Skip to content

restatedev/restate-operator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

91 Commits

.github/workflows

.github/workflows

 
 

charts/restate-operator-helm

charts/restate-operator-helm

 
 

crd

crd

 
 

docker

docker

 
 

src

src

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

Cargo.lock

Cargo.lock

 
 

Cargo.toml

Cargo.toml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

justfile

justfile

 
 

Repository files navigation

Restate Operator

A Kubernetes operator that creates Restate clusters. Supported features:

  • Online volume expansion
  • Network security via NetworkPolicy
  • Manage credentials using EKS Pod Identity
  • Manage security groups using Security Groups for Pods
  • Sign requests using private keys from Secrets or CSI Secret Store

Usage

Installing

helm install restate-operator oci://ghcr.io/restatedev/restate-operator-helm --namespace restate-operator --create-namespace

Creating a cluster

The operator watches RestateCluster objects, which are not namespaced. A Namespace with the same name as the RestateCluster will be created, in which a StatefulSet, Service, and NetworkPolicies are created.

An example RestateCluster:

apiVersion: restate.dev/v1
kind: RestateCluster
metadata:
  name: restate-test
spec:
  compute:
    image: restatedev/restate:0.8.0
  storage:
    storageRequestBytes: 2147483648 # 2 GiB

For the full schema as a Pkl template see crd/RestateCluster.pkl.

EKS Pod Identity

EKS Pod Identity is a convenient way to have a single AWS role shared amongst many Restate clusters, where the AWS identities will contain tags detailing their Kubernetes identity. This can be useful for access control eg 'Restate clusters in namespace my-cluster may call this Lambda'.

This operator can create objects for the AWS ACK EKS controller such that pod identity associations are created for each RestateCluster. To enable this functionality the operator must be started with knowledge of the EKS cluster name, by setting awsPodIdentityAssociationCluster in the helm chart. If this option is set, the ACK CRDs must be installed or the operator will fail to start. Then, you may provide awsPodIdentityAssociationRoleArn in the RestateCluster spec.

EKS Security Groups for Pods

EKS Security Groups for Pods allows you to isolate pods into separate AWS Security Groups, which is a powerful security primitive which can help you limit Restate to public IP access, as well as to obtain VPC flow logs.

The operator can create SecurityGroupPolicy objects which put Restate pods into a set of Security Groups. If this CRD is installed, you may provide awsPodSecurityGroups in the RestateCluster spec.

Releasing

  1. Update the version in charts/restate-operator/Chart.yaml and the version in Cargo.{toml,lock} eg to 0.0.2
  2. Push a new tag v0.0.2
  3. Accept the draft release once the workflow finishes

About

Deploy Restate clusters easily on Kubernetes

restate.dev/

Topics

kubernetes operator restate

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

3 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases 31

v1.0.0 Latest
Jun 7, 2024
+ 30 releases

Packages 2

 
 

Contributors 2

Languages