styra-controller is a Kubernetes controller designed to automate configuration of Styra DAS. With the use of CustomResourceDefinitions, styra-controller enables systems and datasources to be configured, without having to do it through the GUI. By doing this we can gurantee that no changes are done to Styra DAS manually, which makes change management and compliance easier.
In order to ease configuration of OPA and Styra Local Plane (SLP), the controller automatically creates ConfigMaps and Secrets which contain the configuration and connection details for these components.
styra-controller sits in a Kubernetes cluster and ensures that systems and datasources are created in Styra DAS. It then creates ConfigMaps and Secrets where relevant configuration and connection details can be read.
A core feature of the styra-controller is to monitor the Kubernetes API server for changes to specific objects and ensure that the current Styra DAS resources match these objects. The controller acts on the following custom resource definitions (CRDs).
System, which defines a Styra DAS system configuration, its datasources and users with access.Library, which defines a Library resource in Styra DAS.
For more information about these resources see the design document or the full api reference.
For a guide on how to install styra-controller see the installation instructions.
The styra-controller is a rather new project made to accomodate the needs we have in Bankdata. This means that the feature set currently has some limitations. The following is a few of the most important ones.
- Only supported datasource category for datasources added to systems is
JSON - Git ssh auth is not supported
- Only supported system type is
custom - Stacks are currently unsupported
These limitations merely reflect the current state, and we might change them and add new features when the need for them arises. If you want to help removing any of these limitations feel free to open an issue or submit a pull request.
For a guide on how to contribute to the styra-controller project as well as how to deploy the styra-controller for testing purposes see CONTRIBUTING.md.
For more information about the security policy of the project see SECURITY.md