Introduction

Kubernetes objects can be synchronized between clusters adopting the kubernetes-to-kubernetes plugin.

Synchronization process

Special rules

Additionally, there are some special rules for source kind of objects:

• PersistentVolumeClaim: objects will be updated in the destination cluster only if .spec.resources changes.

• ServiceAccount: If you’re using a Kubernetes cluster version <v1.24, when creating a ServiceAccount, an autogenerated secret will be created. From here, there are two scenarios:

  • Service account with an autogenerated secret: The autogenerated secret will be deleted, and a new one will be generated in the target cluster. The secret is always updated during each synchronization.

  • Service account with a custom secret: The custom secret will remain unchanged.

  To avoid errors, custom secrets must not follow the autogenerated secret naming structure. Secrets are considered autogenerated if they begin with the following prefixes:

  • {serviceAccountName}-token-
  • {serviceAccountName}-dockercfg-

Blacklisted objects

There are some Kubernetes objects that are blacklisted by default and will be ignored by the synchronization process.

This is the list of the blacklisted objects:

• Namespaces which name starts with kube- or openshift , and the Namespace resiliency-operator.
• All namespaced objects inside a blacklisted Namespace.
• ConfigMaps named kube-root-ca.crt or openshift-service-ca.crt.