Kaphera EDC Enablement Operator

A Kubernetes operator that manages the shared infrastructure services every EDC deployment needs (PostgreSQL via CNPG, HashiCorp Vault, NATS, and Keycloak) so the EDC operator can focus purely on connector workloads.

What it is

A Kubernetes operator that manages the shared infrastructure services every EDC deployment needs: PostgreSQL (via CNPG), HashiCorp Vault (via Bank-Vaults), NATS, and Keycloak. Written in Rust using kube-rs. Part of the EDC operator family (enablement.edc.kaphera.cloud API group), it handles infrastructure lifecycle so that the kaphera-edc-operator can focus purely on connector workloads.

What it does for the customer

Eliminates the need to manually provision and manage the supporting services that EDC Connectors depend on. Instead of configuring database clusters, secrets engines, message brokers, and identity providers separately, teams declare what they need through Kubernetes custom resources and the operator handles lifecycle management: creation, configuration, health monitoring, and teardown. A team that previously spent weeks building bespoke infrastructure automation for each client gets declarative resources that can be templated and reused across every project.

Who it serves

lars-hoffmann is the builder who deploys connector infrastructure for clients. The operator turns per-client infrastructure setup into declarative, reusable Kubernetes resources he can template across projects and hand to colleagues without a two-hour knowledge transfer.

marco-ferretti is the white-label partner whose engineering team needs reliable infrastructure provisioning under their branded offering without building it from scratch.

dirk-wassermann is the enterprise leader running EDC on private infrastructure. His team is Kubernetes-literate but not EDC specialists; the operator handles the infrastructure layer they would otherwise have to build and maintain themselves.

Why this licence: Apache 2.0

Infrastructure management is commodity work that every team deploying EDC must solve. Open-sourcing it removes a barrier that currently forces teams to build bespoke infrastructure automation for every project. There is no competitive advantage in keeping database and secrets management proprietary; the value is in what runs on top: the kaphera-cloud-operator and kaphera-cloud-server.

How it relates to other artefacts

Sits between the kaphera-edc-operator (which manages connector workloads) and the kaphera-cloud-operator (which manages organisational context). The EDC Operator’s CRDs reference resources created by this operator: a PostgresDatabase for the connector’s state store, a VaultKvMount for its secrets. The [[kaphera-cli|kaphera CLI]] and kaphera-cloud-terraform-provider can manage its resources directly via the Kubernetes backend, with no server dependency. Together with the EDC Operator, it forms the complete open-source foundation that any team can run independently.

Related

• kaphera-edc-operator: the connector-workload operator this provides infrastructure to.
• kaphera-cloud-operator: the organisational layer that sits above this operator.
• lars-hoffmann: the platform engineer who templates declarative infra resources across client projects.
• marco-ferretti: the white-label partner whose branded service runs on this infra layer.
• dirk-wassermann: the BYOC enterprise lead whose Kubernetes-literate team relies on this to avoid building EDC infra by hand.