mcpg-operator & crdgen (Kubernetes)
The MCPG Kubernetes operator that reconciles the mcpg.dev CRDs, plus crdgen for generating the CRD YAML.
mcpg-operator
The in-cluster operator reconciles the eight mcpg.dev/v1alpha2 CRDs —
MCPGGateway, MCPGPlugin, MCPGPluginSet, MCPGRevocationList,
MCPGCluster, MCPGRoute, MCPGTenant, MCPGPluginMirror — into running
gateway Deployments (see the CRD reference).
It is long-running and leader-elected, and runs two HTTPS servers on separate
ports: the validating admission webhook on --webhook-bind (:9443) and a
dedicated metrics + health server (/metrics, /healthz, /readyz) on
--metrics-bind (:8443). Every flag has an MCPG_OPERATOR_* env var.
| Flag | Default | Purpose |
|---|---|---|
--metrics-bind | 0.0.0.0:8443 | Metrics + health server (/metrics, /healthz, /readyz) — what the probes and ServiceMonitor scrape |
--webhook-bind | 0.0.0.0:9443 | Admission webhook (validating only) |
--tls-cert-dir | (unset) | Webhook TLS cert + key dir; unset → webhook disabled (reconcile-only mode, useful for dev) |
--leader-election / --no-leader-election | true | Leader election (2-replica HA) |
--lease-name / --lease-namespace | mcpg-operator / mcpg-system | Leader-election lease identity |
--lease-duration-secs / --lease-renew-secs / --lease-retry-secs | 30 / 20 / 4 | Lease timing (renew must be < duration) |
--pod-name | mcpg-operator | Leader-election holder identity (Helm sets it from the POD_NAME downward-API var) |
--watch-namespace | (all) | Restrict watches to one namespace |
--resync-interval-secs | 600 | Periodic reconcile (±20% jitter) |
--reconcile-concurrency | 8 | Per-controller concurrent reconcile budget |
--operator-service-account | mcpg-operator | Subject for dynamically-created per-tenant RoleBindings |
--log-format / --log-filter | json / mcpg_operator=info,kube=warn | Logging (--log-format pretty or json) |
--sigstore-trust-root-path | (unset) | Air-gap: path to a mirrored Sigstore trusted_root.json for no-network cosign keyless verify |
# Dev, out-of-cluster, no webhook TLS:
mcpg-operator --no-leader-election --watch-namespace payments --log-format pretty
# Air-gapped in-cluster:
mcpg-operator --tls-cert-dir /etc/webhook/tls \
--sigstore-trust-root-path /etc/mcpg/trust-roots/trusted_root.json
Metrics + health serve on
--metrics-bind(:8443), not the webhook port. Point liveness / readiness probes and yourServiceMonitorat:8443; the webhook (:9443) is for admission requests only.
The operator reads MCPGGateway.spec.config (the gateway AppConfig) and sets
it as MCPG_CONFIG on the gateway Deployment it creates — so the gateway boots
exactly as it would standalone.
crdgen
crdgen emits the CRD YAML for all eight kinds — used to keep
helm/charts/mcpg-operator/crds/ in sync with the Rust types. It is not a
clap parser: only --split-by-kind is recognised; with no arguments it writes
one YAML stream to stdout.
cargo run -p mcpg-operator --bin crdgen # one YAML stream to stdout
cargo run -p mcpg-operator --bin crdgen -- --split-by-kind helm/charts/mcpg-operator/crds/ # one file per kind
To manage the operator and its custom resources declaratively, use the operator CRD reference together with your IaC toolchain (Terraform / OpenTofu / Pulumi).