Porch is a Kubernetes extension apiserver that manages the lifecycle of KRM configuration packages in Git repositories. It provides package operations through Kubernetes resources, enabling GitOps workflows with approval gates, automation, and collaboration.
GitOps Native
All package changes are committed to Git with full history. Works seamlessly with Config Sync, Flux, and other GitOps tools.
Approval Workflows
Packages move through lifecycle stages (Draft → Proposed → Published → DeletionProposed) with explicit approval gates to prevent accidental changes.
Standard kpt Packages
Manages standard kpt packages with no vendor lock-in. Packages can be edited through Porch or directly in Git.
Package Cloning & Upgrades
Clone packages from upstream sources and automatically upgrade when new versions are published. Three-way merge handles local customizations.
Function Execution
Apply krm functions to transform and validate packages. Functions run in isolated containers with results tracked in package history.
Multi-Repository
Manage packages across multiple Git repositories from a single control plane. Controllers automate cross-repository operations.
Part of the Nephio Project
Porch was originally developed in the kpt project and donated to Nephio in December 2023. It is maintained by the Nephio community and continues to evolve as a key component for configuration-as-data workflows.
Learn about Nephio