Skip to content

dharanikumar-19/config-sync

BranchesTags

Repository files navigation

config-sync

A Kubernetes operator that syncs configuration from external sources (like AWS SSM Parameter Store) into Kubernetes ConfigMaps and Secrets, keeping them automatically up to date.

How It Works

┌──────────────────┐         ┌───────────────┐         ┌──────────────────┐
│  AWS SSM          │         │  config-sync  │         │  Kubernetes      │
│  Parameter Store  │ ──────► │  controller   │ ──────► │  ConfigMap or    │
│                   │  fetch  │               │  create │  Secret          │
└──────────────────┘         └───────────────┘  /update└──────────────────┘
                                    ▲
                                    │ watches
                              ┌─────┴──────┐
                              │ ConfigSync │
                              │ Custom     │
                              │ Resource   │
                              └────────────┘

You define a ConfigSync custom resource that specifies:

  • Source: where to read the config (e.g., AWS SSM parameter name and region)
  • Target: where to write it (a Kubernetes ConfigMap or Secret)
  • RefreshInterval: how often to re-sync (e.g., 5m, 1h)

The controller continuously fetches the value and keeps the target resource in sync.

Prerequisites

  • Go 1.25+
  • A Kubernetes cluster (v1.30+)
  • kubectl configured to access the cluster
  • AWS credentials with ssm:GetParameter permission

Quick Start

1. Install the CRD

make install

2. Run the controller

make run

3. Create a ConfigSync resource

apiVersion: sre.sre.dev/v1
kind: ConfigSync
metadata:
  name: app-config
spec:
  source:
    type: ssm
    name: /staging/app/config
    region: us-east-1
  target:
    type: configmap
    name: app-config
  refreshInterval: "5m"
kubectl apply -f config/samples/sre_v1_configsync.yaml

4. Verify

kubectl get configsync
kubectl get configmap app-config -o yaml

Configuration

Source

Field Description Example
type Source type ssm
name Parameter name in the source /staging/app/config
region AWS region us-east-1

Target

Field Description Example
type Kubernetes resource type configmap or secret
name Name of the ConfigMap or Secret to create app-config

Other

Field Description Default
refreshInterval How often to re-sync (Go duration) 5m

SSM Value Formats

The operator handles two formats from SSM:

  • JSON string: {"db_host": "rds.aws.com", "db_port": "5432"} — each key-value pair becomes a separate entry in the ConfigMap/Secret
  • Plain string: my-value — stored as a single entry using a sanitized version of the parameter name as the key

Deploy to Cluster

Build and push the image

make docker-build docker-push IMG=<your-registry>/config-sync:latest

Deploy

make deploy IMG=<your-registry>/config-sync:latest

Undeploy

make undeploy

AWS Permissions

The controller needs the following IAM permissions:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ssm:GetParameter",
      "Resource": "arn:aws:ssm:*:*:parameter/*"
    }
  ]
}

For EKS, use IAM Roles for Service Accounts (IRSA) to grant the controller access.

Development

make manifests  # Regenerate CRD manifests after API changes
make generate   # Regenerate deep copy methods
make test       # Run tests
make run        # Run locally against the configured cluster

See CONTRIBUTING.md for more details.

License

Apache License 2.0 — see LICENSE for details.

About

This project provides a Kubernetes operator that synchronizes configuration from AWS Systems Manager Parameter Store into Kubernetes ConfigMaps and Secrets. It helps eliminate configuration drift and enables centralized config management.

Topics

kubernetes aws devops config-management operator sre parameter-store kubebuilder

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages