titan-iac/services/game-stream/wolf-statefulset.yaml

# services/game-stream/wolf-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: wolf
  namespace: game-stream
  labels:
    app: wolf
spec:
  serviceName: wolf
  replicas: 1
  selector:
    matchLabels:
      app: wolf
  template:
    metadata:
      labels:
        app: wolf
        atlas.bstein.dev/game-mode: wolf
    spec:
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      runtimeClassName: nvidia
      securityContext:
        fsGroup: 1000
      initContainers:
        - name: wolfmanager-data-permissions
          image: busybox:1.36
          command: ["sh", "-c", "mkdir -p /app/data && chown -R 1000:1000 /app/data"]
          volumeMounts:
            - name: wolfmanager-data
              mountPath: /app/data
      nodeSelector:
        kubernetes.io/hostname: titan-24
      tolerations:
        - key: nvidia.com/gpu
          operator: Exists
          effect: NoSchedule
      containers:
        - name: wolf
          image: ghcr.io/games-on-whales/wolf:stable
          imagePullPolicy: IfNotPresent
          env:
            - name: WOLF_LOG_LEVEL
              value: INFO
            - name: WOLF_DOCKER_SOCKET
              value: /var/run/docker.sock
            - name: NVIDIA_DRIVER_CAPABILITIES
              value: all
            - name: NVIDIA_VISIBLE_DEVICES
              value: all
          securityContext:
            privileged: true
          resources:
            requests:
              cpu: "2"
              memory: 4Gi
              nvidia.com/gpu.shared: 1
            limits:
              cpu: "12"
              memory: 32Gi
              nvidia.com/gpu.shared: 1
          volumeMounts:
            - name: wolf-state
              mountPath: /etc/wolf
            - name: wolf-runtime
              mountPath: /run/user/wolf
            - name: docker-socket
              mountPath: /var/run/docker.sock
            - name: dev
              mountPath: /dev
            - name: udev
              mountPath: /run/udev
        - name: wolf-api-proxy
          image: ghcr.io/games-on-whales/wolf:stable
          imagePullPolicy: IfNotPresent
          command: ["/usr/bin/python3", "/opt/wolf-api-proxy/wolf_api_proxy.py"]
          ports:
            - name: api-proxy
              containerPort: 8088
          resources:
            requests:
              cpu: 25m
              memory: 64Mi
            limits:
              cpu: 250m
              memory: 256Mi
          volumeMounts:
            - name: wolf-runtime
              mountPath: /run/user/wolf
            - name: wolf-api-proxy
              mountPath: /opt/wolf-api-proxy
              readOnly: true
        - name: wolfmanager
          image: ghcr.io/salty2011/wolfmanager:latest
          imagePullPolicy: IfNotPresent
          command: ["/bin/sh", "-ec"]
          args:
            - |
              umask 077
              mkdir -p /app/data
              if [ ! -s /app/data/jwt_secret ]; then
                head -c 32 /dev/urandom | od -An -tx1 | tr -d ' \n' > /app/data/jwt_secret
              fi
              if [ ! -s /app/data/admin_password ]; then
                printf 'Wm%s1a\n' "$(head -c 18 /dev/urandom | od -An -tx1 | tr -d ' \n')" > /app/data/admin_password
              fi
              export Jwt__SecretKey="$(cat /app/data/jwt_secret)"
              export Admin__Password="$(cat /app/data/admin_password)"
              exec dotnet WolfManager.Api.dll
          env:
            - name: ASPNETCORE_URLS
              value: http://+:8080
            - name: ASPNETCORE_ENVIRONMENT
              value: Production
            - name: ConnectionStrings__DefaultConnection
              value: Data Source=/app/data/wolfmanager.db
            - name: Jobs__Storage
              value: Memory
            - name: Jobs__DashboardEnabled
              value: "true"
            - name: Wolf__UseUnixSocket
              value: "true"
            - name: Wolf__UnixSocketPath
              value: /run/user/wolf/wolf.sock
            - name: OpenTelemetry__ServiceName
              value: WolfManager
            - name: OpenTelemetry__ConsoleExporter
              value: "false"
            - name: OpenTelemetry__OtlpExporter
              value: "false"
          ports:
            - name: wolfmanager
              containerPort: 8080
          readinessProbe:
            httpGet:
              path: /health/ready
              port: 8080
            initialDelaySeconds: 10
            periodSeconds: 10
          livenessProbe:
            httpGet:
              path: /health/live
              port: 8080
            initialDelaySeconds: 30
            periodSeconds: 20
          resources:
            requests:
              cpu: 100m
              memory: 256Mi
            limits:
              cpu: "1"
              memory: 1Gi
          volumeMounts:
            - name: wolf-runtime
              mountPath: /run/user/wolf
            - name: wolfmanager-data
              mountPath: /app/data
      volumes:
        - name: wolf-state
          hostPath:
            path: /etc/wolf
            type: DirectoryOrCreate
        - name: wolf-runtime
          emptyDir: {}
        - name: wolf-api-proxy
          configMap:
            name: wolf-api-proxy
            defaultMode: 0555
        - name: wolfmanager-data
          hostPath:
            path: /etc/wolfmanager
            type: DirectoryOrCreate
        - name: docker-socket
          hostPath:
            path: /var/run/docker.sock
            type: Socket
        - name: dev
          hostPath:
            path: /dev
            type: Directory
        - name: udev
          hostPath:
            path: /run/udev
            type: Directory
game-stream: deploy Wolf foundation 2026-05-21 02:07:17 -03:00			`# services/game-stream/wolf-statefulset.yaml`
			`apiVersion: apps/v1`
			`kind: StatefulSet`
			`metadata:`
			`name: wolf`
			`namespace: game-stream`
			`labels:`
			`app: wolf`
			`spec:`
			`serviceName: wolf`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: wolf`
			`template:`
			`metadata:`
			`labels:`
			`app: wolf`
			`atlas.bstein.dev/game-mode: wolf`
			`spec:`
			`hostNetwork: true`
			`dnsPolicy: ClusterFirstWithHostNet`
			`runtimeClassName: nvidia`
game-stream: add Wolf portal access controls 2026-05-21 15:53:17 -03:00			`securityContext:`
			`fsGroup: 1000`
			`initContainers:`
			`- name: wolfmanager-data-permissions`
			`image: busybox:1.36`
			`command: ["sh", "-c", "mkdir -p /app/data && chown -R 1000:1000 /app/data"]`
			`volumeMounts:`
			`- name: wolfmanager-data`
			`mountPath: /app/data`
game-stream: deploy Wolf foundation 2026-05-21 02:07:17 -03:00			`nodeSelector:`
			`kubernetes.io/hostname: titan-24`
			`tolerations:`
			`- key: nvidia.com/gpu`
			`operator: Exists`
			`effect: NoSchedule`
			`containers:`
			`- name: wolf`
			`image: ghcr.io/games-on-whales/wolf:stable`
			`imagePullPolicy: IfNotPresent`
			`env:`
			`- name: WOLF_LOG_LEVEL`
			`value: INFO`
			`- name: WOLF_DOCKER_SOCKET`
			`value: /var/run/docker.sock`
			`- name: NVIDIA_DRIVER_CAPABILITIES`
			`value: all`
			`- name: NVIDIA_VISIBLE_DEVICES`
			`value: all`
			`securityContext:`
			`privileged: true`
			`resources:`
			`requests:`
			`cpu: "2"`
			`memory: 4Gi`
			`nvidia.com/gpu.shared: 1`
			`limits:`
			`cpu: "12"`
			`memory: 32Gi`
			`nvidia.com/gpu.shared: 1`
			`volumeMounts:`
			`- name: wolf-state`
			`mountPath: /etc/wolf`
game-stream: add Wolf portal access controls 2026-05-21 15:53:17 -03:00			`- name: wolf-runtime`
			`mountPath: /run/user/wolf`
game-stream: deploy Wolf foundation 2026-05-21 02:07:17 -03:00			`- name: docker-socket`
			`mountPath: /var/run/docker.sock`
			`- name: dev`
			`mountPath: /dev`
			`- name: udev`
			`mountPath: /run/udev`
game-stream: add Wolf portal access controls 2026-05-21 15:53:17 -03:00			`- name: wolf-api-proxy`
			`image: ghcr.io/games-on-whales/wolf:stable`
			`imagePullPolicy: IfNotPresent`
			`command: ["/usr/bin/python3", "/opt/wolf-api-proxy/wolf_api_proxy.py"]`
			`ports:`
			`- name: api-proxy`
			`containerPort: 8088`
			`resources:`
			`requests:`
			`cpu: 25m`
			`memory: 64Mi`
			`limits:`
			`cpu: 250m`
			`memory: 256Mi`
			`volumeMounts:`
			`- name: wolf-runtime`
			`mountPath: /run/user/wolf`
			`- name: wolf-api-proxy`
			`mountPath: /opt/wolf-api-proxy`
			`readOnly: true`
			`- name: wolfmanager`
			`image: ghcr.io/salty2011/wolfmanager:latest`
			`imagePullPolicy: IfNotPresent`
			`command: ["/bin/sh", "-ec"]`
			`args:`
			`- \|`
			`umask 077`
			`mkdir -p /app/data`
			`if [ ! -s /app/data/jwt_secret ]; then`
			`head -c 32 /dev/urandom \| od -An -tx1 \| tr -d ' \n' > /app/data/jwt_secret`
			`fi`
			`if [ ! -s /app/data/admin_password ]; then`
			`printf 'Wm%s1a\n' "$(head -c 18 /dev/urandom \| od -An -tx1 \| tr -d ' \n')" > /app/data/admin_password`
			`fi`
			`export Jwt__SecretKey="$(cat /app/data/jwt_secret)"`
			`export Admin__Password="$(cat /app/data/admin_password)"`
			`exec dotnet WolfManager.Api.dll`
			`env:`
			`- name: ASPNETCORE_URLS`
			`value: http://+:8080`
			`- name: ASPNETCORE_ENVIRONMENT`
			`value: Production`
			`- name: ConnectionStrings__DefaultConnection`
			`value: Data Source=/app/data/wolfmanager.db`
			`- name: Jobs__Storage`
			`value: Memory`
			`- name: Jobs__DashboardEnabled`
			`value: "true"`
			`- name: Wolf__UseUnixSocket`
			`value: "true"`
			`- name: Wolf__UnixSocketPath`
			`value: /run/user/wolf/wolf.sock`
			`- name: OpenTelemetry__ServiceName`
			`value: WolfManager`
			`- name: OpenTelemetry__ConsoleExporter`
			`value: "false"`
			`- name: OpenTelemetry__OtlpExporter`
			`value: "false"`
			`ports:`
			`- name: wolfmanager`
			`containerPort: 8080`
			`readinessProbe:`
			`httpGet:`
			`path: /health/ready`
			`port: 8080`
			`initialDelaySeconds: 10`
			`periodSeconds: 10`
			`livenessProbe:`
			`httpGet:`
			`path: /health/live`
			`port: 8080`
			`initialDelaySeconds: 30`
			`periodSeconds: 20`
			`resources:`
			`requests:`
			`cpu: 100m`
			`memory: 256Mi`
			`limits:`
			`cpu: "1"`
			`memory: 1Gi`
			`volumeMounts:`
			`- name: wolf-runtime`
			`mountPath: /run/user/wolf`
			`- name: wolfmanager-data`
			`mountPath: /app/data`
game-stream: deploy Wolf foundation 2026-05-21 02:07:17 -03:00			`volumes:`
			`- name: wolf-state`
			`hostPath:`
			`path: /etc/wolf`
			`type: DirectoryOrCreate`
game-stream: add Wolf portal access controls 2026-05-21 15:53:17 -03:00			`- name: wolf-runtime`
			`emptyDir: {}`
			`- name: wolf-api-proxy`
			`configMap:`
			`name: wolf-api-proxy`
			`defaultMode: 0555`
			`- name: wolfmanager-data`
			`hostPath:`
			`path: /etc/wolfmanager`
			`type: DirectoryOrCreate`
game-stream: deploy Wolf foundation 2026-05-21 02:07:17 -03:00			`- name: docker-socket`
			`hostPath:`
			`path: /var/run/docker.sock`
			`type: Socket`
			`- name: dev`
			`hostPath:`
			`path: /dev`
			`type: Directory`
			`- name: udev`
			`hostPath:`
			`path: /run/udev`
			`type: Directory`