You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Part of #1932 β step 3b, the live exercise of the pilot scaffolding #2389 shipped. Gates Phase B of the ownership-transition design (ADR on the epic, 2026-07-05).
Problem
The Tenant RGD (#2197) has never been instantiated β no cluster has ever expanded a Tenant CR. Before the prod swap we need proof of (a) parity: the RGD's 10 expanded objects match the hand-written skeleton, and (b) adoption: kro v0.9.2 silently takes over pre-existing Flux-created objects via forced SSA (verified in source; needs live confirmation).
Proposal (one local-cluster session)
Bring up the Docker-provider cluster; enable the opt-in tenant-ascoachingogvaner.yaml in k8s/providers/docker/apps/kustomization.yaml.
Parity: diff the kro-expanded objects against the skeleton manifests (normalize managed-fields/labels).
Adoption rehearsal (the exact prod sequence): reset, apply the 10 skeleton objects first, then enable the Tenant CR β verify silent takeover (kro.run/applyset field manager, ApplySet labels), zero deletes/recreates.
The platform AGENTS.md maintenance rules bar agent runs from starting clusters ("Never run a cluster"), so this needs either a maintainer-attended/sanctioned session or an explicit exception for this one-off pilot β flagging rather than self-granting. GHCR creds must be seeded in the local OpenBao (infrastructure/ghcr/auth) for the OCIRepository leg; the expansion itself validates without them.
Part of #1932 β step 3b, the live exercise of the pilot scaffolding #2389 shipped. Gates Phase B of the ownership-transition design (ADR on the epic, 2026-07-05).
Problem
The Tenant RGD (#2197) has never been instantiated β no cluster has ever expanded a
TenantCR. Before the prod swap we need proof of (a) parity: the RGD's 10 expanded objects match the hand-written skeleton, and (b) adoption: kro v0.9.2 silently takes over pre-existing Flux-created objects via forced SSA (verified in source; needs live confirmation).Proposal (one local-cluster session)
tenant-ascoachingogvaner.yamlink8s/providers/docker/apps/kustomization.yaml.kro.run/applysetfield manager, ApplySet labels), zero deletes/recreates.Constraint
The platform
AGENTS.mdmaintenance rules bar agent runs from starting clusters ("Never run a cluster"), so this needs either a maintainer-attended/sanctioned session or an explicit exception for this one-off pilot β flagging rather than self-granting. GHCR creds must be seeded in the local OpenBao (infrastructure/ghcr/auth) for the OCIRepository leg; the expansion itself validates without them.Acceptance criteria