The goal of this library is to provide a reusable and generic way of exposing k8s resources from within a cluster using GraphQL. This enables UIs that need to consume these objects to do so in a developer-friendly way, leveraging a rich ecosystem.
This repository contains two main components:
- Listener: watches a cluster and stores its openAPI spec in a directory.
- Gateway: exposes the openAPI spec as a GraphQL endpoints.
The system supports three modes of operation:
- Single Cluster (
ENABLE_KCP=false
,MULTICLUSTER=false
): Gateway connects to the same cluster as the listener - KCP Mode (
ENABLE_KCP=true
): Designed for KCP-based multi-cluster scenarios - MultiCluster Mode (
ENABLE_KCP=false
,MULTICLUSTER=true
): Gateway connects to multiple external clusters via ClusterAccess resources
In MultiCluster mode, the system uses ClusterAccess resources to store kubeconfig data and connection information. The listener processes these resources and embeds connection metadata into schema files, which the gateway then uses to establish cluster-specific connections.
For complete setup instructions, see:
- ClusterAccess documentation - Manual setup
- MultiCluster Kubeconfig Flow - Detailed flow explanation
# Create ClusterAccess with secure token authentication
./scripts/create-clusteraccess.sh --target-kubeconfig ~/.kube/prod-config
# Test end-to-end integration
./scripts/test-clusteraccess-integration.sh
- Single Cluster Mode: Requires KUBECONFIG to connect to the local cluster
- KCP Mode: Requires KUBECONFIG to connect to KCP management cluster
- MultiCluster Mode: Does NOT require KUBECONFIG - gets all connection info from schema files
All information about authorization can be found in the authorization section.
If you want to get started quickly, you can follow the quickstart guide.
Please refer to the contributing section for instructions on how to contribute to OpenMFP.
The release is performed automatically through a GitHub Actions Workflow. The resulting website will be available as Github page under the following URL: https://openmfp.github.io/openmfp.org/
If you find any bug that may be a security problem, please follow our instructions at in our security policy on how to report it. Please do not create GitHub issues for security-related doubts or problems.
Copyright 2025 SAP SE or an SAP affiliate company and OpenMFP contributors. Please see our LICENSE for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available via the REUSE tool.