{"id":24822322,"url":"https://github.com/controlplane-com/k8s-operator","last_synced_at":"2025-09-11T23:09:05.191Z","repository":{"id":274491986,"uuid":"912980734","full_name":"controlplane-com/k8s-operator","owner":"controlplane-com","description":"A Kubernetes operator for Control Plane","archived":false,"fork":false,"pushed_at":"2025-03-20T22:27:09.000Z","size":955,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-20T23:28:18.350Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/controlplane-com.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-06T19:37:08.000Z","updated_at":"2025-03-20T22:27:13.000Z","dependencies_parsed_at":"2025-03-13T18:46:53.139Z","dependency_job_id":null,"html_url":"https://github.com/controlplane-com/k8s-operator","commit_stats":null,"previous_names":["controlplane-com/k8s-operator"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/controlplane-com%2Fk8s-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/controlplane-com%2Fk8s-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/controlplane-com%2Fk8s-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/controlplane-com%2Fk8s-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/controlplane-com","download_url":"https://codeload.github.com/controlplane-com/k8s-operator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245544293,"owners_count":20632796,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-30T18:40:59.410Z","updated_at":"2025-03-25T21:23:57.887Z","avatar_url":"https://github.com/controlplane-com.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Control Plane Kubernetes Operator\n\nA Kubernetes operator for [Control Plane](https://controlplane.com). This project allows you to manage many Control\nPlane resources using Kubernetes custom resource definitions (CRDs).\n\n## Prerequisites\n\n- A [Kubernetes](https://kubernetes.io) cluster with [Cert Manager](https://cert-manager.io/docs/installation/)\n  installed.\n- The [Helm](https://helm.sh) CLI\n- A [Control Plane](https://controlplane.com) account\n\n## Installation\n\n### Quickstart\n\nIf you don't already have a Kubernetes cluster, run the command below to get a local [kind](https://kind.sigs.k8s.io/) cluster up and running.\n\n```shell  \nmake cluster-quickstart\n```\n\n### Manual Installation\n\nIf you already have a cluster:\n\n1. Install [Cert Manager](https://cert-manager.io/docs/installation/).\n2. (Optional) [Install ArgoCD](https://argo-cd.readthedocs.io/en/stable/getting_started/).\n    - If you decide to install Argo later, you'll need to upgrade your Helm installation to enable Argo-specific\n      features. To do so, run:\n\n   ```shell \n   helm upgrade cpln-operator cpln/cpln-operator\n   ``` \n\n3. Run the following commands:\n\n   ```shell\n   helm repo add cpln https://controlplane-com.github.io/k8s-operator \n   helm install cpln-operator cpln/cpln-operator\n   ```\n\n## Granting the Operator Access to Your Control Plane Org\n\nFirst, provision\na [Control Plane Service Account](https://docs.controlplane.com/reference/serviceaccount#service-account).\n\n1. Create the Service Account as a member of the `superusers` group to start. Later, you can move it to a group with\n   narrower permissions if you wish.\n2. Create a [key](https://docs.controlplane.com/reference/serviceaccount#service-account-keys), and store it somewhere\n   for safekeeping.\n3. Run the following command:\n\n   ```shell \n   make install-secret org=your-org-name key=your-service-account-key\n   ```\n\n## Usage\n\nCreate a custom resource for one of the supported kinds from the list below. The operator will use the secret you\nconfigured to sync the resource with Control Plane.\n\n### Guidelines\n\n- All resources must contain the `org` property, which tells the operator what the target org is and, therefore, which\n  secret to use.\n- Some kinds also require a `gvc` property, which tells the operator what the target GVC is.\n- Consult the [custom resource definitions](chart/templates/crd) for information about the available and required\n  fields.\n- For GVC-scoped kinds, a namespace per GVC is recommended.\n- For org-scoped kinds, a namespace per org is recommended.\n\n## Preventing Resource Deletion\n\nDeleting a Kubernetes resource while the controller is installed and running will remove the corresponding resource from\nControl Plane. You can prevent this by adding a special annotation to the Kubernetes resource anytime before deletion,\ne.g.:\n\n```yaml\nkind: gvc\nmetadata:\n  name: fresh\n  namespace: default\n  annotations:\n    cpln.io/resource-policy: keep\napiVersion: cpln.io/v1\ndescription: fresh\norg: kyle-test-org-2\ntags: {}\nspec:\n  loadBalancer:\n    dedicated: false\n  staticPlacement:\n    locationLinks:\n      - //location/aws-eu-central-1\n```\n\n## Argo CD\n\nThe operator integrates closely with [ArgoCD](https://argoproj.github.io/cd/). There is no special configuration needed\nfor this to work. Once the operator is installed, you can point Argo at a Git repository containing YAML manifests or a\nHelm chart, and you're off to the races!\n\n![Argo Example](images/img.png)\n\n### Example App\nHere's a example Argo Application. It pulls a helm chart located in the repository: [https://github.com/cuppojoe/argo-example](https://github.com/cuppojoe/argo-example).\nBe sure to replace `your-org-name-here` with your Control Plane org name. Note that the domain object in this example will not become healthy, since the domain\nis not owned by your org. It is there for illustrative purposes only.\n\nSimply save the yaml below to a file (e.g. `app.yaml`), and run something like\n```shell \nkubectl -n argocd apply -f app.yaml\n```\n\n```yaml \napiVersion: argoproj.io/v1alpha1\nkind: Application\nmetadata:\n  name: my-helm-app\n  namespace: argocd  # This is usually where Argo CD is installed\nspec:\n  project: default\n  destination:\n    server: 'https://kubernetes.default.svc'  # Cluster API server URL\n    namespace: fresh                  # Target namespace in your cluster\n  source:\n    repoURL: 'https://cuppojoe.github.io/argo-example/'  # URL of your Helm repository\n    chart: argo-example                              # Name of the Helm chart\n    targetRevision: 0.2.3                        # Chart version (can be a version, branch, etc.)\n    helm:\n      # Inline values override (optional)\n      values: |\n        org: your-org-name-here\n  syncPolicy:\n    automated:\n      prune: true      # Automatically delete resources that are no longer defined in the chart\n      selfHeal: true   # Automatically sync drifted resources\n\n```\n### Connecting to the Argo UI\nFor a fresh install, run the commands below to print the initial admin password, and forward port 18081 to the Argo UI.\n```shell \n#print the initial admin password\nkubectl -n argocd get secret argocd-initial-admin-secret -o json | jq '.data.password' -r | base64 -d -\n\n#connect to the argo UI\nkubectl -n argocd port-forward service/argocd-server 18081:443\n```\nNext, open a browser window and navigate to localhost:18081. Trust the self-signed certificate, and log in with user: admin, pass: \u003cinitial-admin-password\u003e\n![argo-login.png](images/argo-login.png)\n\n## Supported Kinds\n\nThe operator supports:\n\n- `agent`\n- `auditcontext`\n- `domain`\n- `group`\n- `gvc`\n- `identity`\n- `ipset`\n- `location`\n- `policy`\n- `volumeset`\n- `workload`\n- `secret` ([Secrets are a special case](#secrets))\n\n## Secrets\n\nFor security reasons, secret data must be stored using a native Kubernetes Secret object, not a custom resource. This\nmakes it slightly different from the other kinds.\n\n**Note the `app.kubernetes.io/managed-by` label, and the `cpln.io/org` annotation in the example below.**\n\n### Example\n\n```yaml\napiVersion: v1\nkind: Secret\ntype: opaque\nmetadata:\n  labels:\n    app.kubernetes.io/managed-by: cpln-operator # Secrets without this label are ignored\n  name: secret\n  namespace: default\n  annotations:\n    cpln.io/org: kyle-test-org # Replace this with your org name. This is required.\ndata:\n  encoding: cGxhaW4= # plain\n  payload: c2VjcmV0LXZhbHVl # secret-value\n```\n \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontrolplane-com%2Fk8s-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcontrolplane-com%2Fk8s-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontrolplane-com%2Fk8s-operator/lists"}