It sits behind the portal and handles the jobs that are annoying or risky to do by hand: approving access, syncing account state, rotating service passwords, cleaning stale Kubernetes work, checking platform health, and keeping a few service integrations lined up.

How it works

Ariadne is a FastAPI service with a small scheduler. It talks to Keycloak, Vault, Mailu, Nextcloud, Wger, Firefly, Jenkins, Metis, Kubernetes, and a few Atlas-specific services through focused adapters under ariadne/services/.

The API is split between admin routes, account self-service routes, internal event hooks, and Prometheus metrics. Background jobs store run history in the Ariadne database so failures can be inspected later instead of vanishing into logs.

The following are notes for future Brad.

Useful routes:

GET /health
GET /metrics
GET /api/admin/cluster/state
POST /api/admin/access/requests/{username}/approve
POST /api/account/mailu/rotate
POST /api/account/wger/reset
POST /api/account/firefly/reset
POST /events

Development

python -m pytest
ruff check .

Most runtime behavior is configured through environment variables in ariadne/settings.py. Service-specific logic is in the small adapter modules; ariadne/app.py is focused on request flow and task orchestration.