Skip to main content

Operators

Control Plane Operators

Specialized controllers that extend Kubernetes with domain-specific functionality

What are Operators?

In addition to the core components, the control plane runs custom operators. These are specialized control loops designed to manage complex domain-specific applications and configurations. These operators extend Kubernetes functionality using the Operator pattern, combining custom resource definitions (CRDs) with controllers that automate lifecycle management.

Each operator encapsulates a distinct domain of responsibility, operating independently with minimal interdependencies, which promotes modularity, simplifies maintenance, and enhances the scalability of the overall control plane architecture.

Operator Benefits

  • 🔧 Domain-specific logic
  • 🛠️ Automated lifecycle management
  • 🔗 Minimal interdependencies
  • 💡 Specialized expertise

How Operators Work

Operator Pattern

Operators follow the Kubernetes controller pattern, continuously reconciling the actual state with the desired state. They extend the Kubernetes API with custom resources that represent application-specific concepts.

The basic operation of an operator consists of:

  1. Watching for changes to specific custom resources
  2. Analyzing the difference between desired and current state
  3. Taking action to make the current state match the desired state
  4. Reporting status back to the custom resource

Control Plane Operators

The Control Plane includes the following specialized operators, each responsible for managing specific domain resources:

ComponentDescriptionLink
Rover OperatorManages the lifecycle of Rover-domain resources such as Rovers and ApiSpecifications. Handles deployment, scaling, and monitoring of Rover resources.Documentation →
Application OperatorManages the lifecycle of resources of kind Application. Coordinates the deployment and configuration of application components.Documentation →
Admin OperatorManages the lifecycle of Admin-domain resources such as Environments, Zones and RemoteOrganizations. Handles platform-level administrative functions.Documentation →
Organization OperatorManages the lifecycle of Organization-domain resources such as Groups and Teams. Handles organizational structure and membership.Documentation →
Api OperatorManages the lifecycle of API-domain resources such as Apis, ApiExposures, ApiSubscriptions and RemoteApiSubscriptions. Controls API visibility and access.Documentation →
Gateway OperatorManages the lifecycle of Gateway-domain resources such as Gateways, Gateway-Realms, Consumers, Routes and ConsumerRoutes. Handles API routing and proxying.Documentation →
Identity OperatorManages the lifecycle of Identity-domain resources such as IdentityProviders, Identity-Realms and Clients. Handles authentication and identity management.Documentation →
Approval OperatorManages the lifecycle of resources of kind Approval. Implements access control workflows and approval processes.Documentation →

These operators work alongside the Kubernetes API server and etcd, watching for changes to custom resources and ensuring the actual state of their managed components aligns with the desired configuration.

Operator Architecture

Modular Design

Control Plane operators are designed to be modular, with each operator focusing on a specific domain of responsibility.

Each operator in the Control Plane follows a similar architectural pattern:

Core Components

  1. Custom Resource Definition (CRD): Defines the schema and validation for the custom resource
  2. Controller: Implements the reconciliation logic
  3. Kubernetes Resources: Standard or custom resources created and managed by the operator
  4. Status Subresource: Used to report the current state of the managed resources

Operator Interactions

Rover & Application

The Rover Operator and Application Operator work together to deploy and manage application workloads, with Applications containing Rovers that are deployed to appropriate zones.

API & Gateway

The API Operator and Gateway Operator collaborate to expose APIs to consumers, with the API Operator managing API definitions and the Gateway Operator handling routing and access control.

Identity & Approval

The Identity Operator and Approval Operator cooperate on authentication and authorization, with the Identity Operator managing identities and the Approval Operator handling access approval workflows.

Admin & Organization

The Admin Operator and Organization Operator establish the hierarchical structure, with Admin resources defining the platform environment and Organization resources defining team structure.

For more details on how these operators interact within the overall system architecture, see the Architecture page.

Custom Resources

Each operator defines and manages several custom resources. Here are some key custom resources:

Application

Defines a logical grouping of related services and components that make up an application.

Rover

Represents a deployable workload that can be scheduled on a Kubernetes cluster.

API

Defines an API provided by a service, including its specifications and metadata.

Team

Represents a development or operational team that owns and manages resources.

Zone

Defines a deployment target with specific capabilities where workloads can run.

Gateway

Configures API routing and access control for exposed services.

  • Components: Learn about the core components of the Control Plane
  • Architecture: See how operators fit into the overall system design
  • Infrastructure: Explore the underlying infrastructure components required by operators