A Kubernetes operator that enables automated Git operations from within clusters. Commit files directly or reference existing Kubernetes resources (encrypt Secrets, ConfigMaps, etc.) and push them to Git repositories with flexible output strategies.
Docs: https://gco.galos.one
- Direct File Commits: Commit static file content to Git repositories
- Resource References: Reference arbitrary Kubernetes resources and commit their data
- REST API Integration: Fetch data from REST APIs with CEL-based response processing
- CEL (Common Expression Language) for powerful condition evaluation
- Dynamic data extraction and formatting from JSON responses
- Conditional processing based on API response status
- Flexible Output Strategies:
- Dump entire resources as YAML
- Extract all resource fields as separate files
- Extract specific fields with custom naming
- Write Modes: Overwrite or append to existing files
- Git Operations: Support for both direct commits and pull requests
- File Encryption: Age-based encryption with support for SSH keys, age keys, and passphrases
- Secure Authentication: Uses Kubernetes Secrets for Git authentication
apiVersion: gco.galos.one/v1
kind: GitCommit
metadata:
name: resource-backup
namespace: my-namespace
spec:
repository:
url: "https://github.com/your-username/k8s-backups.git"
branch: "main"
auth:
secretName: "git-credentials"
commit:
author: "Git Change Operator <[email protected]>"
message: "Automated backup of cluster resources"
resourceReferences:
# Backup ConfigMap as complete YAML
- name: "app-config"
apiVersion: "v1"
kind: "ConfigMap"
namespace: "default"
strategy: "dump"
output:
path: "backups/configmaps/app-config.yaml"Please have a token (preferably fine-grained) with fine-grained permissions ready, the following step asks for it if not already present in a git-ignored file called token in this repo.
make kind-full-demoThe operator can reference any Kubernetes resource and extract its data using various strategies:
- Dump: Output entire resource as YAML
- Fields: Extract all data fields as separate files
- Single-Field: Extract specific fields with custom naming
- Overwrite: Replace file content (default)
- Append: Add to existing file content
graph TB
%% User creates resources
User["π€ User"] -->|creates| A["π GitCommit/PullRequest CR"]
%% Operator watches and processes
B["βοΈ Git Change Operator"] -->|watches| A
%% Operator reads from K8s Cluster
B -->|reads data from| D["βΈοΈ K8s Cluster"]
D -->|contains| E["π¦ Resources"]
%% Operator authenticates and writes to Git
B -->|clones/pulls| C["π Git Repository"]
B -->|commits & pushes| C
B -->|creates PR| G["π GitHub"]
%% Repository states
%% Styling
classDef userAction fill:#e1f5fe
classDef operator fill:#f3e5f5
classDef k8sResource fill:#e8f5e8
classDef gitResource fill:#fff3e0
classDef github fill:#f6f8fa
class User userAction
class B operator
class D,E,F k8sResource
class C gitResource
class G github
Export cluster configuration to Git repositories for backup and version control.
Automatically update Git repositories when cluster state changes, enabling bidirectional GitOps.
Maintain Git history of configuration changes for compliance and audit trails.
Share configuration between clusters through Git repositories.
-
:material-rocket-launch:{ .lg .middle } Get Started
Install the operator and create a first GitCommit resource in minutes.
-
:material-book-open:{ .lg .middle } User Guide
Complete guide covering installation, configuration, and usage patterns.
-
:material-code-braces:{ .lg .middle } Examples
Real-world examples and use cases with complete YAML configurations.
-
:material-api:{ .lg .middle } API Reference
Complete API documentation and CRD specifications.
-
:material-shield-check:{ .lg .middle } Security
Production security considerations and RBAC configuration.
This project is licensed under the MIT License - see the LICENSE file for details.