Allow for the usage of Vertex

.github/workflows/components-build-deploy.yml

@@ -139,8 +139,9 @@ jobs:
 
       - name: Apply RBAC and CRD manifests
         run: |
-          oc apply -k components/manifests/crds/
-          oc apply -k components/manifests/rbac/
+          oc apply -k components/manifests/base/crds/
+          oc apply -k components/manifests/base/rbac/
+          oc apply -k components/manifests/overlays/production/operator-config-openshift.yaml -n ambient-code
 
   deploy-to-openshift:
     runs-on: ubuntu-latest
@@ -240,25 +241,25 @@ jobs:
         run: |
           oc login ${{ secrets.OPENSHIFT_SERVER }} --token=${{ secrets.OPENSHIFT_TOKEN }} --insecure-skip-tls-verify
 
-      - name: Update frontend if changed
+      - name: Update frontend
         run: |
           oc delete deployment frontend -n ambient-code
           oc apply -f components/manifests/frontend-deployment.yaml -n ambient-code
           oc patch deployment frontend -n ambient-code --patch "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"frontend\",\"image\":\"quay.io/ambient_code/vteam_frontend:stage\",\"env\":[{\"name\":\"BACKEND_URL\",\"value\":\"http://backend-service:8080/api\"},{\"name\":\"NODE_ENV\",\"value\":\"production\"},{\"name\":\"GITHUB_APP_SLUG\",\"value\":\"ambient-code\"},{\"name\":\"VTEAM_VERSION\",\"value\":\"${{ github.sha }}\"}]}]}}}}"
 
-      - name: Update backend if changed
+      - name: Update backend
         run: |
           oc delete deployment backend-api -n ambient-code
           oc apply -f components/manifests/backend-deployment.yaml -n ambient-code
           oc patch deployment backend-api -n ambient-code --patch "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"backend-api\",\"image\":\"quay.io/ambient_code/vteam_backend:stage\"}]}}}}"
           oc patch deployment backend-api -n ambient-code --type=json -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/env", "value": [{"name":"NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"PORT","value":"8080"},{"name":"STATE_BASE_DIR","value":"/workspace"},{"name":"SPEC_KIT_REPO","value":"ambient-code/spec-kit-rh"},{"name":"SPEC_KIT_VERSION","value":"main"},{"name":"SPEC_KIT_TEMPLATE","value":"spec-kit-template-claude-sh"},{"name":"CONTENT_SERVICE_IMAGE","value":"quay.io/ambient_code/vteam_backend:stage"},{"name":"IMAGE_PULL_POLICY","value":"Always"},{"name":"GITHUB_APP_ID","valueFrom":{"secretKeyRef":{"name":"github-app-secret","key":"GITHUB_APP_ID","optional":true}}},{"name":"GITHUB_PRIVATE_KEY","valueFrom":{"secretKeyRef":{"name":"github-app-secret","key":"GITHUB_PRIVATE_KEY","optional":true}}},{"name":"GITHUB_CLIENT_ID","valueFrom":{"secretKeyRef":{"name":"github-app-secret","key":"GITHUB_CLIENT_ID","optional":true}}},{"name":"GITHUB_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"name":"github-app-secret","key":"GITHUB_CLIENT_SECRET","optional":true}}},{"name":"GITHUB_STATE_SECRET","valueFrom":{"secretKeyRef":{"name":"github-app-secret","key":"GITHUB_STATE_SECRET","optional":true}}}]}]'
 
-      - name: Update operator if changed
+      - name: Update operator
         run: |
           oc delete deployment agentic-operator -n ambient-code
           oc apply -f components/manifests/operator-deployment.yaml -n ambient-code
           oc patch deployment agentic-operator -n ambient-code --patch "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"agentic-operator\",\"image\":\"quay.io/ambient_code/vteam_operator:stage\"}]}}}}"
 
-      - name: Update operator environment variables if backend or runner changed
+      - name: Update operator environment variables
         run: |
           oc patch deployment agentic-operator -n ambient-code --type=json -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/env", "value": [{"name":"NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"BACKEND_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}},{"name":"BACKEND_API_URL","value":"http://backend-service:8080/api"},{"name":"AMBIENT_CODE_RUNNER_IMAGE","value":"quay.io/ambient_code/vteam_claude_runner:stage"},{"name":"CONTENT_SERVICE_IMAGE","value":"quay.io/ambient_code/vteam_backend:stage"},{"name":"IMAGE_PULL_POLICY","value":"Always"}]}]'

README.md

@@ -39,7 +39,7 @@ The platform consists of containerized microservices orchestrated via Kubernetes
 
 ### Required Tools
 - **OpenShift Local (CRC)** for local development or OpenShift cluster for production
-- **oc** (OpenShift CLI) or **kubectl** v1.28+ configured to access your cluster  
+- **oc** (OpenShift CLI) or **kubectl** v1.28+ configured to access your cluster
 - **Docker or Podman** for building container images
 - **Container registry access** (Docker Hub, Quay.io, ECR, etc.) for production
 - **Go 1.24+** for building backend services (if building from source)
@@ -156,6 +156,61 @@ For cluster-based authentication and authorization, the deployment script can co
 
 ## Configuration & Secrets
 
+### Operator Configuration (Vertex AI vs Direct API)
+
+The operator supports two modes for accessing Claude AI:
+
+#### Direct Anthropic API (Default)
+Use `operator-config.yaml` or `operator-config-crc.yaml` for standard deployments:
+
+```bash
+# Apply the standard config (Vertex AI disabled)
+kubectl apply -f components/manifests/operator-config.yaml -n ambient-code
+```
+
+**When to use:**
+- Standard cloud deployments without Google Cloud integration
+- Local development with CRC/Minikube
+- Any environment using direct Anthropic API access
+
+**Configuration:** Sets `CLAUDE_CODE_USE_VERTEX=0`
+
+#### Google Cloud Vertex AI
+Use `operator-config-openshift.yaml` for production OpenShift deployments with Vertex AI:
+
+```bash
+# Apply the Vertex AI config
+kubectl apply -f components/manifests/operator-config-openshift.yaml -n ambient-code
+```
+
+**When to use:**
+- Production deployments on Google Cloud
+- Environments requiring Vertex AI integration
+- Enterprise deployments with Google Cloud service accounts
+
+**Configuration:** Sets `CLAUDE_CODE_USE_VERTEX=1` and configures:
+- `CLOUD_ML_REGION`: Google Cloud region (default: "global")
+- `ANTHROPIC_VERTEX_PROJECT_ID`: Your GCP project ID
+- `GOOGLE_APPLICATION_CREDENTIALS`: Path to service account key file
+
+**Creating the Vertex AI Secret:**
+
+When using Vertex AI, you must create a secret containing your Google Cloud service account key:
+
+```bash
+# The key file MUST be named ambient-code-key.json
+kubectl create secret generic ambient-vertex \
+  --from-file=ambient-code-key.json=ambient-code-key.json \
+  -n ambient-code
+```
+
+**Important Requirements:**
+- ✅ Secret name must be `ambient-vertex`
+- ✅ Key file must be named `ambient-code-key.json`
+- ✅ Service account must have Vertex AI API access
+- ✅ Project ID in config must match the service account's project
+
+
 ### Session Timeout Configuration
 
 Sessions have a configurable timeout (default: 300 seconds):
@@ -243,7 +298,7 @@ make dev-start
 
 **What this provides:**
 - ✅ Full OpenShift cluster with CRC
-- ✅ Real OpenShift authentication and RBAC  
+- ✅ Real OpenShift authentication and RBAC
 - ✅ Production-like environment
 - ✅ Automatic image builds and deployments
 - ✅ Working frontend-backend integration

components/frontend/src/app/projects/[name]/settings/page.tsx

@@ -363,7 +363,7 @@ export default function ProjectSettingsPage({ params }: { params: Promise<{ name
               </div>
               <div className="pt-4 space-y-3 border-t">
                 <div className="pt-3">
-                  <Label className="text-base font-semibold">Anthropic API Key (Required)</Label>
+                  <Label className="text-base font-semibold">Anthropic API Key (Optional)</Label>
                   <div className="text-xs text-muted-foreground mb-3">Your Anthropic API key for Claude Code runner</div>
                   <div className="flex items-center gap-2">
                     <Input

components/manifests/base/operator-deployment.yaml

@@ -36,6 +36,27 @@ spec:
           value: "quay.io/ambient_code/vteam_backend:latest"
         - name: IMAGE_PULL_POLICY
           value: "Always"
+        # Vertex AI configuration from ConfigMap
+        - name: CLAUDE_CODE_USE_VERTEX
+          valueFrom:
+            configMapKeyRef:
+              name: operator-config
+              key: CLAUDE_CODE_USE_VERTEX
+        - name: CLOUD_ML_REGION
+          valueFrom:
+            configMapKeyRef:
+              name: operator-config
+              key: CLOUD_ML_REGION
+        - name: ANTHROPIC_VERTEX_PROJECT_ID
+          valueFrom:
+            configMapKeyRef:
+              name: operator-config
+              key: ANTHROPIC_VERTEX_PROJECT_ID
+        - name: GOOGLE_APPLICATION_CREDENTIALS
+          valueFrom:
+            configMapKeyRef:
+              name: operator-config
+              key: GOOGLE_APPLICATION_CREDENTIALS
         resources:
           requests:
             cpu: 50m
@@ -52,4 +73,3 @@ spec:
           initialDelaySeconds: 30
           periodSeconds: 10
       restartPolicy: Always
-

components/manifests/base/rbac/operator-clusterrole.yaml

@@ -48,5 +48,7 @@ rules:
 - apiGroups: ["rbac.authorization.k8s.io"]
   resources: ["rolebindings"]
   verbs: ["get", "create"]
-
-
+# Secrets (for copying ambient-vertex to job namespaces) Without this we cannot copy secrets to the session namespaces
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "create", "delete"]

components/manifests/overlays/e2e/kustomization.yaml

@@ -10,6 +10,7 @@ resources:
 - test-user.yaml
 - frontend-ingress.yaml
 - backend-ingress.yaml
+- operator-config.yaml
 
 # Patches for e2e environment
 patches:

components/manifests/overlays/e2e/operator-config.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: operator-config
+  labels:
+    app: agentic-operator
+    deployment-type: e2e
+data:
+  # Vertex AI Configuration - Disabled for e2e testing
+  CLAUDE_CODE_USE_VERTEX: "0"
+  CLOUD_ML_REGION: ""
+  ANTHROPIC_VERTEX_PROJECT_ID: ""
+  GOOGLE_APPLICATION_CREDENTIALS: ""

components/manifests/overlays/local-dev/kustomization.yaml

@@ -11,6 +11,7 @@ resources:
 - frontend-auth.yaml
 - backend-route.yaml
 - frontend-route.yaml
+- operator-config-crc.yaml
 
 # Patches for local dev environment
 patchesStrategicMerge:
@@ -38,4 +39,3 @@ images:
 - name: quay.io/ambient_code/vteam_claude_runner
   newName: quay.io/ambient_code/vteam_claude_runner
   newTag: latest
-

components/manifests/overlays/local-dev/operator-config-crc.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: operator-config
+  labels:
+    app: agentic-operator
+    deployment-type: crc
+data:
+  # Vertex AI Configuration - Disabled for CRC local development
+  CLAUDE_CODE_USE_VERTEX: "0"
+  CLOUD_ML_REGION: ""
+  ANTHROPIC_VERTEX_PROJECT_ID: ""
+  GOOGLE_APPLICATION_CREDENTIALS: ""

components/manifests/overlays/production/kustomization.yaml

@@ -13,6 +13,7 @@ resources:
 - route.yaml
 - backend-route.yaml
 - github-app-secret.yaml
+- operator-config-openshift.yaml
 
 # Patches for production environment
 patches:
@@ -52,4 +53,3 @@ images:
 #   - oauth-secret.env
 #   options:
 #     disableNameSuffixHash: true
-

components/manifests/overlays/production/operator-config-openshift.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: operator-config
+  labels:
+    app: agentic-operator
+    deployment-type: openshift
+data:
+  # Vertex AI Configuration - Enabled for standard OpenShift deployments
+  CLAUDE_CODE_USE_VERTEX: "1"
+  CLOUD_ML_REGION: "global"
+  ANTHROPIC_VERTEX_PROJECT_ID: "ambient-code-platform"
+  GOOGLE_APPLICATION_CREDENTIALS: "/app/vertex/ambient-code-key.json"

components/operator/internal/config/config.go

@@ -13,7 +13,7 @@ import (
 
 // Package-level variables (exported for use by handlers and services)
 var (
-	K8sClient     *kubernetes.Clientset
+	K8sClient     kubernetes.Interface
 	DynamicClient dynamic.Interface
 )