openova/openova
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

docs(adr-0001): ratify Accepted with §2.3 K8s-Composition amendment (#1095 slice A1) (#1103)

Browse Source 
Promotes ADR-0001 from Proposed (2026-05-01) to Accepted (2026-05-08) with one amendment to §2.3:

K8s-to-K8s reconciliation (RoleBindings, Kustomizations, ConfigMaps from a
higher-level intent CR) is the responsibility of Flux Kustomizations or thin
in-cluster controllers — never Crossplane Compositions. The useraccess-
controller (slice C5 of #1095) is the canonical example. The earlier
XUserAccess Composition that used provider-kubernetes is retired.

Why amend: the audit synthesized in openova-private/.claude/audit-synthesis-
2026-05-08.md confirmed XUserAccess on every Sovereign was silently broken
(Composition references provider-kubernetes which is not installed). The
amendment makes the in-cluster path canonical so future K8s-to-K8s seams
follow it without re-debating.

Refs: #1094 (umbrella), #1095 (foundation), docs/EPICS-1-6-unified-design.md

Co-authored-by: hatiyildiz <hatiyildiz@noreply.openova.io>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
e3mrah 2026-05-08 21:50:59 +04:00 committed by GitHub
parent bcc5ac66f7
commit d966651fae
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/adr/0001-catalyst-control-plane-architecture.md
View File

@ -2,12 +2,14 @@
| | |
|---|---|
| **Status** | Proposed — pending founder approval |
| **Status** | Accepted (2026-05-08) |
| **Authors** | hatiyildiz, Claude (Opus 4.7) |
| **Date** | 2026-05-01 |
| **Date** | 2026-05-01 (Proposed); 2026-05-08 (Accepted with §2.3 amendment) |
| **Supersedes** | — |
| **Superseded by** | — |
| **Related** | #309, #320, #321, #322, #324, #325, #326, #347, #68 |
| **Related** | #309, #320, #321, #322, #324, #325, #326, #347, #68; ratified under #1094 / #1095 (Phase-0 Foundation) — see [`docs/EPICS-1-6-unified-design.md`](../EPICS-1-6-unified-design.md). |
> **2026-05-08 amendment (rule 3 clarification)**: Reconciling RoleBindings, Kustomizations, ConfigMaps, and other K8s-to-K8s objects is the responsibility of Flux Kustomizations or thin in-cluster controllers — not Crossplane Compositions. The `useraccess-controller` is the canonical example: it watches `UserAccess` CRs and reconciles RoleBindings/ClusterRoleBindings via the kubernetes Go clientset. The earlier `XUserAccess` Composition that used `provider-kubernetes` is retired in EPIC-0 (#1095).
---