freeipa-operator

README

FreeIPA Operator

An integrated Identity and Authentication solution for Linux/UNIX networked environments. IPA stands for "Identity, Policy, Audit". Comparatively, it provides a solution similar to Microsoft Active Directory for *NIX environments.

At it's core, FreeIPA uses the 389 LDAP server for storage of all client information. 389 has solid replication capabilities, but it's data sets depend on IP addresses that stay coupled to specific instance data. This creates challenges in an ephemeral container environment.

The FreeIPA operator works to bridge these challenges so users can focus on the value proposition of FreeIPA instead of spending weeks getting it settled and reliable in a continerized environment.

Tooling and Dependencies

The operator is based on Kubebuilder v2. The container itself comes from the FreeIPA Container project.

Dependencies for the project are provided by dep. dep ensure will bring in the vendor directory based on the Gopkg.toml file at the root of the project.

Building

The specifics of using Kubebuilder are at https://book.kubebuilder.io. You can review that for complete documentation on build options. Here are a few:

• make generate - Will create the CRDs and deepcopy routines. This is good if you want to run from your IDE debugger.
• make install - Install the generated CRD to the current cluster context.
• make run - This will run the controller against the cluster currently configured in your ~/.kube/config. In this case, debugging is up to you (such as connecting Delve to the running process).
• make test - Uses the Ginkgo test framework to start an in-process Kubernetes control plane and run the controller through available unit tests.

In general, once files are generated, the cmd/manager/main.go can be run from your IDE for debugging.

Please take a closer look at the Makefile for other options.

Contributing

Please feel free to engage with issues and PRs. It's imagined this project will reach basic maturity pretty quickly (especially now that the author is back from a Summer 2019 sabbatical), but there's a lot of benefits that the operator pattern could bring to FreeIPA, such as managing backups, upgrades and monitoring with Prometheus.

Status

This project is in development phase. We'll keep this page updated as we get usable features.

Code of conduct

This project is for everyone. We ask that our users and contributors take a few minutes to review our code of conduct.

License

FreeIPA Operator is copyright 2018 The FreeIPA Operator Authors. All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use these files except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.