Pepr 1.0: A Production-Grade Kubernetes Operator and Admission Controller

Casey Wylie's profile picture
Casey Wylie
Engineer

At Defense Unicorns, we're not just integrators; we're builders. When our engineers recognized the need for a better Kubernetes operator and admission controller, we began building Pepr as an open-source project in early 2023.

Fast-forward to today, and we're proud to announce the release of Pepr version 1.0!

Pepr 1.0: A Production-Grade Kubernetes Operator and Admission Controller

What is Pepr?

Pepr is a set of building blocks for automating how Kubernetes behaves, making it easier to enforce rules and manage what happens in a Kubernetes cluster. You can think of it as a cross between Operator SDK and Kyverno, combining the automation of Operators with policy control in a single TypeScript-based framework.

Instead of manually managing thousands of YAML knobs, switches, and configuration files every time you deploy an application, you program that logic once into a Pepr module. The automation eliminates many of the manual steps that slow teams down, things like configuration policies, wiring integrations, managing observability, and securing workloads.

With Pepr, tasks like that can be automated, reducing integration time down to minutes and ensuring every deployment meets security and compliance standards by default.

Eliminating Configuration Fatigue

From then on, every configuration is consistent, automatic, and repeatable—no matter how many times you deploy, no matter who is deploying. That means:

  • No fatigue from reapplying the same policies by hand.
  • No drift caused by inconsistent human execution.
  • Every workload is deployed with the same rigor, speed, and security.

Pepr turns what used to be an endless checklist of manual configurations into deterministic automation baked into the Kubernetes cluster.

Why We Made Pepr

Building operators and admission controllers the traditional way often means dropping down into client-go or heavy frameworks. That involves writing tons of low-level Go code just to make Kubernetes listen and respond the way you want. It requires a deep understanding of Kubernetes internals and a lot of boilerplate just to get started.

With Pepr, we've changed the model:

  • If you can do it with kubectl or a Kubernetes manifest, you can do it in Pepr.
  • Instead of writing low-level Go code, you express intent in fluent TypeScript, mapping directly to the operations and policies you already know.
  • Pepr takes care of the scaffolding: it generates manifests, webhook configurations, certs, and RBAC automatically.
  • You don't need to be a client-go expert to write a controller. You just focus on the Kubernetes behaviors you want, and Pepr ensures they are automated, repeatable, and resistant to error.

Why Pepr 1.0 is a Significant Milestone

Pepr has been stable, battle-tested, and running in production since its early releases. Version 1.0 isn't about reaching stability, it's about recognizing it. With over 150 releases since late 2023 and proven use at scale in mission-critical systems as part of UDS Core, Pepr has demonstrated its ability to handle real-world demands.

This 1.0 release marks a commitment to maturity and predictability: a stable API surface, semantic versioning for consumers, and clear expectations for how future changes are introduced, allowing teams to build with confidence.

What Makes Pepr Special

Custom informer system with reconcile queues

Pepr tracks and reacts to changes in Kubernetes resources using its own lightweight informer layer. This means faster, more efficient event handling without relying on external controllers, enabling real-time, predictable automation.

Built-in scheduler and ETCD-backed store for stateful automation

Pepr includes a simple scheduler and uses ETCD to persist data between events. Your automations can retain state and timing across restarts or across multiple replicas, making it easy to build reliable stateful workflows.

Support for advanced Kubernetes features

Pepr natively supports deeper parts of the Kubernetes API, including subresources (Proxy, Scale), status, finalize, and log streaming. You can scale, cleanup with finalizers, stream logs, and handle proxy requests, all without needing to dig into low-level client-go code.

Deterministic automation

Once your logic is written, Pepr ensures it runs exactly the same way every time. This eliminates "it worked on my dev machine" and human error/fatigue scenarios, with automation behaving identically across clusters.

Life with Pepr: Automating Kubernetes workflows

Get Started with Pepr

Ready to eliminate configuration drift and automate your Kubernetes workflows? Visit the Pepr documentation to learn more, or check out the project on GitHub.

For questions or support, reach out to us at hello@defenseunicorns.com.

About Defense Unicorns

Defense Unicorns is a service-disabled veteran-owned defense technology company founded in 2021 to make software a strategic deterrent for the U.S. Department of War. The company builds open-source, airgap-native technologies that enable the secure development, delivery, and sustainment of mission software across cloud, on-premises, and tactical edge environments. Learn more at https://defenseunicorns.com.

Related Articles

Defense Unicorns Joins U.S. Navy's CANES Next Gen Modernization Effort
Defense Unicorns Joins U.S. Navy's CANES Next Gen Modernization Effort
From Six Months to Two Days: Accelerating ATO for Navy and Beyond
From Six Months to Two Days: Accelerating ATO for Navy and Beyond
Rethinking Software Delivery for the Warfighter
Rethinking Software Delivery for the Warfighter