Butler Architecture
Butler is a Kubernetes-native platform built on CRDs and operators. All state lives in Kubernetes, enabling GitOps workflows and standard tooling.
System Context
Management Cluster Components
| Component | Purpose | Repository |
|---|---|---|
| butler-controller | Reconciles TenantCluster, Team, ManagementAddon | butler-controller |
| butler-bootstrap | Reconciles ClusterBootstrap, MachineRequest | butler-bootstrap |
| butler-server | REST API and WebSocket for Console | butler-server |
| butler-console | Web UI (React) | butler-console |
| Steward | Hosts tenant control planes as pods | steward |
| Cluster API | Manages cluster infrastructure | External |
Tenant Cluster Components
Each tenant cluster includes:
| Component | Purpose |
|---|---|
| Cilium | CNI networking |
| MetalLB | LoadBalancer services |
| Longhorn | Distributed block storage (optional) |
| cert-manager | TLS certificate management |
| Traefik | Ingress controller (optional) |
Key Flows
Bootstrap
Creates a management cluster from scratch:
- User runs
butleradm bootstrap - CLI creates temporary KIND cluster
- Deploy bootstrap and provider controllers
- Create ClusterBootstrap CR
- Controller provisions VMs via provider
- Install Talos Linux and bootstrap Kubernetes
- Install platform addons
- Save kubeconfig, delete KIND
Tenant Cluster Creation
Creates a tenant cluster:
- User creates TenantCluster CR
- Controller creates StewardControlPlane (hosted CP)
- Controller creates CAPI Cluster and MachineDeployment
- CAPI provisions worker VMs
- Workers bootstrap and join cluster
- Controller installs platform addons
- Cluster transitions to Ready
Addon Installation
Installs an addon on a cluster:
- User creates TenantAddon CR
- Controller retrieves AddonDefinition
- Controller gets tenant cluster kubeconfig
- Controller installs Helm chart
- Addon transitions to Installed
IP Address Management
Allocates IP addresses to tenant clusters from shared pools:
- Platform admin creates NetworkPool with CIDR range
- ProviderConfig references pools via poolRefs
- TenantCluster provisioning creates IPAllocation (Pending)
- NetworkPool controller allocates IPs using best-fit algorithm
- TenantCluster configures MetalLB with allocated ranges
- On deletion, IPs return to the pool
Detailed Documentation
| Document | Description |
|---|---|
| Bootstrap Flow | Management cluster creation process |
| Tenant Lifecycle | Tenant cluster provisioning and management |
| Addon System | Addon catalog and installation |
| Multi-Tenancy | RBAC implementation and namespace isolation |
| IPAM Internals | Bitmap allocator, elastic scaling, garbage collection |
Design Decisions
Architectural decisions live in design/adr/.
| ADR | Decision |
|---|---|
| ADR-0002 | Separate CLIs for operators (butleradm) and users (butlerctl) |
| ADR-0003 | CRDs as the API contract |
| ADR-0004 | Multi-repository architecture |
| ADR-0006 | Hosted control planes by default |