/styra-controller

Primary LanguageGoApache License 2.0Apache-2.0

Go Report Card Go Reference Release Gitmoji

styra-controller

styra-controller is a Kubernetes controller designed to automate configuration of Styra DAS. With the use of CustomResourceDefinitions, styra-controller enables systems and datasources to be configured, without having to do it through the GUI. By doing this we can gurantee that no changes are done to Styra DAS manually, which makes change management and compliance easier.

In order to ease configuration of OPA and Styra Local Plane (SLP), the controller automatically creates ConfigMaps and Secrets which contain the configuration and connection details for these components.

Arcitectural overview

styra-controller sits in a Kubernetes cluster and ensures that systems and datasources are created in Styra DAS. It then creates ConfigMaps and Secrets where relevant configuration and connection details can be read.

diagram over the controller architecture

CustomResourceDefinitions

A core feature of the styra-controller is to monitor the Kubernetes API server for changes to specific objects and ensure that the current Styra DAS resources match these objects. The controller acts on the following custom resource definitions (CRDs).

  • System, which defines a Styra DAS system configuration, its datasources and users with access.
  • GlobalDatasource, which defines a global datasource resource in Styra DAS.
  • Library, which defines a Library resource in Styra DAS.

For more information about these resources see the design document or the full api reference.

Installation

For a guide on how to install styra-controller see the installation instructions.

Limitations

The styra-controller is a rather new project made to accomodate the needs we have in Bankdata. This means that the feature set currently has some limitations. The following is a few of the most important ones.

  • Only supported datasource category for datasources added to systems is JSON
  • Git ssh auth is not supported
  • Only supported system type is custom
  • Stacks are currently unsupported

These limitations merely reflect the current state, and we might change them and add new features when the need for them arises. If you want to help removing any of these limitations feel free to open an issue or submit a pull request.

Contributing

For a guide on how to contribute to the styra-controller project as well as how to deploy the styra-controller for testing purposes see CONTRIBUTING.md.

Security

For more information about the security policy of the project see SECURITY.md