feat: add dataSource PVC mount and per-proposal timeoutMinutes #17
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -264,10 +264,42 @@ type ProposalStep struct { | |
| // for this step. Use this when different steps need different skills. | ||
| // +optional | ||
| Tools ToolsSpec `json:"tools,omitzero"` | ||
|
|
||
| // timeoutMinutes sets the timeout for this step's sandbox agent call. | ||
| // This controls how long the operator waits for the sandbox pod to | ||
| // become ready and for the agent to complete its work. Increase this | ||
| // for long-running tools (e.g., IntelliAide RCA takes 10-30 minutes). | ||
| // Defaults to 5 minutes when omitted. | ||
| // | ||
| // Mutable: can be adjusted at any time; the value is read when the step starts. | ||
| // +optional | ||
| // +kubebuilder:validation:Minimum=1 | ||
| // +kubebuilder:validation:Maximum=60 | ||
| TimeoutMinutes int32 `json:"timeoutMinutes,omitempty"` | ||
| } | ||
|
|
||
| func (s ProposalStep) IsZero() bool { | ||
| return s.Agent == "" && s.Tools.IsZero() && s.TimeoutMinutes == 0 | ||
| } | ||
|
|
||
| // DataSource references a pre-existing PersistentVolumeClaim containing | ||
| // input data for this proposal (e.g., must-gather bundles, diagnostic data). | ||
| // The PVC must already exist in the same namespace as the Proposal and be | ||
| // pre-populated with data before the Proposal is created. The operator | ||
| // mounts it read-only at a well-known path (/data/input) accessible to | ||
| // all skills in the sandbox pod. | ||
| type DataSource struct { | ||
|
Contributor
There was a problem hiding this comment. Do we need PVC support here? The sandbox pods are ephemeral — if the agent needs must-gather data, it can collect it during its run (e.g., This avoids adding new API surface (DataSource type, immutability rules, PVC RBAC, volume mount patching in sandbox templates) for something the agent can already do with its existing tools and a writable There was a problem hiding this comment. @harche while that can be done, it restricts the ability to bring a must-gather from outside and analyze it, i.e customer cases. |
||
| // claimName is the name of the PersistentVolumeClaim to mount. | ||
| // The PVC must exist in the same namespace as the Proposal. | ||
| // +required | ||
| // +kubebuilder:validation:MinLength=1 | ||
| // +kubebuilder:validation:MaxLength=253 | ||
| // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="must be a valid DNS subdomain: lowercase alphanumeric characters, hyphens, and dots" | ||
| ClaimName string `json:"claimName,omitempty"` | ||
| } | ||
|
|
||
| func (d DataSource) IsZero() bool { | ||
| return d.ClaimName == "" | ||
| } | ||
|
|
||
| // ProposalSpec defines the desired state of Proposal. | ||
|
|
@@ -281,9 +313,9 @@ func (s ProposalStep) IsZero() bool { | |
| // +kubebuilder:validation:XValidation:rule="!has(oldSelf.analysisOutput) || (has(self.analysisOutput) && self.analysisOutput == oldSelf.analysisOutput)",message="analysisOutput is immutable once set" | ||
| // +kubebuilder:validation:XValidation:rule="!has(self.analysisOutput) || self.analysisOutput.mode != 'Minimal' || (!has(self.execution) && !has(self.verification))",message="analysisOutput mode Minimal is only allowed for analysis-only proposals (no execution or verification steps)" | ||
| // +kubebuilder:validation:XValidation:rule="!has(oldSelf.tools) || (has(self.tools) && self.tools == oldSelf.tools)",message="tools is immutable once set" | ||
| // +kubebuilder:validation:XValidation:rule="!has(oldSelf.analysis) || (has(self.analysis) && (!has(self.analysis.agent) || !has(oldSelf.analysis.agent) || self.analysis.agent == oldSelf.analysis.agent) && (!has(self.analysis.tools) || !has(oldSelf.analysis.tools) || self.analysis.tools == oldSelf.analysis.tools))",message="analysis agent and tools are immutable once set" | ||
| // +kubebuilder:validation:XValidation:rule="!has(oldSelf.execution) || (has(self.execution) && (!has(self.execution.agent) || !has(oldSelf.execution.agent) || self.execution.agent == oldSelf.execution.agent) && (!has(self.execution.tools) || !has(oldSelf.execution.tools) || self.execution.tools == oldSelf.execution.tools))",message="execution agent and tools are immutable once set" | ||
| // +kubebuilder:validation:XValidation:rule="!has(oldSelf.verification) || (has(self.verification) && (!has(self.verification.agent) || !has(oldSelf.verification.agent) || self.verification.agent == oldSelf.verification.agent) && (!has(self.verification.tools) || !has(oldSelf.verification.tools) || self.verification.tools == oldSelf.verification.tools))",message="verification agent and tools are immutable once set" | ||
| type ProposalSpec struct { | ||
| // request is the user's original request, alert description, or a | ||
| // description of what triggered this proposal. This text is passed to | ||
|
|
@@ -331,9 +363,10 @@ type ProposalSpec struct { | |
| AnalysisOutput AnalysisOutput `json:"analysisOutput,omitzero"` | ||
|
|
||
| // tools defines the default tools for all steps: skills images, | ||
| // MCP servers, required secrets, and an optional dataSource PVC. | ||
| // Per-step tools (analysis.tools, execution.tools, verification.tools) | ||
| // replace this default for individual steps, so a dataSource set in | ||
| // spec.analysis.tools is mounted only in the analysis sandbox. | ||
| // | ||
| // Immutable: the skills and secrets available to the agent are | ||
| // fixed at creation. Changing tools mid-flight could violate the | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The comment says this can be adjusted before approving a step, but nothing actually limits it to before approval. It can be changed at any time. That is okay in practice, because the value is read when the step starts, so changing it afterward does not affect a step that is already running. Consider softening the comment so it does not promise a limit that is not enforced.