Skip to content

feat(operator): harden controllers, enable webhooks, enforce timeouts… #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lanycrost merged 1 commit into from
Oct 15, 2025
Merged

feat(operator): harden controllers, enable webhooks, enforce timeouts… #13

lanycrost merged 1 commit into from
Oct 15, 2025

Conversation

@lanycrost
Copy link
Contributor

@lanycrost lanycrost commented Oct 15, 2025
edited
Loading

harden controllers, enable webhooks, enforce timeouts; align CEL and RBAC; CI tweaks

  • Reconcile: add per‑reconcile timeouts; propagate ctx to I/O; unify status patching
  • Realtime Engram/Impulse/Story/Run: finalize handling, Service/Deployment/StatefulSet reconciliation, SA usage
  • Webhooks: enable in manager; validate size limits (≤1MiB total), inline caps, schema checks; StepRun/Story/Engram/Impulse validators
  • Storage: no controller offload; set SDK envs (BUBU_MAX_INLINE_SIZE, BUBU_STORAGE_, BUBU_GRPC)
  • Indexing: add field indexers for story refs, templates, engram refs
  • RBAC: least‑privilege; roles and bindings without bind/escalate
  • CEL: evaluator wiring and helpers improvements
  • CI/Dev: update workflows, Dockerfile, devcontainer; enable healthz/readyz; metrics security options
  • CRDs: update Engram/Impulse/StoryRun/StepRun schemas and columns
  • go.mod/sum: dependency updates

@lanycrost
feat(operator): harden controllers, enable webhooks, enforce timeouts…
f10b979 
…; align CEL and RBAC; CI tweaks

- Reconcile: add per‑reconcile timeouts; propagate ctx to I/O; unify status patching
- Realtime Engram/Impulse/Story/Run: finalize handling, Service/Deployment/StatefulSet reconciliation, SA usage
- Webhooks: enable in manager; validate size limits (≤1MiB total), inline caps, schema checks; StepRun/Story/Engram/Impulse validators
- Storage: no controller offload; set SDK envs (BUBU_MAX_INLINE_SIZE, BUBU_STORAGE_, BUBU_GRPC)
- Indexing: add field indexers for story refs, templates, engram refs
- RBAC: least‑privilege; roles and bindings without bind/escalate
- CEL: evaluator wiring and helpers improvements
- CI/Dev: update workflows, Dockerfile, devcontainer; enable healthz/readyz; metrics security options
- CRDs: update Engram/Impulse/StoryRun/StepRun schemas and columns
- go.mod/sum: dependency updates
@lanycrost lanycrost merged commit a2e382f into main Oct 15, 2025
12 checks passed
@lanycrost lanycrost deleted the feature/operator-hardening-webhooks-timeouts-cel-rbac branch October 15, 2025 12:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lanycrost