[subtask] [Subtask 2/4] Implement Kubernetes operator core framework #536
Description
Parent Issue: #20
Objective
Build the foundational Kubernetes operator framework that watches CRDs and manages the reconciliation loop for Wassette components.
Context
After the CRD schemas are designed (Subtask 1), we need a Kubernetes operator that:
- Watches for CRD events (create, update, delete)
- Implements reconciliation logic for component lifecycle
- Integrates with existing Wassette
LifecycleManager - Provides operator health and metrics endpoints
This subtask focuses on the operator infrastructure, not the MCP API exposure (which comes in Subtask 3).
Implementation Details
1. Choose Operator Framework
Evaluate and select a Rust Kubernetes operator framework:
- Option A: kube-rs - Most popular Rust k8s client
- Option B: operator-rs - Higher-level operator framework
- Recommendation: Start with
kube-rsfor flexibility and community support
2. Project Structure
Create new crate or binary:
- Location:
crates/wassette-operator/orsrc/operator.rs - Dependencies:
kube,k8s-openapi, existingwassettecrate - Binary target:
wassette-operator(separate from mainwassettebinary)
3. Core Components to Implement
a. CRD Controller
- Watch
WassetteComponentresources - Implement reconciliation loop:
- Fetch CRD spec
- Download OCI artifact (reuse existing
loader::load_resource) - Apply policy (integrate with
PolicyManager) - Update CRD status with component state
b. Component Lifecycle Integration
- Integrate with existing
LifecycleManagerfromcrates/wassette/src/lib.rs - Reuse component loading logic:
load_component_optimized() - Apply policies using existing
policy_internal::PolicyManager - Store component state in operator's in-memory registry
c. Error Handling & Status Updates
- Update CRD status on success/failure
- Implement retry logic with exponential backoff
- Surface errors through Kubernetes events and status conditions
4. Files to Create/Modify
- New:
crates/wassette-operator/src/main.rs- Operator entrypoint - New:
crates/wassette-operator/src/controller.rs- Reconciliation logic - New:
crates/wassette-operator/src/crd.rs- CRD type definitions (based on Subtask 1 design) - Modify:
Cargo.toml- Add operator dependencies and workspace member - New:
crates/wassette-operator/Cargo.toml- Operator-specific dependencies
5. Configuration
- Support both in-cluster and out-of-cluster kubeconfig
- Configuration options: namespace to watch, component storage path, concurrency limits
- Environment variables:
NAMESPACE,COMPONENT_DIR,RUST_LOG
Acceptance Criteria
- Operator successfully watches
WassetteComponentCRDs - Reconciliation loop loads components from OCI references
- Component status is updated in CRD status field
- Operator handles component creation, updates, and deletion
- Error conditions are properly surfaced through CRD status
- Unit tests for reconciliation logic
- Integration test with local Kubernetes cluster (kind/minikube)
Testing Strategy
Unit Tests
- Mock Kubernetes API client
- Test reconciliation logic with various CRD states
- Verify error handling and retry behavior
Integration Tests
- Use
kindorminikubefor local Kubernetes cluster - Deploy test CRDs and verify operator behavior
- Test component loading from OCI registry
- Validate policy application
Example Test Scenario
apiVersion: wassette.microsoft.io/v1
kind: WassetteComponent
metadata:
name: time-server
spec:
ociRef: "(redacted)"
policy:
network:
allow: []Verify:
- Component is downloaded and loaded
- Status shows "Ready"
- Tools are registered in operator's registry
Dependencies
- Requires: Subtask 1 (CRD schema design) must be completed first
- Blocks: Subtask 3 (MCP JSON-RPC API implementation)
References
- Wassette LifecycleManager:
crates/wassette/src/lib.rs - Component loader:
crates/wassette/src/loader.rs - Policy management:
crates/wassette/src/policy_internal.rs - kube-rs documentation: (redacted)
- Kubernetes operator pattern: (redacted)
Related to Kubernetes Operator for mcp-wasmtime #20