Skip to content

OLS-3189: add agentic workflow CRDs with sync tool #1695

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
raptorsun wants to merge 1 commit into
base: main
Choose a base branch
from
Open

OLS-3189: add agentic workflow CRDs with sync tool #1695

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@
# - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
VERSION ?= latest

AGENTIC_OPERATOR_REPO ?= https://github.com/openshift/lightspeed-agentic-operator
AGENTIC_OPERATOR_REF ?= main

@coderabbitai coderabbitai Bot Jun 4, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use an immutable default for AGENTIC_OPERATOR_REF.

Using main makes make bundle non-reproducible and allows unreviewed upstream changes to alter shipped CRDs over time.

Suggested fix 
-AGENTIC_OPERATOR_REF ?= main
+# Pin to a released tag or commit SHA for reproducible syncs.
+AGENTIC_OPERATOR_REF ?= v0.1.0
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
AGENTIC_OPERATOR_REF ?= main
# Pin to a released tag or commit SHA for reproducible syncs.
AGENTIC_OPERATOR_REF ?= v0.1.0
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Makefile` at line 9, AGENTIC_OPERATOR_REF is currently defaulting to the
mutable branch name "main"; change the Makefile so AGENTIC_OPERATOR_REF defaults
to an immutable release reference (e.g., a specific tag or commit hash) instead
of "main". Locate the AGENTIC_OPERATOR_REF variable in the Makefile and replace
the value "main" with a fixed tag or commit (or a clearly documented placeholder
like a stable version string) so running make bundle is reproducible and
upstream changes won’t alter shipped CRDs.

AGENTIC_CRD_DIR = config/crd/bases

# CHANNELS define the bundle channels used in the bundle.
# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
# To re-generate a bundle for other specific channels without changing the standard setup, you can:
Expand Down Expand Up @@ -64,7 +68,7 @@ OPERATOR_SDK_VERSION ?= v1.36.1
IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
export IMG
# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
ENVTEST_K8S_VERSION = 1.27.1
ENVTEST_K8S_VERSION = 1.32.0

# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
Expand Down Expand Up @@ -117,6 +121,10 @@ E2E_GO_TAGS := exclude_graphdriver_btrfs,containers_image_openpgp
manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
$(CONTROLLER_GEN) rbac:roleName=manager-role crd:allowDangerousTypes=true webhook $(CONTROLLER_GEN_PATHS) output:crd:artifacts:config=config/crd/bases

.PHONY: sync-agentic-crds
sync-agentic-crds: ## Fetch agentic CRDs from lightspeed-agentic-operator at pinned ref.
hack/sync_agentic_crds.sh $(AGENTIC_OPERATOR_REPO) $(AGENTIC_OPERATOR_REF) $(AGENTIC_CRD_DIR)

.PHONY: generate
generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" $(CONTROLLER_GEN_PATHS)
Expand Down Expand Up @@ -401,7 +409,7 @@ endif
## to set the default channel, use the DEFAULT_CHANNEL variable
## to use image digests instead of version tag, set the USE_IMAGE_DIGESTS variable to true
.PHONY: bundle
bundle: manifests kustomize operator-sdk yq jq ## Generate bundle manifests and metadata, then validate generated files.
bundle: manifests sync-agentic-crds kustomize operator-sdk yq jq ## Generate bundle manifests and metadata, then validate generated files.
YQ=$(YQ) JQ=$(JQ) BUNDLE_GEN_FLAGS="$(BUNDLE_GEN_FLAGS)" ./hack/update_bundle.sh -v $(BUNDLE_TAG) -i related_images.json

parking:
Expand Down
18 changes: 18 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -231,6 +231,24 @@ conversationCache:
type: postgres
```

### Syncing Agentic CRDs

The OLM bundle includes CRDs from the [lightspeed-agentic-operator](https://github.com/openshift/lightspeed-agentic-operator). These are fetched via a make target — do not hand-edit the agentic CRD or sample files.

To sync agentic CRDs and samples from the pinned ref (defaults to `main`):

```shell
make sync-agentic-crds
```

To sync from a specific tag or commit:

```shell
make sync-agentic-crds AGENTIC_OPERATOR_REF=v0.1.0
```

The pinned ref is controlled by `AGENTIC_OPERATOR_REF` in the Makefile. This target is also run automatically as part of `make bundle`.

### Modifying the API definitions

If you have updated the API definitions, you must update the CRD manifests with the following command
Expand Down
232 changes: 232 additions & 0 deletions bundle/manifests/agentic.openshift.io_agents.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,232 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
creationTimestamp: null
name: agents.agentic.openshift.io
spec:
group: agentic.openshift.io
names:
kind: Agent
listKind: AgentList
plural: agents
singular: agent
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.llmProvider.name
name: LLM
type: string
- jsonPath: .spec.model
name: Model
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: "Agent defines a cluster-scoped agent tier (e.g., \"default\",
\"smart\", \"fast\").\nThe cluster admin creates Agent resources to configure
LLM infrastructure\nand runtime settings. Proposals reference agents by
name per step.\n\nAgent is cluster-scoped. The metadata.name serves as the
tier identifier.\nThe \"default\" agent must exist; \"smart\" and \"fast\"
are optional (the\noperator auto-links to \"default\" if absent).\n\nExample
— a high-capability agent tier:\n\n\tapiVersion: agentic.openshift.io/v1alpha1\n\tkind:
Agent\n\tmetadata:\n\t name: smart\n\tspec:\n\t llmProvider:\n\t name:
vertex-ai\n\t model: claude-opus-4-6\n\t timeouts:\n\t analysisSeconds:
300\n\t executionSeconds: 600\n\t maxTurns: 200\n\nExample — a fast,
cost-efficient agent tier:\n\n\tapiVersion: agentic.openshift.io/v1alpha1\n\tkind:
Agent\n\tmetadata:\n\t name: fast\n\tspec:\n\t llmProvider:\n\t name:
vertex-ai\n\t model: claude-haiku-4-5\n\t timeouts:\n\t analysisSeconds:
120\n\t executionSeconds: 300\n\t maxTurns: 100"
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: spec defines the desired state of Agent.
properties:
llmProvider:
description: |-
llmProvider references a cluster-scoped LLMProvider CR that supplies the
LLM backend for this agent tier.
properties:
name:
description: name of the LLMProvider. Must be a valid RFC 1123
DNS subdomain.
maxLength: 253
minLength: 1
type: string
x-kubernetes-validations:
- message: 'must be a valid DNS subdomain: lowercase alphanumeric
characters, hyphens, and dots'
rule: '!format.dns1123Subdomain().validate(self).hasValue()'
required:
- name
type: object
maxTurns:
description: |-
maxTurns is the maximum number of tool-use turns the agent may take
in a single step invocation. Prevents runaway loops.
When omitted, the agent sandbox uses its built-in default.
Minimum 1, maximum 500.
format: int32
maximum: 500
minimum: 1
type: integer
model:
description: |-
model is the LLM model identifier as recognized by the provider
(e.g., "claude-opus-4-6", "claude-haiku-4-5", "gpt-4o").
Must start with an alphanumeric character and may contain
alphanumerics, dots, hyphens, underscores, slashes, colons,
and at-signs. Maximum 256 characters.
maxLength: 256
minLength: 1
type: string
x-kubernetes-validations:
- message: model must start with an alphanumeric character and contain
only alphanumerics, dots, hyphens, underscores, slashes, colons,
and at-signs
rule: self.matches('^[a-zA-Z0-9][a-zA-Z0-9._\\-/:@]*$')
timeouts:
description: |-
timeouts configures per-step and per-turn timeout limits.
When omitted, the agent sandbox uses its built-in defaults.
minProperties: 1
properties:
analysisSeconds:
description: analysisSeconds is the timeout for the analysis step
in seconds.
format: int32
maximum: 3600
minimum: 1
type: integer
chatSeconds:
description: chatSeconds is the timeout for each chat turn with
the LLM in seconds.
format: int32
maximum: 600
minimum: 1
type: integer
executionSeconds:
description: executionSeconds is the timeout for the execution
step in seconds.
format: int32
maximum: 3600
minimum: 1
type: integer
verificationSeconds:
description: verificationSeconds is the timeout for the verification
step in seconds.
format: int32
maximum: 3600
minimum: 1
type: integer
type: object
required:
- llmProvider
- model
type: object
status:
description: status defines the observed state of Agent.
minProperties: 1
properties:
conditions:
description: |-
conditions represent the latest available observations of the
Agent's state. The Ready condition summarizes whether all
referenced resources (LLMProvider, Secrets) are present.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
maxItems: 8
minItems: 1
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null
Loading