Composition Dynamic Controller
The composition-dynamic-controller is an operator that is instantiated by the core-provider to manage the Custom Resources whose Custom Resource Definition is generated by the core-provider.
Summary
Architecture
Workflow
Composition Dynamic Controller (CDC) & Chart Inspector: Secure Helm Lifecycle Management
The Composition Dynamic Controller (CDC) is a specialized Kubernetes operator that orchestrates the end-to-end lifecycle of Krateo compositions. Acting as the reconciliation engine for Composition custom resources, it bridges declarative application definitions with Helm’s packaging system through intelligent automation. The Chart Inspector serves as its "safety advisor," enabling proactive decision-making via dry-run analysis.
Core CDC Workflow (with Chart Inspector Integration)
-
Reconciliation Trigger
- Watches for changes to
CompositionCRs or Helm chart versions. - Invokes the Chart Inspector to simulate installations/upgrades before execution.
- Watches for changes to
-
Dry-Run Analysis Phase (Chart Inspector)
helm install --dry-run=server <chart> --version <ver> # Returns:- Resource Manifest List: All Kubernetes objects (Deployments, CRDs, etc.) the chart would create along with filename to .
- Dependency Graph: Order of operations (e.g., CRDs before custom resources).
-
RBAC Auto-Provisioning (CDC)
- Dynamically generates least-privilege Roles/ClusterRoles based on the Inspector’s output.
- Ensures the CDC’s service account has exactly the permissions needed—no more, no less.
-
Atomic Execution (CDC)
- Proceeds with
helm install/upgradeonly after successful dry-run and RBAC setup.
- Proceeds with
Key Capabilities Enabled by This Collaboration
| Feature | CDC’s Role | Chart Inspector’s Contribution |
|---|---|---|
| Version-Sensitive Reconciliation | Detects chart version drift; rolls forward/back. | Identifies version-specific resource changes during dry-run. |
| Atomic Upgrades | Ensures all-or-nothing upgrades. | Pre-flights resource compatibility (e.g., CRD schema changes). |
| Self-Healing | Corrects configuration drift. | Provides baseline "desired state" for comparison. |
| Declarative Enforcement | Continuously reconciles actual vs. desired state. | Supplies the desired state before cluster changes. |
| Secure RBAC | Generates minimal required permissions. | Audits chart manifests for required API operations. |
Why This Architecture Matters
-
Safety Net
- The Chart Inspector’s dry-run prevents "helm surprises" (e.g., undeclared CRD creations or namespace pollution).
- Example: Blocks a chart upgrade if the new version requires a
ClusterRolethe CDC isn’t authorized to manage.
-
GitOps Compliance
- The CDC enforces declarative intent by reconciling against the dry-run’s output, not just Helm’s last-applied state.
- Self-healing kicks in if manual changes violate the composition’s definition.
-
Multi-Tenancy Ready
- RBAC is scoped per-composition, isolating teams/projects.
- The Inspector’s resource listing ensures no cross-tenant leakage (e.g., a composition can’t create resources in forbidden namespaces).
Real-World Example: Handling a Breaking Chart Change
- Scenario: A Helm chart v1.2.0 introduces a new
CustomResourceDefinition(CRD). - CDC+Inspector Flow:
- Dry-run detects the new CRD and its required API group permissions.
- CDC creates a
ClusterRolegrantingcreate/get/listfor the CRD. - Upgrade proceeds only after the CRD and RBAC are confirmed active.
- Result: Zero downtime; no "helm upgrade failed: CRD missing" errors.
Configuration
Operator Env Vars
These enviroment varibles can be changed in the Deployment of the composition-dynamic-controller we need to tweak.
| Name | Description | Default Value | Notes |
|---|---|---|---|
| COMPOSITION_CONTROLLER_DEBUG | dump verbose output | false | |
| COMPOSITION_CONTROLLER_WORKERS | number of workers | 1 | |
| COMPOSITION_CONTROLLER_RESYNC_INTERVAL | resync interval | 3m | |
| COMPOSITION_CONTROLLER_GROUP | resource api group | populated by core-provider | |
| COMPOSITION_CONTROLLER_VERSION | resource api version | populated by core-provider | |
| COMPOSITION_CONTROLLER_RESOURCE | resource plural name | populated by core-provider | |
| COMPOSITION_CONTROLLER_SA_NAME | cdc deployment ServiceAccount name | populated by core-provider | |
| COMPOSITION_CONTROLLER_SA_NAMESPACE | cdc deployment ServiceAccount namespace | populated by core-provider | |
| URL_PLURALS | url to krateo pluraliser service | http://snowplow.krateo-system.svc.cluster.local:8081/api-info/names | |
| URL_CHART_INSPECTOR | url to chart inspector | http://chart-inspector.krateo-system.svc.cluster.local:8081/ | |
| KRATEO_NAMESPACE | namespace where krateo is installed | krateo-system | |
| HELM_REGISTRY_CONFIG_PATH | default helm config path | /tmp | |
| HELM_MAX_HISTORY | Max Helm History | 10 | |
| COMPOSITION_MAX_ERROR_RETRY_INTERVAL | The maximum interval between retries when an error occurs. This should be less than the half of the poll interval. | 0m | |
| COMPOSITION_MIN_ERROR_RETRY_INTERVAL | The minimum interval between retries when an error occurs. This should be less than max-error-retry-interval. | 1m |