Quickstart
Get OpenControlPlane running on your local machine in under 10 minutes. By the end, you'll have a platform that hands out managed ControlPlanes with the capability for teams to request Flux.
ocpctl is the CLI for managing OpenControlPlane environments locally and in production. It is under active development. Some commands and flags may change.
What You'll Build
OpenControlPlane creates three clusters that work together:
| Cluster | Who uses it | Purpose |
|---|---|---|
| 🟢 Platform | Platform operators | Runs platform services, cluster providers, and service providers |
| 🔵 Onboarding | End users (teams) | API surface where teams create ControlPlanes |
| 🟣 ControlPlane | End users (teams) | One per team, isolated workspace with requested services |
The separation ensures end users never touch infrastructure. They interact only with the Onboarding cluster to request resources, and their services appear on their own ControlPlane cluster.
Prerequisites
- Docker running (8 GB RAM allocated to it)
- Go installed
kubectlCLI installedkindCLI installedfluxCLI installed- ~10 minutes
Install ocpctl
go install github.com/openmcp-project/ocpctl@v0.1.0-alpha.1
Or download a pre-built binary from the releases page.
Step 1: Start the platform
ocpctl env apply local
This takes a few minutes. It creates a local Kind-based environment with the full OpenControlPlane stack: openmcp-operator, cluster-provider-kind, plus an onboarding cluster.
Verify the platform is running:
Apply to Platform Cluster
kubectl config use-context kind-local-platform
kubectl get pods -n openmcp-system
You should see these pods in Running state:
NAME READY STATUS RESTARTS AGE
cp-kind-66fbf7d448-bd5xg 1/1 Running 0 72s
cp-kind-init-2zl9x 0/1 Completed 0 83s
openmcp-operator-d5c547c75-w5ngg 1/1 Running 0 2m3s
ps-managedcontrolplane-9c848d7bc-49czl 1/1 Running 0 51s
ps-managedcontrolplane-init-d7v4k 0/1 Completed 0 84s
Install service-provider-flux
This guide uses Flux as an example managed service that teams can request for their ControlPlane. Managed service options are added to the platform as ServiceProviders.
Apply to Platform Cluster
flux install
kubectl apply -f - <<EOF
apiVersion: openmcp.cloud/v1alpha1
kind: ServiceProvider
metadata:
name: flux
namespace: openmcp-system
spec:
image: ghcr.io/openmcp-project/images/service-provider-flux:v0.2.0
EOF
Configure allowed Flux versions
Once ServiceProvider Flux is running, apply a ProviderConfig to define which Flux versions end users may install:
Apply to Platform Cluster
kubectl apply -f - <<EOF
apiVersion: flux.services.openmcp.cloud/v1alpha1
kind: ProviderConfig
metadata:
name: flux
spec:
versions:
- version: "2.8.3"
chartVersion: "2.18.2"
chartUrl: "oci://ghcr.io/fluxcd-community/charts/flux2"
EOF
This controls exactly which versions teams can request in Step 3. Add more entries to the versions list to offer additional versions.
You might receive the following error message:
error: resource mapping not found for name: "flux" namespace: "" from "STDIN": no matches for kind "ProviderConfig" in version "flux.services.openmcp.cloud/v1alpha1"
ensure CRDs are installed first
Please wait for a couple of seconds and then try again. Continue when the output says: providerconfig.flux.services.openmcp.cloud/flux created.
Step 2: Create a ManagedControlPlane
Now switch to the end-user perspective. A team wants their own ControlPlane.
First, export the onboarding cluster's kubeconfig so kubectl can reach it:
kind export kubeconfig --name local-onboarding
See the ManagedControlPlaneV2 reference for the full API.
Apply to Onboarding API
kubectl config use-context kind-local-onboarding
kubectl apply -f - <<EOF
apiVersion: core.openmcp.cloud/v2alpha1
kind: ManagedControlPlaneV2
metadata:
name: my-controlplane
namespace: default
spec:
iam: {}
EOF
Wait for it to become ready:
kubectl get managedcontrolplanev2 my-controlplane -w
Once provisioning completes, you will see:
NAME PHASE
my-controlplane Ready
The platform has provisioned an isolated ControlPlane cluster.
Step 3: Request Flux as a service
The team wants Flux installed on their ControlPlane:
Apply to Onboarding API
kubectl config use-context kind-local-onboarding
kubectl apply -f - <<EOF
apiVersion: flux.services.openmcp.cloud/v1alpha1
kind: Flux
metadata:
name: my-controlplane
namespace: default
spec:
version: 2.8.3
EOF
ServiceProvider Flux on the platform cluster detects this request and installs Flux into the ControlPlane cluster automatically.
To verify Flux is running on the ControlPlane, we connect to the ControlPlane cluster by exporting the kubeconfig to our current kube context.
The name of this ControlPlane is always unique. Therefore we need to copy the name of the ControlPlane cluster by executing:
kind get clusters
local-onboarding
local-platform
mcp-ad2klitc.f52190f9 <- copy name of ControlPlane
And export the kubeconfig to your current kube context:
kind export kubeconfig --name <name of ControlPlane>
Apply to ControlPlane Cluster
kubectl get pods -n flux-system
You should see Flux controllers running:
NAME READY STATUS RESTARTS AGE
helm-controller-8564d95f86-6kxlg 1/1 Running 0 2m8s
image-automation-controller-5c484478c6-jj29p 1/1 Running 0 2m8s
image-reflector-controller-5875745f59-b9cp4 1/1 Running 0 2m8s
kustomize-controller-7587bc49f9-m47nv 1/1 Running 0 2m8s
notification-controller-d7d89cdb9-sht7p 1/1 Running 0 2m8s
source-controller-7f6f4dd77d-vmxvv 1/1 Running 0 2m8s
The team now has a fully functional control plane with Flux, provisioned through a simple API request.
Clean up
ocpctl env delete local
Removes all Kind clusters and resources created by ocpctl env apply local.
Next Steps
Your platform is running. Here's what to explore next:
- Add more services — beyond Flux, you can offer Crossplane, External Secrets Operator, Velero, and more to your teams. Each service is a
ServiceProviderdeployed on the platform cluster. - Deploy on real infrastructure — follow the Production Setup guide to run OpenControlPlane on Gardener.
- Manage team access — learn how Projects and Workspaces let you organize teams and
ControlPlanes.