kcp-dev/kcp-operator

This is a work-in-progress operator to deploy and manage kcp instances. Please check back later!

Requirements

cert-manager

Quickstart

RootShard

Running a root shard requires a running etcd instance/cluster. You can set up a simple one via Helm (THIS IS INSECURE, NEVER DEPLOY ETCD LIKE THIS IN PRODUCTION):

$ helm install etcd oci://registry-1.docker.io/bitnamicharts/etcd --set auth.rbac.enabled=false --set auth.rbac.create=false

In addition, the root shard requires a reference to a cert-manager Issuer to issue its PKI CAs. You can create a self-signing one:

$ kubectl apply -f ./config/samples/cert-manager/issuer.yaml

Afterward, create the RootShard sample object:

$ kubectl apply -f ./config/samples/v1alpha1_rootshard.yaml

kcp-operator will create the necessary resources to start a Deployment of a kcp root shard.

Architecture

Certificate Management

The placeholders $rootshard and $frontproxy in the chart are used to denote the name of the corresponding operator resource.

graph TB
    A([kcp-pki-bootstrap]):::issuer --> B(kcp-pki-ca):::ca
    B --> C([$rootshard-ca]):::issuer

    C --> D(kcp-etcd-client-ca):::ca
    C --> E(kcp-etcd-peer-ca):::ca
    C --> F($rootshard-front-proxy-client-ca):::ca
    C --> G($rootshard-server-ca):::ca
    C --> H($rootshard-requestheaer-client-ca):::ca
    C --> I($rootshard-client-ca):::ca
    C --> J(kcp-service-account-ca):::ca

    D --> K([kcp-etcd-client-issuer]):::issuer
    E --> L([kcp-etcd-peer-issuer]):::issuer
    F --> M([$rootshard-front-proxy-client-ca]):::issuer
    G --> N([$rootshard-server-ca]):::issuer
    H --> O([$rootshard-requestheader-client-ca]):::issuer
    I --> P([$rootshard-client-ca]):::issuer
    J --> Q([kcp-service-account-issuer]):::issuer

    K --- K1(kcp-etcd):::cert --> K2(kcp-etcd-client):::cert
    L --> L1(kcp-etcd-peer):::cert
    M --> M1($rootshard-$frontproxy-admin-kubeconfig):::cert
    N --- N1(kcp):::cert --- N2($rootshard-$frontproxy-server):::cert --> N3(kcp-virtual-workspaces):::cert
    O --- O1($rootshard-$frontproxy-requestheader):::cert --> O2("(kcp-front-proxy-vw-client)"):::cert
    P --- P1($rootshard-$frontproxy-kubeconfig):::cert --> P2(kcp-internal-admin-kubeconfig):::cert
    Q --> Q1(kcp-service-account):::cert

    B --> R([$rootshard2-ca]):::issuer
    R --> S(...):::ca

    classDef issuer color:#77F
    classDef ca color:#F77
    classDef cert color:orange

Name	Name	Last commit message	Last commit date
Latest commit kcp-ci-bot Merge pull request #35 from xrstf/authz-webhook-config Feb 10, 2025 915b39c · Feb 10, 2025 History 116 Commits
.github	.github	Add GitHub issue templates for bugs and features	Jan 9, 2025
cmd	cmd	only print stacktraces on panics, as the trace for reconciling errors…	Jan 27, 2025
config	config	implement authorization options for kcp	Feb 4, 2025
docs/development	docs/development	Add design documentation notes	Nov 14, 2024
hack	hack	fix missing codegen for deepcopy funcs	Jan 29, 2025
internal	internal	move etcd and image config into the common func as well, fixes bug in…	Feb 4, 2025
sdk	sdk	implement authorization options for kcp	Feb 4, 2025
test	test	implement shard controller and resource reconciling	Jan 27, 2025
.dockerignore	.dockerignore	Set up code scaffold with kubebuilder	Nov 8, 2024
.gitignore	.gitignore	refactor Makefile, simplify things a bunch	Jan 17, 2025
.golangci.yml	.golangci.yml	prevent constantly shadowing the client package with a client variable	Feb 4, 2025
.prow.yaml	.prow.yaml	always run e2e tests	Jan 27, 2025
CONTRIBUTING.md	CONTRIBUTING.md	Bootstrap documentation and governance	Nov 7, 2024
DCO	DCO	Bootstrap documentation and governance	Nov 7, 2024
DEVELOPMENT.md	DEVELOPMENT.md	Apply improvements from code review	Nov 21, 2024
Dockerfile	Dockerfile	Merge pull request #16 from xrstf/add-codegen	Jan 17, 2025
GOVERNANCE.md	GOVERNANCE.md	Bootstrap documentation and governance	Nov 7, 2024
LICENSE	LICENSE	Initial commit	Oct 23, 2024
Makefile	Makefile	use an absolute path to make setup-envtest also emit absolute paths	Jan 17, 2025
OWNERS	OWNERS	Bootstrap documentation and governance	Nov 7, 2024
PROJECT	PROJECT	Add initial APIs	Nov 14, 2024
README.md	README.md	harmonize spelling of frontProxy (variable) and front-proxy (kube ide…	Jan 24, 2025
code-of-conduct.md	code-of-conduct.md	Bootstrap documentation and governance	Nov 7, 2024
go.mod	go.mod	make e2e utility methods more generally useful	Jan 27, 2025
go.sum	go.sum	make e2e utility methods more generally useful	Jan 27, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

kcp-dev/kcp-operator

Requirements

Quickstart

RootShard

Architecture

Certificate Management

About

Releases

Packages 1

Contributors 5

Languages

License

kcp-dev/kcp-operator

Folders and files

Latest commit

History

Repository files navigation

kcp-dev/kcp-operator

Requirements

Quickstart

RootShard

Architecture

Certificate Management

About

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

Packages 1

Contributors 5

Languages