{"id":28451773,"url":"https://github.com/vmware-tanzu/projects-operator","last_synced_at":"2025-06-16T00:06:12.649Z","repository":{"id":57546375,"uuid":"199918612","full_name":"vmware-tanzu/projects-operator","owner":"vmware-tanzu","description":"Provides a `Project` CRD and controller for k8s to help with organising resources","archived":false,"fork":false,"pushed_at":"2024-04-19T12:20:31.000Z","size":9453,"stargazers_count":13,"open_issues_count":18,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-06-06T17:09:00.526Z","etag":null,"topics":["crd","crd-controller","golang","marketplace"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vmware-tanzu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE-OF-CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-07-31T19:41:47.000Z","updated_at":"2024-05-28T14:10:15.000Z","dependencies_parsed_at":"2024-01-12T00:21:12.992Z","dependency_job_id":"9012465e-d814-4bee-9f28-dc4df1313977","html_url":"https://github.com/vmware-tanzu/projects-operator","commit_stats":null,"previous_names":["pivotal/marketplace-project","pivotal/projects-operator"],"tags_count":33,"template":false,"template_full_name":null,"purl":"pkg:github/vmware-tanzu/projects-operator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware-tanzu%2Fprojects-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware-tanzu%2Fprojects-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware-tanzu%2Fprojects-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware-tanzu%2Fprojects-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vmware-tanzu","download_url":"https://codeload.github.com/vmware-tanzu/projects-operator/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware-tanzu%2Fprojects-operator/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260072508,"owners_count":22954910,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crd","crd-controller","golang","marketplace"],"created_at":"2025-06-06T17:09:00.451Z","updated_at":"2025-06-16T00:06:12.636Z","avatar_url":"https://github.com/vmware-tanzu.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Projects\n\n## About\n\n`projects-operator` extends kubernetes with a `Project` CRD and corresponding\ncontroller.  `Projects` are intended to provide isolation of kubernetes\nresources on a single kubernetes cluster.  A `Project` is essentially a\nkubernetes namespace along with a corresponding set of RBAC rules.\n\n## Contributing\n\nTo begin contributing, please read the [contributing](CONTRIBUTING.md) doc.\n\n## Installation and Usage\n\n`projects-operator` is currently deployed using [k14s](https://k14s.io).\n\nYou must first create a `ClusterRole` that contains the RBAC\nrules you wish to be applied to each created `Project`. For example:\n\n```yaml\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  name: my-clusterrole-with-rbac-for-each-project\nrules:\n- apiGroups:\n  - example.k8s.io\n  resources:\n  - mycustomresource\n  verbs:\n  - \"*\"\n```\n\n### Install\n\nThen you will need to build and push the projects-operator image to a registry.\n\n```bash\n$ docker build -t \u003cREGISTRY_HOSTNAME\u003e/\u003cREGISTRY_PROJECT\u003e/projects-operator .\n$ docker push \u003cREGISTRY_HOSTNAME\u003e/\u003cREGISTRY_PROJECT\u003e/projects-operator\n\n# For example, docker build -t gcr.io/team-a/projects-operator .\n```\n\nThen finally you can run the [/scripts/kapp-deploy](/scripts/kapp-deploy) script\nto deploy projects-operator.\n\n```bash\n\nexport INSTANCE=\u003cUNIQUE STRING TO IDENTIFY THIS DEPLOYMENT\u003e\nexport REGISTRY_HOSTNAME=\u003cREGISTRY_HOSTNAME\u003e # e.g. \"gcr.io\", \"my.private.harbor.com\", etc.\nexport REGISTRY_PROJECT=\u003cREGISTRY_PROJECT\u003e   # e.g. \"team-a\", \"dev\", etc.\nexport REGISTRY_USERNAME=\u003cREGISTRY_PASSWORD\u003e\nexport REGISTRY_PASSWORD=\u003cREGISTRY_PASSWORD\u003e\nexport CLUSTER_ROLE_REF=my-clusterrole-with-rbac-for-each-project\n\n$ ./scripts/kapp-deploy\n```\n\n### Creating a Project\n\nApply projects yaml with a project name and a list of users/groups/serviceaccounts who have access, for example:\n\n```yaml\napiVersion: projects.vmware.com/v1alpha1\nkind: Project\nmetadata:\n  name: project-sample\nspec:\n  access:\n  - kind: User\n    name: alice\n  - kind: ServiceAccount\n    name: some-robot\n    namespace: some-namespace\n  - kind: Group\n    name: ldap-experts\n```\n\n### Uninstall\n\n```bash\nkapp -n \u003cNAMESPACE\u003e delete -a projects-operator\n```\n\n### Webhooks\n\nprojects-operator makes use of three webhooks to provide further functionality, as follows:\n\n1. A ValidatingWebhook (invoked on Project CREATE) - ensures that Projects cannot be created if they have the same name as an existing namespace.\n1. A MutatingWebhook (invoked on ProjectAccess CREATE, UPDATE) - returns a modified ProjectAccess containing the list of Projects the user has access to.\n1. A MutatingWebhook (invoked on Project CREATE) - adds the user from the request as a member of the project if a project is created with no entries in access.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvmware-tanzu%2Fprojects-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvmware-tanzu%2Fprojects-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvmware-tanzu%2Fprojects-operator/lists"}