Skip to main content
The cpln operator command configures your Kubernetes cluster to work with the Control Plane operator. It creates the necessary secrets and service accounts for secure integration.

When to use this

ArgoCD integration

Set up credentials so ArgoCD can deploy to Control Plane

Operator authentication

Create the Kubernetes secret that grants operator access to your org

GitOps workflows

Enable Kubernetes-based CI/CD pipelines to manage Control Plane resources

Multi-cluster setup

Connect multiple Kubernetes clusters to a single Control Plane organization

Prerequisites

Install the Control Plane CLI. See Installation.
You need access to a Kubernetes cluster with permissions to create namespaces and secrets.
Ensure kubectl is configured and can communicate with your cluster.

Install the operator

Create the Kubernetes secret that grants the operator access to your organization: 
cpln operator install --serviceaccount <name>

Options

OptionDescription
--serviceaccount, -sService account name for the operator (required)
--serviceaccount-group, -gGroup to assign the service account to (default: superusers)
--exportOutput resources to stdout instead of applying them

Basic installation

cpln operator install \
  --serviceaccount k8s-operator \
  --org my-org
This command:
  1. Creates the service account k8s-operator if it doesn’t exist
  2. Assigns it to the superusers group
  3. Generates an authentication key
  4. Creates a Kubernetes secret in the controlplane namespace

Specify a group

Assign the service account to a specific group: 
cpln operator install \
  --serviceaccount k8s-operator \
  --serviceaccount-group operators \
  --org my-org
Use a group with limited permissions for production clusters. The superusers group has full access.

Export for review

Preview the Kubernetes resources without applying: 
cpln operator install \
  --serviceaccount k8s-operator \
  --export \
  --org my-org
You can save and apply them manually: 
cpln operator install --serviceaccount k8s-operator --export --org my-org > operator-secret.yaml
kubectl apply -f operator-secret.yaml

Uninstall the operator

Remove the operator secret from your cluster: 
cpln operator uninstall --org my-org
This:
  1. Finds the secret in the controlplane namespace (identified by annotation)
  2. Deletes the secret
  3. Exits with code 0 if the secret doesn’t exist
The service account in Control Plane is not deleted. Remove it separately if needed.

Troubleshooting

A secret with the organization name already exists but wasn’t created by the operator. Either:
  • Delete the existing secret manually
  • Use a different organization name
Ensure your kubectl context has permissions to create secrets in the controlplane namespace:
kubectl auth can-i create secrets --namespace controlplane
Create the controlplane namespace if it doesn’t exist:
kubectl create namespace controlplane

Next steps

Convert K8s Manifests

Convert Kubernetes resources to Control Plane

Apply YAML Manifests

Deploy resources from YAML files

Service Accounts

Manage service account permissions

Command Reference

Full operator command reference