rivven_operator/lib.rs
1//! # Rivven Kubernetes Operator
2//!
3//! Production-grade Kubernetes operator for deploying and managing Rivven clusters,
4//! connectors, topics, and schema registries.
5//!
6//! This crate provides the core functionality for the Rivven Kubernetes operator,
7//! enabling declarative management of Rivven infrastructure using Custom Resource Definitions (CRDs).
8//!
9//! ## Features
10//!
11//! - **Custom Resource Definitions**: `RivvenCluster`, `RivvenConnect`, `RivvenTopic`,
12//! and `RivvenSchemaRegistry` CRDs for declarative management
13//! - **Automated Reconciliation**: Continuous state management with eventual consistency
14//! - **StatefulSet Management**: Ordered deployment, scaling, and rolling updates
15//! - **Service Discovery**: Automatic headless service for broker discovery
16//! - **Configuration Management**: ConfigMaps for broker, connector, and registry configuration
17//! - **Security**: Pod security contexts, TLS support, authentication, and secure defaults
18//! - **Observability**: Prometheus-compatible operator metrics
19//! - **High Availability**: PodDisruptionBudget support for safe upgrades
20//!
21//! ## Quick Start
22//!
23//! ```rust,ignore
24//! use rivven_operator::prelude::*;
25//! use kube::Client;
26//!
27//! #[tokio::main]
28//! async fn main() -> Result<()> {
29//! // Create Kubernetes client from default config
30//! let client = Client::try_default().await?;
31//!
32//! // Run the operator controller
33//! run_controller(client, None).await
34//! }
35//! ```
36//!
37//! ## Architecture
38//!
39//! The operator follows the standard Kubernetes controller pattern:
40//!
41//! 1. **Watch**: Monitor RivvenCluster, RivvenConnect, RivvenTopic, and RivvenSchemaRegistry
42//! resources for changes
43//! 2. **Reconcile**: Compare desired state (CRD spec) with actual state (K8s resources)
44//! 3. **Act**: Create, update, or delete resources to match desired state
45//! 4. **Status**: Update CRD status with current cluster state
46//!
47//! ## Modules
48//!
49//! - [`crd`] - Custom Resource Definition types with validation
50//! - [`controller`] - RivvenCluster reconciliation logic and controller setup
51//! - [`connect_controller`] - RivvenConnect reconciliation
52//! - [`topic_controller`] - RivvenTopic reconciliation
53//! - [`schema_registry_controller`] - RivvenSchemaRegistry reconciliation
54//! - [`resources`] - Kubernetes resource builders (StatefulSet, Service, ConfigMap)
55//! - [`error`] - Error types for operator operations
56//!
57//! ## Custom Resource Definitions
58//!
59//! ### RivvenCluster
60//!
61//! Manages Rivven broker clusters with StatefulSets:
62//!
63//! ```yaml
64//! apiVersion: rivven.hupe1980.github.io/v1alpha1
65//! kind: RivvenCluster
66//! metadata:
67//! name: production
68//! spec:
69//! replicas: 3
70//! version: "0.0.1"
71//! storage:
72//! size: 100Gi
73//! config:
74//! defaultPartitions: 3
75//! defaultReplicationFactor: 2
76//! ```
77//!
78//! ### RivvenConnect
79//!
80//! Manages connector pipelines for CDC and data integration:
81//!
82//! ```yaml
83//! apiVersion: rivven.hupe1980.github.io/v1alpha1
84//! kind: RivvenConnect
85//! metadata:
86//! name: cdc-pipeline
87//! spec:
88//! clusterRef:
89//! name: production
90//! sources:
91//! - name: postgres-cdc
92//! connector: postgres-cdc
93//! topic: cdc.events
94//! sinks:
95//! - name: s3-archive
96//! connector: s3
97//! topics: ["cdc.*"]
98//! ```
99//!
100//! ### RivvenTopic
101//!
102//! Manages topics declaratively for GitOps workflows:
103//!
104//! ```yaml
105//! apiVersion: rivven.hupe1980.github.io/v1alpha1
106//! kind: RivvenTopic
107//! metadata:
108//! name: orders-events
109//! spec:
110//! clusterRef:
111//! name: production
112//! partitions: 12
113//! replicationFactor: 3
114//! config:
115//! retentionMs: 604800000
116//! cleanupPolicy: delete
117//! compressionType: lz4
118//! acls:
119//! - principal: "user:order-service"
120//! operations: ["Read", "Write"]
121//! ```
122//!
123//! ### RivvenSchemaRegistry
124//!
125//! Manages Confluent-compatible Schema Registry deployments:
126//!
127//! ```yaml
128//! apiVersion: rivven.hupe1980.github.io/v1alpha1
129//! kind: RivvenSchemaRegistry
130//! metadata:
131//! name: production-registry
132//! spec:
133//! clusterRef:
134//! name: production
135//! replicas: 3
136//! storage:
137//! mode: broker
138//! topic: _schemas
139//! compatibility:
140//! defaultLevel: BACKWARD
141//! schemas:
142//! avro: true
143//! jsonSchema: true
144//! protobuf: true
145//! tls:
146//! enabled: true
147//! certSecretName: schema-registry-tls
148//! ```
149//!
150//! ## Security
151//!
152//! The operator applies secure defaults:
153//!
154//! - **Non-root containers**: `runAsNonRoot: true`
155//! - **Read-only filesystem**: `readOnlyRootFilesystem: true`
156//! - **Dropped capabilities**: All capabilities dropped
157//! - **Seccomp profiles**: RuntimeDefault seccomp profile
158//! - **TLS support**: Optional TLS for broker communication
159//!
160//! ## Metrics
161//!
162//! The operator exposes Prometheus metrics:
163//!
164//! - `rivven_operator_reconcile_total` - Total reconciliation attempts
165//! - `rivven_operator_reconcile_errors_total` - Reconciliation errors
166//! - `rivven_operator_reconcile_duration_seconds` - Reconciliation latency
167//!
168//! ## Feature Flags
169//!
170//! This crate does not have optional features - all functionality is included
171//! by default for simplicity.
172
173pub mod cluster_client;
174pub mod connect_controller;
175pub mod controller;
176pub mod crd;
177pub mod error;
178pub mod resources;
179pub mod schema_registry_controller;
180pub mod topic_controller;
181
182pub mod prelude {
183 //! Re-exports for convenient usage
184 pub use crate::cluster_client::{ClusterClient, ClusterClientConfig, TopicInfo};
185 pub use crate::connect_controller::{
186 run_connect_controller, ConnectControllerContext, ConnectControllerMetrics,
187 };
188 pub use crate::controller::{run_controller, ControllerContext, ControllerMetrics};
189 pub use crate::schema_registry_controller::{
190 run_schema_registry_controller, SchemaRegistryControllerContext,
191 SchemaRegistryControllerMetrics,
192 };
193 pub use crate::topic_controller::{
194 run_topic_controller, TopicControllerContext, TopicControllerMetrics,
195 };
196 // RivvenCluster CRD types
197 pub use crate::crd::{
198 BrokerConfig, ClusterCondition, ClusterPhase, MetricsSpec, PdbSpec, ProbeSpec,
199 RivvenCluster, RivvenClusterSpec, RivvenClusterStatus, ServiceMonitorSpec, StorageSpec,
200 TlsSpec,
201 };
202 // RivvenConnect CRD types
203 pub use crate::crd::{
204 ClusterReference, ConnectCondition, ConnectConfigSpec, ConnectMetricsSpec, ConnectPhase,
205 ConnectTlsSpec, ConnectorStatus, GlobalConnectSettings, HealthConfigSpec, RateLimitSpec,
206 RetryConfigSpec, RivvenConnect, RivvenConnectSpec, RivvenConnectStatus, SinkConnectorSpec,
207 SourceConnectorSpec, SourceTopicConfigSpec, TableSpec, TopicSettingsSpec,
208 };
209 // RivvenTopic CRD types
210 pub use crate::crd::{
211 PartitionInfo, RivvenTopic, RivvenTopicSpec, RivvenTopicStatus, TopicAcl, TopicCondition,
212 TopicConfig,
213 };
214 // RivvenSchemaRegistry CRD types
215 pub use crate::crd::{
216 ExternalRegistrySpec, JwtAuthSpec, RivvenSchemaRegistry, RivvenSchemaRegistrySpec,
217 RivvenSchemaRegistryStatus, SchemaCompatibilitySpec, SchemaContextDefinition,
218 SchemaContextsSpec, SchemaFormatSpec, SchemaRegistryAuthSpec, SchemaRegistryCondition,
219 SchemaRegistryMetricsSpec, SchemaRegistryPhase, SchemaRegistryServerSpec,
220 SchemaRegistryStorageSpec, SchemaRegistryTlsSpec, SchemaRegistryUser, SchemaValidationRule,
221 SchemaValidationSpec,
222 };
223 pub use crate::error::{OperatorError, Result};
224 pub use crate::resources::ResourceBuilder;
225}