{"id":14371721,"url":"https://github.com/istio-ecosystem/sail-operator","last_synced_at":"2026-01-14T18:36:00.677Z","repository":{"id":225231988,"uuid":"763766821","full_name":"istio-ecosystem/sail-operator","owner":"istio-ecosystem","description":"The Sail Operator is able to install and manage the lifecycle of the Istio control plane in an Kubernetes \u0026 OpenShift cluster.","archived":false,"fork":false,"pushed_at":"2026-01-12T14:13:37.000Z","size":12762,"stargazers_count":91,"open_issues_count":66,"forks_count":58,"subscribers_count":12,"default_branch":"main","last_synced_at":"2026-01-12T20:55:55.088Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/istio-ecosystem.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE-OF-CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2024-02-26T22:05:25.000Z","updated_at":"2026-01-12T14:13:41.000Z","dependencies_parsed_at":"2024-04-15T11:42:28.903Z","dependency_job_id":"8f0042d9-1dbf-42f5-ab00-3a67cedd5f72","html_url":"https://github.com/istio-ecosystem/sail-operator","commit_stats":null,"previous_names":["istio-ecosystem/sail-operator"],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/istio-ecosystem/sail-operator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/istio-ecosystem%2Fsail-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/istio-ecosystem%2Fsail-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/istio-ecosystem%2Fsail-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/istio-ecosystem%2Fsail-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/istio-ecosystem","download_url":"https://codeload.github.com/istio-ecosystem/sail-operator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/istio-ecosystem%2Fsail-operator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28430859,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T16:38:47.836Z","status":"ssl_error","status_checked_at":"2026-01-14T16:34:59.695Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-27T23:01:05.836Z","updated_at":"2026-01-14T18:36:00.671Z","avatar_url":"https://github.com/istio-ecosystem.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"[![unit-test](https://github.com/istio-ecosystem/sail-operator/actions/workflows/unit-tests.yaml/badge.svg)](https://github.com/istio-ecosystem/sail-operator/actions/workflows/unit-tests.yaml)\n[![integration test badge](https://github.com/istio-ecosystem/sail-operator/actions/workflows/integration-tests.yaml/badge.svg)](https://github.com/istio-ecosystem/sail-operator/actions/workflows/integration-tests.yaml)\n[![update-deps badge](https://github.com/istio-ecosystem/sail-operator/actions/workflows/update-deps.yaml/badge.svg)](https://github.com/istio-ecosystem/sail-operator/actions/workflows/update-deps.yaml)\n[![nightly-images badge](https://github.com/istio-ecosystem/sail-operator/actions/workflows/nightly-images.yaml/badge.svg)](https://github.com/istio-ecosystem/sail-operator/actions/workflows/nightly-images.yaml)\n\n# Sail Operator\n\nThe Sail Operator manages the lifecycle of your [Istio](https://istio.io) control plane. It provides custom resources for you to deploy and manage your control plane components.\n\n## Contributor Call\n\nWe have a weekly call every Thursday at 4PM CET / 10AM EST to discuss current progress and future plans. To add it to your Google Calendar, you can [subscribe to the Sail Operator calendar](https://calendar.google.com/calendar/u/0?cid=MDRhNzBkZjUwNmI5ZjFlMTAyYmUzZDhiZTFlNDA3ZjRlMjcwZjAzNmY4NDFkZTA1MmYzYzczYjk3OTU4ZGI2MUBncm91cC5jYWxlbmRhci5nb29nbGUuY29t).\n\n## User Documentation\nThis document aims to provide an overview of the project and some information for contributors. For information on how to use the operator, take a look at the [User Documentation](docs/README.adoc).\n\n## Table of Contents\n\n- [How it works](#how-it-works)\n- [Getting Started](#getting-started)\n    - [Deploying the operator from source](#deploying-the-operator-from-source)\n    - [Deploying the operator by using Helm charts](#deploying-the-operator-by-using-helm-charts)\n    - [Deploying the Istio Control Plane](#deploying-the-istio-control-plane)\n    - [Undeploying the operator](#undeploying-the-operator)\n- [Development](#development)\n    - [Repository Setup](#repository-setup)\n    - [Test It Out](#test-it-out)\n    - [Modifying the API definitions](#modifying-the-api-definitions)\n    - [Writing Tests](#writing-tests)\n    - [Integration Tests](#integration-tests)\n    - [End-to-End Tests](#end-to-end-tests)\n    - [Vendor-specific changes](#vendor-specific-changes)\n    - [Developing on macOS](#developing-on-macos)\n- [Release process](#release-process)\n- [Versioning and Support Policy](#versioning-and-support-policy)\n- [Community Support and Contributing](#community-support-and-contributing)\n- [Sail Enhancement Proposal](#sail-enhancement-proposal)\n- [Issue management](#issue-management)\n\n## How it works\n\nYou manage your control plane through an `Istio` resource.\n\n```yaml\napiVersion: sailoperator.io/v1\nkind: Istio\nmetadata:\n  name: example\nspec:\n  namespace: istio-system\n```\n\n**Note:** You can explicitly specify the version using the `spec.version` field. If not specified, the default version supported by the Operator will be used.\n\nWhen you create an `Istio` resource, the sail operator then creates an `IstioRevision` that represents a control plane deployment.\n\n```yaml\napiVersion: sailoperator.io/v1\nkind: IstioRevision\nmetadata:\n  name: example\n  ...\nspec:\n  namespace: istio-system\nstatus:\n  ...\n  state: Healthy\n```\n\nYou can customize your control plane installation through the `Istio` resource using Istio's `Helm` configuration values:\n\n```yaml\napiVersion: sailoperator.io/v1\nkind: Istio\nmetadata:\n  name: example\nspec:\n  namespace: istio-system\n  values:\n    global:\n      variant: debug\n      logging:\n        level: \"all:debug\"\n    meshConfig:\n      trustDomain: example.com\n      trustDomainAliases:\n      - example.net\n```\n\n## Getting Started\n\nYou’ll need a Kubernetes cluster to run against. You can use [KIND](https://sigs.k8s.io/kind) to get a local cluster for testing, or run against a remote cluster.  \n**Note:** Your controller will automatically use the current context in your kubeconfig file (i.e. whatever cluster `kubectl cluster-info` shows).\n\n### Quick start using a local KIND cluster\n\nFor a quick start using a local cluster run:\n\n```sh\nmake cluster\n```\n\nThis deploys the cluster and preloads the latest operator image built from source to it.\nYou can then follow up by deploying the operator and using it locally.\n\nAlternatively, you can deploy a local multi-cluster setup by running:\n\n```sh\nmake cluster MULTICLUSTER=true\n```\n\n### Deploying the operator from source\n\nDeploy the operator to the cluster:\n\n```sh\nmake deploy\n```\n\nAlternatively, you can deploy the operator using OLM:\n\n```sh\nmake deploy-olm\n```\n\nMake sure that the `HUB` and `TAG` environment variables point to your container image repository and that the repository is publicly accessible.\n\nWhen deploying on a local KIND cluster, make sure to use the local image registry:\n\n```sh\nexport HUB=localhost:5000\n```\n\n### Deploying the operator by using Helm charts\n\nDeploy operator with Helm by using the following [guide](chart/README.md)\n\n### Deploying the Istio Control Plane\n\n#### Create namespaces\n\nCreate namespace for `Istio` Control Plane.\n\n```sh\nkubectl create namespace istio-system\n```\n\nFor Ambient mode or use on Openshift, create a namespace for `IstioCNI` resource.\n\n```sh\nkubectl create namespace istio-cni\n```\n\nFor Ambient mode, create a namespace for `ZTunnel` resource.\n\n```sh\nkubectl create namespace ztunnel\n```\n\n#### Deploy a Sidecar mode\n\nCreate an instance of the `Istio` resource to install the Istio Control Plane.\n\n```sh\nkubectl apply -f chart/samples/istio-sample.yaml\n```\n\nOn OpenShift, you must also deploy the Istio CNI plugin by creating an instance of the `IstioCNI` resource:\n\n```sh\nkubectl apply -f chart/samples/istiocni-sample.yaml\n```\n\nView your control plane:\n\n```sh\nkubectl get istio default\n```\n\n#### Deploy an Ambient mode\n\nCreate an instance of the `Istio` Ambient resource to install the Istio Ambient Control Plane.\n\n```sh\nkubectl apply -f chart/samples/ambient/istio-sample.yaml\n```\n\nCreate an instance of the `IstioCNI` resource to install the Istio CNI plugin.\n\n```sh\nkubectl apply -f chart/samples/ambient/istiocni-sample.yaml\n```\n\nCreate an instance of the `ZTunnel` resource to install the ZTunnel plugin.\n\n```sh\nkubectl apply -f chart/samples/ambient/istioztunnel-sample.yaml\n```\n\nView your control plane:\n\n```sh\nkubectl get istio default\nkubectl get istiocni default\nkubectl get ztunnel default\n```\n\n**Note** - The version can be specified by modifying the `version` field within `Istio` and `IstioCNI` manifests.  \nFor other deployment options, refer to the [docs](docs) directory.\n\n### Undeploying the operator\nUndeploy the operator from the cluster:\n\n```sh\nmake undeploy\n```\n\n## Development\n\nThis project aims to follow the Kubernetes [Operator pattern](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/).\n\nIt uses [Controllers](https://kubernetes.io/docs/concepts/architecture/controller/),\nwhich provide a reconcile function responsible for synchronizing resources until the desired state is reached on the cluster.\n\n### Repository Setup\n\nWe're using [gitleaks](https://github.com/gitleaks/gitleaks) to scan the repository for secrets. After cloning, please enable the pre-commit hook by running `make git-hook`. This will make sure that `gitleaks` scans your contributions before you push them to GitHub, avoiding any potential secret leaks.\n\n```sh\nmake git-hook\n```\n\nYou will also need to sign off your commits to this repository. This can be done by adding the `-s` flag to your `git commit` command. If you want to automate that for this repository, take a look at `.git/hooks/prepare-commit-msg.sample`, it contains an example to do just that.\n\n### Test It Out\n\n1. Install the CRDs into the cluster:\n\n```sh\nmake install\n```\n\n2. Run your controller (this will run in the foreground, so switch to a new terminal if you want to leave it running):\n\n```sh\nmake run\n```\n\n**NOTE:** You can also run this in one step by running: `make install run`\n\n### Modifying the API definitions\n\n**Important:** Any API change should be discussed in an [SEP](enhancements/SEP1-enhancement-process.md) before being implemented.\n\nIf you are editing the API definitions, generate the manifests such as CRs or CRDs using:\n\n```sh\nmake manifests\n```\n\n**NOTE:** Run `make help` for more information on all potential `make` targets\n\nMore information can be found via the [Kubebuilder Documentation](https://book.kubebuilder.io/introduction.html)\n\nThe API reference documentation can be found in the [docs](https://github.com/istio-ecosystem/sail-operator/tree/main/docs/api-reference/sailoperator.io.md)\n\n### Writing Tests\n\nPlease try to keep business logic in separate packages that can be independently tested wherever possible, especially if you can avoid the usage of Kubernetes clients. It greatly simplifies testing if we don't need to use envtest everywhere.\n\nE2E and integration tests should use the ginkgo-style BDD testing method, an example can be found in [`tests/integration/api/istio_test.go`](tests/integration/api/istio_test.go) for the test code and suite setup in [`tests/integration/api/suite_test.go`](tests/integration/api/suite_test.go). Unit tests should use standard golang xUnit-style tests (see [`pkg/kube/finalizers_test.go`](pkg/kube/finalizers_test.go) for an example).\n\n### Integration Tests\n\nPlease check the specific instructions for the integration tests in the [integration](tests/integration/README.md) directory.\n\nTo run the integration tests, you can use the following command:\n\n```sh\nmake test.integration\n```\n\n### End-to-End Tests\n\nPlease check the specific instructions for the end-to-end tests in the [e2e](tests/e2e/README.md) directory.\n\nTo run the end-to-end tests, you can use the following command:\n\n```sh\nmake test.e2e.kind\n```\n\nor\n\n```sh\nmake test.e2e.ocp\n```\n\n### Vendor-specific changes\n\nAs you might know, the Sail Operator project serves as the community upstream for the Red Hat OpenShift Service Mesh 3 operator. To accomodate any vendor-specific changes, we have a few places in the code base that allow for vendors to make downstream changes to the project with minimal conflicts. As a rule, these vendor-specific modifications should not include code changes, and they should be vendor-agnostic, ie if any other vendor wants to use them, they should be flexible enough to allow for doing that.\n\n### Developing on macOS\n\nThere are some considerations that you need to take into account while trying to develop, debug and work on macOS and specially if you are using Podman instead on Docker. Please take a look into this [documentation](/docs/macos/develop-on-macos.md) for macOS specifics.\n\n#### versions.yaml\n\nThe name of the versions.yaml file can be overwritten using the VERSIONS_YAML_FILE environment variable. This way, downstream vendors can point to a custom list of supported versions. Note that this file should be located in the `pkg/istioversion` directory, with the default value being `versions.yaml`.\n\n#### vendor_defaults.yaml\n\nBy modifying `pkg/istiovalues/vendor_defaults.yaml`, vendors can change some defaults for the helm values. Note that these are defaults, not overrides, so user input will always take precendence.\n\n## Release process\n\nPlease refer to the [RELEASE-PROCESS.md](RELEASE-PROCESS.md) file for more information on how the Sail Operator release process works.\n\n## Versioning and Support Policy\n\nVersioning for the Sail Operator will follow Istio versioning. When there's a new version of Istio released, there will be a corresponding release of the Sail Operator. The latest version of Istio can be installed using the latest version of the Sail Operator. For example, when Istio 1.25 is released, there will be a corresponding 1.25 release of the Sail Operator that supports installing Istio 1.25.\n\nThe Sail Operator will support n-2 releases of Istio. If you install the 1.25 Sail Operator, the Operator can install Istio 1.23-1.25.\n\nNot all Istio patch versions will be included in Sail Operator releases. Some may be skipped. Also, the Sail Operator patch version will not correspond to the Istio patch version. For example, the 1.25.0 Sail Operator may only support installing Istio 1.25.1 but not Istio 1.25.0.\n\nWhen an Istio release is out of support, the corresponding Sail Operator release will be out of support as well.\n\n\u003e [!NOTE]\n\u003e The first stable 1.0 release did not follow this versioning strategy but subsequent releases will.\n\n## Community Support and Contributing\nPlease refer to the [CONTRIBUTING-SAIL-PROJECT.md](CONTRIBUTING.md) file for more information on how to contribute to the Sail Operator project. This file contains all the information you need to get started with contributing to the project.\n\n## AI Agents for Development\nIf you're using AI coding assistants like Claude, GitHub Copilot, or Cursor, check out our [AI Agents Guide](docs/ai/ai-agents-guide.adoc) for information on how to configure these tools to understand Sail Operator patterns and best practices.\n\n## Sail Enhancement Proposal\n\nSEP documents are used to propose and discuss non-trivial features or epics and any API changes. Please refer to the [SEP1-enhancement-process.md](enhancements/SEP1-enhancement-process.md) file for more information on how to create a Sail Enhancement Proposal (SEP) for the Sail Operator project.\n\nSEP documents are stored in the [enhancements](enhancements) directory of the Sail Operator repository in Markdown format. If you want to create a SEP, be sure to check out the [SEP template](enhancements/SEP0-template.md).\n\n## Issue management\nPlease refer to the [ISSUE-MANAGEMENT.md](ISSUE-MANAGEMENT.md) file for more information on how to report bugs and feature requests to the Sail Operator team.\n\nIf you found a bug in Istio, please refer to the [Istio GitHub repository](BUGS-AND-FEATURE-REQUESTS.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fistio-ecosystem%2Fsail-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fistio-ecosystem%2Fsail-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fistio-ecosystem%2Fsail-operator/lists"}