cloud-ingress-operator
by
openshift

Description: Operator to manage cloud Ingress/Load balancer scheme, switching between public/private modes

View on GitHub ↗

Summary Information

Updated 1 hour ago
Added to GitGenius on March 6th, 2026
Created on December 10th, 2019
Open Issues & Pull Requests: 7 (+0)
Number of forks: 77
Total Stargazers: 36 (+0)
Total Subscribers: 36 (+0)

Issue Activity (beta)

Open issues: 1
New in 7 days: 0
Closed in 7 days: 0
Avg open age: 342 days
Stale 30+ days: 0
Stale 90+ days: 0

Recent activity

Opened in 7 days: 0
Closed in 7 days: 0
Comments in 7 days: 0
Events in 7 days: 0

Top labels

  • lifecycle/rotten (1)

Most active issues this week

No issue events were indexed in the last 7 days.

Repository Insights (GitGenius)

Median issue/PR response: 21.2 hours
Mean response time: 21.2 hours
90th percentile: 21.2 hours
Tracked items: 1

Most active contributors

Detailed Description

The cloud-ingress-operator is a Kubernetes operator built in Go that manages the public and private accessibility modes of OpenShift Dedicated 4.x clusters. It enables toggling between public and private configurations for critical cluster endpoints through custom Kubernetes resources, specifically the APIScheme and PublishingStrategy custom resources. The operator addresses a specific operational need within OpenShift Dedicated environments where cluster administrators and SRE teams must maintain access to clusters while allowing customers to control external accessibility.

The operator manages two primary cluster components independently: the default API server endpoint at api.<cluster-domain> and the ingress endpoints, with support for a default ingress at *.apps.<cluster-domain> and an optional secondary ingress at *.apps2.<cluster-domain>. To ensure continued access for Hive and SRE personnel, the operator creates an additional admin API endpoint, typically named rh-api.<cluster-domain>, which remains accessible regardless of the public or private configuration chosen by the customer. This separation of concerns allows customers to restrict external access while preserving operational capabilities for cluster management.

The APIScheme custom resource instructs the operator to create and configure the admin API endpoint, including security group rules that control which traffic sources can access the endpoint. The PublishingStrategy custom resource handles the toggling of privacy modes, allowing independent configuration of the API server and ingress endpoints. Users can specify whether each endpoint should be publicly accessible or private, configure TLS certificates for ingresses, and define route selectors. The operator supports configuring additional application ingresses beyond the default, though OpenShift Dedicated currently limits deployments to the default plus one additional ingress.

The operator is built with operator-sdk and maintains a tight dependency on the AWS cluster provider, specifically pinned to the OpenShift fork of cluster-api-provider-aws to access v1beta1 API features. According to GitGenius activity tracking, the repository shows a median issue and pull request response latency of 21.2 hours across tracked items, with sebrandon1 identified as the most active triager and contributor. The repository maintains overlapping contributors with openshift/certman-operator, openshift/hive, and openshift/image-registry, indicating integration points within the broader OpenShift ecosystem.

The operator includes deprecation handling for the applicationIngress feature, with version-aware behavior that changes based on the OpenShift Container Platform version. For clusters running OCP 4.13.0 or greater with the legacy-ingress-support feature label disabled, the operator does not reconcile IngressController resources at all. For earlier versions, it continues to manage the default ingress controller but prevents creation of additional apps2 ingress controllers, with exceptions for customers with existing apps2 installations who can continue managing them until migration to natively managed second ingress controllers.

Testing and debugging capabilities are documented for both manual deployment scenarios and local development. The operator can be manually deployed to clusters by pausing syncsets, building custom images, and applying deployment manifests. Manual testing procedures address race conditions with the cluster-ingress-operator by providing step-by-step validation of ingress controller creation and configuration. Developers can debug the operator on existing OSD clusters by scaling down competing operators and using standard debugging tools like VSCode with appropriate launch configurations.

cloud-ingress-operator
by
openshiftopenshift/cloud-ingress-operator

Repository Details

Fetching additional details & charts...