Panfactum LogoPanfactum
Infrastructure ModulesSubmodulesKuberneteskube_sync_config_map
kube_sync_config_map
Stable
Submodule
Source Code Link

ConfigMap Syncer

This submodule will sync a target ConfigMap (config_map_namespace/config_map_name) across destination_namespaces. Since Secrets are namespace-scoped, this can be a helpful utility for sharing configuration values across your cluster.

If no destination_namespaces are specified, the ConfigMap will be synchronized across all namespaces.

If you wish to exclude specific namespaces from receiving the ConfigMap, specify excluded_namespaces.

Any updates to the ConfigMap will automatically be propagated. If the source ConfigMap is deleted, all ConfigMaps generated by this module will be deleted. If this module is destroyed, all ConfigMaps generated by this module will also be destroyed.

Providers

The following providers are needed by this module:

  • kubectl (2.0.4)

  • kubernetes (2.27.0)

  • pf (0.0.3)

Required Inputs

The following input variables are required:

config_map_name

Description: The name of the ConfigMap to sync

Type: string

config_map_namespace

Description: The namespace of the ConfigMap to sync

Type: any

Optional Inputs

The following input variables are optional (have default values):

destination_namespaces

Description: A list of namespaces to sync the ConfigMap to. If not specified, will sync to all namespaces.

Type: list(string)

Default: []

excluded_namespaces

Description: A list of namespaces that are explicitly excluded from having the ConfigMap copied to.

Type: list(string)

Default: []

Outputs

No outputs.

Usage

No notes

Maintainers

resources.txt is generated by running

kubectl api-resources --no-headers | awk '{
  name = $1;
   if (NF == 4) {
    shortname = "none";
    apiGroup = $2
    namespaced = $3;
    kind = $4;
        t = "1";
  } else {
      shortname = $2;
    apiGroup = $3
    namespaced = $4;
    kind = $5;
        t = "0";
  }
  print name " " apiGroup;
}' | awk '{ arr[$2] = arr[$2] ? arr[$2] "," $1 : $1 } END { for (i in arr) print arr[i], i }'

against a Kubernetes cluster with all the stack resources deployed.

This is required by we must explicitly enumerate permissions for all resources in order to exclude secret resources for the restricted-reader role.