Skip to content

feat: Integrate REST services into DevSpace#3304

Open
kfelternv wants to merge 9 commits into
NVIDIA:mainfrom
kfelternv:codex/devspace-rest-stack
Open

feat: Integrate REST services into DevSpace#3304
kfelternv wants to merge 9 commits into
NVIDIA:mainfrom
kfelternv:codex/devspace-rest-stack

Conversation

@kfelternv

@kfelternv kfelternv commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

This gets the full NICo Core and REST stack running locally through DevSpace.

It builds and deploys Core, the REST API/workers/site manager/site agent, MCP, and machine-a-tron. The bootstrap also brings up Postgres, Vault, cert-manager, Temporal, and Keycloak.

machine-a-tron is simulating hosts, Core discovers and manages them, and the site agent connects back to Core over mTLS. The REST workers pull that inventory through Temporal and expose it through the REST API.

devspace purge now actually gives us a clean reset: it deletes and recreates the current kind cluster, then bootstraps fresh dependencies. It keeps the host Docker images and DevSpace cache, so the next devspace deploy --skip-build does not rebuild everything.

Related issues

None.

Type of Change

  • Add - New feature or capability

Breaking Changes

  • This PR contains breaking changes

Testing

  • Integration tests added/updated
  • Manual testing performed

I merged current main, rebuilt the images, and ran the full clean-start flow on Nico dev:

  • Ran devspace purge -n nico-system
  • Confirmed the kind cluster was replaced while Docker image cache stayed intact
  • Ran devspace deploy --skip-build -n nico-system
  • Confirmed all running pods were Ready and all Helm releases deployed
  • Confirmed Temporal namespaces and the site-specific namespace were created
  • Confirmed the site agent connected to Core over mTLS
  • Confirmed the REST site is Registered and online
  • Confirmed the REST API returned 7 machine-a-tron hosts

Additional Notes

devspace purge intentionally wipes all Kubernetes state in the selected kind cluster, including databases, Temporal history, Vault data, certificates, site registration, CRDs, and PVCs. It does not wipe host Docker images or build caches.

Signed-off-by: Kyle Felter <kfelter@nvidia.com>
@copy-pr-bot

copy-pr-bot Bot commented Jul 9, 2026

Copy link
Copy Markdown

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 3741f361-82d3-471c-ac44-edc036580325

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

kfelternv added 8 commits July 9, 2026 10:44
Signed-off-by: Kyle Felter <kfelter@nvidia.com>
Signed-off-by: Kyle Felter <kfelter@nvidia.com>
Signed-off-by: Kyle Felter <kfelter@nvidia.com>
Signed-off-by: Kyle Felter <kfelter@nvidia.com>
Signed-off-by: Kyle Felter <kfelter@nvidia.com>
Signed-off-by: Kyle Felter <kfelter@nvidia.com>
Signed-off-by: Kyle Felter <kfelter@nvidia.com>
Signed-off-by: Kyle Felter <kfelter@nvidia.com>
@kfelternv kfelternv marked this pull request as ready for review July 9, 2026 20:14
@kfelternv kfelternv requested review from a team as code owners July 9, 2026 20:14
@kfelternv kfelternv requested review from kensimon and thossain-nv July 9, 2026 20:15
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

🔐 TruffleHog Secret Scan

No secrets or credentials found!

Your code has been scanned for 700+ types of secrets and credentials. All clear! 🎉

🔗 View scan details

🕐 Last updated: 2026-07-09 20:17:54 UTC | Commit: 1a0d78b

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

🔍 Container Scan Summary

Service Total Critical High Medium Low Other
boot-artifacts-aarch64 3 0 0 3 0 0
boot-artifacts-x86_64 3 0 0 3 0 0
forge-admin-cli-x86_64 271 13 34 91 7 126
machine-validation-runner 800 37 234 291 43 195
machine_validation 800 37 234 291 43 195
machine_validation-aarch64 800 37 234 291 43 195
nvmetal-carbide 800 37 234 291 43 195
TOTAL 3477 161 970 1261 179 906

Per-CVE detail lives in the per-service grype-* artifacts (JSON + SARIF). Severity counts only — no CVE IDs published here.

@hwadekar-nv

Copy link
Copy Markdown
Contributor

Thanks @kfelternv ! This will be really helpful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants