{"id":16543194,"url":"https://github.com/s3rius/kuo","last_synced_at":"2025-09-23T23:19:38.726Z","repository":{"id":242783298,"uuid":"810501211","full_name":"s3rius/kuo","owner":"s3rius","description":"Kubernetes User Operator for managing users via CRDs","archived":false,"fork":false,"pushed_at":"2024-09-26T07:31:51.000Z","size":165,"stargazers_count":7,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-02-05T21:59:05.596Z","etag":null,"topics":["kubernetes","operator","user-management"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/s3rius.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-04T20:22:57.000Z","updated_at":"2024-09-26T07:31:55.000Z","dependencies_parsed_at":"2024-06-13T04:08:04.744Z","dependency_job_id":"fb7ed783-b0f5-4317-8088-c15972555828","html_url":"https://github.com/s3rius/kuo","commit_stats":null,"previous_names":["s3rius/kuo"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s3rius%2Fkuo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s3rius%2Fkuo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s3rius%2Fkuo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s3rius%2Fkuo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/s3rius","download_url":"https://codeload.github.com/s3rius/kuo/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":238672165,"owners_count":19511226,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubernetes","operator","user-management"],"created_at":"2024-10-11T18:59:35.977Z","updated_at":"2025-09-23T23:19:33.694Z","avatar_url":"https://github.com/s3rius.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"./logo.svg\" width=\"200\" height=\"200\"\u003e\n\u003ch2\u003eKubernetes User Operator\u003c/h2\u003e\n\u003c/div\u003e\n\nSimple kubernetes operator for managing users in a cluster.\nBasically, it gives you simple CRD that allows you to add new users to the cluster, or manage existing ones.\n\n## Installation\n\nEasiest way to install the operator is to use the provided helm chart.\n```bash\nhelm show values oci://ghcr.io/s3rius/charts/kuo \u003e values.yaml\n# Edit values.yaml to suit your needs\nhelm install kuo oci://ghcr.io/s3rius/charts/kuo -f values.yaml\n```\n\n\n## Usage\n\nTo create a new user, you need to create a new `ManagedUser` object in the cluster. For example:\n\n```yaml\napiVersion: kuo.github.io/v1\nkind: ManagedUser\nmetadata:\n  name: s3rius\nspec: {}\n```\n\nThis will create a new user with the name `s3rius` in the cluster. Once the user is created, operator\nwill try to create a CertificateSigningRequest for the user, and approve it. After that, the generated\nkubeconfig will be stored in the `/data/kubeconfig` field of the secret named `{username}-data`.\n\nTo get the generated kubeconfig, you can use the following command:\n\n```bash\nkubectl get secrets s3rius-data -o=jsonpath=\"{.data.kubeconfig}\" | base64 -d\n```\n\nThis will output the kubeconfig for the user `s3rius`.\n\n### Permissions\n\nAlso, you can inline the permissions for the user in the `ManagedUser` object. It's highly encouraged to use the inline permissions, because they are managed by the operator, and will be automatically updated if the permissions change on the `ManagedUser`.\n\nFor example:\n\n```yaml\napiVersion: kuo.github.io/v1\nkind: ManagedUser\nmetadata:\n  name: s3rius\nspec:\n  inlinePermissions:\n    clusterPermissions:\n      - apiGroups: [\"apps\"]\n        resources: [\"deployments\"]\n        verbs: [\"get\", \"list\"]\n    namespacedPermissions:\n      - namespace: default\n        permissions:\n          - apiGroups: [\"\"]\n            resources: [\"configmaps\"]\n            verbs: [\"get\", \"list\"]\n```\n\nThis config will create appropriate `Role`, `ClusterRole`, `RoleBinding` and `ClusterRoleBinding` objects in the cluster, and will grant specified permissions to the user `s3rius`.\n\nIf you will change the permissions in the `ManagedUser` object, the operator will automatically update the permissions for the user.\n\n### Deleting the user\n\nIf you delete the `ManagedUser` object, all associated permissions will be automatically removed from the cluster. But if you created any rolebindings or clusterrolebindings manually, you need to remove them manually.\n\n### Email notifications\n\nIf you want to send an email with the generated kubeconfig, you need to setup `SMTP` configuration and then you will be able to specify the `email` field in the `ManagedUser` object. For example:\n\n```yaml\napiVersion: kuo.github.io/v1\nkind: ManagedUser\nmetadata:\n  name: s3rius\nspec:\n  email: s3riussan@gmail.com\n```\n\nThis will send an email with the kubeconfig to the email address `s3riussan@gmail.com` once the kubeconfig is created.\n\n\n## Configuration\n\n```bash\nUsage: kuo-operator [OPTIONS]\n\nOptions:\n      --signer-name \u003csigner-name\u003e\n          Name of the signer which should sign all certificate signing requests created by the operator [env: KUO_OPERATOR_SIGNER_NAME=] [default: kubernetes.io/kube-apiserver-client]\n      --kube-addr \u003ckube-addr\u003e\n          Kubernetes API server host [env: KUO_OPERATOR_KUBE_ADDR=https://localhost:42241] [default: https://0.0.0.0:6443]\n      --default-cert-name \u003cdefault-cert-name\u003e\n          Name of the configmap which contains the kube root certificate authority. This certificate authority will be used to verify the kube api server [env: KUO_OPERATOR_DEFAULT_CERT_CM_NAME=] [default: kube-root-ca.crt]\n      --default-cert-key \u003cdefault-cert-key\u003e\n          Key of the configmap which contains the kube root certificate authority data [env: KUO_OPERATOR_DEFAULT_CERT_CM_KEY=] [default: ca.crt]\n      --cluster-name \u003ccluster-name\u003e\n          [env: KUO_OPERATOR_CLUSTER_NAME=k3d-test]\n      --smtp-url \u003csmtp-url\u003e\n          SMTP server host. This variable should specify smtp or smtps URL [env: KUO_OPERATOR_SMTP_URL=smtp://mail.le-memese.com?tls=required]\n      --smtp-port \u003csmtp-port\u003e\n          SMTP server port [env: KUO_OPERATOR_SMTP_PORT=587] [default: 587]\n      --smtp-user \u003csmtp-user\u003e\n          SMTP username to authenticate with [env: KUO_OPERATOR_SMTP_USER=kuo@le-memese.com] [default: kum]\n      --smtp-password \u003csmtp-password\u003e\n          SMTP password to authenticate with [env: KUO_OPERATOR_SMTP_PASS=123321] [default: kum]\n      --smtp-from-email \u003csmtp-from-email\u003e\n          [env: KUO_OPERATOR_SMTP_FROM_EMAIL=kuo@le-memese.com]\n      --smtp-from-name \u003csmtp-from-name\u003e\n          [env: KUO_OPERATOR_SMTP_FROM_NAME=] [default: \"Kubernetes User Operator\"]\n      --server-host \u003cserver-host\u003e\n          Host to bind the server to [env: KUO_OPERATOR_SERVER_HOST=] [default: 0.0.0.0]\n      --server-port \u003cserver-port\u003e\n          Port to bind the server to [env: KUO_OPERATOR_SERVER_PORT=] [default: 9000]\n  -h, --help\n          Print help\n  -V, --version\n          Print version\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fs3rius%2Fkuo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fs3rius%2Fkuo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fs3rius%2Fkuo/lists"}