Description
Hi everyone,
I’d like to start a discussion around an idea I’ve been exploring, and I’m curious to hear the community’s thoughts. The idea is to design an alternative Kubernetes package manager, but instead of following the traditional CLI-driven approach like Helm, this package manager would be implemented as a Kubernetes Operator.
Motivation
The core benefit would be native integration with the Kubernetes control plane — meaning package lifecycle management (installation, upgrades, rollbacks, etc.) could be fully managed by Kubernetes itself, without needing external tools or direct CLI interaction. This approach could offer several potential benefits:
Potential Benefits
- Declarative and GitOps-friendly: The entire state of installed packages could live as Custom Resources (CRs), making it easier to manage packages via GitOps workflows.
- Reconciliation loops: Like other operators, the package manager could continuously reconcile the desired package state, ensuring drift correction and automatic healing.
- Extensibility: New packaging formats (beyond Helm charts) could be supported more easily through controller logic, decoupled from the CLI.
- RBAC and multi-tenancy: Package management could leverage native Kubernetes RBAC to enforce fine-grained access control on package lifecycle operations.
- Eventing and Observability: Package lifecycle events (installs, updates, failures) could generate Kubernetes events directly, feeding into existing observability and alerting systems.
- Centralized Policy Enforcement: Cluster admins could implement policies around what packages are allowed, or how upgrades are handled, using Admission Controllers or Policy Agents.
- No need for external tools: Operators already run inside the cluster, so the package manager could operate fully within the Kubernetes API boundary.
- kubebctl integration: One can integrate the operator natively into the kubectl to have commands like
kubectl package install - Impersonation: Allowing multiple tenants to install their own packages without them having the access to the needed rights.
Open Questions for the Community
- Does the community see value in this type of approach compared to Helm or other existing tools?
- What use cases would benefit most from this operator-based package management?
- Are there existing projects that already follow a similar model that I may have missed?
- What challenges or risks would you anticipate with this design?
- Should this be scoped as a general-purpose package manager, or perhaps targeted toward certain types of workloads?
I’m eager to hear your feedback — both in terms of feasibility and whether this aligns with any needs you’ve experienced in your own Kubernetes environments.
Thanks!