2025-12-18 01:14:09 -03:00
|
|
|
# services/bstein-dev-home/backend-deployment.yaml
|
|
|
|
|
apiVersion: apps/v1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
metadata:
|
|
|
|
|
name: bstein-dev-home-backend
|
|
|
|
|
namespace: bstein-dev-home
|
|
|
|
|
spec:
|
2026-01-22 15:23:23 -03:00
|
|
|
replicas: 1
|
2025-12-18 01:14:09 -03:00
|
|
|
revisionHistoryLimit: 3
|
|
|
|
|
selector:
|
|
|
|
|
matchLabels:
|
|
|
|
|
app: bstein-dev-home-backend
|
|
|
|
|
template:
|
|
|
|
|
metadata:
|
|
|
|
|
labels:
|
|
|
|
|
app: bstein-dev-home-backend
|
2026-01-14 12:28:10 -03:00
|
|
|
annotations:
|
|
|
|
|
vault.hashicorp.com/agent-inject: "true"
|
|
|
|
|
vault.hashicorp.com/role: "bstein-dev-home"
|
|
|
|
|
vault.hashicorp.com/agent-inject-secret-portal-env.sh: "kv/data/atlas/portal/atlas-portal-db"
|
|
|
|
|
vault.hashicorp.com/agent-inject-template-portal-env.sh: |
|
2026-01-14 13:40:29 -03:00
|
|
|
{{ with secret "kv/data/atlas/portal/atlas-portal-db" }}
|
2026-01-14 12:28:10 -03:00
|
|
|
export PORTAL_DATABASE_URL="{{ .Data.data.PORTAL_DATABASE_URL }}"
|
2026-01-14 13:40:29 -03:00
|
|
|
{{ end }}
|
|
|
|
|
{{ with secret "kv/data/atlas/portal/bstein-dev-home-keycloak-admin" }}
|
2026-01-14 12:28:10 -03:00
|
|
|
export KEYCLOAK_ADMIN_CLIENT_SECRET="{{ .Data.data.client_secret }}"
|
2026-01-14 13:40:29 -03:00
|
|
|
{{ end }}
|
|
|
|
|
{{ with secret "kv/data/atlas/shared/chat-ai-keys-runtime" }}
|
2026-01-14 12:28:10 -03:00
|
|
|
export CHAT_KEY_MATRIX="{{ .Data.data.matrix }}"
|
|
|
|
|
export CHAT_KEY_HOMEPAGE="{{ .Data.data.homepage }}"
|
2026-01-26 22:43:58 -03:00
|
|
|
export AI_ATLASBOT_TOKEN="{{ .Data.data.homepage }}"
|
2026-01-14 13:40:29 -03:00
|
|
|
{{ end }}
|
|
|
|
|
{{ with secret "kv/data/atlas/shared/portal-e2e-client" }}
|
2026-01-14 12:28:10 -03:00
|
|
|
export PORTAL_E2E_CLIENT_ID="{{ .Data.data.client_id }}"
|
|
|
|
|
export PORTAL_E2E_CLIENT_SECRET="{{ .Data.data.client_secret }}"
|
2026-01-14 13:40:29 -03:00
|
|
|
{{ end }}
|
2026-01-19 00:56:07 -03:00
|
|
|
{{ with secret "kv/data/atlas/mailu/mailu-initial-account-secret" }}
|
|
|
|
|
export SMTP_HOST="mailu-front.mailu-mailserver.svc.cluster.local"
|
2026-01-18 01:14:15 -03:00
|
|
|
export SMTP_PORT="587"
|
|
|
|
|
export SMTP_STARTTLS="true"
|
|
|
|
|
export SMTP_USE_TLS="false"
|
2026-01-19 01:40:27 -03:00
|
|
|
export SMTP_USERNAME="no-reply-portal@bstein.dev"
|
2026-01-19 00:56:07 -03:00
|
|
|
export SMTP_PASSWORD="{{ .Data.data.password }}"
|
2026-01-19 01:40:27 -03:00
|
|
|
export SMTP_FROM="no-reply-portal@bstein.dev"
|
2026-01-18 01:14:15 -03:00
|
|
|
{{ end }}
|
2025-12-18 01:14:09 -03:00
|
|
|
spec:
|
2025-12-21 01:13:35 -03:00
|
|
|
automountServiceAccountToken: true
|
2025-12-21 00:46:09 -03:00
|
|
|
serviceAccountName: bstein-dev-home
|
2025-12-18 01:14:09 -03:00
|
|
|
nodeSelector:
|
|
|
|
|
kubernetes.io/arch: arm64
|
|
|
|
|
node-role.kubernetes.io/worker: "true"
|
|
|
|
|
imagePullSecrets:
|
2026-01-14 10:07:31 -03:00
|
|
|
- name: harbor-regcred
|
2025-12-18 01:14:09 -03:00
|
|
|
containers:
|
|
|
|
|
- name: backend
|
2026-01-15 03:11:57 -03:00
|
|
|
image: registry.bstein.dev/bstein/bstein-dev-home-backend:0.1.1-95
|
2025-12-18 01:14:09 -03:00
|
|
|
imagePullPolicy: Always
|
2026-01-14 02:54:59 -03:00
|
|
|
command: ["/bin/sh", "-c"]
|
2026-01-04 02:25:40 -03:00
|
|
|
args:
|
2026-01-14 02:54:59 -03:00
|
|
|
- >-
|
2026-01-14 12:28:10 -03:00
|
|
|
. /vault/secrets/portal-env.sh
|
2026-01-26 14:08:11 -03:00
|
|
|
&& exec gunicorn -b 0.0.0.0:8080 --workers 2 --timeout 600 app:app
|
2025-12-20 14:10:34 -03:00
|
|
|
env:
|
|
|
|
|
- name: AI_CHAT_API
|
|
|
|
|
value: http://ollama.ai.svc.cluster.local:11434
|
|
|
|
|
- name: AI_CHAT_MODEL
|
2025-12-20 15:22:05 -03:00
|
|
|
value: qwen2.5-coder:7b-instruct-q4_0
|
2025-12-20 14:10:34 -03:00
|
|
|
- name: AI_CHAT_TIMEOUT_SEC
|
2026-01-26 14:08:11 -03:00
|
|
|
value: "480"
|
2026-01-26 22:43:58 -03:00
|
|
|
- name: AI_ATLASBOT_ENDPOINT
|
|
|
|
|
value: http://atlasbot.comms.svc.cluster.local:8090/v1/answer
|
|
|
|
|
- name: AI_ATLASBOT_TIMEOUT_SEC
|
|
|
|
|
value: "5"
|
2025-12-21 00:17:08 -03:00
|
|
|
- name: AI_NODE_NAME
|
|
|
|
|
valueFrom:
|
|
|
|
|
fieldRef:
|
|
|
|
|
fieldPath: spec.nodeName
|
|
|
|
|
- name: AI_NODE_GPU_MAP
|
|
|
|
|
value: |
|
2026-01-01 14:16:08 -03:00
|
|
|
{"titan-20": "Jetson Xavier (edge GPU)", "titan-21": "Jetson Xavier (edge GPU)", "titan-22": "RTX 3050 8GB (local GPU)", "titan-24": "RTX 3080 8GB (local GPU)"}
|
2026-01-01 21:45:33 -03:00
|
|
|
- name: KEYCLOAK_ENABLED
|
|
|
|
|
value: "true"
|
|
|
|
|
- name: KEYCLOAK_URL
|
|
|
|
|
value: https://sso.bstein.dev
|
|
|
|
|
- name: KEYCLOAK_REALM
|
|
|
|
|
value: atlas
|
|
|
|
|
- name: KEYCLOAK_CLIENT_ID
|
|
|
|
|
value: bstein-dev-home
|
|
|
|
|
- name: KEYCLOAK_ISSUER
|
|
|
|
|
value: https://sso.bstein.dev/realms/atlas
|
|
|
|
|
- name: KEYCLOAK_JWKS_URL
|
|
|
|
|
value: http://keycloak.sso.svc.cluster.local/realms/atlas/protocol/openid-connect/certs
|
|
|
|
|
- name: KEYCLOAK_ADMIN_URL
|
|
|
|
|
value: http://keycloak.sso.svc.cluster.local
|
|
|
|
|
- name: KEYCLOAK_ADMIN_REALM
|
|
|
|
|
value: atlas
|
|
|
|
|
- name: KEYCLOAK_ADMIN_CLIENT_ID
|
|
|
|
|
value: bstein-dev-home-admin
|
2026-01-19 19:22:53 -03:00
|
|
|
- name: ARIADNE_URL
|
2026-01-19 22:38:22 -03:00
|
|
|
value: http://ariadne.maintenance.svc.cluster.local
|
2026-01-19 19:22:53 -03:00
|
|
|
- name: ARIADNE_TIMEOUT_SEC
|
|
|
|
|
value: "10"
|
2026-01-02 00:42:02 -03:00
|
|
|
- name: ACCOUNT_ALLOWED_GROUPS
|
|
|
|
|
value: ""
|
2026-01-02 02:53:55 -03:00
|
|
|
- name: HTTP_CHECK_TIMEOUT_SEC
|
2026-01-03 20:02:53 -03:00
|
|
|
value: "2"
|
2026-01-22 14:09:39 -03:00
|
|
|
- name: PORTAL_DB_POOL_MIN
|
|
|
|
|
value: "0"
|
|
|
|
|
- name: PORTAL_DB_POOL_MAX
|
|
|
|
|
value: "5"
|
|
|
|
|
- name: PORTAL_DB_CONNECT_TIMEOUT_SEC
|
|
|
|
|
value: "5"
|
|
|
|
|
- name: PORTAL_DB_LOCK_TIMEOUT_SEC
|
|
|
|
|
value: "5"
|
|
|
|
|
- name: PORTAL_DB_STATEMENT_TIMEOUT_SEC
|
|
|
|
|
value: "30"
|
|
|
|
|
- name: PORTAL_DB_IDLE_IN_TX_TIMEOUT_SEC
|
|
|
|
|
value: "10"
|
|
|
|
|
- name: PORTAL_RUN_MIGRATIONS
|
|
|
|
|
value: "false"
|
2026-01-02 02:53:55 -03:00
|
|
|
- name: ACCESS_REQUEST_SUBMIT_RATE_LIMIT
|
|
|
|
|
value: "30"
|
|
|
|
|
- name: ACCESS_REQUEST_SUBMIT_RATE_WINDOW_SEC
|
|
|
|
|
value: "3600"
|
|
|
|
|
- name: ACCESS_REQUEST_STATUS_RATE_LIMIT
|
|
|
|
|
value: "120"
|
|
|
|
|
- name: ACCESS_REQUEST_STATUS_RATE_WINDOW_SEC
|
|
|
|
|
value: "60"
|
2026-01-04 01:48:46 -03:00
|
|
|
- name: ACCESS_REQUEST_INTERNAL_EMAIL_ALLOWLIST
|
|
|
|
|
value: robotuser@bstein.dev
|
2026-01-14 17:29:09 -03:00
|
|
|
- name: WGER_NAMESPACE
|
|
|
|
|
value: health
|
|
|
|
|
- name: WGER_USER_SYNC_CRONJOB
|
|
|
|
|
value: wger-user-sync
|
|
|
|
|
- name: WGER_USER_SYNC_WAIT_TIMEOUT_SEC
|
|
|
|
|
value: "90"
|
2026-01-16 23:52:56 -03:00
|
|
|
- name: FIREFLY_NAMESPACE
|
|
|
|
|
value: finance
|
|
|
|
|
- name: FIREFLY_USER_SYNC_CRONJOB
|
|
|
|
|
value: firefly-user-sync
|
|
|
|
|
- name: FIREFLY_USER_SYNC_WAIT_TIMEOUT_SEC
|
|
|
|
|
value: "90"
|
2026-01-19 01:53:25 -03:00
|
|
|
- name: VAULTWARDEN_ADMIN_SESSION_TTL_SEC
|
|
|
|
|
value: "900"
|
|
|
|
|
- name: VAULTWARDEN_ADMIN_RATE_LIMIT_BACKOFF_SEC
|
|
|
|
|
value: "60"
|
2025-12-18 01:14:09 -03:00
|
|
|
ports:
|
|
|
|
|
- name: http
|
|
|
|
|
containerPort: 8080
|
|
|
|
|
readinessProbe:
|
|
|
|
|
httpGet:
|
|
|
|
|
path: /api/healthz
|
|
|
|
|
port: http
|
|
|
|
|
initialDelaySeconds: 2
|
|
|
|
|
periodSeconds: 5
|
2026-01-03 22:34:39 -03:00
|
|
|
timeoutSeconds: 3
|
2025-12-18 01:14:09 -03:00
|
|
|
livenessProbe:
|
|
|
|
|
httpGet:
|
|
|
|
|
path: /api/healthz
|
|
|
|
|
port: http
|
|
|
|
|
initialDelaySeconds: 10
|
|
|
|
|
periodSeconds: 10
|
2026-01-03 22:34:39 -03:00
|
|
|
timeoutSeconds: 3
|
2025-12-18 01:14:09 -03:00
|
|
|
resources:
|
|
|
|
|
requests:
|
2026-01-04 02:25:40 -03:00
|
|
|
cpu: 100m
|
|
|
|
|
memory: 128Mi
|
2025-12-18 01:14:09 -03:00
|
|
|
limits:
|
2026-01-04 02:25:40 -03:00
|
|
|
cpu: 500m
|
|
|
|
|
memory: 512Mi
|
