feat(compiler): emit OperatorContext CR on bootstrap (GAP-B1)#46
Merged
Conversation
Without an OperatorContext CR the OperatorContextWatcher defaults to
full-delegation, allowing conductor to act at maximum autonomy on a
fresh cluster with no governance gate. Emit ctx-{cluster}.yaml from
compileBootstrap with autonomyLevel=observe-only so every bootstrapped
cluster starts from the safest A(T) boundary; admin promotes explicitly.
Adds TestBootstrap_EmitsOperatorContextCR to verify CR output.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
compileBootstrapnow emitsctx-{cluster}.yaml(OperatorContext CR) inont-systemwithautonomyLevel: observe-onlyOperatorContextWatcherdefaults tofull-delegation-- conductor acts at maximum autonomy on fresh clusters with zero governance gatelab/Pre-ccs-test-closure.md; ccs-test bootstrap is unblockedKBCL classification
Without OperatorContext, B selection is unbounded -- conductor reconciles all health-loop decisions (defrag, node re-enrollment, PKI rotation) without any approval gate. This violates the A(T) boundary for a fresh cluster. The fix establishes
observe-onlyas the safe bootstrap default; admin promotes todelegatedorfull-delegationafter explicit validation.Test plan
TestBootstrap_EmitsOperatorContextCR-- CR output file present,autonomyLevel=observe-only,clusterRefs=[{cluster}]TestBootstrap_ProducesExpectedOutputFiles--ctx-{cluster}.yamlin expected file list./cmd/compiler/...tests PASS