OPSTREE GLOBAL

A golang based redis operator that will make/oversee Redis standalone/cluster/replication/sentinel mode setup on top of the Kubernetes.

The focus area will be backend controller development along with performance optimization.

Backup & Restore CRD • Add a RedisBackup CR to trigger backups (e.g., using BGSAVE, snapshots, or RDB dumps). • Similarly, a RedisRestore CR to restore from snapshot. • Integrate with object storage (S3, GCS) for snapshot uploads. • Automated Certificate Management • Integrate with cert-manager to automate TLS certificates for Redis and Sentinel pods. • Support cert rotation. • Auto-Scaling • Add horizontal scaling logic: based on usage (memory, CPU, keyspace, throughput), operator can scale the number of replicas or shards. • Alternatively, integrate with Kubernetes Horizontal Pod Autoscaler (HPA) or a custom scaler. • Advanced Configuration Customization • Allow users to pass raw Redis config via CRD (configMap or embedded). • Support config version upgrades / migrations (managing rolling restarts when config changes happen).

k8s-vault-webhook is a Kubernetes admission webhook which listen for the events related to Kubernetes resources for injecting secret directly from secret manager to pod, secret, and configmap. The motive of creating this project is to provide a dynamic secret injection to containers/pods running inside Kubernetes from different secret managers for enhanced security.

The focus should be to stabilize the existing secret manager integrations, along with new feature support for secret manager.

Support for more secret managers / backends: maybe add support for secret managers not yet supported, or improve existing ones. • Secrets versioning and rotation: introduce versioning of secrets, or periodic re-injection whensecrets change in Vault. • Custom annotations or templating: allow more flexible templating for how secrets should be injected (e.g., naming conventions, path transformations). • RBAC / policy management UI or CRD: build a CRD or UI to manage which service accounts map to which Vault policies, instead of manual policy definitions. • Backup/reconciliation: maintain a reconciliation loop that ensures injected secrets remain up-to-date even after pod restarts, or if secret manager data changes. • Observability: expose metrics from the webhook (such as number of admission requests, failed injections, latency) via Prometheus. • Fault tolerance: handle cases when the secret manager is down, or when the webhook’s certificate expires, more gracefully.

A golang based operator to create and manage EFK (Elasticsearch, Fluentd, and Kibana) stack on Kubernetes

Development of backend API features to support elasticsearch, fluentd, and kibana integration.

Support for Alternative Log Collectors / Forwarders • Add support for Fluent Bit as a daemonset collector + Fluentd / ES / other outputs. (Although some upstream logging operators use Fluent Bit + Fluentd; if not present, this is big.) • Support for Loki as a storage backend (instead of or in addition to Elasticsearch) or other outputs (S3, Kafka, etc.). • Automatic Scaling & Lifecycle Management • Add CR-driven scaling for Elasticsearch nodes (master / data / ingestion) based on resource usage. • Implement lifecycle management of indices: rollover, retention, delete- old-index policies via CRD (or enhance existing index lifecycle CR). • Secure Multi-Tenancy / Namespacing • Build better namespace isolation of logging pipelines: allow CR per namespace, or per team, with RBAC. • Add validation / policy CRs to enforce which namespaces can write to which logging pipeline, or limit ES resources per tenant. • Observability Enhancements • Expose metrics from the operator: reconciliation time, number of CRs, failures, etc., via Prometheus. • Build Grafana dashboards for EFK stack health (ES metrics, Fluentd throughput, Kibana usage).