Hanzo Operator
Declarative orchestration for every Hanzo service
One Kubernetes operator that knows IAM, KMS, Base, Gateway, Ingress, and the rest of the stack. Apply a CRD, get a fully wired, promotion-gated, audit-ready deployment.
The Stack, Reconciled
A single control loop owns the full lifecycle of every Hanzo service.
Service-Aware CRDs
First-class types for IAM apps, KMS projects, Base instances, and the rest. No raw YAML for every config knob.
KMS-First Secrets
KMSSecret resources sync from kms.hanzo.ai into the cluster. No plaintext secrets in git, ever.
Promotion Gates
Dev auto-promotes. Testnet/main require explicit approval. Soak time and health checks enforced before cutover.
Reconcile Loop
Continuous drift detection. Cluster state always converges back to the declared spec. Self-healing by design.
Cross-Service Wiring
Operator wires app to IAM client, KMS project, ingress route, and observability sink in one apply.
GitOps Native
kustomize-friendly. Works with Argo CD and Flux. Manifests are the source of truth.