Developer Portal APIs and Controllers for Kubernetes-based API management.
The Developer Portal Controller provides Kubernetes Custom Resource Definitions (CRDs) for managing API products and API keys in a developer portal ecosystem. It integrates with Kuadrant and Gateway API to provide a complete API lifecycle management solution.
The APIProduct resource represents an API offering in the developer portal. It references an HTTPRoute and can include documentation, contact information, and usage plans.
apiVersion: devportal.kuadrant.io/v1alpha1
kind: APIProduct
metadata:
name: toystore-api
namespace: default
spec:
displayName: "Toystore API"
description: "A comprehensive API for managing toy inventory, orders, and customer data"
version: "v1"
approvalMode: manual
publishStatus: Published
tags:
- retail
- inventory
- e-commerce
targetRef:
group: gateway.networking.k8s.io
kind: HTTPRoute
name: toystore-route
documentation:
openAPISpecURL: "https://api.example.com/toystore/openapi.yaml"
swaggerUI: "https://api.example.com/toystore/docs"
docsURL: "https://docs.example.com/toystore"
gitRepository: "https://github.com/example/toystore-api"
techdocsRef: "url:https://github.com/example/toystore-api"
contact:
team: "Platform Team"
email: "[email protected]"
slack: "#api-support"
url: "https://example.com/support"
status:
observedGeneration: 1
discoveredPlans:
- tier: gold
limits:
custom:
- limit: 10000
window: "3600s"
- tier: silver
limits:
daily: 1000
weekly: 7000
monthly: 10000
- tier: bronze
limits:
daily: 100
weekly: 700
monthly: 1000
openapi:
raw: |
openapi: 3.0.0
info:
title: Toystore API
version: 1.0.0
...
lastSyncTime: "2025-12-09T10:00:00Z"
conditions:
- type: Ready
status: "True"
reason: APIProductReady
message: APIProduct is ready
lastTransitionTime: "2025-12-09T10:00:00Z"
- type: PlanPolicyDiscovered
status: "True"
reason: PlanPolicyFound
message: Successfully discovered plan policies from HTTPRoute
lastTransitionTime: "2025-12-09T10:00:00Z"displayName(required): Human-readable name for the API productdescription: Detailed description of the API productversion: API version (e.g., v1, v2)approvalMode: Whether access requests are auto-approved (automatic) or require manual review (manual)publishStatus: Controls visibility in the catalog (DraftorPublished)tags: List of tags for categorization and searchtargetRef: Reference to the HTTPRoute that this API product representsdocumentation: API documentation links (OpenAPI spec, Swagger UI, docs URL, git repository, techdocs)contact: Contact information for API owners (team, email, Slack, URL)
observedGeneration: Generation of the most recently observed specdiscoveredPlans: List of plan policies discovered from the HTTPRouteopenapi: OpenAPI specification fetched from the API with sync timestampconditions: Current state conditions (Ready, PlanPolicyDiscovered)
The APIKey resource represents a developer's request for API access. It includes information about the requester, the desired plan tier, and the use case.
apiVersion: devportal.kuadrant.io/v1alpha1
kind: APIKey
metadata:
name: toystore-apikey
namespace: default
labels:
app.kubernetes.io/name: developer-portal-controller
app.kubernetes.io/managed-by: kustomize
spec:
apiProductRef:
name: toystore-api
planTier: gold
useCase: "Authentication key for our Toystore API integration"
requestedBy:
userId: user-12345
email: [email protected]
status:
phase: Approved
apiHostname: api.example.com
reviewedBy: [email protected]
reviewedAt: "2025-12-09T10:30:00Z"
limits:
daily: 1000
secretRef:
name: toystore-apikey-secret
key: api-key
canReadSecret: true
conditions:
- type: Ready
status: "True"
reason: APIKeyReady
message: APIKey has been approved and secret created
lastTransitionTime: "2025-12-09T10:30:00Z"apiProductRef(required): Reference to the APIProduct this APIKey belongs toplanTier(required): Tier of the plan (e.g., "gold", "silver", "bronze", "premium", "basic")useCase(required): Description of how the API key will be usedrequestedBy(required): Information about the requesteruserId: Identifier of the user requesting the API keyemail: Email address of the user (validated with regex pattern)
phase: Current phase of the APIKey (Pending,Approved, orRejected)apiHostname: Hostname from the HTTPRoutereviewedBy: Who approved or rejected the requestreviewedAt: Timestamp when the request was reviewedlimits: Rate limits for the plansecretRef: Reference to the created Secret containing the API keyname: Name of the secretkey: Key within the secret
canReadSecret: Permission to read the APIKey's secret (default: true)conditions: Latest observations of the APIKey's state
Dev env
make kind-create-cluster
make install
make gateway-api-install
make kuadrant-core-installDeploy controller
make local-deploy- Create an HTTPRoute for your API
- Create a PlanPolicy to define rate limits and tiers
- Create an APIProduct referencing the HTTPRoute
- Create an APIKey resource referencing the APIProduct
- If
approvalModeismanual, wait for approval - Once approved, the secret will be created with the API key
- Use the key from the secret to authenticate API requests
# List APIProducts
kubectl get apiproducts
# List APIKeys (shortname: apik)
kubectl get apik
# View APIKey details with phase and plan
kubectl get apik -o wide
# Describe an APIKey to see status details
kubectl describe apikey toystore-apikeyCopyright 2025.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.