v2.4.1 • GA • Multi-Cluster Ready

CloudNexus Kubernetes Operator

Declarative, GitOps-ready control for your entire cluster lifecycle. Install, configure, monitor, and scale infrastructure components using a single CustomResource. No complex manifests, no manual sync scripts.

View Documentation Install via Helm GitHub Repository →

Kubernetes 1.25+

OpenShift Compatible

Cert-Manager Required

How the Operator Works

A closed-loop control plane that continuously reconciles your desired state with reality.

Define Intent

Apply a CloudNexus CRD to your cluster. Specify version, topology, networking, and security policies declaratively.

Reconciliation

The controller watches your CR, validates specs, and triggers provisioning across CloudNexus infrastructure endpoints.

Deploy & Configure

Resources are instantiated, secrets are rotated, ingress is provisioned, and monitoring hooks are attached automatically.

Self-Healing

Continuous drift detection. If external changes occur, the operator restores the desired state or alerts your GitOps pipeline.

Core Capabilities

Enterprise-grade control plane features built for platform engineering teams.

📦

Custom Resource Definitions

First-class K8s objects for databases, clusters, load balancers, and storage. Native validation and schema enforcement.

v1beta1 / v1 GA

🔗

Multi-Cluster Sync

Deploy identical infrastructure across dev, staging, and prod clusters with a single source of truth.

Hub-Spoke Topology

🔄

GitOps Integration

Native support for ArgoCD and Flux. Webhook triggers, PR previews, and automated sync loops.

ArgoCD / Flux v2

🔐

Secrets & RBAC

Automatic rotation, Vault/SealedSecrets integration, and least-privilege RBAC templates for operator service accounts.

FIPS 140-2 Ready

📊

Observability Hooks

Export metrics to Prometheus, traces to OpenTelemetry, and structured logs to your SIEM out of the box.

OTel Compatible

⚡

Rollback & Rollouts

Version-pinned deployments with automated blue/green migration paths and instant rollback on health check failure.

Canary Support

Declarative Infrastructure in YAML

Provision a highly available PostgreSQL cluster with backup policies, networking rules, and monitoring in under 40 lines. The operator handles provisioning, credential rotation, and lifecycle management.

Version-pinned deployments with automatic patch updates
Built-in TLS termination and mTLS service mesh integration
Point-in-time recovery and cross-region replication
Custom resource events feed directly into your GitOps audit trail

PostgreSQL CRD

K8s Cluster

Load Balancer

# cloudnexus-db.yaml
apiVersion: cloudnexus.io/v1
kind: ManagedPostgreSQL
metadata:
  name: prod-analytics-db
  namespace: data-platform
spec:
  version: "16.1"
  highAvailability: true
  replicas: 3
  storage:
    size: "500Gi"
    class: "cn-nvme-ssd"
  network:
    vpcId: "vpc-0a1b2c3d"
    privateSubnets: ["subnet-dev-1", "subnet-dev-2"]
    allowedCIDRs: ["10.0.0.0/16"]
  backup:
    retentionDays: 14
    crossRegion: true
    region: "eu-west-1"
  monitoring:
    prometheus: true
    otelTracing: true

Operator Licensing & Tiers

Open-source core with enterprise support and advanced control plane features.

Community

Free Forever

For development, testing, and open-source projects.

✓ Core CRDs & Reconciliation

✓ Single-Cluster Support

✓ Community Slack Channel

✓ Standard Webhooks

Get Started

Professional

$299 /month

For production workloads requiring SLAs and advanced features.

✓ Multi-Cluster Sync

✓ GitOps Integration (Argo/Flux)

✓ Prometheus/OTel Metrics

✓ 99.9% Uptime SLA

✓ Priority Email Support

Enterprise

Custom

For regulated environments with custom compliance & SSO requirements.

✓ Everything in Pro

✓ FIPS 140-2 Validation

✓ SSO & SCIM Provisioning

✓ Dedicated Account Engineer

✓ 99.99% Uptime SLA

Contact Sales

Technical FAQs & Resources

Everything your engineering team needs to evaluate and deploy the operator.

What Kubernetes versions are supported? ▼

The operator requires Kubernetes 1.25 or newer. We maintain compatibility with the latest three minor versions of upstream K8s, as well as OpenShift 4.12+ and Rancher RKE2/K3s distributions.

Does it require internet access for the control plane? ▼

No. The operator runs entirely within your cluster. It communicates with CloudNexus infrastructure via outbound HTTPS to regional API endpoints. Air-gapped deployments are available with on-prem license servers.

How are secrets and credentials managed? ▼

Credentials are never stored in the CR spec. The operator generates and rotates secrets automatically, storing them in K8s Secrets. Integration with HashiCorp Vault, AWS Secrets Manager, and SealedSecrets is natively supported.

Can I use it with existing GitOps workflows? ▼

Yes. The operator is designed to be GitOps-first. Apply manifests via ArgoCD Application or Flux Kustomization. The controller respects the sync loop and will not overwrite externally managed resources.