21 Repos
Tools and frameworks for managing cluster state through declarative reconciliation loops and API server interactions.
Distinguishing note: Focuses on the reconciliation pattern used in Kubernetes operators and server-side state management, distinct from generic infrastructure automation.
Explore 21 awesome GitHub repositories matching devops & infrastructure · Kubernetes Controllers. Refine with filters or upvote what's useful.
OpenFaaS is a serverless function platform that provides a container-native framework for deploying and managing event-driven code. It functions as an abstraction layer over container orchestrators, allowing developers to package code into scalable functions that run across Kubernetes clusters or edge computing environments. The platform distinguishes itself through a developer-centric runtime that utilizes standardized language templates and automated build pipelines to simplify the creation of container images. It features a central API gateway that manages request routing, authentication,
The system uses custom resource definitions and controllers to reconcile the desired state of functions with the underlying container orchestrator.
Argo CD is a declarative, GitOps-based continuous delivery tool designed for Kubernetes. It functions as a centralized control plane that synchronizes application states from version-controlled repositories directly into target clusters, ensuring that the live environment consistently matches the desired configuration defined in Git. The platform distinguishes itself through its ability to manage multi-cluster deployments from a single interface, providing unified oversight across distinct computing environments. It employs a controller-based reconciliation loop to continuously monitor for co
Implements custom resource definitions and control loops to observe and enforce desired cluster states.
Argo Workflows is a container-native workflow engine that functions as a Kubernetes custom resource controller. It orchestrates complex sequences of containerized tasks by executing them as directed acyclic graphs, allowing for dependency management and parallel processing within a cluster. The system extends the native Kubernetes control plane to manage the full lifecycle of automated processes, from initial triggering to final resource cleanup. The platform distinguishes itself through its controller-pattern reconciliation, which continuously monitors workflow states to align them with desi
Extends the Kubernetes control plane by managing the lifecycle of automated processes through custom resource definitions and reconciliation loops.
This project is a Kubernetes controller that automates the issuance, renewal, and lifecycle management of TLS certificates. It functions as a native extension to the cluster API, using custom resource definitions and reconciliation loops to maintain the desired state of certificates and trust bundles across distributed services. By integrating directly with the cluster's admission control and secret storage systems, it ensures that cryptographic identities are consistently provisioned and available for application workloads. The project distinguishes itself through its extensive support for a
Provides a Kubernetes controller that automates the issuance, renewal, and lifecycle management of TLS certificates.
Crossplane is a Kubernetes-based control plane framework that functions as a cloud resource orchestrator and infrastructure-as-code platform. It enables the management of heterogeneous infrastructure by extending the Kubernetes API to provision and maintain external cloud services through declarative configuration. By utilizing custom resource controllers, it continuously reconciles the state of external infrastructure with defined desired states, ensuring consistent deployment and lifecycle management across multiple cloud providers. The platform distinguishes itself through its composition-
Provides a platform for building custom infrastructure APIs that manage cloud services using declarative Kubernetes-style configuration.
Reloader is a Kubernetes custom controller designed to automate pod restarts and synchronize running workloads with external configuration stores. It functions as a configuration reloader that triggers rolling upgrades for pods whenever referenced ConfigMaps or Secrets are updated. The tool distinguishes itself by integrating with external secret managers, CSI drivers, and GitOps workflows to ensure workloads are restarted when secrets from external stores change. It utilizes targeted filtering via labels and annotations to control which resources or namespaces trigger restarts, and it can pa
Implements a specialized operator that monitors the Kubernetes API to automate pod restarts during configuration updates.
This project is a Go language library that provides a programmatic interface for interacting with the Kubernetes API server. It serves as a client for managing cluster resources, offering both typed interfaces for compile-time safety and dynamic interfaces for unstructured data and custom resource management. The library includes a controller framework designed for building event-driven automation. This framework utilizes informers to maintain local resource caches and rate-limited work queues to decouple event detection from state reconciliation. High availability is supported through a lead
Provides a framework for building event-driven controllers that synchronize cluster state via reconciliation loops.
Kubebuilder is a framework and set of scaffolding tools used to build Kubernetes APIs and controllers. It functions as an operator framework that provides generators for custom resource definitions, admission webhooks, and RBAC manifests to extend cluster functionality. The project distinguishes itself through marker-based code generation, which parses source code comments to automatically produce Kubernetes manifests and boilerplate logic. It employs a hub-and-spoke versioning model to translate data between multiple API versions and uses a three-way merge strategy to automate project migrat
Generates the directory structure and reconciliation logic required to implement Kubernetes controllers.
Sealed Secrets is a Kubernetes secret encryption tool and controller designed for GitOps security. It provides a mechanism to encrypt sensitive data into specialized resources that can be safely stored in public version control systems and decrypted only within a cluster. The system uses an asymmetric encryption manager to seal secrets with a public key, ensuring that only the corresponding private key held within the cluster can unseal them. It includes utilities for security key rotation, secret re-encryption, and offline private key recovery to maintain data access during disaster recovery
Implements a Kubernetes controller that monitors for encrypted resources and transforms them into secrets.
Longhorn is a distributed block storage system and orchestrator for Kubernetes. It provides persistent, replicated block storage volumes that survive pod restarts and node failures by maintaining synchronous copies of data across multiple cluster nodes. The system implements the Container Storage Interface (CSI) for dynamic volume provisioning and attachment. It is distinguished by its support for shared read-write access to a single block volume across multiple pods, as well as the ability to export volume snapshots to external S3 or NFS targets for off-cluster disaster recovery. The platfo
Uses Kubernetes controllers and CRDs to manage the distributed state of storage volumes and replicas.
The Operator SDK is a framework for building, packaging, and managing custom controllers that extend the Kubernetes API. It serves as a toolset for defining new API types and implementing reconcile loops to automate the lifecycles of complex applications. The project provides specialized support for creating operators based on Helm charts or Ansible playbooks, allowing users to maintain a desired cluster state using existing automation tools. It includes a dedicated system for packaging controllers into standardized container image bundles for distribution via the Operator Lifecycle Manager.
Implements a framework for managing cluster state through declarative reconciliation loops and API server interactions.
Agones ist ein Kubernetes-Game-Server-Orchestrator, der für das Deployment, die Skalierung und die Verwaltung dedizierter Multiplayer-Game-Server-Prozesse in einem verteilten Cluster entwickelt wurde. Er bietet die notwendige Kerninfrastruktur, um einzelne oder gruppierte Serverprozesse zur Unterstützung von Echtzeit-Multiplayer-Gaming-Sessions bereitzustellen. Das System enthält einen Fleet-Manager zur Automatisierung des Lebenszyklus von Servergruppen basierend auf der Spielernachfrage sowie einen Health-Monitor zur Verfolgung der Konnektivität und des operativen Status aktiver Prozesse. Er integriert sich in Cluster-Autoscaler, um Server-Ressourcenanforderungen mit der Skalierung der Cloud-Infrastruktur zu synchronisieren. Die Orchestrierungsschicht deckt automatisierte Fleet-Skalierung und dediziertes Server-Hosting ab und nutzt Health-Monitoring zum Export operativer Metriken.
Employs the Kubernetes controller pattern with reconciliation loops to synchronize cluster state with game server configurations.
Kubernetes controller for GitHub Actions self-hosted runners
Manages runner lifecycle by watching custom resources and reconciling desired state through a control loop.
This is a Java client library for interacting with the Kubernetes API server. It provides a programmatic interface and a set of typed models to manage cluster resources, orchestrate state reconciliation, and administer pods and namespaces within a Kubernetes environment. The library enables the development of custom controllers by providing frameworks for implementing automated control loops that reconcile the actual state of resources with a desired target state. It supports the generation of strongly-typed Java classes from OpenAPI specifications and custom resource definitions to ensure ty
Provides frameworks for implementing automated control loops and declarative reconciliation for Kubernetes operators.
Kube-rs is a Rust client library and runtime for interacting with the Kubernetes API server. It provides a type-safe interface for managing cluster resources and state, including a toolkit for defining custom resource definitions and a framework for building admission webhooks to validate or mutate API requests. The project distinguishes itself through a dedicated controller runtime that implements event-driven reconciliation loops to align actual cluster state with desired configurations. It utilizes a streaming system to monitor resource changes and synchronize remote states into a local qu
Provides a dedicated runtime for building Kubernetes controllers with declarative reconciliation loops.
Dieses Projekt bietet ein Framework für den Aufbau von Kubernetes-Operatoren und benutzerdefinierten Controllern. Es bietet eine Reihe von Bibliotheken, die darauf ausgelegt sind, den Lebenszyklus von Cluster-Ressourcen zu verwalten, und ermöglicht es Entwicklern, den tatsächlichen Status eines Clusters mit einer gewünschten Konfiguration durch ereignisgesteuerte Abgleichsschleifen (Reconciliation Loops) zu synchronisieren. Das Framework zeichnet sich dadurch aus, dass es eine manager-orchestrierte Umgebung bereitstellt, die mehrere Controller und Webhooks innerhalb eines einzigen Prozesses koordiniert. Es enthält integrierte Unterstützung für optimistische Nebenläufigkeitskontrolle, um Update-Konflikte zu verhindern, und nutzt In-Memory-Informer-Caching, um eine synchronisierte lokale Sicht auf den Cluster-Status zu wahren, was die Last auf dem API-Server reduziert. Über den Kern-Abgleich hinaus enthält das Projekt Tools für schema-basiertes Ressourcen-Mapping, was die Registrierung benutzerdefinierter Ressourcendefinitionen ermöglicht. Es bietet zudem Mechanismen für Admission-Control, was die Validierung und Mutation von Ressourcenanfragen ermöglicht, um Compliance durchzusetzen, bevor Daten persistiert werden. Das Framework enthält eine dedizierte Testsuite, die ephemere, isolierte API-Server-Umgebungen hochfährt, um Controller-Logik gegen reales Cluster-Verhalten zu validieren.
Implements a framework for building custom controllers that synchronize cluster state through declarative reconciliation loops.
Dieses Projekt ist ein API-Gateway und Ingress-Controller, der für die Verwaltung von Datenverkehr, Sicherheit und Dienstkonnektivität innerhalb von Kubernetes-Umgebungen entwickelt wurde. Es fungiert als Controller, der den Cluster-Status überwacht, um Gateway-Konfigurationen mit gewünschten Infrastrukturdefinitionen abzugleichen und sicherzustellen, dass Netzwerkrichtlinien und Routing-Regeln über verteilte Bereitstellungen hinweg konsistent bleiben. Das System zeichnet sich durch eine modulare Request-Pipeline aus, die die Injektion benutzerdefinierter Logik zur Handhabung von Transformationen, Sicherheitsprüfungen und Protokollierung ermöglicht. Es unterstützt deklaratives Infrastrukturmanagement, wodurch Benutzer Verkehrsrichtlinien und Gateway-Einstellungen über versionskontrollierte Manifeste definieren können. Durch die Integration mit externem Secret-Storage und die Bereitstellung einer zentralen Kontrolle über mehrere Gateway-Instanzen hinweg behält es einen einheitlichen Ansatz für die Richtliniendurchsetzung und Identitätsverwaltung für API-Konsumenten bei. Über das Kern-Routing hinaus bietet die Plattform umfassende Verkehrsmanagement-Funktionen, einschließlich Load Balancing, Gesundheitsüberwachung und Request-Path-Modifikation für HTTP-, TCP- und gRPC-Protokolle. Sie erleichtert die sichere Kommunikation durch integriertes Zertifikatsmanagement und ermöglicht die Gruppierung von Konsumentenrichtlinien, um eine konsistente Zugriffskontrolle über Service-Architekturen hinweg sicherzustellen.
Uses Kubernetes reconciliation loops to maintain gateway configuration state based on cluster manifest definitions.
This project is a Kubernetes ingress controller that manages external traffic by dynamically configuring the HAProxy load balancer. It functions as a bridge between cluster resources and the network data plane, translating high-level ingress definitions into active proxy configurations to route HTTP, TCP, and UDP traffic into containerized environments. The controller distinguishes itself through a decoupled architecture that separates control plane logic from the proxy process, allowing for independent lifecycle management and versioning. It utilizes template-based configuration generation a
Manages cluster state through declarative reconciliation loops to translate ingress definitions into proxy configurations.
This project is a Kubernetes controller that automates the management of public-facing network resources and secure ingress connectivity. It functions by observing custom resource definitions to reconcile the desired state of network traffic with the actual configuration of internal services. The controller manages network connectivity by establishing secure outbound tunnels, which eliminates the requirement for traditional inbound firewall ports or port forwarding. It integrates directly with external cloud management interfaces to automate the lifecycle of these tunnels and synchronize doma
Implements a control loop that observes cluster resource states and reconciles them to maintain network connectivity.
Dieses Projekt ist ein Kubernetes Ingress Controller, der als API-Gateway und Traffic-Manager für containerisierte Umgebungen fungiert. Er überwacht Cluster-Ereignisse und übersetzt native Ingress-Ressourcendefinitionen in aktive Routing-Konfigurationen, wodurch sichergestellt wird, dass externer Datenverkehr gemäß deklarativen Vorgaben an interne Dienste weitergeleitet wird. Der Controller zeichnet sich durch seine Fähigkeit aus, als spezialisiertes Gateway für KI-Modelle zu fungieren und einen sicheren Einstiegspunkt zu bieten, der Ratenbegrenzungen, Inhaltsmoderation und Prompt-Guardrails durchsetzt. Er unterstützt dynamische Konfigurations-Updates, sodass Traffic-Management-Richtlinien in Echtzeit geändert werden können, ohne den Gateway-Prozess neu zu starten. Darüber hinaus nutzt das System eine Plugin-basierte Architektur, die die Injektion benutzerdefinierter Logik und eine zentrale Richtlinien-Orchestrierung über mehrere Service-Endpunkte hinweg ermöglicht. Über die Kern-Routing-Funktionen hinaus bietet das Projekt umfassende Tools für API-Sicherheit, einschließlich Anforderungsauthentifizierung und Consumer-Management. Es erleichtert das Protokoll-Bridging zwischen verschiedenen Netzwerkkommunikationsstandards und erhält die Systemintegrität durch integriertes Performance-Monitoring und den Export operativer Metriken. Die Architektur unterstützt flexible Bereitstellungsmodi, um die Kapazität der Traffic-Verarbeitung über verschiedene Infrastrukturumgebungen hinweg zu skalieren.
Watches cluster resource changes and reconciles the actual state of the gateway infrastructure to match desired configuration definitions.