Application domain primitive declarations for the ONT Platform.
The nine app-core CRDs are the contracts that every application operator in the ONT ecosystem inherits from. They define the governance layer of a bounded application domain: what the application is, what it is authorized to do, who it connects to, and what constraints govern it.
Part of the ONT Platform. Operator Native Thinking.
Alpha specification. CRD implementations are not yet present in this repository. The schema specification is published at schema.ontai.dev. Application operators reference these schemas.
| Kind | Phase | Description |
|---|---|---|
| AppBoundary | 1 | Declares the namespace and cluster placement of the application domain |
| AppIdentity | 2 | Root anchor. Service name, version, operator owner, SPIFFE identity |
| AppPolicy | 3 | Policy ceiling inherited from DomainPolicy. Retry, circuit breaker, rate limit |
| AppTopology | 4 | Named connections to upstream dependencies and downstream dependents |
| AppEventSchema | 5 | Event contract registration. Producer or consumer role per DomainEvent |
| AppWorkflow | 6 | Phase-bound workflow declaration referencing DomainWorkflow |
| AppResourceProfile | 7 | Compute and storage claims bounded by DomainResource ceiling |
| AppAuditPolicy | 8 | Audit event granularity and transport path per DomainAudit floor |
| AppProfile | 8 | Terminal aggregator. Reaches Ready only when all sibling CRDs are Ready |
All nine CRDs are specified in the ONT schema standard: https://schema.ontai.dev/v1alpha1/app-core/
AppBoundary must reach Ready before AppIdentity may be created. AppIdentity is the root anchor for all sibling CRDs. AppPolicy, AppTopology, AppEventSchema, AppWorkflow, AppResourceProfile, and AppAuditPolicy resolve in parallel after AppIdentity is Ready. AppProfile reaches Ready only when all eight sibling CRDs are in terminal Ready state.
Application operators built on app-core may use kro (Kube Resource Orchestrator) for resource composition internally. kro handles the mechanics of composing Kubernetes resources. The app-core operator handles the governance semantics: Layer One declaration, domain-meaningful failure detection, lineage chain, and audit trail. They are complementary layers.
Read CONTRIBUTING.md before submitting.
Read the Operator Validation Framework before submitting any reconciliation behavior.
The most valuable contributions are application operators for real production domains. An AppBoundary, AppIdentity, and AppTopology for a fintech, healthcare, or telecoms domain application is a higher-value contribution than a generic example.
Apache License 2.0. See LICENSE for the full text.