Skip to content
GitHub stars
Infrastructure as Data

Your Database.
Your Infrastructure.

Lynq turns database records into Kubernetes resources. Automatically.

0resource types
0lifecycle policies
MySQLbuilt-in datasource
Kubernetes 1.28+cluster requirement
Apache 2.0open source license
Capabilities

Everything each row needs, handled

One database row in, a full set of reconciled Kubernetes resources out — with the controls to keep it safe.

node_configsMySQL
node_idis_active
acme-corp1
beta-inc1
gamma-llc0

Reads your database

Point Lynq at a MySQL table. Every row where activate is true becomes a managed node — no pipelines, no glue code.

Server-Side Apply

Resources are applied with SSA under the lynq field manager — Lynq owns exactly its fields and never clobbers the rest.

Dependency-aware ordering

Declare dependIds and Lynq builds a DAG, applying resources in topological order and waiting for readiness gates.

web-stack.yamlLynqForm
deployment:{{ .uid }}-app
service:{{ .uid }}-svc
ingress:{{ .uid }}-web
DeploymentServiceIngress

One template, every node

Write a LynqForm once. Your columns render into a full resource set per row — Deployments, Services, Ingresses, and more.

Every resource tracked

Each LynqNode reports ready, pending, failed, skipped, and conflicts — so you always know the real state, per row.

Lifecycle

Watch a Row Become a Running App

One database row, reconciled end to end — Lynq reads it, creates a LynqNode, applies the resources, and the app goes live.

How It Works

From Data to Resources in Seconds

A real operator session — apply the manifests, insert a row, deactivate another, and watch Lynq create and garbage-collect the matching Kubernetes resources. Only your database changes.

lynq — kubectl · zsh

Try it on Killercoda

The Problem

Your Database Knows. Your Cluster Doesn't.

The moment a row changes, the cluster is out of date — until someone runs kubectl. Lynq closes that gap continuously: the cluster is always a reflection of the database.

Safety & Control

Policies That Protect Your Cluster

Data-driven automation is only safe if it knows what not to touch. Every resource in a LynqForm carries three per-resource policies — each a guardrail against a specific way automation could do damage.

conflictPolicy
Another controller already owns this Service.
Stucksafe default

Halts and surfaces the conflict — overwrites nothing.

Forceopt-in

Takes ownership deliberately via SSA force=true.

deletionPolicy
A row is deactivated — is its data wiped with it?
Deletedefault

Removes the resource along with the row.

Retainkeeps data

Keeps the PVC — drops the ownerRef, adds an orphan marker.

creationPolicy
Every reconcile could re-run a one-time init Job.
WhenNeededdefault

Re-applies whenever the rendered spec drifts.

Onceruns once

Creates once, then never touches it again.

Rollout safety

A big update, without the thundering herd

A template edit, a bulk update, or a large insert can touch — or create — nodes across the whole graph at once, and doing them all together would stampede your API server. maxSkew caps how many change at a time. Pick a trigger, drag maxSkew, and watch it roll through the topology.

maxSkew4
YAMLweb-stack.yaml editedevery node re-renders → all reconcile
updating 0 / 4 updated 0 / 36 pending 36

A single template edit reconciles every node — a thundering herd that can melt the control plane if it all happens at once. maxSkew rolls it through a few at a time while the rest keep serving the current version. Drag maxSkew ↑ for a faster rollout, ↓ for a gentler one.

Observability

Catch Problems Before They Spread

15 Prometheus metrics, a pre-built Grafana dashboard, and 14 alert rules with runbooks. Whatever goes wrong — conflicts, failures, latency, a whole hub — the metric graphs it and the right alert pages you.

rate(lynqnode_conflicts_total[5m])Grafana · conflicts
alert if > 0.1/s for 10m
Alertmanager
LynqNodeNewConflictsDetectedinfo

New conflicts on acme-corp-web-stackresource_kind=Service.

LynqNodeHighConflictRatewarning

0.23 conflicts/sec on Service · policy=Stuck. Review naming templates.

The metric caught the drift and paged before it spread — no resource was overwritten.

Observe the Full Hub → Form → Node Graph

A web UI that shows live resource health, reconciliation events, and topology relationships — no kubectl required

localhost:8080/topology
Topology ViewHub → Form → Node hierarchy with live status
Resource HealthReady, pending, failed counts per node
Event StreamReconciliation events and error details per node
Quick Search⌘K to find any hub, form, or node instantly

Start Automating Infrastructure from Your Database

Requires Kubernetes and cert-manager. The quickstart provisions a full local environment — MySQL, Lynq, and sample resources — using automated setup scripts.