{"id":20410291,"url":"https://github.com/kuadrant/kuadra","last_synced_at":"2025-04-12T15:53:21.177Z","repository":{"id":173904573,"uuid":"651459166","full_name":"Kuadrant/kuadra","owner":"Kuadrant","description":"A kubernetes controller for managing users and access permissions in various services","archived":false,"fork":false,"pushed_at":"2025-01-07T14:44:29.000Z","size":16798,"stargazers_count":0,"open_issues_count":5,"forks_count":6,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-26T10:21:31.833Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Kuadrant.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-06-09T09:28:55.000Z","updated_at":"2025-01-07T14:45:15.000Z","dependencies_parsed_at":null,"dependency_job_id":"0f6f1ce8-7d81-4311-9604-a394a1303cc9","html_url":"https://github.com/Kuadrant/kuadra","commit_stats":null,"previous_names":["kuadrant/kuadra"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kuadrant%2Fkuadra","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kuadrant%2Fkuadra/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kuadrant%2Fkuadra/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kuadrant%2Fkuadra/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Kuadrant","download_url":"https://codeload.github.com/Kuadrant/kuadra/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248592155,"owners_count":21130193,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T05:45:23.047Z","updated_at":"2025-04-12T15:53:21.158Z","avatar_url":"https://github.com/Kuadrant.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kuadra\n\n## What is it?\n\nA kubernetes controller for managing users and access permissions in various services.\nIt will watch ConfigMaps or custom resources that contain user configuration.\nThe controller's job is to reconcile that config by making API calls to various services (such as AWS) to ensure a team (i.e. a set of users) has accounts and access set up correctly in those services.\nThe config will be declarative, so the controller will also take care of updating or deleting things in those various services as well.\n\n## Features\n\nInitially it will ensure an AWS user account exists for each user in a specific AWS org, they have a hosted zone with permissions to create DNS records, and can generate access keys.\n\n## Kuadra name\n\nIt’s a combination of Kuadrant and Hydra.\nHydra being the mythical serpentine monster with many heads. (Kuadra will have integrations into many things)\nHydra is also known for for its regenerative abilities (Kuadra will have a reconcile loop for ‘self healing’)\n\n## Running the Operator\n\nBefore working on the project you should have a good idea of the technologies used such as [Go](https://go.dev/learn/), [Kubernetes](https://kubernetes.io/docs/setup/), and building operators for Kubernetes clusters. This project uses [kubebuilder](https://book.kubebuilder.io/getting-started) to build the operator, so take a look at the [quick start](https://book.kubebuilder.io/quick-start) to get accustomed to it if you haven't already.\n\nThere are two ways we recommend to run the operator for testing. The first way is running locally on a [kind](https://kind.sigs.k8s.io/docs/user/quick-start/) cluster, and the second way is running a containerised version of the operator locally with [Docker](https://docs.docker.com/guides/get-started/). Both ways are described in the Makefile.\n\nIn order to run the cluster, a few pre-requisites are required. You should have kind, kubectl, Docker, and Go installed prior to following the steps.\n\nBefore following the steps below, please make sure you have aws-cli [set up and configured](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-quickstart.html#getting-started-quickstart-new-command) with your access key. Also ensure you have the a policy attached to your AWS IAM user that contains at least the following actions.\n\n```json\n{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Sid\": \"VisualEditor0\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"iam:CreateLoginProfile\",\n\t\t\t\t\"iam:ListGroupsForUser\",\n\t\t\t\t\"iam:GetUser\",\n\t\t\t\t\"iam:CreateUser\",\n\t\t\t\t\"iam:GetLoginProfile\",\n\t\t\t\t\"iam:ListAccessKeys\",\n\t\t\t\t\"iam:CreateAccessKey\",\n\t\t\t\t\"iam:AddUserToGroup\",\n\t\t\t\t\"iam:RemoveUserFromGroup\",\n\t\t\t\t\"iam:DeleteLoginProfile\",\n\t\t\t\t\"iam:DeleteAccessKey\",\n\t\t\t\t\"iam:DeleteUser\"\n\t\t\t],\n\t\t\t\"Resource\": \"*\"\n\t\t}\n\t]\n}\n```\n\nOnce pre-requisites are installed, you can run the following commands to get the operator up and running.\n\n### Running outside a kind cluster (kind required)\n```bash\n# 1. Create the cluster using Kind (Kubernetes in Docker)\nkind create cluster\n# 2. Install CRD's\nmake install\n# 3. Disable webhooks (throws error if webhook is enabled)\nexport ENABLE_WEBHOOKS=false\n# 4. Run operator locally\nmake run\n# 5. Add sample config to your cluster in the default namespace.\nkubectl apply -k config/samples\n```\n\n### Running locally in a kind cluster\n\nBefore following the below instructions, please ensure you have docker-cli installed and configured with your [quay.io account](https://docs.quay.io/solution/getting-started.html), as you will need to push a built image to your own namespace/account. By default, quay.io will set the visibility of your repository to private. In order for your cluster pods to pull the image, you will need to set the visibility of your repository to public after pushing your image. You can do this in your repository settings.\n\nAlso, before following the steps below ensure you have created a `aws-credentials.env` file in the root directory of your repo clone with your access key credentials. Refer to the above reference to AWS Credentials for information on how to set up an access key. The file should follow the format:\n\n```\nAWS_ACCESS_KEY_ID=\u003cyour aws access key id\u003e\nAWS_SECRET_ACCESS_KEY=\u003cyour aws secret access key\u003e\n```\n\n```bash\n# 1. Create the cluster using Kind (Kubernetes in Docker)\nkind create cluster\n# 2. Install CRD's\nmake install\n# 3. Set the IMG variable to where you would like to push your image to, then build and push the image, then deploy.\nIMG=quay.io/\u003cnamespace\u003e/kuadra:v1 make docker-build docker-push deploy\n# 4. Add sample config to your cluster in the kuadra-system namespace.\nkubectl -n kuadra-system apply -k config/samples\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkuadrant%2Fkuadra","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkuadrant%2Fkuadra","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkuadrant%2Fkuadra/lists"}