ariadne/README.md

# ariadne

Ariadne is the Atlas admin and account automation service.

It sits behind the portal and handles the jobs that are annoying or risky to do by hand: approving access, syncing account state, rotating service passwords, cleaning stale Kubernetes work, checking platform health, and keeping a few service integrations lined up.

## How it works

Ariadne is a FastAPI service with a small scheduler. It talks to Keycloak, Vault, Mailu, Nextcloud, Wger, Firefly, Jenkins, Metis, Kubernetes, and a few Atlas-specific services through focused adapters under `ariadne/services/`.

The API is split between admin routes, account self-service routes, internal event hooks, and Prometheus metrics. Background jobs store run history in the Ariadne database so failures can be inspected later instead of vanishing into logs.

The following are notes for future Brad.

## Bring-up dependencies

Ariadne needs:

- Kubernetes API, service DNS, and Ariadne's service account/RBAC
- the Ariadne database, plus the portal database if portal/account sync is enabled
- Vault or the Kubernetes secrets that Vault normally feeds it
- Keycloak/OIDC, because auth and profile sync assume it exists
- ingress/proxy plumbing if humans are going to use it through the portal
- the services for whatever jobs are enabled: Mailu, Nextcloud, Vaultwarden, Wger, Firefly, Jenkins, Metis, OpenSearch, and the comms/game-mode pieces

It can start before every integration is perfect, but the matching scheduled jobs will fail or no-op until their service is actually alive. In a total bring-up, wait for storage, Flux, Postgres, Vault, Keycloak, and ingress first. Afterwards Ariadne becomes useful glue.

Useful routes:

- `GET /health`
- `GET /metrics`
- `GET /api/admin/cluster/state`
- `POST /api/admin/access/requests/{username}/approve`
- `POST /api/account/mailu/rotate`
- `POST /api/account/wger/reset`
- `POST /api/account/firefly/reset`
- `POST /events`

## Development

```bash
python -m pytest
ruff check .
```

Most runtime behavior is configured through environment variables in `ariadne/settings.py`. Service-specific logic is in the small adapter modules; `ariadne/app.py` is focused on request flow and task orchestration.
docs: add concise ariadne README 2026-06-19 15:54:59 -03:00			`# ariadne`

			`Ariadne is the Atlas admin and account automation service.`

Update README.md 2026-06-19 20:43:38 +00:00			`It sits behind the portal and handles the jobs that are annoying or risky to do by hand: approving access, syncing account state, rotating service passwords, cleaning stale Kubernetes work, checking platform health, and keeping a few service integrations lined up.`
docs: add concise ariadne README 2026-06-19 15:54:59 -03:00
			`## How it works`

Update README.md 2026-06-19 20:43:38 +00:00			Ariadne is a FastAPI service with a small scheduler. It talks to Keycloak, Vault, Mailu, Nextcloud, Wger, Firefly, Jenkins, Metis, Kubernetes, and a few Atlas-specific services through focused adapters under `ariadne/services/`.
docs: add concise ariadne README 2026-06-19 15:54:59 -03:00
Update README.md 2026-06-19 20:43:38 +00:00			`The API is split between admin routes, account self-service routes, internal event hooks, and Prometheus metrics. Background jobs store run history in the Ariadne database so failures can be inspected later instead of vanishing into logs.`

			`The following are notes for future Brad.`
docs: add concise ariadne README 2026-06-19 15:54:59 -03:00
docs: note ariadne bring-up dependencies 2026-06-19 17:53:25 -03:00			`## Bring-up dependencies`

Update README.md 2026-06-19 21:27:06 +00:00			`Ariadne needs:`
docs: note ariadne bring-up dependencies 2026-06-19 17:53:25 -03:00
			`- Kubernetes API, service DNS, and Ariadne's service account/RBAC`
			`- the Ariadne database, plus the portal database if portal/account sync is enabled`
			`- Vault or the Kubernetes secrets that Vault normally feeds it`
			`- Keycloak/OIDC, because auth and profile sync assume it exists`
			`- ingress/proxy plumbing if humans are going to use it through the portal`
			`- the services for whatever jobs are enabled: Mailu, Nextcloud, Vaultwarden, Wger, Firefly, Jenkins, Metis, OpenSearch, and the comms/game-mode pieces`

Update README.md 2026-06-19 21:27:06 +00:00			`It can start before every integration is perfect, but the matching scheduled jobs will fail or no-op until their service is actually alive. In a total bring-up, wait for storage, Flux, Postgres, Vault, Keycloak, and ingress first. Afterwards Ariadne becomes useful glue.`
docs: note ariadne bring-up dependencies 2026-06-19 17:53:25 -03:00
docs: add concise ariadne README 2026-06-19 15:54:59 -03:00			`Useful routes:`

			- `GET /health`
			- `GET /metrics`
			- `GET /api/admin/cluster/state`
			- `POST /api/admin/access/requests/{username}/approve`
			- `POST /api/account/mailu/rotate`
			- `POST /api/account/wger/reset`
			- `POST /api/account/firefly/reset`
			- `POST /events`

			`## Development`

			```bash
			`python -m pytest`
			`ruff check .`
			```

Update README.md 2026-06-19 20:43:38 +00:00			Most runtime behavior is configured through environment variables in `ariadne/settings.py`. Service-specific logic is in the small adapter modules; `ariadne/app.py` is focused on request flow and task orchestration.