README
¶
k8s-secret-expiry-controller
A Kubernetes controller that watches for the expiration of Kubernetes Secrets and raises events accordingly.
Description
This project is a Kubernetes Operator built with Kubebuilder. It introduces a new Custom Resource Definition (CRD) SecretWithExpiry into the Kubernetes API, which is like a regular Secret but with an added expiry date.
Getting Started
You’ll need a Kubernetes cluster to run against. You can use KIND to get a local cluster for testing, or run against a remote cluster.
Note: Your controller will automatically use the current context in your kubeconfig file (i.e. whatever cluster kubectl cluster-info shows).
Installing the CRDs into the Cluster
Install the CRDs into a cluster:
git clone https://github.com/devops-360-online/k8s-secret-expiry-controller.git
cd k8s-secret-expiry-controller
kubectl apply -k config/crd
kubectl apply -k config/default
Creating a SecretWithExpiry Object
Create a new file named secretWithExpiry.yaml with the following contents:
apiVersion: expiry.devops-360.online/v1
kind: SecretWithExpiry
metadata:
name: example-secretwithexpiry
spec:
secretName: my-secret
expiryDate: "2023-06-30T00:00:00Z"
Replace "2023-06-30T00:00:00Z" with the actual expiry date you want for your secret. The date must be in the format YYYY-MM-DDTHH:MM:SSZ.
Then, apply this file:
kubectl apply -f secretWithExpiry.yaml
Viewing SecretWithExpiry Events
To view the events associated with a SecretWithExpiry object:
kubectl describe secretwithexpiry example-secretwithexpiry
This command will output a description of the SecretWithExpiry object, including a list of recent events. The events will show if the secret has expired, is about to expire in less than 7 days, or if the expiry date has been updated.
Or
kubectl get events
Build and push your image to the location specified by IMG
make docker-build docker-push IMG=<some-registry>/k8s-secret-expiry-controller:tag
Deploy the controller to the cluster with the image specified by IMG
kubectl apply -k config/default
Uninstall CRDs
To delete the CRDs from the cluster:
make uninstall
Undeploy Controller
UnDeploy the controller from the cluster:
make undeploy
Contributing
This project welcomes contributions. Please feel free to submit pull requests for bug fixes, improvements or new features.
How It Works
This project aims to follow the Kubernetes Operator pattern. It uses Controllers, which provide a reconcile function responsible for synchronizing resources until the desired state is reached on the cluster.
Test It Out
Install the CRDs into the cluster:
make install
Run your controller (this will run in the foreground, so switch to a new terminal if you want to leave it running):
make run
NOTE: You can also run this in one step by running: make install run
Modifying the API Definitions
If you are editing the API definitions, generate the manifests such as CRs or CRDs using:
make manifests
NOTE: Run make --help for more information on all potential make targets.
More information can be found via the Kubebuilder Documentation.
License
This project is licensed under the MIT License. See the LICENSE file for details.
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
api
|
|
|
v1
Package v1 contains API Schema definitions for the expiry v1 API group +kubebuilder:object:generate=true +groupName=expiry.devops-360.online
|
Package v1 contains API Schema definitions for the expiry v1 API group +kubebuilder:object:generate=true +groupName=expiry.devops-360.online |