
APPUiO Cloud Control API

Primary LanguageGoApache License 2.0Apache-2.0

Build Go version Kubernetes version Version Maintainability GitHub downloads


Generate Kubernetes code

If you make changes to the CRD structs you'll need to run code generation. This can be done with make:

make generate


See make help for a list of build targets.

  • make build: Build binary for linux/amd64
  • make build -e GOOS=darwin -e GOARCH=arm64: Build binary for macos/arm64
  • make build.docker: Build Docker image for local environment

Install CRDs

CRDs can be installed on the cluster by running kubectl apply -k config/crd/apiextensions.k8s.io/v1.

Local development environment

You can setup a kind-based local environment with

make local-env-setup

See the local-env/README.md for more details on the local environment setup.

Please be aware that the productive deployment of the control-api may run on a different Kubernetes distribution than kind.

Running the control-api API server locally

You can run the control-api API server locally against the currently configured Kubernetes cluster with

make run-api

To access the locally running API server, you need to register it with the kind-based local environment. You can do this by applying the following.

The externalName needs to be changed to your specific host IP. When running kind on Linux you can find it with docker inspect.

On some docker distributions the host IP is accessible via host.docker.internal.

HOSTIP=$(docker inspect control-api-v1.25.3-control-plane | jq '.[0].NetworkSettings.Networks.kind.Gateway')
# HOSTIP=host.docker.internal # On some docker distributions

cat <<EOF | sed -e "s/$HOSTIP/g" | kubectl apply -f -
apiVersion: apiregistration.k8s.io/v1
kind: APIService
  name: v1.organization.appuio.io
  insecureSkipTLSVerify: true
  group: organization.appuio.io
  groupPriorityMinimum: 1000
  versionPriority: 15
    name: apiserver
    namespace: default
    port: 9443
  version: v1
apiVersion: apiregistration.k8s.io/v1
kind: APIService
  name: v1.billing.appuio.io
  insecureSkipTLSVerify: true
  group: billing.appuio.io
  groupPriorityMinimum: 1000
  versionPriority: 15
    name: apiserver
    namespace: default
    port: 9443
  version: v1
apiVersion: apiregistration.k8s.io/v1
kind: APIService
  name: v1.user.appuio.io
  insecureSkipTLSVerify: true
  group: user.appuio.io
  groupPriorityMinimum: 1000
  versionPriority: 15
    name: apiserver
    namespace: default
    port: 9443
  version: v1
apiVersion: v1
kind: Service
  name: apiserver
  namespace: default
  - port: 9443
    protocol: TCP
    targetPort: 9443
  type: ExternalName
  externalName: # Change to host IP

After that you should be able to access your (with make run running) API server with

kubectl get organizations

Running the control-api controller locally

You can run the control-api controller locally against the currently configured Kubernetes cluster with

make run-controller

To access the locally running controller webhook server, you need to register it with the kind-based local environment. You can do this by applying the following manifests:

HOSTIP=$(docker inspect control-api-v1.25.3-control-plane | jq '.[0].NetworkSettings.Networks.kind.Gateway')

cat <<EOF | sed -e "s/$HOSTIP/g" | kubectl apply -f -
apiVersion: v1
kind: Service
  name: webhook-service
  namespace: default
  - port: 9444
    protocol: TCP
    targetPort: 9444
  type: ExternalName
  externalName: # Change to host IP

kubectl patch validatingwebhookconfiguration validating-webhook-configuration \
  -p '{
    "webhooks": [
        "name": "validate-invitations.user.appuio.io",
        "clientConfig": {
          "caBundle": "'"$(base64 -w0 "./local-env/webhook-certs/tls.crt)"'",
          "service": {
            "namespace": "default",
            "port": 9444
        "name": "validate-users.appuio.io",
        "clientConfig": {
          "caBundle": "'"$(base64 -w0 "./local-env/webhook-certs/tls.crt)"'",
          "service": {
            "namespace": "default",
            "port": 9444