{"id":48516619,"url":"https://github.com/kent8192/reinhardt-cloud","last_synced_at":"2026-06-28T04:00:56.577Z","repository":{"id":344579457,"uuid":"1182300159","full_name":"kent8192/reinhardt-cloud","owner":"kent8192","description":"Convention-driven, Kubernetes-native PaaS for Reinhardt web applications — zero-config deployments with automatic infrastructure provisioning.","archived":false,"fork":false,"pushed_at":"2026-06-27T02:17:04.000Z","size":5035,"stargazers_count":2,"open_issues_count":56,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-27T02:17:12.329Z","etag":null,"topics":["cloud-native","crd","gitops","helm","kube-rs","kubernetes","operator","paas","reinhardt","rust"],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kent8192.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":"audit.toml","citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-03-15T10:28:27.000Z","updated_at":"2026-06-27T02:16:47.000Z","dependencies_parsed_at":"2026-03-17T01:03:43.657Z","dependency_job_id":null,"html_url":"https://github.com/kent8192/reinhardt-cloud","commit_stats":null,"previous_names":["kent8192/nuages","kent8192/reinhardt-nuages","kent8192/reinhardt-clouds"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/kent8192/reinhardt-cloud","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kent8192%2Freinhardt-cloud","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kent8192%2Freinhardt-cloud/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kent8192%2Freinhardt-cloud/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kent8192%2Freinhardt-cloud/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kent8192","download_url":"https://codeload.github.com/kent8192/reinhardt-cloud/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kent8192%2Freinhardt-cloud/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34876271,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-28T02:00:05.809Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud-native","crd","gitops","helm","kube-rs","kubernetes","operator","paas","reinhardt","rust"],"created_at":"2026-04-07T19:31:56.336Z","updated_at":"2026-06-28T04:00:56.569Z","avatar_url":"https://github.com/kent8192.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"branding/logo.png\" alt=\"Reinhardt Cloud Logo\" width=\"200\"/\u003e\n\n  \u003ch1\u003eReinhardt Cloud\u003c/h1\u003e\n\n  \u003ch3\u003eConvention-driven deployment for Reinhardt apps\u003c/h3\u003e\n\n  \u003cp\u003e\u003cstrong\u003eA Kubernetes-native PaaS\u003c/strong\u003e — deploy\n  \u003ca href=\"https://github.com/kent8192/reinhardt-web\"\u003eReinhardt\u003c/a\u003e\n  web applications with zero infrastructure configuration.\u003c/p\u003e\n  \u003cp\u003eNamed after Django Reinhardt's composition \u003cem\u003eNuages\u003c/em\u003e (French: \"Clouds\").\u003c/p\u003e\n\n[![CI](https://github.com/kent8192/reinhardt-cloud/actions/workflows/ci.yml/badge.svg)](https://github.com/kent8192/reinhardt-cloud/actions/workflows/ci.yml)\n[![Security Audit](https://github.com/kent8192/reinhardt-cloud/actions/workflows/security-audit.yml/badge.svg)](https://github.com/kent8192/reinhardt-cloud/actions/workflows/security-audit.yml)\n[![codecov](https://codecov.io/gh/kent8192/reinhardt-cloud/graph/badge.svg)](https://codecov.io/gh/kent8192/reinhardt-cloud)\n[![License](https://img.shields.io/badge/license-BUSL--1.1-blue.svg)](https://spdx.org/licenses/BUSL-1.1.html)\n[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/kent8192/reinhardt-cloud)\n\n\u003c/div\u003e\n\n---\n\n## Quick Navigation\n\n- [Who is Reinhardt Cloud For?](#who-is-reinhardt-cloud-for)\n- [Quick Start](#quick-start)\n- [Why Reinhardt Cloud?](#why-reinhardt-cloud)\n- [Architecture](#architecture)\n- [Key Features](#key-features)\n- [CLI Reference](#cli-reference)\n- [CRD Reference](#crd-reference)\n- [Installation (Operator)](#installation)\n- [Configuration](#configuration)\n- [Workspace Crates](#workspace-crates)\n- [Development](#development)\n- [API Stability](#api-stability)\n- [Self-hosting](#self-hosting)\n\n## Who is Reinhardt Cloud For?\n\n**For App Developers** who:\n\n- Build [Reinhardt](https://github.com/kent8192/reinhardt-web) web applications and want `git push`-style deployment\n- Want automatic infrastructure provisioning (database, cache, storage) based on your app's feature flags\n- Prefer convention over configuration for Kubernetes — no hand-written YAML\n\n**For Platform Operators** who:\n\n- Run Kubernetes clusters and want a PaaS layer for your team's Reinhardt apps\n- Need multi-cloud support (AWS, GCP, on-prem) with Helm-based installation\n- Want CRD-driven, GitOps-compatible application management\n\n## Quick Start\n\n\u003e **Status:** v0.1.0-alpha.1 pre-release. CLI commands are functional but under active development.\n\n### 1. Initialize from an existing Reinhardt project\n\n```bash\ncd my-project\nreinhardt-cloud init        # Detects project structure, generates reinhardt-cloud.toml\n```\n\nThis produces a `reinhardt-cloud.toml` based on your project's Cargo features and settings:\n\n```toml\n[app]\nname = \"my-app\"\nimage = \"my-app:latest\"\n\n[database]\nengine = \"postgresql\"\nstorage_gb = 20\n\n[health]\npath = \"/api/healthz/\"\nport = 8000\ninterval_seconds = 10\n\n[services]\nport = 80\ntarget_port = 8000\ningress_host = \"app.example.com\"\n\n[services.tls]\nenabled = true\nsecret_name = \"app-example-com-tls\"\nissuer = \"letsencrypt-ns\"\n\n[scale]\nmin_replicas = 2\nmax_replicas = 6\nmetric = \"cpu\"\ntarget_value = 70\n```\n\n### 2. Preview and deploy\n\n```bash\nreinhardt-cloud deploy --dry-run   # Preview the generated Project CRD as YAML\nreinhardt-cloud login --token rct_example\nreinhardt-cloud deploy --cluster production  # Submit through the Dashboard\n```\n\n### 3. Check status\n\n```bash\nreinhardt-cloud status --name my-app\n```\n\n## Why Reinhardt Cloud?\n\nDeploying a Reinhardt web application to Kubernetes typically means writing Deployments, Services, StatefulSets, Ingresses, and more — even though the framework already knows what the app needs.\n\nReinhardt Cloud takes a different approach: **convention-driven deployment**. The CLI runs `manage introspect` against your Reinhardt project, detects its feature flags (database, auth, cache, pages, etc.), and generates a single `Project` CRD. The operator reconciles that CRD into real Kubernetes resources.\n\n| Inspiration | What We Borrowed | What We Added |\n|---|---|---|\n| **Vercel** | Three-plane architecture (CLI, Control Plane, Runtime) | Kubernetes-native, self-hosted |\n| **Heroku** | Convention-driven deployment | CRD-based, GitOps-compatible |\n| **Crossplane** | Composition Functions pattern | Reinhardt-specific inference |\n| **Django `manage.py`** | Introspection-based tooling | Automatic infrastructure detection |\n\n**Result**: A platform where `reinhardt-cloud deploy` is all you need — the framework tells the platform what infrastructure to provision.\n\n## Architecture\n\nThree-plane architecture inspired by Vercel:\n\n```mermaid\nC4Container\n    title Reinhardt Cloud - Three-Plane Architecture\n\n    Person(dev, \"Developer\", \"Builds Reinhardt web applications\")\n\n    Container_Boundary(cli_plane, \"CLI Plane\") {\n        Container(cli, \"reinhardt-cloud CLI\", \"Rust, clap\", \"Analyzes projects via manage introspect and generates Project CRDs\")\n    }\n\n    Container_Boundary(cp_plane, \"Control Plane\") {\n        Container(dashboard, \"Dashboard\", \"Rust, reinhardt-web\", \"Pages UI, server functions, authentication, project management\")\n        ContainerDb(pg, \"PostgreSQL\", \"\", \"Users, projects, deployments\")\n    }\n\n    Container_Boundary(k8s_plane, \"Kubernetes Cluster\") {\n        Container(operator, \"Operator\", \"Rust, kube-rs\", \"Reconciles Project CRDs into Deployments, Services, StatefulSets, Ingress, HPA\")\n        Container(agent, \"Agent\", \"Rust, tonic\", \"Bidirectional gRPC streaming with control plane\")\n        ContainerDb(crd, \"Project CRD\", \"v1alpha2\", \"Desired application state\")\n    }\n\n    Rel(dev, cli, \"Uses\")\n    Rel(cli, dashboard, \"deploy\", \"HTTPS\")\n    Rel(cli, crd, \"dry-run / direct\", \"kubectl apply\")\n    Rel(dashboard, pg, \"Reads/Writes\", \"SQL\")\n    Rel(dashboard, agent, \"Commands\", \"gRPC\")\n    Rel(agent, operator, \"Reports status\", \"gRPC streaming\")\n    Rel(operator, crd, \"Watches and reconciles\")\n\n    UpdateLayoutConfig($c4ShapeInRow=\"3\", $c4BoundaryInRow=\"1\")\n```\n\n| Plane | Crate | Role |\n|---|---|---|\n| **CLI** | `reinhardt-cloud-cli` | Developer-facing tool. Analyzes projects via `manage introspect`, generates CRDs, communicates with the control plane. |\n| **Control Plane** | `dashboard` | A [reinhardt-web](https://github.com/kent8192/reinhardt-web) application providing a Pages UI, server functions, authentication, and project management. |\n| **Operator** | `reinhardt-cloud-operator` | Kubernetes controller that watches `Project` CRDs and reconciles them into infrastructure resources. |\n\n**Supporting services:**\n\n- **Agent** (`reinhardt-cloud-agent`) — Bidirectional gRPC communication between control plane and clusters.\n- **gRPC layer** (`reinhardt-cloud-proto`, `reinhardt-cloud-grpc`) — Four gRPC services across five proto files: Agent, Build, Log, Plugin (plus Common shared types).\n\nFor the end-to-end deployment flow — CLI branches, dashboard relay, agent behaviour, and reconciler output — see [`docs/architecture/deployment-flow.md`](docs/architecture/deployment-flow.md).\n\n## Key Features\n\n- **Convention-Driven Deployment** — CLI introspects your Reinhardt project and infers infrastructure needs from Cargo feature flags and settings\n- **Project CRD** — Single custom resource (`paas.reinhardt-cloud.dev/v1alpha2`) that declares your entire application stack\n- **Automatic Infrastructure** — PostgreSQL/MySQL database, Redis cache, S3/GCS/PVC object storage, SMTP mail, background workers\n- **Autoscaling** — HPA-based scaling on CPU, memory, or requests-per-second with configurable thresholds\n- **Workload Isolation** — gVisor, Kata Containers, network policies (Cilium), seccomp profiles, Pod Security Standards\n- **Multi-Tenant Namespacing** — `TenantRef` on the CRD maps each app to an Organization/Team and enforces a deterministic, isolated namespace with per-tenant `ResourceQuota` and `NetworkPolicy`\n- **Dashboard Authentication** — Local credentials plus GitHub OAuth, verified-email association, logout, and email-verification flow\n- **Preview Environments** — Per-PR ephemeral deployments with TTL, templated ingress hostnames, and override-able replica/database/cache settings\n- **Crossplane-style Plugins** — `PluginSpec` extension points reconciled via the gRPC Plugin service (Composition Functions pattern)\n- **Private Registry \u0026 Workload Identity** — `image_pull_secrets` and per-app `ServiceAccount` for IRSA / Workload Identity Federation\n- **Multi-Cloud Helm Charts** — AWS, GCP, and on-prem values out of the box\n- **`reinhardt-cloud.toml`** — Human-readable project configuration that maps 1:1 to the CRD spec\n- **`manage introspect` Integration** — Detects databases, routes, middleware, and feature flags from your Reinhardt project\n- **Reinhardt Pages Support** — Automatic static asset serving configuration for WASM+SSR frontends\n- **gRPC Microservices** — Build streaming, log ingestion/tailing, agent orchestration, and Crossplane-style plugin functions\n- **Deletion Policy** — Retain or Delete cloud resources on app teardown\n\n## CLI Reference\n\nFor the complete guide — every command, flag, example, persona-specific note, and troubleshooting entry — see [`docs/tools/cli.md`](docs/tools/cli.md).\n\nSummary:\n\n```\nreinhardt-cloud [--server \u003cURL\u003e] \u003ccommand\u003e\n```\n\n| Command | Description |\n|---|---|\n| `init` | Generate `reinhardt-cloud.toml` from project analysis |\n| `sync` | Re-synchronize `reinhardt-cloud.toml` with current project state |\n| `deploy` | Build the `Project` CRD and submit it through the Dashboard, or apply it directly with `--direct` |\n| `status` | Check deployment status |\n| `login` | Verify and persist a Dashboard API token |\n| `credentials` | Manage Git and container-registry credentials |\n| `crd` | Generate CRD manifests for GitOps workflows |\n\nSee [`docs/tools/cli.md`](docs/tools/cli.md) for flags, subcommand details, examples, and troubleshooting.\n\n## CRD Reference\n\nThe `Project` custom resource is the single source of truth for your application's desired state.\n\n```yaml\napiVersion: paas.reinhardt-cloud.dev/v1alpha2\nkind: Project\nmetadata:\n  name: my-app\n  namespace: default\nspec:\n  image: my-app:v1\n  replicas: 3\n  database:\n    engine: Postgresql\n    storage_gb: 20\n    version: \"16\"\n  cache:\n    backend: Redis\n  auth:\n    jwt: true\n  scale:\n    min_replicas: 1\n    max_replicas: 10\n    metric: Cpu\n    target_value: 80\n  health:\n    path: /healthz\n    port: 8080\n  services:\n    port: 80\n    target_port: 8080\n    ingress_host: myapp.example.com\n  deletion_policy: Retain\n```\n\n### Spec fields\n\n| Field | Type | Description |\n|---|---|---|\n| `image` | `String` | Docker image to deploy (required) |\n| `replicas` | `i32?` | Number of replicas (default: 1) |\n| `database` | `DatabaseSpec?` | PostgreSQL / MySQL provisioning |\n| `cache` | `CacheSpec?` | Redis cache |\n| `worker` | `WorkerSpec?` | Background worker processes |\n| `auth` | `AuthSpec?` | JWT + OAuth configuration |\n| `storage` | `StorageSpec?` | S3 / GCS / PVC object storage |\n| `mail` | `MailSpec?` | SMTP configuration |\n| `scale` | `ScaleSpec?` | HPA autoscaling for CPU and Memory; RPS is reserved for custom metrics |\n| `health` | `HealthSpec?` | Liveness / readiness probes |\n| `services` | `ServicesSpec?` | Port + Ingress exposure. Generated Ingress hosts must match a DNS suffix configured by `REINHARDT_CLOUD_INGRESS_HOST_SUFFIXES` and be unique across the cluster; the operator rejects `services.ingress_host` values outside those suffixes, wildcard hosts, or hosts already claimed by another Ingress. |\n| `services.tls` | `ServiceTlsSpec?` | Ingress TLS settings: `enabled`, `secret_name`, `issuer`; `cluster_issuer` is rejected for tenant safety |\n| `pages` | `PagesSpec?` | WASM+SSR static asset config |\n| `isolation` | `IsolationSpec?` | Runtime class, network policy, seccomp |\n| `deletion_policy` | `DeletionPolicy` | `Retain` (default) or `Delete` |\n| `features` | `Vec\u003cString\u003e` | Resolved reinhardt-web feature flags |\n| `env` | `BTreeMap\u003cString, String\u003e` | Environment variables |\n| `introspect` | `IntrospectOutput?` | Metadata from `manage introspect` |\n| `source` | `SourceSpec?` | Git repository, build settings, and PR-based preview environments |\n| `tenant` | `TenantRef?` | Owning Organization (and optional Team) for multi-tenant namespacing |\n| `plugins` | `Vec\u003cPluginSpec\u003e?` | Crossplane-style Composition Functions for extending the reconciler |\n| `image_pull_secrets` | `Vec\u003cLocalObjectReference\u003e?` | Private container-registry pull secrets; names must start with the app-owned `{metadata.name}-` prefix, except operator-created previews may use verified parent-app pull secrets; legacy previews without the parent namespace label are accepted only when their namespace matches the canonical legacy preview contract |\n| `service_account` | `ServiceAccountSpec?` | Per-app `ServiceAccount` for IRSA / Workload Identity Federation |\n\n### Status conditions\n\nThe operator reports the following conditions on the CRD status:\n\n`Ready`, `Progressing`, `Degraded`, `MigrationReady`, `DatabaseReady`, `CacheReady`, `WorkerReady`, `IngressReady`, `TlsReady`, `AutoscalerReady`\n\nFor database-backed projects, the operator runs a revision-scoped migration\nJob before applying the new workload `Deployment`. Migration Jobs inherit the\nworkload runtime class, service account, plugin mounts, resource defaults, and\nisolated workload security contexts, and isolation resources are reconciled\nbefore the Job is created. `MigrationReady=False` with reason\n`MigrationRunning` means rollout is waiting on that Job; `MigrationReady=False`\nwith reason `MigrationFailed` blocks the rollout and marks the project degraded\nuntil the spec changes or the failed revision is handled.\n\nAutoscaling uses Kubernetes `autoscaling/v2` HPA for `cpu` and `memory`.\n`min_replicas` and `max_replicas` must be at least `1`. For `memory`,\n`target_value` is MiB. `rps` is reserved for custom/external metrics and\nsurfaces `AutoscalerReady=False` until a custom metrics provider is supported.\n\nThe `[scale]` example above generates an HPA like:\n\n```yaml\napiVersion: autoscaling/v2\nkind: HorizontalPodAutoscaler\nmetadata:\n  name: my-app\nspec:\n  scaleTargetRef:\n    apiVersion: apps/v1\n    kind: Deployment\n    name: my-app\n  minReplicas: 2\n  maxReplicas: 6\n  metrics:\n    - type: Resource\n      resource:\n        name: cpu\n        target:\n          type: Utilization\n          averageUtilization: 70\n```\n\nFor `metric = \"memory\"` with `target_value = 512`, the generated resource\ntarget uses `type: AverageValue` and `averageValue: 512Mi`.\n\nFor source-driven deployments, source builds populate `status.build` with the active or most\nrecent Kaniko build. `status.build.jobName`, `status.build.trigger`, `status.build.image`, and\n`status.build.imageTag` identify the build Job and produced image. Production `spec.image`\nupdates and preview Project image updates are applied only after the associated Kaniko Job\nsucceeds.\n\n## Installation\n\n### Prerequisites\n\n- Kubernetes 1.31+\n- Helm 3\n- **cert-manager** (required for preview environments) — the operator emits a\n  per-namespace `cert-manager.io/v1` `Issuer` for each parent-qualified preview namespace so preview hosts get automatic TLS. Configure the issuer with:\n  - `REINHARDT_CLOUD_PREVIEW_INGRESS_CLASS` (default `nginx`)\n  - `REINHARDT_CLOUD_PREVIEW_ACME_SERVER` (default Let's Encrypt production)\n  - `REINHARDT_CLOUD_PREVIEW_ACME_EMAIL` (registration email; set in production)\n\n### Install the operator\n\n```bash\nhelm install reinhardt-cloud-operator ./charts/reinhardt-cloud-operator \\\n  --namespace reinhardt-cloud-system \\\n  --create-namespace\n```\n\n### Cloud-specific installations\n\n```bash\n# AWS\nhelm install reinhardt-cloud-operator ./charts/reinhardt-cloud-operator \\\n  -f charts/reinhardt-cloud-operator/values-aws.yaml \\\n  --namespace reinhardt-cloud-system --create-namespace\n\n# GCP\nhelm install reinhardt-cloud-operator ./charts/reinhardt-cloud-operator \\\n  -f charts/reinhardt-cloud-operator/values-gcp.yaml \\\n  --namespace reinhardt-cloud-system --create-namespace\n\n# On-prem\nhelm install reinhardt-cloud-operator ./charts/reinhardt-cloud-operator \\\n  -f charts/reinhardt-cloud-operator/values-onprem.yaml \\\n  --namespace reinhardt-cloud-system --create-namespace\n```\n\n### Feature toggles\n\nEnable or disable infrastructure components in your Helm values:\n\n```yaml\nfeatures:\n  database: true\n  cache: false\n  ingress: false\n  autoscaling: false\n  storage: false\n  worker: false\n```\n\nNamespace lifecycle RBAC is disabled by default to keep the operator service account least-privilege.\nWhen tenant or preview namespaces are managed by a separate platform workflow, leave\n`rbac.namespaces.manageLifecycle=false` and pre-create those namespaces. Set it to `true` only when\nthe operator is intentionally trusted to create, update, and delete its managed namespaces.\n\n### Isolation defaults\n\nThe operator ships with sensible security defaults:\n\n```yaml\nisolation:\n  defaultLevel: \"None\"\n  networkPolicy:\n    enabled: true\n    provider: cilium\n    blockMetadataService: true\n  podSecurityStandards:\n    enabled: true\n    enforceLevel: restricted\n  seccomp:\n    enabled: true\n    profile: RuntimeDefault\n```\n\n\u003e See `charts/reinhardt-cloud-operator/values.yaml` for all isolation settings including runtime classes, resource limits, and egress rules.\n\n## Configuration\n\nThe `reinhardt-cloud.toml` file is the human-readable project configuration. It maps 1:1 to the `Project` CRD spec.\n\nGenerate it automatically:\n\n```bash\nreinhardt-cloud init    # from your Reinhardt project directory\n```\n\n### Full example\n\n```toml\n[app]\nname = \"my-app\"\nimage = \"my-app:v2\"\n\n[database]\nengine = \"postgresql\"\ninstance_class = \"db.t3.micro\"\nstorage_gb = 50\nversion = \"16\"\n\n[auth]\njwt = true\n\n[health]\npath = \"/health\"\nport = 3000\ninterval_seconds = 15\n\n[services]\nport = 443\ntarget_port = 3000\ningress_host = \"app.example.com\"\n\n[services.tls]\nenabled = true\nsecret_name = \"app-example-com-tls\"\nissuer = \"letsencrypt-ns\"\n\n[replicas]\ncount = 3\n\n[scale]\nmin_replicas = 2\nmax_replicas = 20\nmetric = \"cpu\"\ntarget_value = 80\n\n[cache]\nbackend = \"redis\"\n\n[worker]\nconcurrency = 8\n\n[storage]\nbackend = \"s3\"\nbucket = \"my-bucket\"\n\n[env]\nCUSTOM_VAR = \"custom_value\"\n```\n\n## Workspace Crates\n\n| Crate | Type | Description |\n|---|---|---|\n| `reinhardt-cloud` | Library | Facade crate that re-exports public library components |\n| `reinhardt-cloud-types` | Library | CRD types, config schema, validation, introspect types |\n| `reinhardt-cloud-core` | Library | Business logic, plugin system, auth, pagination |\n| `reinhardt-cloud-k8s` | Library | Kubernetes client helpers and resource builders |\n| `reinhardt-cloud-proto` | Library | Protocol Buffers definitions (5 services) |\n| `reinhardt-cloud-grpc` | Library | gRPC client/server implementations, SSE adapter |\n| `reinhardt-cloud-operator` | Binary | Kubernetes operator (reconciler, resource management) |\n| `reinhardt-cloud-cli` | Binary | `reinhardt-cloud` command-line tool |\n| `reinhardt-cloud-agent` | Binary | Cluster agent for bidirectional control plane communication |\n| `dashboard` | Application | Control Plane web app ([reinhardt-web](https://github.com/kent8192/reinhardt-web)) |\n| `tests` | Integration Tests | Cross-crate integration test suite |\n\n### gRPC services\n\n| Proto | Service | Description |\n|---|---|---|\n| `cluster_agent.proto` | `AgentService` | Bidirectional streaming between control plane and cluster agents |\n| `build.proto` | `BuildService` | Build lifecycle management with log streaming |\n| `log.proto` | `LogService` | Log ingestion (client streaming) and tailing (server streaming) |\n| `plugin.proto` | `PluginService` | Crossplane Composition Functions pattern for extensibility |\n| `common.proto` | — | Shared pagination and status types |\n\n## Development\n\n### Prerequisites\n\n- Rust (2024 Edition)\n- Docker (required for TestContainers — not Podman)\n- cargo-make, cargo-nextest\n\nFor a step-by-step local stack bootstrap (cluster + Dashboard + Operator + Agent + end-to-end deploy), see [`docs/development/LOCAL_E2E_TESTING.md`](docs/development/LOCAL_E2E_TESTING.md).\n\n### Commands\n\n```bash\n# Build\ncargo check --workspace --all-features\ncargo build --workspace --all-features\n\n# Test\ncargo make test                                 # all tests, including dashboard WASM browser E2E\ncargo nextest run --workspace --all-features    # with nextest\n\n# Code quality\ncargo make fmt-check\ncargo make clippy-check\ncargo make clippy-todo-check    # detect TODO/FIXME\n\n# Full pre-PR check\ncargo make pre-pr\n\n# Run the dashboard (Control Plane)\ncargo make runserver\n\n# Run the operator locally\ncargo run --bin reinhardt-cloud-operator\n```\n\n## API Stability\n\n**Current status:** v0.1.0-alpha.1 (Alpha)\n\n| Component | Stability | Notes |\n|---|---|---|\n| `Project` CRD (`v1alpha2`) | Alpha | Schema may change |\n| CLI commands | Alpha | Flags and behavior may change |\n| gRPC services | Alpha | Protobuf schema may change |\n| Helm chart | Alpha | Values structure may change |\n| `reinhardt-cloud.toml` | Alpha | Keys and format may change |\n\nBreaking changes will be documented in release notes.\n\n## Self-hosting\n\nThe Reinhardt Cloud Dashboard can be self-hosted through its own operator\nas a `Project`. A canonical manifest (`manifests/dashboard-project.yaml`)\nand a release-triggered deploy workflow\n(`.github/workflows/deploy-dashboard.yml`) implement this GitOps-driven\ndogfooding flow. See [docs/self-hosting.md](docs/self-hosting.md) for\nbootstrap, upgrade, rollback, and observability instructions.\nFor private registry access and cloud workload identity, see\n[docs/registry-and-identity.md](docs/registry-and-identity.md).\n\n## Getting Help\n\n- [GitHub Discussions](https://github.com/kent8192/reinhardt-cloud/discussions) — Ask questions and share ideas\n- [GitHub Issues](https://github.com/kent8192/reinhardt-cloud/issues) — Report bugs\n- [Security Policy](SECURITY.md) — Report vulnerabilities\n\n## Contributing\n\nWe welcome contributions! See the [Development](#development) section to set up your environment.\n\n**Quick links:**\n- [Pull Request Template](.github/PULL_REQUEST_TEMPLATE.md)\n- [GitHub Issues](https://github.com/kent8192/reinhardt-cloud/issues)\n\n## Star History\n\n\u003ca href=\"https://star-history.com/#kent8192/reinhardt-cloud\u0026Date\"\u003e\n \u003cpicture\u003e\n   \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://api.star-history.com/svg?repos=kent8192/reinhardt-cloud\u0026type=Date\u0026theme=dark\" /\u003e\n   \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://api.star-history.com/svg?repos=kent8192/reinhardt-cloud\u0026type=Date\" /\u003e\n   \u003cimg alt=\"Star History Chart\" src=\"https://api.star-history.com/svg?repos=kent8192/reinhardt-cloud\u0026type=Date\" width=\"600\" /\u003e\n \u003c/picture\u003e\n\u003c/a\u003e\n\n## Copyright\n\nCopyright \u0026copy; 2026 Tachyon Inc. All rights reserved.\n\nDeveloped by Tachyon Inc.\n\n## License\n\nThis project is licensed under the [Business Source License 1.1](https://spdx.org/licenses/BUSL-1.1.html).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkent8192%2Freinhardt-cloud","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkent8192%2Freinhardt-cloud","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkent8192%2Freinhardt-cloud/lists"}