{"id":44306201,"url":"https://github.com/kagenti/kagenti-operator","last_synced_at":"2026-05-07T14:01:55.243Z","repository":{"id":285467264,"uuid":"955403022","full_name":"kagenti/kagenti-operator","owner":"kagenti","description":"Kubernetes operator for deploying and lifecycle management of Agents and Tools","archived":false,"fork":false,"pushed_at":"2026-04-03T02:47:03.000Z","size":112598,"stargazers_count":8,"open_issues_count":32,"forks_count":33,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-04-03T11:53:33.012Z","etag":null,"topics":["kubernetes","lifecycle-management","operator"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kagenti.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-03-26T15:27:14.000Z","updated_at":"2026-04-03T02:46:15.000Z","dependencies_parsed_at":"2025-09-15T20:10:10.831Z","dependency_job_id":"7f382e1b-9232-4fdb-bd1c-008787c2754f","html_url":"https://github.com/kagenti/kagenti-operator","commit_stats":null,"previous_names":["kagenti/kagenti-operator"],"tags_count":23,"template":false,"template_full_name":null,"purl":"pkg:github/kagenti/kagenti-operator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kagenti%2Fkagenti-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kagenti%2Fkagenti-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kagenti%2Fkagenti-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kagenti%2Fkagenti-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kagenti","download_url":"https://codeload.github.com/kagenti/kagenti-operator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kagenti%2Fkagenti-operator/sbom","scorecard":{"id":1244938,"data":{"date":"2026-03-16T19:02:37Z","repo":{"name":"github.com/kagenti/kagenti-operator","commit":"260ac4e7fa23a4abe419903d3f12c49579cb71e1"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":6.6,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Security-Policy","score":4,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Warn: no linked content found","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yaml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecard.yaml:27","Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecard.yaml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/security-scans.yaml:192","Info: jobLevel 'contents' permission set to 'read': .github/workflows/security-scans.yaml:226","Info: jobLevel 'contents' permission set to 'read': .github/workflows/security-scans.yaml:248","Info: jobLevel 'contents' permission set to 'read': .github/workflows/security-scans.yaml:33","Info: jobLevel 'contents' permission set to 'read': .github/workflows/security-scans.yaml:48","Info: jobLevel 'contents' permission set to 'read': .github/workflows/security-scans.yaml:86","Info: jobLevel 'contents' permission set to 'read': .github/workflows/security-scans.yaml:133","Info: jobLevel 'contents' permission set to 'read': .github/workflows/security-scans.yaml:161","Warn: no topLevel permission defined: .github/workflows/ci.yaml:1","Warn: topLevel 'packages' permission set to 'write': .github/workflows/goreleaser.yml:10","Warn: topLevel 'contents' permission set to 'write': .github/workflows/goreleaser.yml:9","Info: found token with 'none' permissions: .github/workflows/scorecard.yaml:1","Info: found token with 'none' permissions: .github/workflows/security-scans.yaml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/self-assign.yml:15","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: kagenti-operator/demos/agentcard-spire-signing/run-demo-commands.sh:19","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/kagenti/kagenti-operator/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/kagenti/kagenti-operator/ci.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/kagenti/kagenti-operator/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/kagenti/kagenti-operator/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/kagenti/kagenti-operator/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/kagenti/kagenti-operator/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/kagenti/kagenti-operator/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/kagenti/kagenti-operator/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/kagenti/kagenti-operator/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/goreleaser.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/kagenti/kagenti-operator/goreleaser.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/goreleaser.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/kagenti/kagenti-operator/goreleaser.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/goreleaser.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/kagenti/kagenti-operator/goreleaser.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/goreleaser.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/kagenti/kagenti-operator/goreleaser.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/goreleaser.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/kagenti/kagenti-operator/goreleaser.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/self-assign.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/kagenti/kagenti-operator/self-assign.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/stale.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/kagenti/kagenti-operator/stale.yaml/main?enable=pin","Warn: containerImage not pinned by hash: kagenti-operator/Dockerfile:2: pin your Docker image by updating docker.io/golang:1.24 to docker.io/golang:1.24@sha256:d2d2bc1c84f7e60d7d2438a3836ae7d0c847f4888464e7ec9ba3a1339a1ee804","Warn: containerImage not pinned by hash: kagenti-operator/Dockerfile:28: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:e3f945647ffb95b5839c07038d64f9811adf17308b9121d8a2b87b6a22a80a39","Warn: containerImage not pinned by hash: kagenti-operator/cmd/agentcard-signer/Dockerfile:1: pin your Docker image by updating docker.io/golang:1.24 to docker.io/golang:1.24@sha256:d2d2bc1c84f7e60d7d2438a3836ae7d0c847f4888464e7ec9ba3a1339a1ee804","Warn: containerImage not pinned by hash: kagenti-operator/cmd/agentcard-signer/Dockerfile:16: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:e3f945647ffb95b5839c07038d64f9811adf17308b9121d8a2b87b6a22a80a39","Warn: pipCommand not pinned by hash: .github/workflows/security-scans.yaml:92","Info:  15 out of  25 GitHub-owned GitHubAction dependencies pinned","Info:   5 out of  11 third-party GitHubAction dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned","Info:   0 out of   4 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":4,"reason":"6 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2026-4394 / GHSA-9h8m-3fm2-qjrq","Warn: Project is vulnerable to: GO-2025-4135 / GHSA-f6x5-jh6r-wrfv","Warn: Project is vulnerable to: GO-2025-4134 / GHSA-j5w8-q4qc-rx2x","Warn: Project is vulnerable to: GO-2025-4116","Warn: Project is vulnerable to: GO-2026-4440","Warn: Project is vulnerable to: GO-2026-4441"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/goreleaser.yml:18"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.2.0-alpha.21 not signed: https://api.github.com/repos/kagenti/kagenti-operator/releases/291530997","Warn: release artifact v0.2.0-alpha.20 not signed: https://api.github.com/repos/kagenti/kagenti-operator/releases/285059949","Warn: release artifact v0.2.0-alpha.19 not signed: https://api.github.com/repos/kagenti/kagenti-operator/releases/269530301","Warn: release artifact v0.2.0-alpha.18 not signed: https://api.github.com/repos/kagenti/kagenti-operator/releases/268932221","Warn: release artifact v0.2.0-alpha.17 not signed: https://api.github.com/repos/kagenti/kagenti-operator/releases/263815887","Warn: release artifact v0.2.0-alpha.21 does not have provenance: https://api.github.com/repos/kagenti/kagenti-operator/releases/291530997","Warn: release artifact v0.2.0-alpha.20 does not have provenance: https://api.github.com/repos/kagenti/kagenti-operator/releases/285059949","Warn: release artifact v0.2.0-alpha.19 does not have provenance: https://api.github.com/repos/kagenti/kagenti-operator/releases/269530301","Warn: release artifact v0.2.0-alpha.18 does not have provenance: https://api.github.com/repos/kagenti/kagenti-operator/releases/268932221","Warn: release artifact v0.2.0-alpha.17 does not have provenance: https://api.github.com/repos/kagenti/kagenti-operator/releases/263815887"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"SAST","score":10,"reason":"SAST tool detected","details":["Info: SAST configuration detected: CodeQL","Info: SAST configuration detected: Hadolint","Warn: 2 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"10 out of 10 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}},{"name":"Contributors","score":10,"reason":"project has 7 contributing companies or organizations","details":["Info: found contributions from: IBM, RHInception, fr8r, ibm, ibm research, iter8-tools, red hat"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}}]},"last_synced_at":"2026-03-17T04:32:27.710Z","repository_id":285467264,"created_at":"2026-03-17T04:32:27.710Z","updated_at":"2026-03-17T04:32:27.710Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31526666,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T16:28:08.000Z","status":"ssl_error","status_checked_at":"2026-04-07T16:28:06.951Z","response_time":105,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubernetes","lifecycle-management","operator"],"created_at":"2026-02-11T03:14:06.496Z","updated_at":"2026-05-07T14:01:55.230Z","avatar_url":"https://github.com/kagenti.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kagenti Operator\n\n[![License](https://img.shields.io/github/license/kagenti/kagenti-operator)](LICENSE)\n![Contributors](https://img.shields.io/github/contributors/kagenti/kagenti-operator)\n\n**Kagenti Operator** is a Kubernetes operator that automates the deployment, discovery, and security of AI agents in Kubernetes clusters.\n\n## Overview\n\nThe Kagenti Operator manages the following Custom Resource Definitions (CRDs):\n\n| Resource | Purpose |\n|----------|---------|\n| **[AgentCard](./kagenti-operator/docs/api-reference.md#agentcard)** | Discovers, indexes, and verifies agent metadata for Kubernetes-native agent discovery |\n\nAgents are deployed as standard Kubernetes **Deployments** or **StatefulSets** with the `kagenti.io/type: agent` label. The operator automatically discovers labeled workloads and creates AgentCard resources for them.\n\n### Key Features\n\n- **Agent Deployment** — Deploy agents using standard Kubernetes Deployments or StatefulSets with the `kagenti.io/type: agent` label\n- **Dynamic Agent Discovery** — Automatic indexing of agent metadata via the A2A protocol\n- **Signature Verification** — JWS-based cryptographic verification of agent cards (RSA, ECDSA)\n- **Identity Binding** — SPIFFE-based workload identity binding with allowlist enforcement\n- **Network Policy Enforcement** — Automatic NetworkPolicy creation based on signature verification status\n- **Flexible Configuration** — Complete control over pod specifications, service ports, and environment variables\n- **Multi-Framework Support** — Works with LangGraph, CrewAI, AG2, and any A2A-compatible framework\n\n## Architecture\n\n```mermaid\ngraph TD;\n    subgraph Kubernetes\n        direction TB\n        style Kubernetes fill:#f0f4ff,stroke:#8faad7,stroke-width:2px\n\n        User[User/App]\n        style User fill:#ffecb3,stroke:#ffa000\n\n        Workload[\"Deployment / StatefulSet\\n(with kagenti labels)\"]\n        style Workload fill:#e1f5fe,stroke:#039be5\n\n        User --\u003e|Creates| Workload\n\n        AgentCardSync[AgentCard Sync Controller]\n        style AgentCardSync fill:#ffe0b2,stroke:#fb8c00\n\n        AgentCardController[AgentCard Controller]\n        style AgentCardController fill:#ffe0b2,stroke:#fb8c00\n\n        NetworkPolicyController[NetworkPolicy Controller]\n        style NetworkPolicyController fill:#ffe0b2,stroke:#fb8c00\n\n        AgentPod[Agent Pod]\n        style AgentPod fill:#c8e6c9,stroke:#66bb6a\n\n        AgentCardCRD[\"AgentCard CR\"]\n        style AgentCardCRD fill:#e1f5fe,stroke:#039be5\n\n        NetworkPolicy[\"NetworkPolicy\"]\n        style NetworkPolicy fill:#ffcdd2,stroke:#e57373\n\n        Workload --\u003e|Deploys| AgentPod\n        Workload --\u003e|Watches| AgentCardSync\n        AgentCardSync --\u003e|Auto-creates| AgentCardCRD\n        AgentCardCRD --\u003e|Reconciles| AgentCardController\n        AgentCardController --\u003e|Fetches /.well-known/agent-card.json| AgentPod\n        AgentCardController --\u003e|Verifies signatures \u0026 identity| AgentCardCRD\n        AgentCardCRD --\u003e|Reconciles| NetworkPolicyController\n        NetworkPolicyController --\u003e|Creates| NetworkPolicy\n    end\n```\n\nThe operator runs three controllers:\n\n| Controller | Purpose |\n|------------|---------|\n| **AgentCard Sync Controller** | Watches Deployments/StatefulSets with agent labels and auto-creates AgentCard resources |\n| **AgentCard Controller** | Fetches agent card data from running agents, verifies signatures, evaluates identity binding |\n| **NetworkPolicy Controller** | Creates permissive or restrictive NetworkPolicies based on signature verification status |\n\n## Quick Start\n\n### Prerequisites\n\n- Kubernetes cluster (v1.28+) or OpenShift (v4.19+)\n- kubectl configured to access your cluster\n\n### Install the Operator\n\n**Option A — OpenShift (recommended for OCP)**\n\nUse [`scripts/ocp/setup-kagenti.sh`](https://github.com/kagenti/kagenti/blob/main/scripts/ocp/setup-kagenti.sh) from the [kagenti](https://github.com/kagenti/kagenti) repo. It handles RBAC, SCCs, and Helm installation in one step.\n\nBy default the script installs the released operator version pinned as a chart dependency in the `kagenti` repo's `charts/kagenti/Chart.yaml`. For development with a local build of this operator, two flags let you override that:\n\n```bash\n# Use a local chart and/or a custom operator image instead of the released version\n./scripts/ocp/setup-kagenti.sh \\\n  --operator-repo /path/to/kagenti-operator \\\n  --operator-image quay.io/\u003cyour-org\u003e/kagenti-operator:dev\n```\n\n`--operator-repo` accepts a local clone of this repository and substitutes its `charts/kagenti-operator` chart in place of the pinned dependency. `--operator-image` overrides the container image the chart pulls.\n\n**Option B — Plain Kubernetes (Helm)**\n\n```bash\n# Install the operator using OCI chart\nhelm install kagenti-operator \\\n  oci://ghcr.io/kagenti/kagenti-operator/kagenti-operator-chart \\\n  --version 0.2.0-alpha.19 \\\n  --namespace kagenti-system \\\n  --create-namespace\n```\n\n### Deploy Your First Agent\n\nDeploy an agent as a standard Kubernetes Deployment with the required `kagenti.io/type: agent` label:\n\n```bash\nkubectl apply -f - \u003c\u003cEOF\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: weather-agent\n  namespace: default\n  labels:\n    app.kubernetes.io/name: weather-agent\n    kagenti.io/type: agent\n    protocol.kagenti.io/a2a: \"\"\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app.kubernetes.io/name: weather-agent\n  template:\n    metadata:\n      labels:\n        app.kubernetes.io/name: weather-agent\n        kagenti.io/type: agent\n    spec:\n      containers:\n      - name: agent\n        image: \"ghcr.io/kagenti/agent-examples/weather_service:v0.0.1-alpha.3\"\n        ports:\n        - containerPort: 8000\n        env:\n        - name: PORT\n          value: \"8000\"\n---\napiVersion: v1\nkind: Service\nmetadata:\n  name: weather-agent\n  namespace: default\nspec:\n  selector:\n    app.kubernetes.io/name: weather-agent\n  ports:\n  - name: http\n    port: 8000\n    targetPort: 8000\nEOF\n```\n\nThe operator will automatically create an AgentCard for the workload and begin syncing agent metadata.\n\n### Verify Deployment\n\n```bash\n# Check discovered agent cards\nkubectl get agentcards\n\n# View agent logs\nkubectl logs -l app.kubernetes.io/name=weather-agent\n```\n\n## Documentation\n\n| Topic | Link |\n|-------|------|\n| **API Reference** | [CRD Specifications \u0026 Examples](./kagenti-operator/docs/api-reference.md) |\n| **Architecture** | [Operator Design \u0026 Components](./kagenti-operator/docs/architecture.md) |\n| **Dynamic Discovery** | [Agent Discovery with AgentCard](./kagenti-operator/docs/dynamic-agent-discovery.md) |\n| **Signature Verification** | [A2A AgentCard Signature Verification](./kagenti-operator/docs/a2a-signature-verification.md) |\n| **Identity Binding** | [Workload Identity Binding](./kagenti-operator/docs/identity-binding-quickstart.md) |\n| **Developer Guide** | [Contributing \u0026 Development](./kagenti-operator/docs/dev.md) |\n| **Getting Started** | [Detailed Tutorials](./kagenti-operator/GETTING_STARTED.md) |\n\n## Examples\n\nSee the [config/samples](./kagenti-operator/config/samples) directory for complete examples.\n\n## Contributing\n\nWe welcome contributions! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on:\n\n- Reporting issues\n- Submitting pull requests\n- Development setup\n- Testing requirements\n\n## License\n\n[Apache 2.0](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkagenti%2Fkagenti-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkagenti%2Fkagenti-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkagenti%2Fkagenti-operator/lists"}