dispatcher is the pack delivery operator for the ONT platform. It owns the full pack lifecycle: registration, gatekeeper enforcement, Kueue Job submission, and delivery state tracking.
API group: seam.ontai.dev Status: Alpha Module: github.com/ontai-dev/dispatcher
All five types are registered under seam.ontai.dev/v1alpha1.
| Kind | Short name | Scope | Purpose |
|---|---|---|---|
| PackDelivery | pd | Namespaced | Pack registration record. Immutable after creation. |
| PackExecution | pe | Namespaced | Runtime delivery request for one pack to one cluster. |
| PackInstalled | pi | Namespaced | Delivered state of a pack on a target cluster. |
| PackReceipt | pr | Namespaced | Delivery acknowledgement written by conductor after signature verification. |
| PackLog | pl | Namespaced | Immutable result record written by the Conductor execute-mode Job. |
Full field reference: docs/dispatcher-schema.md
dispatcher is a thin reconciler. It does not contain execution logic.
PackDeliveryReconciler (internal/controller/clusterpack_reconciler.go)
Watches PackDelivery CRs. On each reconcile it enforces spec immutability via a checksum snapshot annotation, waits for the conductor signing loop to set status.signed=true, then creates one PackExecution per target cluster in the corresponding seam-tenant-{cluster} namespace. On deletion it removes derived PackInstalled and PackExecution objects and clears DriftSignals before releasing the finalizer.
PackExecutionReconciler (internal/controller/packexecution_reconciler.go)
Watches PackExecution CRs. Runs a six-gate check before submitting any Kueue Job:
- Gate 0: ConductorReady -- RunnerConfig in
ont-systemhas at least one published capability. - Gate 1: Signature -- PackDelivery
status.signed=true. - Gate 2: Revocation -- PackDelivery is not revoked.
- Gate 3: PermissionSnapshot -- Guardian PermissionSnapshot for the target cluster is Fresh.
- Gate 4: RBACProfile -- RBACProfile referenced by the PackExecution has
provisioned=true. - Gate 5: DispatcherRunnerRBAC -- SubjectAccessReview confirms the wrapper-runner ServiceAccount has the required permissions.
When all gates pass, submits a pack-deploy Kueue Job in the tenant namespace. After Job completion reads the PackLog written by the Conductor execute-mode Job, then creates or updates the PackInstalled record.
PackInstanceReconciler (internal/controller/packinstance_reconciler.go)
Watches PackInstalled CRs. Polls PackReceipt drift status from the conductor agent mirror in the tenant namespace. Raises SecurityViolation when signature verification fails. Enforces DependencyPolicy (Block, Warn, Ignore) for declared pack dependencies. Manages the workload-cleanup finalizer for resource deletion on the delete path (no Jobs on the delete path; INV-006).
go build ./cmd/wrapper
Run unit tests:
make test
Run e2e tests (requires MGMT_KUBECONFIG):
make e2e
Generate CRD manifests:
make manifests generate
- docs/dispatcher-schema.md -- complete field reference for all five CRD types
- dispatcher-design.md -- reconciler design, gatekeeper sequence, Job spec, signing loop
https://github.com/ontai-dev/dispatcher/issues
dispatcher -- Seam Pack Delivery Operator Apache License, Version 2.0