README
¶
ocp-controller
ocp-controller is a Kubernetes controller first designed to automate configuration of Styra DAS, later rewritten to configure OPA Control Plane. With the use of CustomResourceDefinitions, ocp-controller enables sources and bundles to be configured, without a manual process. By doing this we can guarantee that no changes are done to OPA Control Plane manually, which makes change management and compliance easier.
In order to ease configuration of OPA OPA, the controller automatically creates ConfigMaps and Secrets which contain the configuration and connection details for these components. The controller creates credentials for each unique system/bundle in s3.
Architectural overview
ocp-controller sits in a Kubernetes cluster and ensures that sources and bundles are created in OPA Control Plane. It then creates ConfigMaps and Secrets with relevant configuration and connection details.
CustomResourceDefinitions
A core feature of the ocp-controller is to monitor the Kubernetes API server for changes to specific objects and ensure that the current OPA Control Plane resources match these objects. The controller acts on the following custom resource definitions (CRDs).
System, which defines a OPA Control Plane source configuration and its bundle.Library, which defines a Library resource in OPA Control Plane.
For more information about these resources, see the design document or the full api reference.
Installation
For a guide on how to install ocp-controller, see the installation instructions.
Limitations
The ocp-controller is in late 2025 refactored to accommodate the needs we had in Bankdata, while migrating from Styra DAS to OPA Control Plane. This means that the feature set currently has some limitations. The following is a few of the most important ones.
- Only supports OCP ObjectStorage: AmazonS3 (at first only MinIO is supported)
- Stacks are currently unsupported
These limitations merely reflect the current state, and we might change them and add new features when the need for them arises. If you want to help removing any of these limitations, feel free to open an issue or submit a pull request.
Contributing
For a guide on how to contribute to the ocp-controller project as well as how to deploy the ocp-controller for testing purposes see CONTRIBUTING.md.
Security
For more information about the security policy of the project see SECURITY.md
Directories
¶
| Path | Synopsis |
|---|---|
|
api
|
|
|
config/v2alpha2
Package v2alpha2 contains API Schema definitions for the config v2alpha2 API group +kubebuilder:object:generate=true +kubebuilder:skip +groupName=config.bankdata.dk
|
Package v2alpha2 contains API Schema definitions for the config v2alpha2 API group +kubebuilder:object:generate=true +kubebuilder:skip +groupName=config.bankdata.dk |
|
styra/v1alpha1
Package v1alpha1 contains API Schema definitions for the styra v1alpha1 API group.
|
Package v1alpha1 contains API Schema definitions for the styra v1alpha1 API group. |
|
styra/v1beta1
Package v1beta1 contains API Schema definitions for the styra v1beta1 API group.
|
Package v1beta1 contains API Schema definitions for the styra v1beta1 API group. |
|
test/v1
Package v1 contains API Schema definitions for the test v1 API group.
|
Package v1 contains API Schema definitions for the test v1 API group. |
|
Package main is the main entrypoint used when running the controller.
|
Package main is the main entrypoint used when running the controller. |
|
internal
|
|
|
config
Package config provides utilities for reading configfiles
|
Package config provides utilities for reading configfiles |
|
controller/styra
Package styra holds controllers for the styra API group.
|
Package styra holds controllers for the styra API group. |
|
errors
Package errors contains errors.
|
Package errors contains errors. |
|
fields
Package fields contains helpers for working with fields in the CRDs.
|
Package fields contains helpers for working with fields in the CRDs. |
|
finalizer
Package finalizer contains helpers for working with the controller finalizer.
|
Package finalizer contains helpers for working with the controller finalizer. |
|
k8sconv
Package k8sconv contains helpers related to converting data to Kubernetes resources.
|
Package k8sconv contains helpers related to converting data to Kubernetes resources. |
|
labels
Package labels contains helpers for working with labels.
|
Package labels contains helpers for working with labels. |
|
predicate
Package predicate contains predicates used by the controllers.
|
Package predicate contains predicates used by the controllers. |
|
sentry
Package sentry contains a reconciler middleware which sends errors to Sentry.
|
Package sentry contains a reconciler middleware which sends errors to Sentry. |
|
template
Package template is a placeholder file to make Go vendor this directory properly.
|
Package template is a placeholder file to make Go vendor this directory properly. |
|
webhook
Package webhook contains helpers for the notifaction webhooks of the controller.
|
Package webhook contains helpers for the notifaction webhooks of the controller. |
|
webhook/styra/v1alpha1
Package v1alpha1 contains webhook code for version v1alpha1
|
Package v1alpha1 contains webhook code for version v1alpha1 |
|
webhook/styra/v1beta1
Package v1beta1 contains webhook code for version v1beta1
|
Package v1beta1 contains webhook code for version v1beta1 |
|
pkg
|
|
|
httperror
Package httperror defines functionality for handling HTTP errors
|
Package httperror defines functionality for handling HTTP errors |
|
ocp
Package ocp provides functionality for interacting with the OCP API.
|
Package ocp provides functionality for interacting with the OCP API. |
|
ptr
Package ptr contains helpers for creating pointers to built-in types.
|
Package ptr contains helpers for creating pointers to built-in types. |
|
s3
Package s3 contains a client for interacting with S3 compatible object storage.
|
Package s3 contains a client for interacting with S3 compatible object storage. |
|
styra
Package styra holds a client and helpers for interacting with the Styra APIs.
|
Package styra holds a client and helpers for interacting with the Styra APIs. |