ConfigMap Syncer
This submodule will sync a target ConfigMap (config_map_namespace
/config_map_name
) across destination_namespaces
. Since Secrets
are namespace-scoped, this can be a helpful utility for sharing configuration values across your cluster.
If no destination_namespaces
are specified, the ConfigMap will be synchronized across all namespaces.
If you wish to exclude specific namespaces from receiving the ConfigMap, specify excluded_namespaces
.
Any updates to the ConfigMap will automatically be propagated. If the source ConfigMap is deleted, all ConfigMaps generated by this module will be deleted. If this module is destroyed, all ConfigMaps generated by this module will also be destroyed.
Providers
The following providers are needed by this module:
-
kubectl (2.1.3)
-
kubernetes (2.34.0)
-
pf (0.0.5)
Required Inputs
The following input variables are required:
config_map_name
Description: The name of the ConfigMap to sync
Type: string
config_map_namespace
Description: The namespace of the ConfigMap to sync
Type: any
Optional Inputs
The following input variables are optional (have default values):
destination_namespaces
Description: A list of namespaces to sync the ConfigMap to. If not specified, will sync to all namespaces.
Type: list(string)
Default: []
excluded_namespaces
Description: A list of namespaces that are explicitly excluded from having the ConfigMap copied to.
Type: list(string)
Default: []
Outputs
No outputs.
Usage
No notes
Maintainers
resources.txt
is generated by running
kubectl api-resources --no-headers | awk '{
name = $1;
if (NF == 4) {
shortname = "none";
apiGroup = $2
namespaced = $3;
kind = $4;
t = "1";
} else {
shortname = $2;
apiGroup = $3
namespaced = $4;
kind = $5;
t = "0";
}
print name " " apiGroup;
}' | awk '{ arr[$2] = arr[$2] ? arr[$2] "," $1 : $1 } END { for (i in arr) print arr[i], i }'
against a Kubernetes cluster with all the stack resources deployed.
This is required by we must explicitly enumerate permissions for all resources in order to exclude secret resources for the restricted-reader role.