Load Balancer type services complete with TLS certificates, you’ll find that new TLS secret in the default namespace. While that might work for you, what if you actually need that secret in the istio-system namespace because you’re trying to secure your Istio IngressGateway service?

Generally speaking, that means you’ll have to duplicate the secret into the namespace where you need it and then remember to do it again on an ongoing basis because the certificates within the TLS secret will expire. The original certificate will be updated automatically in the default namespace but that doesn’t update the copy that you made.

The Secret Sync Operator

Wouldn’t it be nice to have a way to tell your Kubernetes cluster: “Hey, I want you to copy this secret over there and then make sure the copy is updated whenever the original secret is updated”? Well, now you can!

Released as a sample Kubernetes Operator and included in our kube-samples GitHub repository, you can now deploy this operator in your cluster and starting syncing your secrets where you need them. Try it out and let know me know if you have questions.

Questions or comments

You can engage our team in Slack by registering here and joining the discussion in the #general and #secret-sync-operator channels on our public IBM Cloud Kubernetes Service Slack.

Was this article helpful?
YesNo

More from Cloud

Enhance your data security posture with a no-code approach to application-level encryption

4 min read - Data is the lifeblood of every organization. As your organization’s data footprint expands across the clouds and between your own business lines to drive value, it is essential to secure data at all stages of the cloud adoption and throughout the data lifecycle. While there are different mechanisms available to encrypt data throughout its lifecycle (in transit, at rest and in use), application-level encryption (ALE) provides an additional layer of protection by encrypting data at its source. ALE can enhance…

Attention new clients: exciting financial incentives for VMware Cloud Foundation on IBM Cloud

4 min read - New client specials: Get up to 50% off when you commit to a 1- or 3-year term contract on new VCF-as-a-Service offerings, plus an additional value of up to USD 200K in credits through 30 June 2025 when you migrate your VMware workloads to IBM Cloud®.1 Low starting prices: On-demand VCF-as-a-Service deployments begin under USD 200 per month.2 The IBM Cloud benefit: See the potential for a 201%3 return on investment (ROI) over 3 years with reduced downtime, cost and…

The history of the central processing unit (CPU)

10 min read - The central processing unit (CPU) is the computer’s brain. It handles the assignment and processing of tasks, in addition to functions that make a computer run. There’s no way to overstate the importance of the CPU to computing. Virtually all computer systems contain, at the least, some type of basic CPU. Regardless of whether they’re used in personal computers (PCs), laptops, tablets, smartphones or even in supercomputers whose output is so strong it must be measured in floating-point operations per…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters