{"id":50723926,"url":"https://github.com/axonops/axonops-operator","last_synced_at":"2026-06-10T02:30:49.169Z","repository":{"id":345304694,"uuid":"1180888063","full_name":"axonops/axonops-operator","owner":"axonops","description":"Kubernetes operator for managing the AxonOps observability stack. Deploys and configures axon-server, axon-dash, and backing databases with support for alerts, backups, repairs, Kafka management, and more.","archived":false,"fork":false,"pushed_at":"2026-04-09T17:49:15.000Z","size":28545,"stargazers_count":0,"open_issues_count":14,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-09T18:24:56.298Z","etag":null,"topics":["alerting","axonops","backups","cassandra","cassandra-database","controller-runtime","helm-chart","kafka","kafka-cluster","kubebuilder","kubernetes","kubernetes-operator","monitoring","observability"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/axonops.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-03-13T14:17:29.000Z","updated_at":"2026-04-09T17:49:22.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/axonops/axonops-operator","commit_stats":null,"previous_names":["axonops/axonops-operator"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/axonops/axonops-operator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/axonops%2Faxonops-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/axonops%2Faxonops-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/axonops%2Faxonops-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/axonops%2Faxonops-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/axonops","download_url":"https://codeload.github.com/axonops/axonops-operator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/axonops%2Faxonops-operator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34134633,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-10T02:00:07.152Z","response_time":89,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alerting","axonops","backups","cassandra","cassandra-database","controller-runtime","helm-chart","kafka","kafka-cluster","kubebuilder","kubernetes","kubernetes-operator","monitoring","observability"],"created_at":"2026-06-10T02:30:48.607Z","updated_at":"2026-06-10T02:30:49.161Z","avatar_url":"https://github.com/axonops.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AxonOps Kubernetes Operator\n\n\u003cdiv align=center\u003e\n\u003cimg src=\"AxonOps-Operator.png\" width=\"700\" height=\"200\"\u003e\n\u003c/div\u003e\n\nA Kubernetes operator that deploys and manages the [AxonOps](https://axonops.com) control plane. It replaces both the AxonOps Helm charts and Terraform provider, giving you a single, declarative interface for running AxonOps entirely within Kubernetes.\n\n## What It Does\n\n- **Deploys the full AxonOps stack** — axon-server, axon-dash, axondb-timeseries, and axondb-search — from a single `AxonOpsPlatform` custom resource.\n- **Manages AxonOps configuration** — alert rules, alert routes, healthchecks, dashboard templates, backups, scheduled repairs, and commitlog archives are reconciled as Kubernetes resources and kept in sync with the AxonOps API.\n- **Manages Kafka resources** — topics, ACLs, and connectors for Kafka-based clusters.\n- **Handles day-2 operations** — credential rotation, TLS certificate management, startup ordering, and Ingress/Gateway API configuration.\n\n---\n\n## CRDs\n\n### `core.axonops.com/v1alpha1`\n\n| Kind | Purpose |\n|---|---|\n| `AxonOpsPlatform` | Deploys and manages the full AxonOps server stack |\n| `AxonOpsConnection` | Stores reusable API credentials for the AxonOps API |\n\n### `alerts.axonops.com/v1alpha1`\n\n| Kind | Purpose |\n|---|---|\n| `AxonOpsMetricAlert` | Metric threshold alerts |\n| `AxonOpsLogAlert` | Log pattern alerts |\n| `AxonOpsAlertRoute` | Alert routing and notification channels |\n| `AxonOpsAlertEndpoint` | Alert notification endpoints (email, Slack, PagerDuty, etc.) |\n| `AxonOpsHealthcheckHTTP` | HTTP endpoint healthchecks |\n| `AxonOpsHealthcheckTCP` | TCP port healthchecks |\n| `AxonOpsHealthcheckShell` | Shell script healthchecks |\n| `AxonOpsDashboardTemplate` | Declarative dashboard management |\n| `AxonOpsAdaptiveRepair` | Adaptive repair scheduling |\n| `AxonOpsScheduledRepair` | Scheduled repair management |\n| `AxonOpsCommitlogArchive` | Commitlog archive management |\n| `AxonOpsSilenceWindow` | Alert silence windows |\n| `AxonOpsLogCollector` | Log collector configuration |\n\n### `backups.axonops.com/v1alpha1`\n\n| Kind | Purpose |\n|---|---|\n| `AxonOpsBackup` | Backup scheduling and management |\n\n### `kafka.axonops.com/v1alpha1`\n\n| Kind | Purpose |\n|---|---|\n| `AxonOpsKafkaTopic` | Kafka topic management |\n| `AxonOpsKafkaACL` | Kafka ACL management |\n| `AxonOpsKafkaConnector` | Kafka connector management |\n\n---\n\n## Prerequisites\n\n- Kubernetes 1.28+\n- [cert-manager](https://cert-manager.io) — required only when using internal database components (TimeSeries or Search)\n- [Gateway API CRDs](https://gateway-api.sigs.k8s.io/guides/#installing-gateway-api) — required only when using Gateway API ingress\n\n---\n\n## Installation\n\n**Install from OCI registry (recommended):**\n\nThe Helm chart is published as an OCI artifact on GitHub Container Registry. Install with:\n\n```bash\nhelm upgrade --install axonops-operator \\\n  oci://ghcr.io/axonops/charts/axonops-operator \\\n  --version 0.1.0 \\\n  --namespace axonops-operator-system --create-namespace\n```\n\nTo see available versions, check the [releases page](https://github.com/axonops/axonops-operator/releases) or the [package registry](https://github.com/axonops/axonops-operator/pkgs/container/charts%2Faxonops-operator).\n\n**Install from local chart source:**\n\n```bash\nhelm upgrade --install axonops-operator \\\n  ./charts/axonops-operator/ \\\n  --namespace axonops-operator-system --create-namespace\n```\n\n**Install from source with Kustomize:**\n\n```bash\nmake deploy IMG=\u003cregistry\u003e/\u003cproject\u003e:\u003ctag\u003e\n```\n\n---\n\n## Quick Start\n\n### All-in-one deployment (fully managed)\n\nDeploy the complete AxonOps stack with a single resource. The operator provisions all components, generates credentials, and manages TLS certificates automatically.\n\n\u003e **Note:** All components must have `enabled: true` set explicitly until the defaulting webhook is implemented.\n\n```yaml\napiVersion: core.axonops.com/v1alpha1\nkind: AxonOpsPlatform\nmetadata:\n  name: axonops\n  namespace: axonops\nspec:\n  server:\n    orgName: \"my-company\"\n  timeSeries:\n    enabled: true\n  search:\n    enabled: true\n  dashboard:\n    enabled: true\n```\n\n### External databases\n\nConnect the AxonOps server to existing Cassandra and Elasticsearch/OpenSearch clusters instead of running them in-cluster.\n\n```yaml\napiVersion: core.axonops.com/v1alpha1\nkind: AxonOpsPlatform\nmetadata:\n  name: axonops\n  namespace: axonops\nspec:\n  server:\n    orgName: \"my-company\"\n  timeSeries:\n    external:\n      hosts:\n        - cassandra-node1.example.com:9042\n        - cassandra-node2.example.com:9042\n      tls:\n        enabled: false\n    authentication:\n      secretRef: cassandra-credentials   # Secret with AXONOPS_DB_USER / AXONOPS_DB_PASSWORD\n  search:\n    external:\n      hosts:\n        - https://elasticsearch.example.com:9200\n      tls:\n        enabled: true\n        insecureSkipVerify: true   # Set to false and add certSecretRef for full TLS verification\n        # certSecretRef: elasticsearch-tls  # Secret with ca.crt, tls.crt, tls.key\n    authentication:\n      secretRef: elasticsearch-credentials  # Secret with AXONOPS_SEARCH_USER / AXONOPS_SEARCH_PASSWORD\n  dashboard: {}\n```\n\n\u003e **TLS verification:** When `tls.enabled=true` and `tls.insecureSkipVerify=false`, you must also set `tls.certSecretRef` to the name of a Secret containing `ca.crt`, `tls.crt`, and `tls.key`. Without it, the operator sets `Ready=False` with reason `MissingExternalTLSCert`.\n\n### Alert management\n\nCreate an `AxonOpsConnection` once per namespace, then reference it from alert resources.\n\n```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n  name: axonops-api-key\n  namespace: axonops\nstringData:\n  api-key: \"your-api-key-here\"\n---\napiVersion: core.axonops.com/v1alpha1\nkind: AxonOpsConnection\nmetadata:\n  name: axonops-api\n  namespace: axonops\nspec:\n  orgId: \"my-org-id\"\n  host: \"axonops.example.com\"\n  protocol: \"https\"\n  apiKeyRef:\n    name: axonops-api-key\n    key: api-key\n---\napiVersion: alerts.axonops.com/v1alpha1\nkind: AxonOpsMetricAlert\nmetadata:\n  name: high-read-latency\n  namespace: axonops\nspec:\n  connectionRef: axonops-api\n  clusterName: production-cluster\n  clusterType: cassandra\n  name: high-read-latency\n  operator: \"\u003e\"\n  warningValue: 50\n  criticalValue: 100\n  duration: 15m\n  dashboard: Cassandra Overview\n  chart: Read Latency\n  annotations:\n    summary: \"Cassandra read latency is high\"\n```\n\n---\n\n## AxonOpsPlatform Components\n\nEach component can operate in **internal** (operator-managed) or **external** (user-provided) mode.\n\n| Component | Image | Internal | External |\n|---|---|---|---|\n| `axon-server` | `axon-server` | StatefulSet | n/a |\n| `axon-dash` | `axon-dash` | Deployment | n/a |\n| `axondb-timeseries` | `axondb-timeseries` | StatefulSet | Cassandra-compatible |\n| `axondb-search` | `axondb-search` | StatefulSet | Elasticsearch/OpenSearch |\n\n### Authentication\n\nFor internal (operator-managed) database components, credentials are resolved in this priority order:\n\n1. `authentication.secretRef` — reference an existing Secret containing `AXONOPS_DB_USER` / `AXONOPS_DB_PASSWORD` (or `AXONOPS_SEARCH_USER` / `AXONOPS_SEARCH_PASSWORD` for Search)\n2. `authentication.username` / `authentication.password` — inline credentials in the CR\n3. Auto-generated — operator creates and manages a Secret with random credentials\n\n\u003e **Note:** External components (those with `spec.*.external.hosts` set) require explicit credentials. Auto-generation does not apply to external database connections. Set `authentication.secretRef` or `authentication.username`/`authentication.password` when using external hosts.\n\n### Ingress and Gateway API\n\nBoth Dashboard and Server endpoints (agent and API) support `ingress` and `gateway` configuration independently. You can enable one, both, or neither per endpoint.\n\n### TLS\n\nWhen using internal TimeSeries or Search components, the operator creates TLS certificates via cert-manager. cert-manager is not required for external database configurations.\n\n### Startup ordering\n\nThe operator enforces dependency ordering: Server waits for its databases to be ready; Dashboard waits for Server.\n\n---\n\n## Samples\n\nPre-built sample resources are available under `config/samples/`:\n\n```bash\nkubectl apply -k config/samples/\n```\n\nFor more detailed examples including alert configuration, K8ssandra integration, and full-stack deployments, see the [`examples/`](examples/README.md) directory.\n\n---\n\n## Development\n\n```bash\nmake manifests        # Regenerate CRDs and RBAC from kubebuilder markers\nmake generate         # Regenerate DeepCopy methods\nmake fmt \u0026\u0026 make vet  # Format and vet code\nmake lint             # Run linter\nmake test             # Run unit tests (uses envtest)\nmake build            # Build the manager binary\n```\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for the full development workflow.\n\n---\n\n## Uninstall\n\n**If installed via Helm:**\n\n```bash\nkubectl delete -k config/samples/                                         # Remove sample CRs\nhelm uninstall axonops-operator -n axonops-operator-system                # Remove the operator\n```\n\n**If installed via Kustomize / Make:**\n\n```bash\nkubectl delete -k config/samples/  # Remove sample CRs\nmake uninstall                      # Remove CRDs from the cluster\nmake undeploy                       # Remove the operator from the cluster\n```\n\n---\n\n## License\n\n© 2026 AxonOps Limited. All rights reserved.\n\nLicensed under the [Apache License, Version 2.0](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faxonops%2Faxonops-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faxonops%2Faxonops-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faxonops%2Faxonops-operator/lists"}