kardinal-promoter¶
GitOps promotion pipelines with visible policy gates and PR evidence.
kardinal-promoter is a Kubernetes-native controller that automates software promotion through environments (test → uat → prod) using a DAG of promotion steps, CEL-based policy gates, and structured PR evidence. All state lives in Kubernetes CRDs — no external database, no lock-in.
-
Get started in 5 minutes
Install kardinal-promoter, apply a Pipeline, create a Bundle, watch it promote.
-
Policy gates
Block production deployments on weekends, require soak time, enforce team approvals — all in CEL.
-
DAG pipelines
Every promotion is a directed acyclic graph. Fan-out to parallel environments, gate on any condition.
-
PR evidence
Every prod promotion opens a PR with structured evidence: image digest, CI run, gate results, soak time.
Why kardinal-promoter?¶
| Feature | kardinal | Kargo | GitOps Promoter |
|---|---|---|---|
| DAG promotion pipelines | ✅ | ❌ linear only | ❌ linear only |
| CEL policy gates with kro library | ✅ | basic | ❌ |
| PR evidence body (structured) | ✅ | ❌ | ✅ basic |
| GitOps-agnostic (ArgoCD + Flux) | ✅ | ArgoCD only | Flux only |
| Auto-rollback on health failure | ✅ | ❌ | ❌ |
Contiguous healthy soak (bake.minutes) | ✅ | ❌ elapsed only | ❌ elapsed only |
| Wave topology for multi-region rollouts | ✅ | ❌ | ❌ |
Change freeze management (ChangeWindow CRD) | ✅ | ❌ | ❌ |
| Pre-deploy gate type | ✅ | ❌ | ❌ |
| DORA metrics built-in | ✅ | ❌ | ❌ |
| Integration test step | ✅ | ❌ | ❌ |
| Emergency override with audit record | ✅ | ❌ | ❌ |
| Cross-stage history in gates | ✅ | ❌ | ❌ |
| Graph-first architecture (krocodile) | ✅ | ❌ | ❌ |
Quick install¶
Since v0.6.0, kardinal-promoter bundles the krocodile Graph controller — a single Helm install is all you need.
# 1. Create GitHub token secret
kubectl create secret generic github-token \
--namespace kardinal-system \
--from-literal=token=$GITHUB_PAT
# 2. Install kardinal-promoter (includes krocodile Graph controller)
helm install kardinal-promoter oci://ghcr.io/pnz1990/charts/kardinal-promoter \
--namespace kardinal-system \
--create-namespace \
--set github.secretRef.name=github-token
# 3. Verify
kardinal version
See Installation for full prerequisites and configuration.
How it works¶
graph LR
CI["CI pushes image"] --> Bundle["Bundle CRD created"]
Bundle --> Graph["kro Graph\n(promotion DAG)"]
Graph --> Test["test\nauto-promote"]
Test --> UAT["uat\nauto-promote"]
UAT --> Gate["PolicyGate\nCEL expression"]
Gate --> Prod["prod\nPR required"]
Prod --> Done["Verified ✅"]- CI creates a Bundle with the new image reference and provenance
- The controller translates the Bundle + Pipeline into a kro DAG Graph
- The Graph advances through environments, running steps (image update → PR → health check)
- PolicyGates block or allow promotion based on CEL expressions
- A PR is opened for human review at gated environments, with full evidence
Key concepts¶
- Bundle — an immutable deployment unit created by CI
- Pipeline — defines environments, update strategy, and SCM config
- PolicyGate — a CEL expression that blocks or allows promotion
- PromotionStep — per-environment promotion progress