Add openshift template

[wcmitchell]

Summary by CodeRabbit

• New Features
  • Added platform deployment template with session and project settings management capabilities.
  • Enabled support for Vertex AI and Anthropic integration for LLM workflows.
  • Exposed API routes for HTTP and gRPC access to the ambient-api-server.
  • Configured externalized runner image settings for flexible deployment options.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 5d0f5715-103c-481a-9c1e-12383e3b37bf

📥 Commits

Reviewing files that changed from the base of the PR and between 8a2310a and 593dce7.

📒 Files selected for processing (25)

• .tekton/ambient-code-ambient-api-server-main-pull-request.yaml
• .tekton/ambient-code-ambient-api-server-main-push.yaml
• .tekton/ambient-code-ambient-runner-main-pull-request.yaml
• .tekton/ambient-code-ambient-runner-main-push.yaml
• .tekton/ambient-code-backend-main-pull-request.yaml
• .tekton/ambient-code-backend-main-push.yaml
• .tekton/ambient-code-frontend-main-pull-request.yaml
• .tekton/ambient-code-frontend-main-push.yaml
• .tekton/ambient-code-operator-main-pull-request.yaml
• .tekton/ambient-code-operator-main-push.yaml
• .tekton/ambient-code-public-api-main-pull-request.yaml
• .tekton/ambient-code-public-api-main-push.yaml
• components/ambient-api-server/Dockerfile
• components/manifests/overlays/app-interface/ambient-api-server-db-secret-patch.yaml
• components/manifests/overlays/app-interface/ambient-api-server-route.yaml
• components/manifests/overlays/app-interface/backend-route.yaml
• components/manifests/overlays/app-interface/kustomization.yaml
• components/manifests/overlays/app-interface/namespace-patch.yaml
• components/manifests/overlays/app-interface/namespace.yaml
• components/manifests/overlays/app-interface/operator-config-openshift.yaml
• components/manifests/overlays/app-interface/operator-runner-image-patch.yaml
• components/manifests/overlays/app-interface/public-api-route.yaml
• components/manifests/overlays/app-interface/route.yaml
• components/runners/ambient-runner/Dockerfile
• template.yaml

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

---

📝 Walkthrough

Walkthrough

Adds Tekton CI/CD pipeline manifests for building container images across multiple components (API server, runner, backend, frontend, operator, public API) on push and pull-request events, plus Kubernetes manifests defining deployment infrastructure including new CRDs for sessions and project settings, routes, secrets, and an OpenShift template for the complete platform stack.

Changes

Cohort / File(s)	Summary
Tekton PipelineRun Manifests (Pull Request Triggers) .tekton/ambient-code-ambient-api-server-main-pull-request.yaml, .tekton/ambient-code-ambient-runner-main-pull-request.yaml, .tekton/ambient-code-backend-main-pull-request.yaml, .tekton/ambient-code-frontend-main-pull-request.yaml, .tekton/ambient-code-operator-main-pull-request.yaml, .tekton/ambient-code-public-api-main-pull-request.yaml	New PipelineRun manifests triggered on pull requests targeting main for each component. Each defines a task chain: repository cloning, optional dependency prefetch, Buildah image build, image indexing, conditional security scans/checks (Clair, SAST, ClamAV, Coverity, RPM signature), tag application, and Dockerfile artifact push. Uses parameterized inputs for git source, output image naming (with PR revision), build controls, and conditional execution gated by skip-checks flag.
Tekton PipelineRun Manifests (Push Triggers) .tekton/ambient-code-ambient-api-server-main-push.yaml, .tekton/ambient-code-ambient-runner-main-push.yaml, .tekton/ambient-code-backend-main-push.yaml, .tekton/ambient-code-frontend-main-push.yaml, .tekton/ambient-code-operator-main-push.yaml, .tekton/ambient-code-public-api-main-push.yaml	New PipelineRun manifests triggered on push events to main for each component. Similar structure to pull-request versions but with static image tagging. Tasks include initialization, OCI-backed repository cloning, optional dependency prefetch, container build via Buildah, image index creation, optional source image generation, conditional security/compliance scans, image tagging, and Dockerfile artifact push. Results expose image URL/digest and git metadata.
Dockerfile Updates components/ambient-api-server/Dockerfile, components/runners/ambient-runner/Dockerfile	Removed vendor="Ambient" label from ambient-api-server image metadata. Modified ambient-runner Dockerfile to copy entire build context (COPY . /app/ambient-runner) instead of only the ambient-runner directory, affecting installed package contents.
Kubernetes Manifest Overlays (Routes & Networking) components/manifests/overlays/app-interface/ambient-api-server-route.yaml, components/manifests/overlays/app-interface/backend-route.yaml, components/manifests/overlays/app-interface/public-api-route.yaml, components/manifests/overlays/app-interface/route.yaml	New OpenShift Route resources exposing internal services externally. Define HTTP/gRPC routes for ambient-api-server, backend, public API, and frontend (dashboard-ui). All configured with TLS edge termination and insecure traffic redirect policies.
Kubernetes Manifest Overlays (Configuration & Secrets) components/manifests/overlays/app-interface/kustomization.yaml, components/manifests/overlays/app-interface/namespace.yaml, components/manifests/overlays/app-interface/namespace-patch.yaml, components/manifests/overlays/app-interface/ambient-api-server-db-secret-patch.yaml, components/manifests/overlays/app-interface/operator-config-openshift.yaml, components/manifests/overlays/app-interface/operator-runner-image-patch.yaml	New Kustomization overlay targeting ambient-code namespace with resource composition, patching, and image substitutions for production registry (quay.io/redhat-services-prod). Defines namespace with environment/service labels. Creates database secret with Vault-injected credentials and configures operator with Vertex AI settings and runner image reference. Scales down PostgreSQL and MinIO deployments (replicas=0) for external RDS usage.
OpenShift Template & Platform CRDs template.yaml	Comprehensive deployment template introducing two new CRDs: AgenticSession for workflow sessions with LLM/repository/timeout configuration and reconciliation status; ProjectSettings singleton for group-based access, default timeouts, and repository configuration. Defines service accounts, RBAC bindings (view/edit/admin), ConfigMaps for auth/features/model registry/agent runner specs, Secrets for JWKS/ACL, PVCs for persistence, Deployments for operator/API server/database/backend/frontend/minio/public API/unleash, and OpenShift Routes for external access.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

✨ Simplify code

• Create PR with simplified code

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}