ocp-controller

ocp-controller is a Kubernetes controller first designed to automate configuration of Styra DAS, later rewritten to configure OPA Control Plane. With the use of CustomResourceDefinitions, ocp-controller enables sources and bundles to be configured, without a manual process. By doing this we can guarantee that no changes are done to OPA Control Plane manually, which makes change management and compliance easier.

In order to ease configuration of OPA OPA, the controller automatically creates ConfigMaps and Secrets which contain the configuration and connection details for these components. The controller creates credentials for each unique system/bundle in s3.

Architectural overview

ocp-controller sits in a Kubernetes cluster and ensures that sources and bundles are created in OPA Control Plane. It then creates ConfigMaps and Secrets with relevant configuration and connection details.

diagram over the controller architecture

CustomResourceDefinitions

A core feature of the ocp-controller is to monitor the Kubernetes API server for changes to specific objects and ensure that the current OPA Control Plane resources match these objects. The controller acts on the following custom resource definitions (CRDs).

System, which defines a OPA Control Plane source configuration and its bundle.
Library, which defines a Library resource in OPA Control Plane.

For more information about these resources, see the design document or the full api reference.

Installation

For a guide on how to install ocp-controller, see the installation instructions.

Limitations

The ocp-controller is in late 2025 refactored to accommodate the needs we had in Bankdata, while migrating from Styra DAS to OPA Control Plane. This means that the feature set currently has some limitations. The following is a few of the most important ones.

Only supports OCP ObjectStorage: AmazonS3 (at first only MinIO is supported)
Stacks are currently unsupported

These limitations merely reflect the current state, and we might change them and add new features when the need for them arises. If you want to help removing any of these limitations, feel free to open an issue or submit a pull request.

Contributing

For a guide on how to contribute to the ocp-controller project as well as how to deploy the ocp-controller for testing purposes see CONTRIBUTING.md.

Security

For more information about the security policy of the project see SECURITY.md

Name		Name	Last commit message	Last commit date
Latest commit History 366 Commits
.github		.github
api		api
build/package		build/package
cmd		cmd
config		config
docs		docs
hack		hack
internal		internal
pkg		pkg
scripts/gen-api-docs		scripts/gen-api-docs
test/integration/controller		test/integration/controller
.gitignore		.gitignore
.golangci.yml		.golangci.yml
.goreleaser.yaml		.goreleaser.yaml
.mockery.yaml		.mockery.yaml
CODEOWNERS		CODEOWNERS
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE		LICENSE
Makefile		Makefile
PROJECT		PROJECT
README.md		README.md
SECURITY.md		SECURITY.md
go.mod		go.mod
go.sum		go.sum
tools.go		tools.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

ocp-controller

Architectural overview

CustomResourceDefinitions

Installation

Limitations

Contributing

Security

About

Uh oh!

Releases 85

Packages

Uh oh!

Uh oh!

Contributors 7

Uh oh!

Languages

License

Bankdata/styra-controller

Folders and files

Latest commit

History

Repository files navigation

ocp-controller

Architectural overview

CustomResourceDefinitions

Installation

Limitations

Contributing

Security

About

Topics

Resources

License

Code of conduct

Contributing

Security policy

Uh oh!

Stars

Watchers

Forks

Releases 85

Packages 0

Uh oh!

Uh oh!

Contributors 7

Uh oh!

Languages

Packages