Design
Design patterns and architecture of the Porch API server.
Porch API Server
The Kubernetes extension API server that provides Porch’s API resources.
What is the Porch API Server?
The Porch API Server is a Kubernetes extension API server that exposes Porch’s aggregated API resources (PackageRevision, PackageRevisionResources, Package) and CRDs (Repository, PackageRev) through the Kubernetes API. It acts as the entry point for client interactions with Porch, translating Kubernetes API requests into operations on the underlying Engine and Cache.
The PackageVariant and PackageVariantSet CRDs are not controlled by the Porch API server. They are controlled by the Porch Controllers
The Porch API Server is responsible for:
- API Resource Registration: Registering Porch’s Kubernetes resources with the Kubernetes API aggregation layer
- Request Handling: Processing CRUD operations (Create, Read, Update, Delete) and Watch requests for those resources
- REST Storage Implementation: Interacting with the Porch Cad Engine to provide storage backends for each API resource type
- Validation and Admission: Enforcing API validation rules and admission policies through strategies
- Authentication and Authorization: Integrating with Kubernetes RBAC for access control
- Watch Stream Management: Supporting real-time watch streams for resource changes
- Background Operations: Running periodic repository synchronization and maintenance tasks
Role in the Architecture
The Porch API Server sits at the top of the Porch architecture, serving as the interface between Kubernetes clients and Porch’s internal components:
┌────────────────────────────────────────────────────────────┐
│ Porch API Server │
│ │
│ ┌──────────────────┐ ┌────────────────────────────┐ │
│ │ API Groups │ │ REST Storage │ │
│ │ │ ───> │ (Aggregated) │ │
│ │ • porch.kpt.dev │ │ • PackageRevision │ │
│ │ │ │ • PackageRevisionResources│ │
│ │ │ │ • Package │ │
│ └──────────────────┘ └────────────────────────────┘ │
│ │ │ │
│ │ │ │
│ ┌──────────────────┐ │ │
│ │ CRDs (etcd) │ │ │
│ │ │ │ │
│ │ • Repository │ │ │
│ │ • PackageRev │ │ │
│ └──────────────────┘ │ │
│ │ │ │
│ └────────┬────────────────┘ │
│ ↓ │
│ ┌──────────────────┐ ┌──────────────────┐ │
│ │ Strategies │ │ Background │ │
│ │ │ │ Jobs │ │
│ │ • Validation │ │ │ │
│ │ • Admission │ │ • Repo Sync │ │
│ │ • Table Conv │ │ • Cleanup │ │
│ └──────────────────┘ └──────────────────┘ │
└────────────────────────────────────────────────────────────┘
↓
┌──────────────────────┐
│ CaD Engine │
│ (Orchestration) │
└──────────────────────┘
↓
┌──────────────────────┐
│ Package Cache │
│ (Repository Data) │
└──────────────────────┘
Key architectural responsibilities:
- Kubernetes API Integration: Extends Kubernetes API with Porch-specific resources using API aggregation
- Request Translation: Converts Kubernetes API requests into Engine operations (CreatePackageRevision, UpdatePackageRevision, etc.)
- Storage Abstraction: Implements Kubernetes storage interface (REST storage) that delegates to Engine rather than etcd
- Strategy Pattern: Uses Kubernetes strategy pattern for validation, admission control, and table conversion
- Watch Support: Provides real-time watch streams by integrating with Engine’s WatcherManager
- Background Processing: Runs periodic tasks for repository synchronization and resource cleanup
- Multi-Tenancy: Enforces namespace isolation and RBAC policies for secure multi-tenant operation
The API Server is instantiated once during Porch startup and configured with Engine, Cache, and client connections through dependency injection.
Functionality
Core functionality provided by the Porch API server.
Interactions
How the Porch API server interacts with other components.