This package is a buildable OpenShift-style compatibility layer for dylanwongtencent/rusternetes. It now includes a runnable console module, a seeded mock OpenShift environment, Kubernetes core API compatibility endpoints, OpenShift API primitives, OAuth-style login, local telemetry, and CRDs/manifests for Rusternetes integration.
- No-dependency Rust HTTP server implementing OAuth discovery, token issue, bearer authentication, user identity,
/api/v1,/apis/..., console APIs, telemetry APIs, and object persistence. - PatternFly-based OpenShift-style console SPA at
/console/, with Administrator and Developer perspectives, OpenShift masthead/sidebar layout, OperatorHub, Installed Operators, Operator details, and UIPlugin management. - Mock environment enabled by default, seeded with realistic namespaces/projects, nodes, pods, deployments, services, routes, secrets, service accounts, RBAC, builds, imagestreams, events, OperatorHub packages, installed Operators, UIPlugins, monitoring objects, Tekton, Knative, and console configuration objects.
- Console operations for list/create/view/edit/update/patch/delete/delete collection/export/filter/YAML apply/scale/status/logs/events/exec/attach/port-forward/token/build-start/build-clone/rollback/mock-reset/telemetry.
- CRDs that let Rusternetes expose OpenShift primitives through its CRD fallback API server.
- Bootstrap objects for Projects, OAuthClients, SecurityContextConstraints, Authentication/OAuth config objects, ClusterVersion, ClusterOperators, and console resources.
- Example manifests for Route, BuildConfig, DeploymentConfig, and ProjectRequest.
The console is no longer only a themed shell. It is a dependency-free SPA that talks directly to the compatibility API server using the same bearer token as oc-style requests.
| Console area | Supported functionality |
|---|---|
| Authentication | Username/password login against /oauth/token, token persistence, logout, current user read from /apis/user.openshift.io/v1/users/~ |
| Project / namespace management | Namespace selector, Project and Namespace CRUD, ProjectRequest creation, mock reset, cross-resource search |
| Workloads | Pods, Deployments, DeploymentConfigs, ReplicaSets, StatefulSets, DaemonSets, Jobs, CronJobs; view/edit/delete/scale/status/logs/events/exec/rollback/start actions where applicable |
| Networking | Services, Routes, Ingresses, NetworkPolicies, Endpoints, EndpointSlices; create/edit/delete/status/export/filter |
| Storage | PVCs, PVs, StorageClasses |
| Config and security | Secrets, ConfigMaps, ServiceAccounts, TokenRequest, Roles, RoleBindings, ClusterRoles, ClusterRoleBindings, SCCs, Users, Groups, OAuth clients/tokens |
| Builds and images | BuildConfigs, Builds, build instantiate, build clone, build logs, ImageStreams, ImageStreamTags, Images, Templates |
| Operators and extensions | OperatorHub, PackageManifests, CatalogSources, OperatorGroups, Subscriptions, InstallPlans, ClusterServiceVersions, Operator details tabs, UIPlugins, Console plugins/notifications/quick starts/CLI downloads/log links |
| Observe and telemetry | Events, HPA, PDB, PodMonitors, Probes, PrometheusRules, ServiceMonitors, AlertmanagerConfigs, MonitoringStacks, local telemetry summary, local telemetry event stream, telemetry enable/disable |
| Developer perspective | Topology view, +Add deploy form, project workloads, builds, pipelines, serverless, YAML editor, terminal command builder |
| API explorer | Discovers /api/v1 and /apis resources and adds generic browser entries for discovered resources not hardcoded in the UI |
The server exposes both Kubernetes core APIs and OpenShift API groups:
| API group | Resources included |
|---|---|
core/v1 via /api/v1 |
namespaces, nodes, pods, pods/log, pods/exec, pods/attach, pods/portforward, pods/eviction, services, serviceaccounts, serviceaccounts/token, secrets, configmaps, events, endpoints, persistentvolumeclaims, persistentvolumes, resourcequotas, limitranges |
apps/v1 |
deployments, deployments/scale, replicasets, statefulsets, daemonsets |
batch/v1 |
jobs, cronjobs |
networking.k8s.io/v1 |
ingresses, networkpolicies |
discovery.k8s.io/v1 |
endpointslices |
storage.k8s.io/v1 |
storageclasses |
rbac.authorization.k8s.io/v1 |
roles, rolebindings, clusterroles, clusterrolebindings |
autoscaling/v1 |
horizontalpodautoscalers |
policy/v1 |
poddisruptionbudgets |
apiextensions.k8s.io/v1 |
customresourcedefinitions |
route.openshift.io/v1 |
routes, routes/status |
build.openshift.io/v1 |
buildconfigs, buildconfigs/instantiate, buildconfigs/instantiatebinary, builds, builds/log, builds/clone |
apps.openshift.io/v1 |
deploymentconfigs, deploymentconfigs/status, deploymentconfigs/scale, deploymentconfigs/rollback, deploymentconfigs/instantiate |
image.openshift.io/v1 |
imagestreams, imagestreamtags, images |
template.openshift.io/v1 |
templates |
project.openshift.io/v1 |
projects, projectrequests |
security.openshift.io/v1 |
securitycontextconstraints |
oauth.openshift.io/v1 |
oauthclients, oauthaccesstokens, oauthauthorizetokens, useroauthaccesstokens |
user.openshift.io/v1 |
users, groups, identities, users/~ |
config.openshift.io/v1 |
authentications, oauths, ingresses, clusterversions, clusteroperators, consoles |
operator.openshift.io/v1 |
ingresscontrollers |
operators.coreos.com/v1 and operators.coreos.com/v1alpha1 |
operatorgroups, catalogsources, subscriptions, installplans, clusterserviceversions |
packages.operators.coreos.com/v1 |
packagemanifests |
monitoring.coreos.com/v1 and monitoring.coreos.com/v1alpha1 |
podmonitors, probes, prometheusrules, servicemonitors, alertmanagerconfigs |
monitoring.rhobs/v1alpha1 |
monitoringstacks |
observability.openshift.io/v1alpha1 |
uiplugins |
tekton.dev/v1 |
pipelines, pipelineruns |
serving.knative.dev/v1 |
services |
console.openshift.io/v1 |
consoles, consoleplugins, consolenotifications, consolequickstarts, consoleclidownloads, consoleexternalloglinks |
The CRDs preserve unknown fields so canonical OpenShift YAML can round-trip through Rusternetes even when a field is not interpreted by this compatibility server.
cargo check
cargo run -p rusternetes-openshift-compat -- \
--bind 127.0.0.1:8443 \
--issuer http://127.0.0.1:8443 \
--mockOpen the console:
http://127.0.0.1:8443/console/
Default development login:
kubeadmin / kubeadmin
Override it with:
export OPENSHIFT_ADMIN_USER=admin
export OPENSHIFT_ADMIN_PASSWORD='change-me'Mock mode is enabled by default. Disable it with:
cargo run -p rusternetes-openshift-compat -- --no-mock
# or
OPENSHIFT_COMPAT_MOCK=false ./scripts/dev-run.sh./scripts/smoke-test.shThe smoke test verifies health, PatternFly console asset serving, OAuth password grant, users/~, Kubernetes /api/v1 discovery, namespaces, pods, Operator CSVs, UIPlugins, pod logs, pod exec, attach, port-forward, service account token request, deployment scaling, route create/status, build instantiate, console summary, telemetry write/read, and mock-environment status.
Rusternetes already has CRD handling and serves a web console from the API server. Apply the CRDs and bootstrap objects to expose OpenShift resource primitives through Rusternetes:
export KUBECONFIG=~/.kube/rusternetes-config
./scripts/install-crds.sh
kubectl api-resources | grep openshift.io
kubectl apply -f manifests/examples/route.yaml
kubectl get routes.route.openshift.io -n defaultCopy the console overlay into a cloned Rusternetes checkout:
./scripts/copy-console-overlay.sh /path/to/rusternetesFor the standalone OAuth/console server, run:
./scripts/dev-run.shpodman build -t rusternetes-openshift-compat:local -f Containerfile .
podman run --rm -p 8443:8443 \
-e OPENSHIFT_ADMIN_PASSWORD=kubeadmin \
-e OPENSHIFT_COMPAT_MOCK=true \
rusternetes-openshift-compat:local \
--bind 0.0.0.0:8443 --issuer http://127.0.0.1:8443This is working code and the included smoke test passes in this package. It is not a Red Hat OpenShift distribution and has not been certified against OpenShift conformance, payload, CVO, OAuth, router, build-controller, image-registry, monitoring, telemetry, Insights, or SCC admission test suites. The package provides broad OpenShift-compatible API shapes, a functional console, and mock/test fixtures; production-grade parity still requires Rusternetes or additional controllers/operators to reconcile the real cluster behavior behind those APIs.