An operator is a specifc type of controller that provides a higher level of abstraction for deploying complex resources using custom resource definitions (CRD's). While a controller normally extends or configures existing resources, an operator deploys the resources themeselves.
See awesome-operators.
| Controller | Description |
|---|---|
| uswitch/sqs-autoscaler-controller | |
| hjacobs/kube-aws-autoscaler | cluster autoscaler for AWS Auto Scaling Groups |
| pusher/k8s-spot-rescheduler | Tries to move pods from on-demand to spot instances |
| hex108/cron-hpa-controller | |
| estafette/estafette-gke-preemptible-killer | ensures deletion of preemptible nodes in a GKE cluster is spread out to avoid the risk of all getting deleted at the same time after 24 hour |
| atlassian/escalator | batch or job optimized horizontal autoscaler |
| deislabs/osiris | Scale to zero component |
| kubernetes-incubator/descheduler | |
| open-policy-agent/opa-kube-scheduler | A policy-enabled scheduler |
| Controller | Description |
|---|---|
| lwolf/kube-cleanup-operator | automatically delete completed jobs and their pods |
| hjacobs / kube-job-cleaner | delete complete/failed jobs after one hour |
| planetlabs / draino | cordon and drain nodes based on node conditions |
| weaveworks/kured | node reboot daemon |
| target/pod-reaper | delete pods based on matching conditions |
| lachie83/pod-requeue | recreate failed pods stuck in InsufficientFreeCPU or OutOfcpu states |
| gardener-attic/auto-node-repair | |
| stakater/Jamadar | cleans up resources after a predefined timeout |
Controllers that expose networking related functions likeload balancers / DNS outside the scope of CNI.. See cni#3rd-party-plugins for a list of CNI plugins, some of which do provide similar functionality
| Controller | Description |
|---|---|
| external-dns | configure external DNS (Route53, CloudDNS, etc) for ingresses and services |
| google/metalb | load balancer implemented using ARP or BGP |
| sapcc/kube-parrot | dynamically announces routes with BGP |
| pickledrick/vpc-peering-operator | manage the lifecycle of AWS VPC Peering Connections |
| wikiwi/kube-dns-sync | syncs Node IPs to a DNS service |
| zekizeki/ingressdns | |
| estafette/estafette-cloudflare-dns | |
| aledbf/kube-keepalived-vip | VIPs using keepalived |
| tiglabs/jupiter | high-performance L4 network load balance service based on DPDK. |
| szuecs/kube-static-egress-controller | |
| travisghansen/kubernetes-pfsense-controller | |
| Mirantis/k8s-externalipcontroller |
| Controller | Description |
|---|---|
| atomix/chaos-controller | |
| target/pod-reaper | delete pods based on matching conditions |
| lotusload/lotus |
| Controller | Description |
|---|---|
| admiraltyio/multicluster-scheduler | |
| oracle/federated-ingress-controller | |
| github/kube-service-exporter | Export load balancer services to consul |
| hashicorp/consul-k8s | Sync Consul services into first-class Kubernetes services and vice versa |
| vmware/k8s-endpoints-sync-controller | |
| awslabs/aws-eks-cluster-controller | |
| gardener/machine-controller-manager | |
| pharmer/cloud-controller-manager | |
| samsung-cnct/cluster-controller |
| Controller | Description |
|---|---|
| mittwald/kubernetes-replicator | controller for synchronizing secrets & config maps across namespaces |
| upmc-enterprises/registry-creds | Allow for AWS ECR and Google Registry credentials to be refreshed inside your Kubernetes cluster via ImagePullSecrets |
| raffaelespazzoli/namespace-configuration-controller | keeps a namespace's configuration aligned with one of more policies specified as a CRD |
| cruise-automation/rbacsync | |
| tumblr/k8s-config-projector | Create Kubernetes ConfigMaps from configuration files |
| stakater/ProxyInjector | inject an authentication proxy container to relevant pods |
| Controller | Description |
|---|---|
| open-policy-agent/kubernetes-policy-controller | Open Policy Agent Admission controller |
| replicatedhq/gatekeeper | Alternative dynamic admission contollers via OPA |
| yahoo/k8s-ingress-claim | Safeguards against duplicate claiming of hosts / domains |
| jainishshah17/tugger | Enforce pulling docker images from a private registry |
| stefanprodan/kubesec-webhook | Enforces minimum kubesec.io scores |
| UKHomeOffice/policy-admission | Policy enforcement via standard rules and JavaScript |
| lachie83/internallb-webhook-admission-controller | Enforces only internal cloud load balancers |
| jasonrichardsmith/sentry | Policy enforcement for limits, images, health |
| IBM/portieris | Image trust enforcement with Notary / Content Trust |
| yahoo/k8s-namespace-guard | Prevents accidental deletion of namespaces |
| mikkeloscar/pdb-controller | Adds default Pod Disruption Budgets |
| target/portauthority | Leverages Clair to scan k8s clusters for vulnerabilities |
| Controller | Description |
|---|---|
| hxquangnhat/kubernetes-auto-ingress | Dynamically create an ingress for an associated service |
| jenkins-x/exposecontroller | Automatically expose services creating ingress rules, openshift routes or modifying services to use kubernetes nodePort or loadBalancer service types |
| torchbox/k8s-ts-ingress | Traffic Server ingress controller |
| stakater/Xposer | watch for services and dynamically create an Ingress with a TLS certificate |
| stakater/IngressMonitorController | monitor ingresses and create alerts on Pingdom, UptimeRobot and StatusCake |
| uswitch/yggdrasil | Envoy control plane for multi-cluster ingress |
| zalando-incubator/stackset-controller | application life cycle controller and traffic switching |
| stefanprodan/flagger | Istio progressive delivery Kubernetes operator |
| bretagne-peiqi/lvs-nginx-controller | |
| citrix/citrix-k8s-ingress-controller | |
| wehco/caddy-ingress-controller | |
| hootsuite/sens8 | |
| YakLabs/kube-openresty-ingress | |
| philips/backplane-kubernetes-ingress | |
| mercari/certificate-expiry-monitor-controller | |
| nilebox/kanarini | Canary deployment controller |
| webrelay/ingress | Map tunnels to ingress for webhookrelay.com |
Controllers that take action such as restarting a pod or deployment when watched resource such as configmaps and secrets change.
| Controller | Description |
|---|---|
| keel-hq/keel | Automate Helm, DaemonSet, StatefulSet & Deployment updates based on image updates |
| xing/kubernetes-deployment-restart-controller | |
| mfojtik/k8s-trigger-controller | |
| pusher/wave | |
| stakater/Reloader | |
| stakater/Chowkidar | |
| GoogleCloudPlatform/freshpod | Restart Pods on Minikube automatically on image rebuilds |
| Controller | Description |
|---|---|
| weavework/flux | |
| argoproj/argo-cd | |
| box/kube-applier | |
| hasura/gitkube | |
| pusher/faros |
Libraries used for building new controllers
| Tool | Description |
|---|---|
| pusher/git-store | |
| ianlewis/controllerutil | |
| gojektech/kubehandler | |
| Microsoft/frameworkcontroller | |
| GoogleCloudPlatform/metacontroller | |
| atlassian/ctrl | |
| kudobuilder/kudo | Kubernetes Universal Declarative Operator (KUDO) |
| slok/kubewebhook |