A Kubernetes operator that reconciles Buktio custom resources into buckets on a
buktio instance via its public REST API (authenticated with a PAT). It is a
thin API client — it holds no privileged access to buktio internals — so the same
guarantees and RBAC apply as for a human or Terraform.
This is a separate Go module (its own go.mod) so the controller-runtime /
client-go dependency tree never enters the main buktio module.
kubectl apply -f config/crd/buktio.io_buktios.yaml
# deploy the operator (build the image from this module's Dockerfile), then:apiVersion: v1
kind: Secret
metadata: { name: buktio-pat }
stringData: { token: "bk_pat_xxxxxxxx" }
---
apiVersion: buktio.io/v1alpha1
kind: Buktio
metadata: { name: team-storage }
spec:
apiURL: http://buktio-api:8080
tokenSecretRef: { name: buktio-pat, key: token }
buckets:
- app-uploads
- app-backupsThe controller ensures each named bucket exists (creating any that are missing via
POST /api/v1/buckets), records them in .status.observedBuckets, and re-checks
every 2 minutes to heal drift.
go build ./... # compile
go vet ./...v1alpha1 reconciles buckets. Projects, access keys, and clusters are on the roadmap — each maps to an existing API endpoint, so they are additive.