The docker container I've pushed is using Pyston instead of CPython. I found that Pyston allowed me to create many more watches, so this is recommended if you're planning on doing more than ~1K watches.
- Export your $KUBECONFIG, being sure to use an absolute path
- Run
docker run --rm -it --mount type=bind,source="$KUBECONFIG",target=/app/kubeconfig.yaml evanfoster/secret-watchy:latest bash
- Inside the container, run
export KUBECONFIG=kubeconfig.yaml
This depends on you having Python 3.7+ on your system. A working compiler may or may not be necessary depending on wheels and such.
- Run
make setup
to create a Pythonvenv
and install the needed dependencies in it - Run
source venv/bin/activate
Both tools will use ~/.kube/config
if no $KUBECONFIG
is set. There's currently no option to switch contexts, so select the proper one before you start.
The following auth methods are supported by the async k8s client I'm using:
gcp-token (only via gcloud command), user-token, oidc-token, user-password, in-cluster
- Run
make create-secrets
to generate some secrets. Accepted env vars areNAMESPACE
andSECRET_COUNT
- Run
make run
(or justmake
) to watch all secrets across the cluster. Specify theWATCH_COUNT
env var if you don't want the default of50