This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
keip (Kubernetes Enterprise Integration Patterns) is a Kubernetes operator that deploys Spring Integration routes as Kubernetes resources. It uses Metacontroller to watch IntegrationRoute custom resources, calls a Python webhook to generate Deployment/Service manifests, and manages the lifecycle of Spring Boot integration containers.
Three independently versioned artifacts in a monorepo:
webapp/— Python (3.11) webhook server (Starlette/Uvicorn) that handles Metacontroller sync requests and generates Kubernetes child resources. This is where most active development happens.operator/— Kubernetes manifests (CRD, CompositeController, RBAC) deployed via kustomize.keip-integration/— Default Java 21 Spring Boot container that runs the integration routes.
A root Makefile provides aggregate targets that delegate to sub-projects.
Python 3.11 required — the webapp uses logging.getLevelNamesMapping() (3.11+) and datetime.fromisoformat() with "Z" suffix (3.11+). On systems without python3.11 as default, set HOST_PYTHON=python3.11 make venv.
make venv # Create virtualenv and install deps (requires python3.11)
make test # Run pytest with coverage
make lint # Run ruff linter
make format # Run black formatter
make precommit # Run test + format + lint (use before committing)
make start-dev-server # Start uvicorn on :7080 with --reloadRun a single test or test file:
EXTRA_PYTEST_ARGS="-k test_function_name" make test
EXTRA_PYTEST_ARGS="core/test/test_sync.py" make test
EXTRA_PYTEST_ARGS="-vv --log-cli-level=DEBUG" make test # verbose with debug loggingmake deploy # Deploy all operator components via top-level kustomization
make undeploy # Remove all operator components
make prep-release # Generate install.yaml and per-component manifests to ./output/Users can also install without cloning: kubectl apply -f <release-url>/install.yaml or kubectl apply -k 'https://github.com/codice/keip/operator?ref=<tag>'.
mvn clean install # Build JAR and Docker image (uses Jib)
mvn verify # Run tests without installmake test-webapp # Run webapp tests
make lint-webapp # Lint webapp
make precommit-webapp # Full precommit check
make deploy-operator # Deploy operator to cluster
make build-keip-integration # Build Java appIntegrationRoute CR → Metacontroller → Webhook (Python) → Deployment + Service
(user) (watches CRDs) (sync.py logic) (child resources)
- User creates an
IntegrationRouteresource (keip.codice.org/v1alpha2, shortname:ir) - Metacontroller (v4.11.6) detects it via CompositeController
- Metacontroller POSTs to the webhook at
/webhook/sync core/sync.pygenerates a Deployment spec (mounting the route XML from a ConfigMap) and an actuator Service- Metacontroller applies the generated child resources
app.py— Starlette app entrypoint, CORS config, route and addon registrationconfig.py— Env var config (DEBUG,CORS_ALLOWED_ORIGINS,INTEGRATION_IMAGE)models.py— Pydantic models for request/response validationcore/sync.py— Core sync logic.VolumeConfigclass handles volume/mount generation. Key functions:_new_deployment(),_new_actuator_service(),_compute_status(),_gen_children()logconf.py— Logging config; readsLOG_LEVELenv var viaget_log_level_from_env()(useslogging.getLevelNamesMapping(), Python 3.11+)core/k8s_client.py— Kubernetes API client wrappers (used by deploy route)routes/webhook.py— Core Metacontroller webhook endpoint (build_webhook()factory)routes/deploy.py—/routeendpoint for direct deployment via K8s APIaddons/certmanager/— Optional cert-manager TLS integration addon (registered inapp.py)
kustomization.yaml— Top-level kustomization (references metacontroller, crd, controller)controller/composite-controller.yaml— Metacontroller CompositeController definitioncontroller/namespace.yaml— keip namespacecontroller/webhook-deployment.yaml— Webhook Deployment + Servicecontroller/core-privileges.yaml— RBAC (ServiceAccounts, Roles, ClusterRoles)controller/keip-controller-props.yaml— ConfigMap with default integration imagecrd/crd.yaml— IntegrationRoute CRD definition
| Variable | Default | Source | Purpose |
|---|---|---|---|
INTEGRATION_IMAGE |
keip-integration |
config.py |
Container image for integration routes |
CORS_ALLOWED_ORIGINS |
"" |
config.py |
Comma-separated allowed origins |
DEBUG |
false |
config.py |
Starlette debug mode |
LOG_LEVEL |
INFO |
logconf.py |
Python logging level (requires Python 3.11+) |
Tests live adjacent to source in test/ subdirectories with shared utilities in webapp/conftest.py:
webapp/core/test/— sync, status, k8s_client testswebapp/routes/test/— deploy, webhook, CORS, webapp integration testswebapp/addons/certmanager/test/— cert-manager addon tests
Uses pytest, httpx (for async HTTP testing), pytest-mock. Coverage is tracked via coverage to .test_coverage/.
GitHub Actions workflows in .github/workflows/:
webapp.yml— verify-versions → test → lint → build (PR) / release (main). Builds linux/amd64 + arm64.operator.yml— verify-versions → kustomize build (PR) / release (main)keip-integration.yml— verify-versions → Maven verify (PR) / release (main). Java 21.
- Python code formatted with black, linted with ruff
- Webapp uses Starlette (not Flask/FastAPI) as the ASGI framework with Pydantic for validation
- Kubernetes manifests managed with kustomize (no Helm)
- Container images published to
ghcr.io/codice - Operator namespace:
keip, metacontroller namespace:metacontroller