-
KubeMirror's Solution
-
+
KubeMirror's Solution
+
Define your resource once in a source namespace. KubeMirror automatically copies it to all target namespaces and keeps them synchronized.
Transform values per environment (e.g., preprod-* namespaces get preprod API URLs, prod-* get production URLs).
Works with any Kubernetes resource type.
@@ -156,17 +238,17 @@
-
+
Everything you need for resource mirroring and synchronization
-
+
-
Mirror Any Resource Type
+
Mirror Any Resource Type
Not just Secrets and ConfigMaps. Mirror any namespaced Kubernetes resource:
@@ -184,15 +266,15 @@
-
+
-
Transform Per Environment
+
Transform Per Environment
Change values automatically based on target namespace:
-
+
# Preprod namespaces get preprod API
- path: data.API_URL
value: "https://preprod.api.com"
@@ -211,11 +293,11 @@
-
+
-
Automatic Synchronization
+
Automatic Synchronization
Update the source once. All copies update automatically:
@@ -233,25 +315,25 @@
-
+
-
Flexible Targeting
+
Flexible Targeting
Choose which namespaces receive the copy:
-
-
-
namespace-1,namespace-2
+
+
+ namespace-1,namespace-2
Specific namespaces
-
-
app-*,prod-*
+
+ app-*,prod-*
Pattern matching
-
-
all-labeled
+
+ all-labeled
All labeled namespaces
@@ -269,26 +351,26 @@
-
+
See how easy it is to get started with KubeMirror
-
-
+
+
1
-
+
Basic: Mirror a TLS Secret
Share your TLS certificate across multiple application namespaces
-
+
apiVersion: v1
kind: Secret
metadata:
@@ -307,20 +389,20 @@
-
-
+
+
2
-
+
Pattern Matching: Mirror to All App Namespaces
Use wildcards to mirror to all namespaces matching a pattern
-
+
apiVersion: v1
kind: ConfigMap
metadata:
@@ -337,28 +419,28 @@
api_url: "https://api.example.com"
-
+
- Result: This ConfigMap will be automatically copied to app-frontend, app-backend, app-worker, and any other namespace starting with "app-"
+ Result: This ConfigMap will be automatically copied to app-frontend, app-backend, app-worker, and any other namespace starting with "app-"
-
-
+
+
3
-
+
Custom Resource: Share Traefik Middleware
Mirror any CRD like Traefik Middleware across your cluster
-
+
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
@@ -376,130 +458,12 @@
- text/event-stream
-
+
Works with any CRD: Cert-Manager Certificates, Gateway API resources, or your own custom resources!
-
-
-
-
-
- 4
-
-
-
-
- Advanced: Environment-Specific Configuration
-
-
Transform values based on target environment using namespace patterns
-
-
-
-
apiVersion: v1
-kind: ConfigMap
-metadata:
- name: app-config
- namespace: default
- labels:
- kubemirror.raczylo.com/enabled: "true"
- annotations:
- kubemirror.raczylo.com/sync: "true"
- kubemirror.raczylo.com/target-namespaces: "preprod-api,prod-api,staging-api"
- kubemirror.raczylo.com/transform: |
- rules:
- # Preprod gets preprod GraphQL endpoint
- - path: data.GRAPHQL_HOST
- value: "https://preprod.example.com/v1/graphql"
- namespacePattern: "preprod-*"
-
- # Production gets production endpoint
- - path: data.GRAPHQL_HOST
- value: "https://api.example.com/v1/graphql"
- namespacePattern: "prod-*"
-
- # Set log level to error in production
- - path: data.LOG_LEVEL
- value: "error"
- namespacePattern: "prod-*"
-data:
- GRAPHQL_HOST: "https://localhost/v1/graphql"
- LOG_LEVEL: "debug"
-
-
-
-
- Result: Each environment gets the right configuration automatically. One source, multiple environments, zero manual work!
-
-
-
-
-
-
-
-
- 5
-
-
-
-
- Go Templates: Dynamic Value Generation
-
-
Use Go template functions to generate namespace-specific values dynamically
-
-
-
-
apiVersion: v1
-kind: ConfigMap
-metadata:
- name: dynamic-config
- namespace: default
- labels:
- kubemirror.raczylo.com/enabled: "true"
- annotations:
- kubemirror.raczylo.com/sync: "true"
- kubemirror.raczylo.com/target-namespaces: "app-frontend,app-backend,app-worker"
- kubemirror.raczylo.com/transform: |
- rules:
- # Generate namespace-specific API URL
- - path: data.API_URL
- template: "https://{{.TargetNamespace}}.api.example.com"
-
- # Generate database connection string
- - path: data.DATABASE_URL
- template: "postgres://{{.TargetNamespace}}.db.svc:5432/app"
-
- # Use string manipulation functions
- - path: data.CACHE_PREFIX
- template: "{{replace .TargetNamespace \"-\" \"_\"}}"
-
- # Uppercase namespace for environment variable
- - path: data.NAMESPACE_UPPER
- template: "{{upper .TargetNamespace}}"
-data:
- API_URL: "https://localhost:8080"
- DATABASE_URL: "postgres://localhost:5432/app"
- CACHE_PREFIX: "default"
- NAMESPACE_UPPER: "DEFAULT"
-
-
-
-
- Available Template Variables:
-
-
-
.TargetNamespace - Target namespace name
-
.SourceNamespace - Source namespace name
-
.SourceName - Source resource name
-
.TargetName - Mirror resource name
-
-
- Template Functions: upper, lower, replace, trimPrefix, trimSuffix, default
-
-
-
@@ -508,102 +472,74 @@
-
-
We built KubeMirror to replace emberstack/reflector
+
+
We built KubeMirror to replace emberstack/reflector
- | Capability |
- KubeMirror |
- Reflector |
+ Capability |
+ KubeMirror |
+ Reflector |
- |
- Supported Resources
+ |
+ Supported Resources
What resource types can be mirrored
|
-
-
- Secrets, ConfigMaps, CRDs, etc.
+ |
+
+ Secrets, ConfigMaps, CRDs, etc.
|
-
-
- Secrets, ConfigMaps only
+ |
+
+ Secrets, ConfigMaps only
|
- |
- Auto-Discovery
+ |
+ Auto-Discovery
Finds all resource types automatically
|
-
-
- Yes
+ |
+
+ Yes
|
-
-
- Hardcoded
+ |
+
+ Hardcoded
|
- |
- Value Transformation
+ |
+ Value Transformation
Change values per target namespace
|
-
-
- Full support
+ |
+
+ Full support
|
-
-
- Not available
+ |
+
+ Not available
|
- |
- Environment-Specific Rules
- Different transforms for dev/staging/prod
- |
-
-
- Namespace patterns
- |
-
-
- Not available
- |
-
-
- |
- API Efficiency
- Impact on Kubernetes API server
- |
-
-
- 90% less load
- |
-
-
- Higher load
- |
-
-
- |
- Active Development
+ |
+ Active Development
Regular updates and bug fixes
|
-
-
- Active
+ |
+
+ Active
|
-
-
- Recently resumed (2025)
+ |
+
+ Recently resumed (2025)
|
@@ -611,11 +547,11 @@
-
-
+
+
-
Why We Built KubeMirror
-
+
Why We Built KubeMirror
+
We needed to share Traefik Middleware across 200+ namespaces with environment-specific configurations.
Reflector couldn't do it (Secrets/ConfigMaps only, no transformations). So we built KubeMirror with modern
Kubernetes best practices and all the features we wished Reflector had.
@@ -630,20 +566,20 @@
-
-
Get started in under 2 minutes
+
+
Get started in under 2 minutes
-
+
-
Helm (Recommended)
+
Helm (Recommended)
-
+
helm repo add kubemirror \
https://lukaszraczylo.github.io/helm-charts
@@ -655,14 +591,14 @@
-
+
-
+
kubectl apply -k \
github.com/lukaszraczylo/kubemirror/deploy
@@ -674,8 +610,8 @@
-
-
+
+
Quick Start: Mirror a Secret in 30 Seconds
@@ -684,9 +620,9 @@
1
-
Create your source Secret
+
Create your source Secret
-
+
apiVersion: v1
kind: Secret
metadata:
@@ -707,15 +643,15 @@
2
-
That's it!
+
That's it!
-
+
KubeMirror automatically:
-
+
-
- Creates copies in
app-1 and app-2
+ Creates copies in app-1 and app-2
-
@@ -732,8 +668,8 @@
- Required: Both the label kubemirror.raczylo.com/enabled
- and annotation kubemirror.raczylo.com/sync are needed.
+ Required: Both the label kubemirror.raczylo.com/enabled
+ and annotation kubemirror.raczylo.com/sync are needed.
@@ -742,42 +678,6 @@
-
-
-
-
-
-
Everything you need to know
-
-
-
-
-
-
+
Copy Kubernetes resources across namespaces. Modern replacement for Reflector.
-
License
-
MIT License
-
© 2024 Lukasz Raczylo
+
License
+
MIT License
+
© 2024 Lukasz Raczylo
+
+
+
+
+