{"id":47047123,"url":"https://github.com/nebari-dev/nebari-operator","last_synced_at":"2026-05-21T01:11:51.228Z","repository":{"id":336695564,"uuid":"1116924905","full_name":"nebari-dev/nebari-operator","owner":"nebari-dev","description":"Kubernetes Operator designed to streamline and centralize the configuration of routing, TLS certificates, and user authentication within NICs ecossystem.","archived":false,"fork":false,"pushed_at":"2026-05-20T17:44:28.000Z","size":965,"stargazers_count":0,"open_issues_count":29,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-20T18:39:43.347Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nebari-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-15T15:19:28.000Z","updated_at":"2026-05-05T07:13:18.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/nebari-dev/nebari-operator","commit_stats":null,"previous_names":["nebari-dev/nebari-operator"],"tags_count":19,"template":false,"template_full_name":null,"purl":"pkg:github/nebari-dev/nebari-operator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nebari-dev%2Fnebari-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nebari-dev%2Fnebari-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nebari-dev%2Fnebari-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nebari-dev%2Fnebari-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nebari-dev","download_url":"https://codeload.github.com/nebari-dev/nebari-operator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nebari-dev%2Fnebari-operator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33283673,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-20T15:12:43.734Z","status":"ssl_error","status_checked_at":"2026-05-20T15:12:42.300Z","response_time":356,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-03-12T02:05:10.842Z","updated_at":"2026-05-21T01:11:51.212Z","avatar_url":"https://github.com/nebari-dev.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://nebari.dev\"\u003e\n    \u003cpicture\u003e\n      \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://raw.githubusercontent.com/nebari-dev/nebari-design/main/logo-mark/horizontal/standard/Nebari-Logo-Horizontal-Lockup-White-text.png\"\u003e\n      \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://raw.githubusercontent.com/nebari-dev/nebari-design/main/logo-mark/horizontal/standard/Nebari-Logo-Horizontal-Lockup.png\"\u003e\n      \u003cimg alt=\"Nebari\" src=\"docs/Nebari-Logo-Horizontal-Lockup.png\" width=\"300\"\u003e\n    \u003c/picture\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eNebari Operator\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cstrong\u003eSelf-service application onboarding for GitOps-friendly Kubernetes platforms.\u003c/strong\u003e\u003cbr /\u003e One CRD to rule\n  routing, TLS, SSO, and landing-page registration — all continuously reconciled.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/nebari-dev/nebari-operator/actions/workflows/test-chart.yml\"\u003e\u003cimg\n  src=\"https://github.com/nebari-dev/nebari-operator/actions/workflows/test-chart.yml/badge.svg\" alt=\"Test Chart\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/nebari-dev/nebari-operator/actions/workflows/build-pr.yml\"\u003e\u003cimg\n  src=\"https://github.com/nebari-dev/nebari-operator/actions/workflows/build-pr.yml/badge.svg\" alt=\"PR Checks\"\u003e\u003c/a\u003e \u003ca\n  href=\"https://github.com/nebari-dev/nebari-operator/actions/workflows/generated-files.yml\"\u003e\u003cimg\n  src=\"https://github.com/nebari-dev/nebari-operator/actions/workflows/generated-files.yml/badge.svg\" alt=\"Generated\n  Files\"\u003e\u003c/a\u003e \u003ca href=\"https://github.com/nebari-dev/nebari-operator/actions/workflows/release.yml\"\u003e\u003c/a\u003e \u003ca\n  href=\"https://github.com/nebari-dev/nebari-operator/blob/main/LICENSE\"\u003e\u003cimg\n  src=\"https://img.shields.io/badge/License-Apache_2.0-blue.svg\" alt=\"License: Apache 2.0\"\u003e\u003c/a\u003e \u003ca\n  href=\"https://github.com/nebari-dev/nebari-operator/releases/latest\"\u003e\u003cimg\n  src=\"https://img.shields.io/github/v/release/nebari-dev/nebari-operator?logo=github\u0026label=release\" alt=\"Latest\n  Release\"\u003e\u003c/a\u003e \u003ca href=\"https://golang.org\"\u003e\u003cimg\n  src=\"https://img.shields.io/badge/Go-1.25+-00ADD8?logo=go\u0026logoColor=white\" alt=\"Go 1.25+\"\u003e\u003c/a\u003e \u003ca\n  href=\"https://kubernetes.io\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#what-is-nebari-operator\"\u003eWhat is it?\u003c/a\u003e \u0026middot; \u003ca href=\"#how-it-works\"\u003eHow it works\u003c/a\u003e \u0026middot; \u003ca\n  href=\"#key-features\"\u003eFeatures\u003c/a\u003e \u0026middot; \u003ca href=\"#installation\"\u003eInstallation\u003c/a\u003e \u0026middot; \u003ca\n  href=\"#usage-example\"\u003eUsage\u003c/a\u003e \u0026middot; \u003ca href=\"#development\"\u003eDevelopment\u003c/a\u003e \u0026middot; \u003ca\n  href=\"#documentation\"\u003eDocs\u003c/a\u003e \u0026middot; \u003ca href=\"CONTRIBUTING.md\"\u003eContributing\u003c/a\u003e\n\u003c/p\u003e\n\n\n\n\u003e **Status**: Under active development as part of Nebari Infrastructure Core (NIC). APIs and behavior may change without\n\u003e notice.\n\n## What is Nebari Operator?\n\nThe Nebari Operator is a Kubernetes controller that enables **self-service application onboarding** in GitOps-friendly\nclusters. When a team deploys an app via Helm or Argo CD, they declare a single `NebariApp` custom resource — the\noperator takes care of the rest:\n\n- **HTTP/HTTPS Routes** — Gateway API `HTTPRoute` created and maintained automatically\n- **TLS Termination** — cert-manager `Certificate` provisioned on demand\n- **SSO Authentication** — OIDC `SecurityPolicy` wired to Keycloak, including automatic client provisioning\n- **Landing Page Registration** — service metadata surfaced to\n  [Nebari Landing](https://github.com/nebari-dev/nebari-landing) with visibility controls\n\nNo more hand-crafting `Gateway`, `HTTPRoute`, `SecurityPolicy`, or Keycloak clients. Declare intent; the operator\nreconciles reality.\n\n## How it Works\n\nThe operator runs a pipeline of focused **reconcilers**, each responsible for one concern:\n\n```\nNebariApp CR\n     │\n     ├─► Validation Reconciler    — namespace opt-in, service existence\n     ├─► Routing Reconciler       — HTTPRoute + TLS Certificate\n     ├─► Auth Reconciler          — OIDC SecurityPolicy + Keycloak client\n     └─► Landing Page Reconciler  — registration in nebari-landing cache\n```\n\nEach reconciler is independent, updates `status.conditions`, and emits Kubernetes Events for full observability. The\ncontrol loop is **continuously reconciled** — drift from desired state is corrected automatically.\n\n**Learn more:** [Reconciler Architecture](docs/reconcilers/README.md)\n\n## Key Features\n\n| Feature | Description |\n| --- | --- |\n| **Declarative Configuration** | One `NebariApp` CRD defines routing, TLS, auth, and landing-page visibility |\n| **Automatic Route Generation** | `HTTPRoute` resources are created and kept in sync automatically |\n| **TLS Management** | Seamless cert-manager integration — certificates provisioned and renewed hands-free |\n| **OIDC Authentication** | Optional SSO via Keycloak, with automatic `SecurityPolicy` and client provisioning |\n| **Public Route Bypass** | Per-path auth bypass for health-check and callback endpoints |\n| **Landing Page Integration** | Surfaces apps to [nebari-landing](https://github.com/nebari-dev/nebari-landing) with category, icon, and visibility controls |\n| **GitOps Compatible** | Continuously reconciled — desired state is always enforced |\n| **Multi-Platform** | Works with any Kubernetes (cloud, on-prem, local kind/minikube) |\n| **Namespace Isolation** | Opt-in per namespace via label — no accidental adoption |\n\n## Installation\n\n### Quick Install (Recommended)\n\nInstall the latest stable release with a single command:\n\n```bash\nkubectl apply -f https://github.com/nebari-dev/nebari-operator/releases/latest/download/install.yaml\n```\n\n### Install a Specific Version\n\n```bash\nVERSION=v0.1.0\nkubectl apply -f https://github.com/nebari-dev/nebari-operator/releases/download/${VERSION}/install.yaml\n```\n\n### Helm Install\n\n```bash\nhelm upgrade --install nebari-operator \\\n  oci://ghcr.io/nebari-dev/charts/nebari-operator \\\n  --namespace nebari-operator-system \\\n  --create-namespace\n```\n\n### Verify Installation\n\n```bash\nkubectl get pods -n nebari-operator-system\nkubectl logs -n nebari-operator-system -l control-plane=controller-manager\n```\n\n### Container Images\n\nMulti-arch images (amd64 / arm64) are published to Quay.io on every release:\n\n```\nquay.io/nebari/nebari-operator:latest\nquay.io/nebari/nebari-operator:v0.1.0\nquay.io/nebari/nebari-operator:main\n```\n\n## Usage Example\n\nOpt your namespace in and create a `NebariApp` to expose a service:\n\n```bash\n# Opt the namespace into operator management\nkubectl label namespace my-team nebari.dev/managed=true\n```\n\n```yaml\napiVersion: reconcilers.nebari.dev/v1\nkind: NebariApp\nmetadata:\n  name: my-app\n  namespace: my-team\nspec:\n  hostname: my-app.example.com\n  service:\n    name: my-service\n    port: 8080\n  routing:\n    tls:\n      enabled: true\n    routes:\n      - pathPrefix: /\n    publicRoutes:\n      - pathPrefix: /healthz\n        pathType: Exact\n  auth:\n    enabled: true\n    provider: keycloak\n    provisionClient: true\n  landingPage:\n    enabled: true\n    displayName: \"My App\"\n    description: \"A great internal tool\"\n    category: \"Engineering\"\n    icon: \"tool\"\n    visibility: authenticated\n```\n\nThe operator will automatically create:\n\n- **`HTTPRoute`** — routes `my-app.example.com` traffic to `my-service:8080`\n- **`Certificate`** — cert-manager certificate for TLS\n- **`SecurityPolicy`** — OIDC authentication enforced at the gateway\n- **Keycloak Client** — OIDC client provisioned in the configured realm\n- **Landing Page Entry** — app surfaced in nebari-landing for authenticated users\n\nSee the [Configuration Reference](docs/configuration-reference.md) for all available options.\n\n## Development\n\n### Prerequisites\n\n| Tool | Version | Notes |\n| --- | --- | --- |\n| `go` | 1.25+ | Controller and tests |\n| `docker` or `podman` | 24+ | Image builds |\n| `kubectl` | 1.28+ | Cluster interaction |\n| `make` | any | Build automation |\n| Kubernetes cluster | 1.28+ | kind, minikube, or cloud |\n\n### Quick Start\n\n```bash\n# Regenerate CRDs and deep-copy code after API changes\nmake manifests generate\n\n# Run unit tests\nmake test\n\n# Run linter\nmake lint\n\n# Run the operator locally against your current cluster\nmake run\n```\n\n### Local Dev Cluster (Kind)\n\n```bash\n# Create a Kind cluster with the full Nebari infrastructure stack\ncd dev \u0026\u0026 make setup\n\n# Build and load the operator image\ncd ..\nmake docker-build IMG=quay.io/nebari/nebari-operator:dev\nkind load docker-image quay.io/nebari/nebari-operator:dev --name nebari-operator-dev\n\n# Install CRDs and deploy\nmake install deploy IMG=quay.io/nebari/nebari-operator:dev\n\n# Deploy the example app and NebariApp CR\nkubectl apply -f dev/examples/app-deployment.yaml\nkubectl apply -f dev/examples/nebariapp.yaml\n\n# Iterate: rebuild and roll out\nmake docker-build IMG=quay.io/nebari/nebari-operator:dev\nkind load docker-image quay.io/nebari/nebari-operator:dev --name nebari-operator-dev\nkubectl rollout restart deployment nebari-operator-controller-manager -n nebari-operator-system\n\n# Tear down\ncd dev \u0026\u0026 make teardown\n```\n\nSee [dev/README.md](dev/README.md) for the full local development guide.\n\n### Common Makefile Targets\n\n```bash\nmake help          # List all available targets with descriptions\nmake fmt           # Format code (go fmt)\nmake vet           # Run static analysis (go vet)\nmake test          # Run unit tests\nmake test-e2e      # Run end-to-end tests (requires a live cluster)\nmake lint          # Run golangci-lint\nmake build         # Build the manager binary\nmake docker-build  # Build the Docker image\nmake deploy        # Deploy to the current cluster\nmake generate-dev  # Shortcut: manifests + generate (after API changes)\n```\n\nSee the [Makefile Reference](docs/makefile-reference.md) for the complete target list.\n\n### Releasing (Maintainers)\n\n```bash\n# Tag and push from main\ngit checkout main \u0026\u0026 git pull origin main\ngit tag -a v1.0.0 -m \"Release v1.0.0\"\ngit push origin v1.0.0\n\n# Create the GitHub release — CI takes it from here\ngh release create v1.0.0 --generate-notes\n```\n\nCI automatically: runs tests · builds multi-arch images · packages the Helm chart · generates `install.yaml` · uploads\nall artifacts.\n\nSee [docs/maintainers/release-checklist.md](docs/maintainers/release-checklist.md) for the complete process.\n\n## Documentation\n\n### Getting Started\n- **[Quick Start Guide](docs/quickstart.md)** — Install and deploy your first app in 5 minutes\n- **[Configuration Reference](docs/configuration-reference.md)** — Complete `NebariApp` CRD reference\n- **[Troubleshooting](docs/troubleshooting.md)** — Common issues and how to fix them\n\n### Architecture \u0026 Internals\n- **[Reconciler Overview](docs/reconcilers/README.md)** — How the operator pipeline works\n- **[Validation Reconciler](docs/reconcilers/validation.md)** — Namespace opt-in and service checks\n- **[Routing Reconciler](docs/reconcilers/routing.md)** — Gateway API and `HTTPRoute` management\n- **[Authentication Reconciler](docs/reconcilers/authentication.md)** — OIDC, Keycloak, and `SecurityPolicy`\n\n### Operations\n- **[Makefile Reference](docs/makefile-reference.md)** — All build, test, and deployment targets\n- **[Release Process](docs/maintainers/release-process.md)** — How releases are created\n- **[Release Checklist](docs/maintainers/release-checklist.md)** — Step-by-step release guide for maintainers\n- **[Release Setup](docs/maintainers/release-setup.md)** — GitHub Actions configuration\n\n## Contributing\n\nContributions are welcome! To get started:\n\n```bash\ngit clone https://github.com/nebari-dev/nebari-operator.git\ncd nebari-operator\n\n# Make your changes, then:\nmake fmt vet test lint\n```\n\n1. Fork the repo and create a feature branch (`git checkout -b feat/my-feature`)\n2. Add tests for new functionality\n3. Ensure `make fmt vet test lint` passes\n4. Open a Pull Request — CI will build multi-arch images and post image details\n\n**Documentation**:\n- **[Contributing Guide](CONTRIBUTING.md)** — Development workflow and conventions\n- **[API Reference](docs/api-reference.md)** — Auto-generated CRD field reference\n\nSee our [issue tracker](https://github.com/nebari-dev/nebari-operator/issues) for open issues and ideas.\n\n## License\n\nApache License 2.0 — see [LICENSE](LICENSE) for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnebari-dev%2Fnebari-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnebari-dev%2Fnebari-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnebari-dev%2Fnebari-operator/lists"}