titan-iac/services/maintenance/ariadne-deployment.yaml

# services/maintenance/ariadne-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ariadne
  namespace: maintenance
spec:
  replicas: 1
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app: ariadne
  template:
    metadata:
      labels:
        app: ariadne
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "8080"
        prometheus.io/path: "/metrics"
        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/role: "maintenance"
        vault.hashicorp.com/agent-inject-secret-ariadne-env.sh: "kv/data/atlas/portal/atlas-portal-db"
        vault.hashicorp.com/agent-inject-template-ariadne-env.sh: |
          {{ with secret "kv/data/atlas/portal/atlas-portal-db" }}
          export PORTAL_DATABASE_URL="{{ .Data.data.PORTAL_DATABASE_URL }}"
          {{ end }}
          {{ with secret "kv/data/atlas/portal/bstein-dev-home-keycloak-admin" }}
          export KEYCLOAK_ADMIN_CLIENT_SECRET="{{ .Data.data.client_secret }}"
          {{ end }}
          {{ with secret "kv/data/atlas/mailu/mailu-db-secret" }}
          export MAILU_DB_NAME="{{ .Data.data.database }}"
          export MAILU_DB_USER="{{ .Data.data.username }}"
          export MAILU_DB_PASSWORD="{{ .Data.data.password }}"
          {{ end }}
          {{ with secret "kv/data/atlas/mailu/mailu-initial-account-secret" }}
          export SMTP_HOST="mailu-front.mailu-mailserver.svc.cluster.local"
          export SMTP_PORT="587"
          export SMTP_STARTTLS="true"
          export SMTP_USE_TLS="false"
          export SMTP_USERNAME="no-reply-portal@bstein.dev"
          export SMTP_PASSWORD="{{ .Data.data.password }}"
          export SMTP_FROM="no-reply-portal@bstein.dev"
          {{ end }}
    spec:
      serviceAccountName: ariadne
      nodeSelector:
        kubernetes.io/arch: arm64
        node-role.kubernetes.io/worker: "true"
      containers:
        - name: ariadne
          image: registry.bstein.dev/bstein/ariadne:0.1.0-0
          imagePullPolicy: Always
          command: ["/bin/sh", "-c"]
          args:
            - >-
              . /vault/secrets/ariadne-env.sh
              && exec uvicorn ariadne.app:app --host 0.0.0.0 --port 8080
          ports:
            - name: http
              containerPort: 8080
          env:
            - name: KEYCLOAK_URL
              value: https://sso.bstein.dev
            - name: KEYCLOAK_REALM
              value: atlas
            - name: KEYCLOAK_CLIENT_ID
              value: bstein-dev-home
            - name: KEYCLOAK_ISSUER
              value: https://sso.bstein.dev/realms/atlas
            - name: KEYCLOAK_JWKS_URL
              value: http://keycloak.sso.svc.cluster.local/realms/atlas/protocol/openid-connect/certs
            - name: KEYCLOAK_ADMIN_URL
              value: http://keycloak.sso.svc.cluster.local
            - name: KEYCLOAK_ADMIN_REALM
              value: atlas
            - name: KEYCLOAK_ADMIN_CLIENT_ID
              value: bstein-dev-home-admin
            - name: PORTAL_PUBLIC_BASE_URL
              value: https://bstein.dev
            - name: PORTAL_ADMIN_USERS
              value: bstein
            - name: PORTAL_ADMIN_GROUPS
              value: admin
            - name: ACCOUNT_ALLOWED_GROUPS
              value: dev,admin
            - name: ALLOWED_FLAG_GROUPS
              value: demo,test
            - name: DEFAULT_USER_GROUPS
              value: dev
            - name: MAILU_DOMAIN
              value: bstein.dev
            - name: MAILU_SYNC_URL
              value: http://mailu-sync-listener.mailu-mailserver.svc.cluster.local:8080/events
            - name: MAILU_MAILBOX_WAIT_TIMEOUT_SEC
              value: "180"
            - name: MAILU_DB_HOST
              value: postgres-service.postgres.svc.cluster.local
            - name: MAILU_DB_PORT
              value: "5432"
            - name: NEXTCLOUD_NAMESPACE
              value: nextcloud
            - name: NEXTCLOUD_MAIL_SYNC_CRONJOB
              value: nextcloud-mail-sync
            - name: NEXTCLOUD_MAIL_SYNC_WAIT_TIMEOUT_SEC
              value: "90"
            - name: NEXTCLOUD_MAIL_SYNC_JOB_TTL_SEC
              value: "3600"
            - name: WGER_NAMESPACE
              value: health
            - name: WGER_USER_SYNC_CRONJOB
              value: wger-user-sync
            - name: WGER_ADMIN_CRONJOB
              value: wger-admin-ensure
            - name: WGER_USER_SYNC_WAIT_TIMEOUT_SEC
              value: "90"
            - name: FIREFLY_NAMESPACE
              value: finance
            - name: FIREFLY_USER_SYNC_CRONJOB
              value: firefly-user-sync
            - name: FIREFLY_USER_SYNC_WAIT_TIMEOUT_SEC
              value: "90"
            - name: VAULTWARDEN_NAMESPACE
              value: vaultwarden
            - name: VAULTWARDEN_POD_LABEL
              value: app=vaultwarden
            - name: VAULTWARDEN_POD_PORT
              value: "80"
            - name: VAULTWARDEN_SERVICE_HOST
              value: vaultwarden-service.vaultwarden.svc.cluster.local
            - name: VAULTWARDEN_ADMIN_SECRET_NAME
              value: vaultwarden-admin
            - name: VAULTWARDEN_ADMIN_SECRET_KEY
              value: ADMIN_TOKEN
            - name: VAULTWARDEN_ADMIN_SESSION_TTL_SEC
              value: "900"
            - name: VAULTWARDEN_ADMIN_RATE_LIMIT_BACKOFF_SEC
              value: "600"
            - name: VAULTWARDEN_RETRY_COOLDOWN_SEC
              value: "1800"
            - name: VAULTWARDEN_FAILURE_BAILOUT
              value: "2"
            - name: ARIADNE_PROVISION_POLL_INTERVAL_SEC
              value: "5"
            - name: ARIADNE_PROVISION_RETRY_COOLDOWN_SEC
              value: "30"
            - name: ARIADNE_SCHEDULE_TICK_SEC
              value: "5"
            - name: ARIADNE_SCHEDULE_MAILU_SYNC
              value: "30 4 * * *"
            - name: ARIADNE_SCHEDULE_NEXTCLOUD_SYNC
              value: "0 5 * * *"
            - name: ARIADNE_SCHEDULE_VAULTWARDEN_SYNC
              value: "*/15 * * * *"
            - name: ARIADNE_SCHEDULE_WGER_ADMIN
              value: "15 3 * * *"
            - name: WELCOME_EMAIL_ENABLED
              value: "true"
            - name: K8S_API_TIMEOUT_SEC
              value: "5"
            - name: METRICS_PATH
              value: "/metrics"
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
            limits:
              cpu: 500m
              memory: 512Mi
          livenessProbe:
            httpGet:
              path: /health
              port: http
            initialDelaySeconds: 10
            periodSeconds: 10
          readinessProbe:
            httpGet:
              path: /health
              port: http
            initialDelaySeconds: 5
            periodSeconds: 10
feat: add Ariadne service and glue scheduling 2026-01-19 16:58:02 -03:00			`# services/maintenance/ariadne-deployment.yaml`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: ariadne`
			`namespace: maintenance`
			`spec:`
			`replicas: 1`
			`revisionHistoryLimit: 3`
			`selector:`
			`matchLabels:`
			`app: ariadne`
			`template:`
			`metadata:`
			`labels:`
			`app: ariadne`
			`annotations:`
			`prometheus.io/scrape: "true"`
			`prometheus.io/port: "8080"`
			`prometheus.io/path: "/metrics"`
			`vault.hashicorp.com/agent-inject: "true"`
			`vault.hashicorp.com/role: "maintenance"`
			`vault.hashicorp.com/agent-inject-secret-ariadne-env.sh: "kv/data/atlas/portal/atlas-portal-db"`
			`vault.hashicorp.com/agent-inject-template-ariadne-env.sh: \|`
			`{{ with secret "kv/data/atlas/portal/atlas-portal-db" }}`
			`export PORTAL_DATABASE_URL="{{ .Data.data.PORTAL_DATABASE_URL }}"`
			`{{ end }}`
			`{{ with secret "kv/data/atlas/portal/bstein-dev-home-keycloak-admin" }}`
			`export KEYCLOAK_ADMIN_CLIENT_SECRET="{{ .Data.data.client_secret }}"`
			`{{ end }}`
			`{{ with secret "kv/data/atlas/mailu/mailu-db-secret" }}`
			`export MAILU_DB_NAME="{{ .Data.data.database }}"`
			`export MAILU_DB_USER="{{ .Data.data.username }}"`
			`export MAILU_DB_PASSWORD="{{ .Data.data.password }}"`
			`{{ end }}`
			`{{ with secret "kv/data/atlas/mailu/mailu-initial-account-secret" }}`
			`export SMTP_HOST="mailu-front.mailu-mailserver.svc.cluster.local"`
			`export SMTP_PORT="587"`
			`export SMTP_STARTTLS="true"`
			`export SMTP_USE_TLS="false"`
			`export SMTP_USERNAME="no-reply-portal@bstein.dev"`
			`export SMTP_PASSWORD="{{ .Data.data.password }}"`
			`export SMTP_FROM="no-reply-portal@bstein.dev"`
			`{{ end }}`
			`spec:`
			`serviceAccountName: ariadne`
			`nodeSelector:`
			`kubernetes.io/arch: arm64`
			`node-role.kubernetes.io/worker: "true"`
			`containers:`
			`- name: ariadne`
chore: centralize harbor pull credentials 2026-01-19 19:02:14 -03:00			`image: registry.bstein.dev/bstein/ariadne:0.1.0-0`
feat: add Ariadne service and glue scheduling 2026-01-19 16:58:02 -03:00			`imagePullPolicy: Always`
			`command: ["/bin/sh", "-c"]`
			`args:`
			`- >-`
			`. /vault/secrets/ariadne-env.sh`
			`&& exec uvicorn ariadne.app:app --host 0.0.0.0 --port 8080`
			`ports:`
			`- name: http`
			`containerPort: 8080`
			`env:`
			`- name: KEYCLOAK_URL`
			`value: https://sso.bstein.dev`
			`- name: KEYCLOAK_REALM`
			`value: atlas`
			`- name: KEYCLOAK_CLIENT_ID`
			`value: bstein-dev-home`
			`- name: KEYCLOAK_ISSUER`
			`value: https://sso.bstein.dev/realms/atlas`
			`- name: KEYCLOAK_JWKS_URL`
			`value: http://keycloak.sso.svc.cluster.local/realms/atlas/protocol/openid-connect/certs`
			`- name: KEYCLOAK_ADMIN_URL`
			`value: http://keycloak.sso.svc.cluster.local`
			`- name: KEYCLOAK_ADMIN_REALM`
			`value: atlas`
			`- name: KEYCLOAK_ADMIN_CLIENT_ID`
			`value: bstein-dev-home-admin`
			`- name: PORTAL_PUBLIC_BASE_URL`
			`value: https://bstein.dev`
			`- name: PORTAL_ADMIN_USERS`
			`value: bstein`
			`- name: PORTAL_ADMIN_GROUPS`
			`value: admin`
			`- name: ACCOUNT_ALLOWED_GROUPS`
			`value: dev,admin`
			`- name: ALLOWED_FLAG_GROUPS`
			`value: demo,test`
			`- name: DEFAULT_USER_GROUPS`
			`value: dev`
			`- name: MAILU_DOMAIN`
			`value: bstein.dev`
			`- name: MAILU_SYNC_URL`
			`value: http://mailu-sync-listener.mailu-mailserver.svc.cluster.local:8080/events`
			`- name: MAILU_MAILBOX_WAIT_TIMEOUT_SEC`
fix: extend mailu mailbox wait for ariadne 2026-01-19 22:49:23 -03:00			`value: "180"`
feat: add Ariadne service and glue scheduling 2026-01-19 16:58:02 -03:00			`- name: MAILU_DB_HOST`
			`value: postgres-service.postgres.svc.cluster.local`
			`- name: MAILU_DB_PORT`
			`value: "5432"`
			`- name: NEXTCLOUD_NAMESPACE`
			`value: nextcloud`
			`- name: NEXTCLOUD_MAIL_SYNC_CRONJOB`
			`value: nextcloud-mail-sync`
			`- name: NEXTCLOUD_MAIL_SYNC_WAIT_TIMEOUT_SEC`
			`value: "90"`
			`- name: NEXTCLOUD_MAIL_SYNC_JOB_TTL_SEC`
			`value: "3600"`
			`- name: WGER_NAMESPACE`
			`value: health`
			`- name: WGER_USER_SYNC_CRONJOB`
			`value: wger-user-sync`
			`- name: WGER_ADMIN_CRONJOB`
			`value: wger-admin-ensure`
			`- name: WGER_USER_SYNC_WAIT_TIMEOUT_SEC`
			`value: "90"`
			`- name: FIREFLY_NAMESPACE`
			`value: finance`
			`- name: FIREFLY_USER_SYNC_CRONJOB`
			`value: firefly-user-sync`
			`- name: FIREFLY_USER_SYNC_WAIT_TIMEOUT_SEC`
			`value: "90"`
			`- name: VAULTWARDEN_NAMESPACE`
			`value: vaultwarden`
			`- name: VAULTWARDEN_POD_LABEL`
			`value: app=vaultwarden`
			`- name: VAULTWARDEN_POD_PORT`
			`value: "80"`
			`- name: VAULTWARDEN_SERVICE_HOST`
			`value: vaultwarden-service.vaultwarden.svc.cluster.local`
			`- name: VAULTWARDEN_ADMIN_SECRET_NAME`
			`value: vaultwarden-admin`
			`- name: VAULTWARDEN_ADMIN_SECRET_KEY`
			`value: ADMIN_TOKEN`
			`- name: VAULTWARDEN_ADMIN_SESSION_TTL_SEC`
			`value: "900"`
			`- name: VAULTWARDEN_ADMIN_RATE_LIMIT_BACKOFF_SEC`
			`value: "600"`
			`- name: VAULTWARDEN_RETRY_COOLDOWN_SEC`
			`value: "1800"`
			`- name: VAULTWARDEN_FAILURE_BAILOUT`
			`value: "2"`
			`- name: ARIADNE_PROVISION_POLL_INTERVAL_SEC`
			`value: "5"`
			`- name: ARIADNE_PROVISION_RETRY_COOLDOWN_SEC`
			`value: "30"`
			`- name: ARIADNE_SCHEDULE_TICK_SEC`
			`value: "5"`
			`- name: ARIADNE_SCHEDULE_MAILU_SYNC`
			`value: "30 4 * * *"`
			`- name: ARIADNE_SCHEDULE_NEXTCLOUD_SYNC`
			`value: "0 5 * * *"`
			`- name: ARIADNE_SCHEDULE_VAULTWARDEN_SYNC`
			`value: "/15 * * *"`
			`- name: ARIADNE_SCHEDULE_WGER_ADMIN`
			`value: "15 3 * * *"`
			`- name: WELCOME_EMAIL_ENABLED`
			`value: "true"`
			`- name: K8S_API_TIMEOUT_SEC`
			`value: "5"`
			`- name: METRICS_PATH`
			`value: "/metrics"`
			`resources:`
			`requests:`
			`cpu: 100m`
			`memory: 128Mi`
			`limits:`
			`cpu: 500m`
			`memory: 512Mi`
			`livenessProbe:`
			`httpGet:`
			`path: /health`
			`port: http`
			`initialDelaySeconds: 10`
			`periodSeconds: 10`
			`readinessProbe:`
			`httpGet:`
			`path: /health`
			`port: http`
			`initialDelaySeconds: 5`
			`periodSeconds: 10`