Kubernetes Operator

Deploy and reconcile Thoth tenant governance in customer Kubernetes clusters with the official thoth-operator.

Use the thoth-operator when you want Kubernetes-native, GitOps-friendly reconciliation of Thoth control-plane tenant configuration.

Source repository

GitHub: github.com/atensecurity/thoth-operator

What it reconciles

Tenant settings
MDM provider configuration
Pack assignments
Policy sync triggers
Optional governance evidence backfill jobs
Optional decision-field backfill jobs

Recommended deployment pattern

Use both infrastructure-as-code and operator workflows together:

Use Terraform/Pulumi providers for account-level and long-lived platform resources.
Use thoth-operator for cluster-local tenant bootstrap and day-2 reconciliation.
Use optional backfill blocks in ThothTenant when you need to recover evidence completeness after rollout changes.

Endpoint model

By default, the operator derives tenant endpoint URLs as:

https://grid.<tenant_id>.<apex_domain>

For most deployments, set tenantId and keep apexDomain=atensecurity.com.

Next steps

Previous

Versioning and Releases

Next

Kubernetes Operator

On this page

Source repository What it reconciles Recommended deployment pattern Endpoint model Next steps