{"id":19806399,"url":"https://github.com/ory/oathkeeper-maester","last_synced_at":"2025-04-06T07:15:22.496Z","repository":{"id":38336845,"uuid":"191736805","full_name":"ory/oathkeeper-maester","owner":"ory","description":"Kuberenetes CRD Controller for Ory Oathkeeper. :warning: Maintained by the community, not an official Ory project!","archived":false,"fork":false,"pushed_at":"2024-10-14T14:17:06.000Z","size":298,"stargazers_count":33,"open_issues_count":3,"forks_count":20,"subscribers_count":13,"default_branch":"master","last_synced_at":"2024-10-29T15:59:40.404Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ory.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"patreon":"_ory","open_collective":"ory"}},"created_at":"2019-06-13T09:53:42.000Z","updated_at":"2024-10-14T14:17:10.000Z","dependencies_parsed_at":"2024-04-12T09:32:29.109Z","dependency_job_id":"5ff91e9a-db7c-4c4d-9d75-4d1fc378a0a7","html_url":"https://github.com/ory/oathkeeper-maester","commit_stats":{"total_commits":100,"total_committers":17,"mean_commits":5.882352941176471,"dds":0.76,"last_synced_commit":"2fcee379aa045805aec4bc8555054c04a6eaf0be"},"previous_names":["ory/oathkeeper-k8s-controller"],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ory%2Foathkeeper-maester","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ory%2Foathkeeper-maester/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ory%2Foathkeeper-maester/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ory%2Foathkeeper-maester/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ory","download_url":"https://codeload.github.com/ory/oathkeeper-maester/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247445682,"owners_count":20939961,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-12T09:07:28.184Z","updated_at":"2025-04-06T07:15:22.466Z","avatar_url":"https://github.com/ory.png","language":"Go","funding_links":["https://patreon.com/_ory","https://opencollective.com/ory"],"categories":[],"sub_categories":[],"readme":"\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n\n- [Ory Oathkeeper Maester](#ory-oathkeeper-maester)\n  - [Prerequisites](#prerequisites)\n  - [How to use it](#how-to-use-it)\n  - [Command-line parameters](#command-line-parameters)\n    - [Mode options](#mode-options)\n    - [Global flags](#global-flags)\n    - [Controller mode flags](#controller-mode-flags)\n    - [Sidecar mode flags](#sidecar-mode-flags)\n    - [Environment variables](#environment-variables)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n# Ory Oathkeeper Maester\n\n⚠️ ⚠️ ⚠️\n\n\u003e Ory Oathkeeper Maester is developed by the Ory community and is not actively\n\u003e maintained by Ory core maintainers due to lack of resources, time, and\n\u003e knolwedge. As such please be aware that there might be issues with the system.\n\u003e If you have ideas for better testing and development principles please open an\n\u003e issue or PR!\n\n⚠️ ⚠️ ⚠️\n\nORY Maester is a Kubernetes controller that watches for instances of\n`rules.oathkeeper.ory.sh/v1alpha1` custom resource (CR) and creates or updates\nthe Oathkeeper ConfigMap with Access Rules found in the CRs. The controller\npasses the Access Rules as an array in a format recognized by the Oathkeeper.\n\nThe project is based on\n[Kubebuilder](https://github.com/kubernetes-sigs/kubebuilder)\n\n## Prerequisites\n\n- recent version of Go language with support for modules (e.g: 1.12.6)\n- make\n- kubectl\n- kustomize\n- [kind](https://github.com/kubernetes-sigs/kind) for local integration testing\n- [ginkgo](https://onsi.github.io/ginkgo/) for local integration testing\n- access to K8s environment: minikube or KIND\n  (https://github.com/kubernetes-sigs/kind), or a remote K8s cluster\n\n## How to use it\n\n- `make` to build the binary\n- `make test` to run tests\n- `make test-integration` to run integration tests with local KIND environment\n\nOther targets require a working K8s environment. Set `KUBECONFIG` environment\nvariable to the proper value.\n\n- `make install` to generate CRD file from go sources and install it in the\n  cluster\n- `make run` to run controller locally\n\nRefer to the Makefile for the details.\n\n## Command-line parameters\n\nUsage example: `./manager [--global-flags] mode [--mode-flags]`\n\n### Mode options\n\n| Name           | Description                                                                                                                                                                                           |\n| :------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| **controller** | This is the **default** mode of operation, in which `oathkeeper-maester` is expected to be deployed as a separate deployment. It uses the kubernetes api-server and ConfigMaps to store data.         |\n| **sidecar**    | Alternative mode of operation, in which the `oathkeeper-maester` is expected to be deployed as a sidecar container to the main application. It uses local filesystem to create the access rules file. |\n\n### Global flags\n\n| Name                       | Description                                                                                                           | Default values |\n| :------------------------- | :-------------------------------------------------------------------------------------------------------------------- | :------------: |\n| **metrics-addr**           | The address the metric endpoint binds to                                                                              |     `8080`     |\n| **enable-leader-election** | Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager. |    `false`     |\n| **kubeconfig**             | Paths to a kubeconfig. Only required if out-of-cluster.                                                               | `$KUBECONFIG`  |\n\n### Controller mode flags\n\n| Name                        | Description                                              |       Default values        |\n| :-------------------------- | :------------------------------------------------------- | :-------------------------: |\n| **rulesConfigmapName**      | Name of the Configmap that stores Oathkeeper rules.      |     `oathkeeper-rules`      |\n| **rulesConfigmapNamespace** | Namespace of the Configmap that stores Oathkeeper rules. | `oathkeeper-maester-system` |\n| **rulesFileName**           | Name of the key in ConfigMap containing the rules.json   |     `access-rules.json`     |\n\n### Sidecar mode flags\n\n| Name              | Description                                      |         Default values          |\n| :---------------- | :----------------------------------------------- | :-----------------------------: |\n| **rulesFilePath** | Path to the file with converted Oathkeeper rules | `/etc/config/access-rules.json` |\n\n### Environment variables\n\n| Name          | Description                                                                                                                                                                            | Default values |\n| :------------ | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------: |\n| **NAMESPACE** | Namespace option to scope Oathkeeper maester to one namespace only - useful for running several instances in one cluster. Defaults to \"\" which means that there is no namespace scope. |       ``       |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fory%2Foathkeeper-maester","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fory%2Foathkeeper-maester","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fory%2Foathkeeper-maester/lists"}