Skip to content

geritol/secret-backup-operator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits

src

src

 
 

.dockerignore

.dockerignore

 
 

.eslintrc

.eslintrc

 
 

.gitignore

.gitignore

 
 

.prettierrc

.prettierrc

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

Repository files navigation

Secret backup operator

An operator to backup secrets on a Kubernetes cluster.
Backup happens when secrets are modified.
Backup data is stored in an other secret <secret-name>-backup, that has a single key BACKUP containing the secrets versions in a JSON encoded list.

Setup

To be able to run this on a cluster you need to deploy a Deployment that runs an image built using the provided Dockerfile, the pods need to run with a ServiceAccount that is authorized to create, read, watch and edit secrets. Eg.:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: secret-operator-service-account
  namespace: some-namepace
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: secret-reader
rules:
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "watch", create", "update", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: read-secrets
  namespace: default
subjects:
  - kind: ServiceAccount
    name: secret-operator-service-account
    namespace: some-namepace
roleRef:
  kind: ClusterRole
  name: secret-reader
  apiGroup: rbac.authorization.k8s.io

About

Kubernetes operator for backing up secrets

Topics

kubernetes kubernetes-secrets kubernetes-operator

Resources

Readme

License

MIT license
Activity

Stars

13 stars

Watchers

4 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages