39

We are using one namespace for the develop environment and one for the staging environment. Inside each one of this namespaces we have several configMaps and secrets but there are a lot of share variables between the two environments so we will like to have a common file for those.

Is there a way to have a base configMap into the default namespace and refer to it using something like:

- envFrom:
    - configMapRef:
        name: default.base-config-map

If this is not possible, is there no other way other than duplicate the variables through namespaces?

Daniseijo
  • 417
  • 1
  • 4
  • 8
  • I think it would be nice if k8s supports it. however it does not so far. so the only way is to create dups across different NS. – linehrr Sep 27 '19 at 18:19
  • I think it might be possible using the example at https://kubernetes.io/docs/reference/access-authn-authz/rbac/ – Andrew Feb 28 '23 at 04:56

4 Answers4

33

Kubernetes 1.13 and earlier

They cannot be shared, because they cannot be accessed from a pods outside of its namespace. Names of resources need to be unique within a namespace, but not across namespaces.

Workaround it is to copy it over.

Copy secrets between namespaces
kubectl get secret <secret-name> --namespace=<source-namespace> --export -o yaml \
  | kubectl apply --namespace=<destination-namespace> -f -
Copy configmaps between namespaces
kubectl get configmap <configmap-name>  --namespace=<source-namespace> --export -o yaml \
  | kubectl apply --namespace=<destination-namespace> -f -

Kubernetes 1.14+

The --export flag was deprecated in 1.14 Instead following command can be used:

kubectl get secret <secret-name> --namespace=<source-namespace>  -o yaml \
  | sed 's/namespace: <from-namespace>/namespace: <to-namespace>/' \
  | kubectl create -f -

If someone still see a need for the flag, there’s an export script written by @zoidbergwill.

Andrew Marshall
  • 95,083
  • 20
  • 220
  • 214
Crou
  • 10,232
  • 2
  • 26
  • 31
  • 1
    For those using powershell, this command will be: kubectl get secret --namespace=  -o yaml | % {$_.replace("namespace: ","namespace: ")} | kubectl create -f - – Mark Feb 09 '21 at 03:49
1

In addition to the accepted answer, if resources (i.e., secret and configMaps)

  • might change and
  • should be automatically synchronized between namespaces,

it might be worth considering something like Reflector or, if only secret are required, clustersecret to reduce manual activities.

Using Reflector would involve three steps:

  1. Reflector deployment via, for example the Helm chart

  2. Creation of an annotated source resource in, for example, the production namespace.


apiVersion: v1
kind: ConfigMap
metadata:
  name: source-resource
  namespace: production
  annotations:
    reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
    reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "testing"
data:
  ...
  1. Creation of an annotated mirrored resource without data in, for example, the testing namespace.

apiVersion: v1
kind: ConfigMap
metadata:
  name: mirrored-resource
  namespace: testing
  annotations:
    reflector.v1.k8s.emberstack.com/reflects: "production/source-resource"
data:
  ...
marcel h
  • 742
  • 1
  • 7
  • 20
0

You can do this using kubexns as an initContainer.

Matheus de Faria Moraes
  • 19
  • 1
-3

Please use the following command to copy from one namespace to another

kubectl get configmap <configmap-name> -n <source-namespace> -o yaml | sed 's/namespace: <source-namespace>/namespace: <dest-namespace>/' | kubectl create -f -

kubectl get secret <secret-name> -n <source-namespace> -o yaml | sed 's/namespace: <source-namespace>/namespace: <dest-namespace>/' | kubectl create -f -

Joseph T F
  • 801
  • 1
  • 7
  • 19