{"id":15816483,"url":"https://github.com/lbroudoux/k8s-project-ignition-operator","last_synced_at":"2026-05-05T07:32:37.057Z","repository":{"id":145929756,"uuid":"201082334","full_name":"lbroudoux/k8s-project-ignition-operator","owner":"lbroudoux","description":"Kubernetes Operator to ease complex project (with multiple namespaces) creation.","archived":false,"fork":false,"pushed_at":"2019-08-09T11:26:55.000Z","size":264,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-10-06T05:04:15.706Z","etag":null,"topics":["kubernetes","openshift","operator","operator-framework"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lbroudoux.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-08-07T15:56:54.000Z","updated_at":"2020-02-14T19:48:36.000Z","dependencies_parsed_at":null,"dependency_job_id":"d6d33264-62ba-43e4-aa9e-8bc2e1a99dbd","html_url":"https://github.com/lbroudoux/k8s-project-ignition-operator","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/lbroudoux/k8s-project-ignition-operator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lbroudoux%2Fk8s-project-ignition-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lbroudoux%2Fk8s-project-ignition-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lbroudoux%2Fk8s-project-ignition-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lbroudoux%2Fk8s-project-ignition-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lbroudoux","download_url":"https://codeload.github.com/lbroudoux/k8s-project-ignition-operator/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lbroudoux%2Fk8s-project-ignition-operator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32640533,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-04T10:08:07.713Z","status":"online","status_checked_at":"2026-05-05T02:00:06.033Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubernetes","openshift","operator","operator-framework"],"created_at":"2024-10-05T05:04:21.956Z","updated_at":"2026-05-05T07:32:37.041Z","avatar_url":"https://github.com/lbroudoux.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# k8s-project-ignition-operator\n\nKubernetes Operator to ease complex project (with multiple namespaces) creation. This Operator can be deployed and used on Vanilla Kubernetes or on OpenShift with advanced features.\n\n## What is it?\n\nDoing serious things on Kubernetes and deploying bunch of applications requires discipline and organization to reproduce and repeat the same configuration. Especially when deploying an App requires:\n* Defining multiple namespaces for isolating different environments (dev, test, QA, prod),\n* Configuring namespaces with adequate annotations and labels,\n* Creating the correct role bindings for users, groups and service accounts,\n* Applying the different resource quotas per namespace,\n* Applying cluster-wide multi namespaces resources quotas on OpenShift,\n* ...\n\nThis Operator defines and operates a specific `ProjectIgnition` CRD that allows to define different ignition configurations for your different stacks or in-house project methodologies. So that you are able to bootstrap projects with the same set of organisation and configuration of Kubernetes namespaces.\n\nTraditionnaly such automation could be done using Ansible but Operators offer a Kube-native way of doing things!\n\n## Status \n\n\u003e This is early stage of development and all features described below may not be fully functionnal. If you're interested, please provide feedback as well as feature ideas and Pull Requests 😉\n\n\n## Define a ProjectIgnition\n\nA `ProjectIgnition` is a custom resource holding description of desired configuration for a set of `Namespaces` hosting a archetypes application. It is defined into the `lbroudoux.github.io/v1beta1` API Group as shown in below header:\n\n```yaml\napiVersion: lbroudoux.github.io/v1beta1\nkind: ProjectIgnition\nmetadata:\n  name: example-projectignition\nspec:\n  projectName: example\n  [..]\n```\n\nA `ProjectIgnition` specfication then holds definitions for namespaces to ignit:\n\n```yaml\n[..]\nspec:\n  namespaces:\n    definitions:\n      - name: dev\n        [..]\n      - name: qa\n        [..]\n      - name: prod\n        [..]\n```\n\nA namespace definition allows to specify a name, annotations, labels, roleBindings, finalizers and quotas to apply to a namespace:\n\n```yaml\n[..]\nspec:\n  namespaces:\n    definitions:\n      - name: dev\n        annotations:\n          - 'project: {project}'\n          - 'github.io/my-annotation: my-annotation-value'\n        labels:\n          - key: stage\n            value: development\n        finalizers:\n          - custom\n        roleBindings:\n          - role: edit\n            user: system:serviceaccount:fabric:jenkins\n          - role: system:image-puller\n            group: system:serviceaccounts:{project}-qa\n          - role: system:image-puller\n            group: system:serviceaccounts:{project}-prod\n        quotas:\n          - 'https://raw.githubusercontent.com/lbroudoux/k8s-project-ignition-operator/master/samples/quotas/quota-small.yml'\n```\n\nFinally, you may have customizations options specific to OpenShift to customize display labels of Namespace or create `ClusterResourceQuota` that applies to all the namespaces of the project.\n\n```yaml\n[..]\nspec:\n  projectName: example\n  namespaces:\n    useOpenShiftProject: true\n    addStageNumber: false\n    addStageNameInDisplayName: true\n    definitions: [..]\n  openShiftMultiProjectQuota:\n    projectAnnotationSelector: 'project: {project}'\n    projectLabelSelector: null\n    quota: 'https://raw.githubusercontent.com/lbroudoux/k8s-project-ignition-operator/master/samples/quotas/cluster-quota.yml'\n```\n\n### Placeholders\n\nYou may have seen the specific `{project}` string in ignition definition? We currently support 2 placeholders `{project}` and `{namespace}` that will be replaced by correct values by the Operator.\n\n### Full example\n\nPlease check [example](https://github.com/lbroudoux/k8s-project-ignition-operator/blob/master/deploy/crds/lbroudoux_v1beta1_projectignition_cr.yaml) CR for full sample of a `ProjectIgnition`.\n\nOnce reconciled by the Operator, you should get the following resources created:\n\n```sh\n$ kubectl get namespaces | grep example-\nexample-dev                    Active    45m\nexample-prod                   Active    45m\nexample-qa                     Active    45m\n\n$ kubectl get rolebindings -n example-dev\nNAME                                                       AGE\nedit_system:serviceaccount:fabric:jenkins                  45m\nsystem:deployers                                           45m\nsystem:image-builders                                      45m\nsystem:image-puller_system:serviceaccounts:example-prod    45m\nsystem:image-puller_system:serviceaccounts:example-qa      45m\nsystem:image-pullers                                       45m\n\n$ kubectl get resourcequotas -n example-dev\nNAME          CREATED AT\nburst-quota   2019-08-09T01:57:59Z\nquota         2019-08-09T01:57:59Z\n\n$ kubectl get rolebindings -n example-qa\nNAME                                                       AGE\nedit_system:serviceaccount:fabric:jenkins                  45m\nsystem:deployers                                           45m\nsystem:image-builders                                      45m\nsystem:image-pullers                                       45m\n\n$ kubectl get resourcequotas -n example-qa\nNAME          CREATED AT\nburst-quota   2019-08-09T01:57:59Z\nquota         2019-08-09T01:57:59Z\n\n$ kubectl get rolebindings -n example-qa\nNAME                                                       AGE\nedit_system:serviceaccount:fabric:jenkins                  45m\nsystem:deployers                                           45m\nsystem:image-builders                                      45m\nsystem:image-pullers                                       45m\n\n$ kubectl get resourcequotas -n example-qa\nNAME          CREATED AT\nburst-quota   2019-08-09T01:57:59Z\nquota         2019-08-09T01:57:59Z\n```\n\nand because it is deployed on OpenShift:\n\n```sh\n$ oc get clusterresourcequotas\nNAME             LABEL SELECTOR   ANNOTATION SELECTOR\nexample-quota   \u003cnone\u003e           map[project:example]\n\n```\n\n\n## Deploy the Operator\n\nFirst thing first, you have to deploy the CRD defining a `ProjectIgnition`, this has to be done cluster-wide.\n\n```sh\n$ kubectl create -f deploy/crds/lbroudoux_v1beta1_projectignition_crd.yaml\n```\n\nThis operator watches a single namespace and thus you should create at least a `Namespace` for hosting the Operator and the future `ProjectIgnition` custom resources.\n\nThen, you can start creating the different service account, roles, role bindings and deployment.\n\n```sh\n$ kubectl create -f deploy/service_account.yaml\n$ kubectl create -f deploy/role.yaml\n$ kubectl create -f deploy/role_binding.yaml\n$ kubectl create -f deploy/operator.yaml\n```\n\nWait one minute and check everything is in place:\n\n```sh\n$ kubectl oc get pods                                                             \nNAME                                        READY     STATUS    RESTARTS   AGE\nproject-igniter-operator-85bc8fcd8d-4zslk   1/1       Running   0          1h\n````\n\nYou can now start creating `ProjectIgnition` CRs!\n\n\n## Make is easily consumable\n\nIn order to get your teams easily start with `ProjectIgnitions` you may want to create some [OpenShift templates](https://docs.openshift.com/container-platform/3.11/dev_guide/templates.html) or [Helm charts](https://helm.io) to prepare some stereotypes project ignitions configuratino, letting just the user set up its project name.\n\nAs a sample, an OpenShift template is provided [here](https://github.com/lbroudoux/k8s-project-ignition-operator/blob/master/samples/templates/projectignition-openshift-template.yml) and can be deployed alongside the Operator in the same namespace. Requesting a new `ProjectIgnition` is now straightforward from the user point-of-view:\n\n![step1](./assets/openshift-template-1.png)\n![step2](./assets/openshift-template-2.png)\n![step3](./assets/openshift-template-3.png)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flbroudoux%2Fk8s-project-ignition-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flbroudoux%2Fk8s-project-ignition-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flbroudoux%2Fk8s-project-ignition-operator/lists"}