Documentation
¶
Overview ¶
Package v1alpha1 contains API Schema definitions for the workflowexecution v1alpha1 API group +kubebuilder:object:generate=true +groupName=kubernaut.ai
Index ¶
Constants ¶
const ( // PhasePending is the initial phase when WorkflowExecution is first created PhasePending = "Pending" // PhaseRunning indicates the PipelineRun is actively executing PhaseRunning = "Running" // PhaseCompleted indicates successful completion PhaseCompleted = "Completed" // PhaseFailed indicates a permanent failure PhaseFailed = "Failed" )
WorkflowExecution phase constants
const ( // ConditionTokenTTLInsufficient is set when the K8s API server grants a // shorter token TTL than the WFE execution timeout. ConditionTokenTTLInsufficient = "TokenTTLInsufficient" // ReasonTokenTTLShortened indicates the granted TTL was less than requested. ReasonTokenTTLShortened = "TokenTTLShortened" // ReasonTokenTTLSufficient indicates the granted TTL meets the timeout. ReasonTokenTTLSufficient = "TokenTTLSufficient" // EventTokenTTLShortened is the K8s event reason emitted when the API // server shortens the token TTL below the execution timeout. EventTokenTTLShortened = "TokenTTLShortened" )
Issue #501: Condition and event constants for TokenRequest TTL validation.
const ( // FailureReasonOOMKilled indicates container was killed due to memory limits FailureReasonOOMKilled = "OOMKilled" // FailureReasonDeadlineExceeded indicates timeout was reached FailureReasonDeadlineExceeded = "DeadlineExceeded" // FailureReasonForbidden indicates RBAC/permission failure FailureReasonForbidden = "Forbidden" // FailureReasonResourceExhausted indicates cluster resource limits (quota, etc.) FailureReasonResourceExhausted = "ResourceExhausted" // FailureReasonConfigurationError indicates invalid parameters or config FailureReasonConfigurationError = "ConfigurationError" // FailureReasonImagePullBackOff indicates container image could not be pulled FailureReasonImagePullBackOff = "ImagePullBackOff" // FailureReasonTaskFailed indicates a Tekton task failed during execution // This is an execution failure (wasExecutionFailure=true) FailureReasonTaskFailed = "TaskFailed" // FailureReasonUnsupportedEngine indicates the execution engine is not registered FailureReasonUnsupportedEngine = "UnsupportedEngine" // FailureReasonUnknown for unclassified failures FailureReasonUnknown = "Unknown" )
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "kubernaut.ai", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
This section is empty.
Types ¶
type BlockClearanceDetails ¶
type BlockClearanceDetails struct {
// ClearedAt is the timestamp when the block was cleared
// +optional
ClearedAt metav1.Time `json:"clearedAt"`
// ClearedBy is the Kubernetes user who cleared the block
// Extracted from request context (if available) or annotation value
// Format: username@domain or service-account:namespace:name
// Example: "admin@kubernaut.ai" or "service-account:kubernaut-system:operator"
ClearedBy string `json:"clearedBy"`
// ClearReason is the operator-provided reason for clearing
// Required for audit trail accountability
// Example: "manual investigation complete, cluster state verified"
ClearReason string `json:"clearReason"`
// ClearMethod indicates how the block was cleared
// Annotation: Via kubernaut.ai/clear-execution-block annotation
// APIEndpoint: Via dedicated clearing API endpoint (future)
// StatusField: Via direct status field update (future)
// +kubebuilder:validation:Enum=Annotation;APIEndpoint;StatusField
ClearMethod string `json:"clearMethod"`
}
BlockClearanceDetails tracks the clearing of PreviousExecutionFailed blocks Required for SOC2 CC7.3 (Immutability), CC7.4 (Completeness), CC8.1 (Attribution) Preserves audit trail when operators clear execution blocks after investigation
func (*BlockClearanceDetails) DeepCopy ¶
func (in *BlockClearanceDetails) DeepCopy() *BlockClearanceDetails
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BlockClearanceDetails.
func (*BlockClearanceDetails) DeepCopyInto ¶
func (in *BlockClearanceDetails) DeepCopyInto(out *BlockClearanceDetails)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExecutionConfig ¶
type ExecutionConfig struct {
// Timeout for the entire workflow (Tekton PipelineRun timeout)
// Default: use global timeout from RemediationRequest or 30m
// +optional
Timeout *metav1.Duration `json:"timeout,omitempty"`
}
ExecutionConfig contains minimal execution settings. Issue #650: ServiceAccountName resolved at runtime from DS into Status.
func (*ExecutionConfig) DeepCopy ¶
func (in *ExecutionConfig) DeepCopy() *ExecutionConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecutionConfig.
func (*ExecutionConfig) DeepCopyInto ¶
func (in *ExecutionConfig) DeepCopyInto(out *ExecutionConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExecutionStatusSummary ¶
type ExecutionStatusSummary struct {
// Status of the execution resource (Unknown, True, False)
Status corev1.ConditionStatus `json:"status"`
// Reason from the execution resource (e.g., "Succeeded", "Failed", "Running")
// +optional
Reason string `json:"reason,omitempty"`
// Message from the execution resource
// +optional
Message string `json:"message,omitempty"`
// CompletedTasks count
// +optional
CompletedTasks int `json:"completedTasks,omitempty"`
// TotalTasks count (from pipeline spec)
// +optional
TotalTasks int `json:"totalTasks,omitempty"`
}
ExecutionStatusSummary captures key execution resource status fields Lightweight summary for both Tekton PipelineRun and K8s Job backends
func (*ExecutionStatusSummary) DeepCopy ¶
func (in *ExecutionStatusSummary) DeepCopy() *ExecutionStatusSummary
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecutionStatusSummary.
func (*ExecutionStatusSummary) DeepCopyInto ¶
func (in *ExecutionStatusSummary) DeepCopyInto(out *ExecutionStatusSummary)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FailureDetails ¶
type FailureDetails struct {
// FailedTaskIndex is 0-indexed position of failed task in pipeline
FailedTaskIndex int `json:"failedTaskIndex"`
// FailedTaskName is the name of the failed Tekton Task
FailedTaskName string `json:"failedTaskName"`
// FailedStepName is the name of the failed step within the task (if available)
// Tekton tasks can have multiple steps; this identifies the specific step
// +optional
FailedStepName string `json:"failedStepName,omitempty"`
// Reason is a Kubernetes-style reason code
// Used for deterministic failure classification by RO
// +kubebuilder:validation:Enum=OOMKilled;DeadlineExceeded;Forbidden;ResourceExhausted;ConfigurationError;ImagePullBackOff;TaskFailed;UnsupportedEngine;Unknown
Reason string `json:"reason"`
// Message is human-readable error message (for logging/UI/notifications)
Message string `json:"message"`
// ExitCode from container (if applicable)
// Useful for script-based tasks that return specific exit codes
// +optional
ExitCode *int32 `json:"exitCode,omitempty"`
// FailedAt is the timestamp when the failure occurred
FailedAt metav1.Time `json:"failedAt"`
// ExecutionTimeBeforeFailure is how long the workflow ran before failing
// +optional
ExecutionTimeBeforeFailure *metav1.Duration `json:"executionTimeBeforeFailure,omitempty"`
// NaturalLanguageSummary is a human/LLM-readable failure description
// Generated by WE controller from structured data above
// Used by:
// - RO: Included in failure notifications
// - Notification: Included in user-facing failure alerts
NaturalLanguageSummary string `json:"naturalLanguageSummary"`
// WasExecutionFailure indicates whether the failure occurred during workflow execution
// true = workflow RAN and failed (non-idempotent actions may have occurred)
// false = workflow failed BEFORE execution (validation, image pull, quota, etc.)
// CRITICAL: Execution failures (true) block ALL future retries for this target
// Pre-execution failures (false) get exponential backoff
// +optional
WasExecutionFailure bool `json:"wasExecutionFailure,omitempty"`
}
FailureDetails contains structured failure classification information
func (*FailureDetails) DeepCopy ¶
func (in *FailureDetails) DeepCopy() *FailureDetails
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FailureDetails.
func (*FailureDetails) DeepCopyInto ¶
func (in *FailureDetails) DeepCopyInto(out *FailureDetails)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WorkflowExecution ¶
type WorkflowExecution struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec WorkflowExecutionSpec `json:"spec,omitempty"`
Status WorkflowExecutionStatus `json:"status,omitempty"`
}
WorkflowExecution is the Schema for the workflowexecutions API
func (*WorkflowExecution) DeepCopy ¶
func (in *WorkflowExecution) DeepCopy() *WorkflowExecution
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowExecution.
func (*WorkflowExecution) DeepCopyInto ¶
func (in *WorkflowExecution) DeepCopyInto(out *WorkflowExecution)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*WorkflowExecution) DeepCopyObject ¶
func (in *WorkflowExecution) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type WorkflowExecutionList ¶
type WorkflowExecutionList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []WorkflowExecution `json:"items"`
}
WorkflowExecutionList contains a list of WorkflowExecution
func (*WorkflowExecutionList) DeepCopy ¶
func (in *WorkflowExecutionList) DeepCopy() *WorkflowExecutionList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowExecutionList.
func (*WorkflowExecutionList) DeepCopyInto ¶
func (in *WorkflowExecutionList) DeepCopyInto(out *WorkflowExecutionList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*WorkflowExecutionList) DeepCopyObject ¶
func (in *WorkflowExecutionList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type WorkflowExecutionSpec ¶
type WorkflowExecutionSpec struct {
// RemediationRequestRef references the parent RemediationRequest CRD
RemediationRequestRef corev1.ObjectReference `json:"remediationRequestRef"`
// WorkflowRef contains the workflow catalog reference
// Resolved from AIAnalysis.Status.SelectedWorkflow by RemediationOrchestrator
WorkflowRef WorkflowRef `json:"workflowRef"`
// TargetResource identifies the K8s resource being remediated
// Used for resource locking (DD-WE-001) - prevents parallel workflows on same target
// Format: "namespace/kind/name" for namespaced resources
// "kind/name" for cluster-scoped resources
// Example: "payment/deployment/payment-api", "node/worker-node-1"
TargetResource string `json:"targetResource"`
// Parameters from LLM selection (per DD-WORKFLOW-003)
// Keys are UPPER_SNAKE_CASE for Tekton PipelineRun params
// +optional
Parameters map[string]string `json:"parameters,omitempty"`
// Confidence score from LLM (for audit trail)
// +optional
Confidence float64 `json:"confidence,omitempty"`
// Rationale from LLM (for audit trail)
// +optional
Rationale string `json:"rationale,omitempty"`
// ExecutionConfig contains minimal execution settings
// +optional
ExecutionConfig *ExecutionConfig `json:"executionConfig,omitempty"`
}
WorkflowExecutionSpec defines the desired state of WorkflowExecution Simplified per ADR-044 - Tekton handles step orchestration
ADR-001: Spec Immutability WorkflowExecution represents an immutable event (workflow execution attempt). Once created by RemediationOrchestrator, spec cannot be modified to ensure: - Audit trail integrity (executed spec matches approved spec) - No parameter tampering after HAPI validation - No target resource changes after routing decisions
To change execution parameters, delete and recreate the WorkflowExecution.
+kubebuilder:validation:XValidation:rule="self == oldSelf",message="spec is immutable after creation (ADR-001)"
func (*WorkflowExecutionSpec) DeepCopy ¶
func (in *WorkflowExecutionSpec) DeepCopy() *WorkflowExecutionSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowExecutionSpec.
func (*WorkflowExecutionSpec) DeepCopyInto ¶
func (in *WorkflowExecutionSpec) DeepCopyInto(out *WorkflowExecutionSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WorkflowExecutionStatus ¶
type WorkflowExecutionStatus struct {
// ObservedGeneration is the most recent generation observed by the controller.
// Used to prevent duplicate reconciliations and ensure idempotency.
// Per DD-CONTROLLER-001: Standard pattern for all Kubernetes controllers.
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
// Phase tracks current execution stage
// V1.0: Skipped phase removed - RO makes routing decisions before WFE creation
// +kubebuilder:validation:Enum=Pending;Running;Completed;Failed
// +optional
Phase string `json:"phase,omitempty"`
// StartTime when execution started
// +optional
StartTime *metav1.Time `json:"startTime,omitempty"`
// CompletionTime when execution completed (success or failure)
// +optional
CompletionTime *metav1.Time `json:"completionTime,omitempty"`
// Duration of the execution
// +optional
Duration *metav1.Duration `json:"duration,omitempty"`
// ExecutionRef references the created execution resource (PipelineRun or Job)
// +optional
ExecutionRef *corev1.LocalObjectReference `json:"executionRef,omitempty"`
// ExecutionStatus mirrors key execution resource status fields
// +optional
ExecutionStatus *ExecutionStatusSummary `json:"executionStatus,omitempty"`
// FailureReason explains why execution failed (if applicable)
// DEPRECATED: Use FailureDetails for structured failure information
// +optional
FailureReason string `json:"failureReason,omitempty"`
// FailureDetails contains structured failure information
// Populated when Phase=Failed
// +optional
FailureDetails *FailureDetails `json:"failureDetails,omitempty"`
// BlockClearance tracks the clearing of PreviousExecutionFailed blocks
// When set, allows new executions despite previous execution failure
// Preserves audit trail of WHO cleared the block and WHY
// +optional
BlockClearance *BlockClearanceDetails `json:"blockClearance,omitempty"`
// EphemeralCredentialIDs stores AWX credential IDs created by the ansible
// executor for cleanup after execution (BR-WE-015). Written via the status
// subresource to avoid violating spec immutability (ADR-001).
// +optional
EphemeralCredentialIDs []int `json:"ephemeralCredentialIDs,omitempty"`
// ExecutionEngine is the backend engine resolved from the DS workflow catalog
// at runtime by the WE controller. Set once during Pending phase via
// WorkflowQuerier.GetWorkflowExecutionEngine; immutable thereafter.
// Values: "tekton", "job", "ansible".
// +optional
ExecutionEngine string `json:"executionEngine,omitempty"`
// ServiceAccountName is the pre-existing ServiceAccount resolved from the
// DS workflow catalog at runtime by the WE controller (Issue #650).
// Set once during Pending phase via ResolveWorkflowCatalogMetadata; immutable
// thereafter. If empty, K8s assigns the namespace's default SA (Job/Tekton)
// or the Ansible executor falls back to the controller's in-cluster credentials.
// +optional
ServiceAccountName string `json:"serviceAccountName,omitempty"`
// Conditions provide detailed status information
// +optional
Conditions []metav1.Condition `json:"conditions,omitempty"`
}
WorkflowExecutionStatus defines the observed state Simplified per ADR-044 - just tracks PipelineRun status Enhanced per DD-CONTRACT-001 v1.3 - rich failure details for failure classification Enhanced per DD-CONTRACT-001 v1.4 - resource locking and Skipped phase
func (*WorkflowExecutionStatus) DeepCopy ¶
func (in *WorkflowExecutionStatus) DeepCopy() *WorkflowExecutionStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowExecutionStatus.
func (*WorkflowExecutionStatus) DeepCopyInto ¶
func (in *WorkflowExecutionStatus) DeepCopyInto(out *WorkflowExecutionStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WorkflowRef ¶
type WorkflowRef struct {
// WorkflowID is the catalog lookup key
WorkflowID string `json:"workflowId"`
// Version of the workflow
Version string `json:"version"`
// ExecutionBundle resolved from workflow catalog (Data Storage API)
// OCI bundle reference for Tekton PipelineRun
ExecutionBundle string `json:"executionBundle"`
// ExecutionBundleDigest for audit trail and reproducibility
// +optional
ExecutionBundleDigest string `json:"executionBundleDigest,omitempty"`
// EngineConfig holds engine-specific configuration (BR-WE-016).
// For ansible: {"playbookPath": "...", "jobTemplateName": "...", "inventoryName": "..."}
// For tekton/job: nil.
// +kubebuilder:pruning:PreserveUnknownFields
// +optional
EngineConfig *apiextensionsv1.JSON `json:"engineConfig,omitempty"`
}
WorkflowRef contains catalog-resolved workflow reference
func (*WorkflowRef) DeepCopy ¶
func (in *WorkflowRef) DeepCopy() *WorkflowRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowRef.
func (*WorkflowRef) DeepCopyInto ¶
func (in *WorkflowRef) DeepCopyInto(out *WorkflowRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files