Operators
Control Plane Operators
Specialized controllers that extend Kubernetes with domain-specific functionality
What are Operators?
In addition to the core components, the control plane runs custom operators. These are specialized control loops designed to manage complex domain-specific applications and configurations. These operators extend Kubernetes functionality using the Operator pattern, combining custom resource definitions (CRDs) with controllers that automate lifecycle management.
Each operator encapsulates a distinct domain of responsibility, operating independently with minimal interdependencies, which promotes modularity, simplifies maintenance, and enhances the scalability of the overall control plane architecture.
Operator Benefits
- 🔧 Domain-specific logic
- 🛠️ Automated lifecycle management
- 🔗 Minimal interdependencies
- 💡 Specialized expertise
How Operators Work
Operator Pattern
Operators follow the Kubernetes controller pattern, continuously reconciling the actual state with the desired state. They extend the Kubernetes API with custom resources that represent application-specific concepts.
The basic operation of an operator consists of:
- Watching for changes to specific custom resources
- Analyzing the difference between desired and current state
- Taking action to make the current state match the desired state
- Reporting status back to the custom resource
Control Plane Operators
The Control Plane includes the following specialized operators, each responsible for managing specific domain resources:
Component | Description | Link |
---|---|---|
Rover Operator | Manages the lifecycle of Rover-domain resources such as Rovers and ApiSpecifications. Handles deployment, scaling, and monitoring of Rover resources. | Documentation → |
Application Operator | Manages the lifecycle of resources of kind Application. Coordinates the deployment and configuration of application components. | Documentation → |
Admin Operator | Manages the lifecycle of Admin-domain resources such as Environments, Zones and RemoteOrganizations. Handles platform-level administrative functions. | Documentation → |
Organization Operator | Manages the lifecycle of Organization-domain resources such as Groups and Teams. Handles organizational structure and membership. | Documentation → |
Api Operator | Manages the lifecycle of API-domain resources such as Apis, ApiExposures, ApiSubscriptions and RemoteApiSubscriptions. Controls API visibility and access. | Documentation → |
Gateway Operator | Manages the lifecycle of Gateway-domain resources such as Gateways, Gateway-Realms, Consumers, Routes and ConsumerRoutes. Handles API routing and proxying. | Documentation → |
Identity Operator | Manages the lifecycle of Identity-domain resources such as IdentityProviders, Identity-Realms and Clients. Handles authentication and identity management. | Documentation → |
Approval Operator | Manages the lifecycle of resources of kind Approval. Implements access control workflows and approval processes. | Documentation → |
These operators work alongside the Kubernetes API server and etcd, watching for changes to custom resources and ensuring the actual state of their managed components aligns with the desired configuration.
Operator Architecture
Modular Design
Control Plane operators are designed to be modular, with each operator focusing on a specific domain of responsibility.
Each operator in the Control Plane follows a similar architectural pattern:
Core Components
- Custom Resource Definition (CRD): Defines the schema and validation for the custom resource
- Controller: Implements the reconciliation logic
- Kubernetes Resources: Standard or custom resources created and managed by the operator
- Status Subresource: Used to report the current state of the managed resources
Operator Interactions
Rover & Application
The Rover Operator and Application Operator work together to deploy and manage application workloads, with Applications containing Rovers that are deployed to appropriate zones.
API & Gateway
The API Operator and Gateway Operator collaborate to expose APIs to consumers, with the API Operator managing API definitions and the Gateway Operator handling routing and access control.
Identity & Approval
The Identity Operator and Approval Operator cooperate on authentication and authorization, with the Identity Operator managing identities and the Approval Operator handling access approval workflows.
Admin & Organization
The Admin Operator and Organization Operator establish the hierarchical structure, with Admin resources defining the platform environment and Organization resources defining team structure.
For more details on how these operators interact within the overall system architecture, see the Architecture page.
Custom Resources
Each operator defines and manages several custom resources. Here are some key custom resources:
Application
Defines a logical grouping of related services and components that make up an application.
Rover
Represents a deployable workload that can be scheduled on a Kubernetes cluster.
API
Defines an API provided by a service, including its specifications and metadata.
Team
Represents a development or operational team that owns and manages resources.
Zone
Defines a deployment target with specific capabilities where workloads can run.
Gateway
Configures API routing and access control for exposed services.
Related Pages
- Components: Learn about the core components of the Control Plane
- Architecture: See how operators fit into the overall system design
- Infrastructure: Explore the underlying infrastructure components required by operators