Skip to content

bootchain-operator

bootchain-operator is a Kubernetes operator that makes service boot dependencies declarative and automatic, eliminating hand-written init containers.

The problem

In Kubernetes, services often need other services to be ready before they can start. The traditional solution is to manually write init containers for every Deployment:

initContainers:
- name: wait-for-postgres
  image: busybox
  command: ['sh', '-c', 'until nc -z postgres 5432; do sleep 1; done']
- name: wait-for-redis
  image: busybox
  command: ['sh', '-c', 'until nc -z redis 6379; do sleep 1; done']

This is repetitive, easy to get wrong, and scattered across many manifests.

The solution

With bootchain-operator, you declare dependencies once in a BootDependency resource:

apiVersion: core.bootchain-operator.ruicoelho.dev/v1alpha1
kind: BootDependency
metadata:
  name: payments-api
  namespace: default
spec:
  dependsOn:
    - service: payments-db   # in-cluster Kubernetes Service
      port: 5432
    - host: cache.example.com  # external host (DNS / IP)
      port: 6379

The operator automatically injects the correct init containers into any Deployment with the same name, in the same namespace. No more boilerplate.

Features

  • Automatic init container injection — a mutating webhook injects wait-for-* init containers into matching Deployments
  • In-cluster and external dependencies — use service for Kubernetes Services in the same namespace, or host for external hostnames and IP addresses
  • Circular dependency detection — a validating webhook blocks any BootDependency that would create a dependency cycle
  • TCP, HTTP, and HTTPS health checks — probe dependencies with a raw TCP connection or an HTTP(S) request to a specific path (e.g. /healthz). Supports custom methods (httpMethod), request headers (httpHeaders), and accepted status codes (httpExpectedStatuses). TLS certificate verification is on by default; set insecure: true to accept self-signed certificates
  • Status tracking — the controller continuously probes each dependency and updates status.resolvedDependencies (e.g. 2/3) and status.conditions
  • Prometheus metrics — exposes reconciliation counters, duration histograms, and per-resource dependency gauges
  • Helm chart — production-ready chart with cert-manager TLS, leader election, and optional ServiceMonitor