{"id":16068417,"url":"https://github.com/flavio/organization-operator","last_synced_at":"2026-04-26T23:31:38.868Z","repository":{"id":66493650,"uuid":"266818994","full_name":"flavio/organization-operator","owner":"flavio","description":"A kubernetes operator that manages Organization and Space CR. Useful to partition a single kubernetes cluster","archived":false,"fork":false,"pushed_at":"2020-08-03T12:54:39.000Z","size":5457,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":4,"default_branch":"master","last_synced_at":"2023-04-11T20:41:51.088Z","etag":null,"topics":["kubernetes","kubernetes-operator","multi-tenancy","multi-tenant"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/flavio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-25T15:48:00.000Z","updated_at":"2024-06-19T09:01:56.715Z","dependencies_parsed_at":"2023-02-21T16:30:26.905Z","dependency_job_id":null,"html_url":"https://github.com/flavio/organization-operator","commit_stats":null,"previous_names":[],"tags_count":0,"template":null,"template_full_name":null,"purl":"pkg:github/flavio/organization-operator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flavio%2Forganization-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flavio%2Forganization-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flavio%2Forganization-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flavio%2Forganization-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flavio","download_url":"https://codeload.github.com/flavio/organization-operator/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flavio%2Forganization-operator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32317163,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-26T23:26:28.701Z","status":"ssl_error","status_checked_at":"2026-04-26T23:26:25.802Z","response_time":129,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubernetes","kubernetes-operator","multi-tenancy","multi-tenant"],"created_at":"2024-10-09T06:21:05.855Z","updated_at":"2026-04-26T23:31:38.853Z","avatar_url":"https://github.com/flavio.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"The Organization operator is a kubernetes operator that manages two types of\nkubernetes custom resources: Organization and Space.\n\nThese resources can be used to partition a kubernetes cluster into smaller ones.\n\n## Goal\n\nWe want to have multiple tenants operating on the same kubernetes cluster.\nWe want to isolate these tenants by leveraging either features built into\nkubernetes or by using additional components extending kubernetes.\n\nThe proposal mimics what [Cloud Foundry is doing for its multi-tenancy solution](https://docs.cloudfoundry.org/concepts/roles.html):\n\n * Each tenant can have one or more **Organization**\n * Each Organization can have multiple teams working on their own dedicated **Space**\n\nThe proposal assumes the following personas are going to operate on this\nkubernetes infrastructure:\n\n * Platform admins: they are the operators of the underlying kubernetes cluster.\n   They have ultimate access to all parts of it.\n * Organization users, they are divided among three groups:\n    * Admins\n    * Editors\n    * Viewers\n\nNote well: the admin/edit/view roles are going to be implemented using the\npre-defined ClusterRoles defined by kubernetes.\nSee [this section](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles)\nof kubernetes’ upstream docs for more details.\n\nThe proposal requires that nobody, except for platform admins, have write\naccess to the kubernetes namespace objects.\nNote well: that happens by default unless specific RBAC policies are created on the cluster.\n\nOnce Namespace objects are \"secured\", it's possible to use a solution like the\n[namespace-configuration-operator](https://github.com/redhat-cop/namespace-configuration-operator)\nto manange them in a centralized way.\n\n## Architecture\n\nThe architecture of the Organization Controller can be find inside of\n[this Google Doc](https://docs.google.com/document/d/1qHkPK3fem5oanaD35E7BC7SkdIjn8oM-F7CUKq0G5Wc/edit?usp=sharing)\n\nFeedback on the Google doc is highly appreciated.\n\n## Current state\n\nThis repository holds a quick POC of what is being described inside of the\narchitecture document.\n\nThis kubernetes operator is created using [kubebuilder](https://github.com/kubernetes-sigs/kubebuilder).\n\nWhat is currently missing:\n\n  * [ ] `SpaceExtraConfig` CR\n  * [x] Reconcile objects if they are changed; deleted ones are reconciled but changes are not processed right now.\n  * [ ] Testing, linting\n  * [ ] Deployment resources: helm charts, container image,...\n\nRight now it's possible to experiment with the operator by performing the following steps:\n\n  * Checkout repository\n  * Have a kubernetes cluster at reach (minikube or kind are good enough)\n  * Ensure you have `admin` rights on the target cluster\n  * Run `make install`\n  * Run `make run ENABLE_WEBHOOKS=false`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflavio%2Forganization-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fflavio%2Forganization-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflavio%2Forganization-operator/lists"}