KubeTracker is a tool that securely tracks kubernetes resource configuration changes in a git repository. It offers real-time tracking, pruning of noisy resource yaml fields, and public/private key encryption to keep sensitive information secure.
- Real-Time Tracking: Tracks changes to Kubernetes resources and updates YAML files in a Git repository near real-time.
- Filtering By Namespaces: A "first match wins" array of namespace filtering rules. Default rules are definable globally while resource-type specific rules override defaults.
- Encryption: Optionally encrypts YAML files using age encryption to secure sensitive data.
- Default encryption keys can be set globally if it is desirable to encrypt the entire repository. Encryption configuration can also be defined independently for each resource-type being tracked.
- We do NOT currently plan to support PGP/GPG encryption. See The PGP Problem, to better understand this decision.
- Commit Signing: Can optionally sign Git commits, ensuring integrity and authenticity of changes logged.
- Config Field Pruning: Configurable to ignore specific fields in YAML (e.g.,
statusfields) that might change frequently but are not relevant for configuration tracking. - Git Tracking
- Local Repository:
- Tracks configuration changes in a local git repository.
- Remote Repositories:
- Clone and/or pull changes from a single remote Git repository at startup.
- Push changes to one or more remote Git repositories periodically. (one push per minute, max)
- Local Repository:
- Performance: Written in Golang for high performance and efficiency.
This project is licensed under the BSD 3-Clause License.