# services/comms/atlasbot-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: atlasbot namespace: ai labels: app: atlasbot spec: replicas: 1 selector: matchLabels: app: atlasbot template: metadata: labels: app: atlasbot annotations: checksum/atlasbot-configmap: manual-atlasbot-101 vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/role: "ai" vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret" vault.hashicorp.com/agent-inject-template-turn-secret: | {{- with secret "kv/data/atlas/comms/turn-shared-secret" -}}{{ .Data.data.TURN_STATIC_AUTH_SECRET }}{{- end -}} vault.hashicorp.com/agent-inject-secret-livekit-primary: "kv/data/atlas/comms/livekit-api" vault.hashicorp.com/agent-inject-template-livekit-primary: | {{- with secret "kv/data/atlas/comms/livekit-api" -}}{{ .Data.data.primary }}{{- end -}} vault.hashicorp.com/agent-inject-secret-bot-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime" vault.hashicorp.com/agent-inject-template-bot-pass: | {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "bot-password" }}{{- end -}} vault.hashicorp.com/agent-inject-secret-bot-quick-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime" vault.hashicorp.com/agent-inject-template-bot-quick-pass: | {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "bot-quick-password" }}{{- end -}} vault.hashicorp.com/agent-inject-secret-bot-smart-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime" vault.hashicorp.com/agent-inject-template-bot-smart-pass: | {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "bot-smart-password" }}{{- end -}} vault.hashicorp.com/agent-inject-secret-bot-genius-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime" vault.hashicorp.com/agent-inject-template-bot-genius-pass: | {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "bot-genius-password" }}{{- end -}} vault.hashicorp.com/agent-inject-secret-seeder-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime" vault.hashicorp.com/agent-inject-template-seeder-pass: | {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "seeder-password" }}{{- end -}} vault.hashicorp.com/agent-inject-secret-chat-matrix: "kv/data/atlas/shared/chat-ai-keys-runtime" vault.hashicorp.com/agent-inject-template-chat-matrix: | {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.matrix }}{{- end -}} vault.hashicorp.com/agent-inject-secret-chat-homepage: "kv/data/atlas/shared/chat-ai-keys-runtime" vault.hashicorp.com/agent-inject-template-chat-homepage: | {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.homepage }}{{- end -}} vault.hashicorp.com/agent-inject-secret-mas-admin-secret: "kv/data/atlas/comms/mas-admin-client-runtime" vault.hashicorp.com/agent-inject-template-mas-admin-secret: | {{- with secret "kv/data/atlas/comms/mas-admin-client-runtime" -}}{{ .Data.data.client_secret }}{{- end -}} vault.hashicorp.com/agent-inject-secret-synapse-db-pass: "kv/data/atlas/comms/synapse-db" vault.hashicorp.com/agent-inject-template-synapse-db-pass: | {{- with secret "kv/data/atlas/comms/synapse-db" -}}{{ .Data.data.POSTGRES_PASSWORD }}{{- end -}} vault.hashicorp.com/agent-inject-secret-mas-db-pass: "kv/data/atlas/comms/mas-db" vault.hashicorp.com/agent-inject-template-mas-db-pass: | {{- with secret "kv/data/atlas/comms/mas-db" -}}{{ .Data.data.password }}{{- end -}} vault.hashicorp.com/agent-inject-secret-mas-matrix-shared: "kv/data/atlas/comms/mas-secrets-runtime" vault.hashicorp.com/agent-inject-template-mas-matrix-shared: | {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.matrix_shared_secret }}{{- end -}} vault.hashicorp.com/agent-inject-secret-mas-kc-secret: "kv/data/atlas/comms/mas-secrets-runtime" vault.hashicorp.com/agent-inject-template-mas-kc-secret: | {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.keycloak_client_secret }}{{- end -}} spec: serviceAccountName: atlasbot nodeSelector: hardware: rpi5 containers: - name: atlasbot image: registry.bstein.dev/bstein/atlasbot:0.1.0-55 command: ["/bin/sh","-c"] args: - | . /vault/scripts/atlasbot_vault_env.sh exec python -m atlasbot.main env: - name: MATRIX_BASE value: http://othrys-synapse-matrix-synapse.comms.svc.cluster.local:8008 - name: AUTH_BASE value: http://matrix-authentication-service.comms.svc.cluster.local:8080 - name: KB_DIR value: /kb - name: VM_URL value: http://victoria-metrics-single-server.monitoring.svc.cluster.local:8428 - name: ARIADNE_STATE_URL value: http://ariadne.maintenance.svc.cluster.local/api/internal/cluster/state - name: BOT_USER value: atlas-smart - name: BOT_USER_QUICK value: atlas-quick - name: BOT_USER_SMART value: atlas-smart - name: BOT_USER_GENIUS value: atlas-genius - name: BOT_MENTIONS value: atlas-quick,atlas-smart,atlas-genius - name: OLLAMA_URL value: http://ollama.ai.svc.cluster.local:11434 - name: OLLAMA_MODEL value: qwen2.5:14b-instruct-q4_0 - name: ATLASBOT_MODEL_FAST value: qwen2.5:14b-instruct-q4_0 - name: ATLASBOT_MODEL_SMART value: qwen2.5:14b-instruct-q4_0 - name: OLLAMA_FALLBACK_MODEL value: qwen2.5:14b-instruct-q4_0 - name: OLLAMA_TIMEOUT_SEC value: "600" - name: ATLASBOT_THINKING_INTERVAL_SEC value: "30" - name: ATLASBOT_SNAPSHOT_TTL_SEC value: "30" - name: ATLASBOT_HTTP_PORT value: "8090" - name: ATLASBOT_STATE_DB value: /data/atlasbot_state.db - name: ATLASBOT_QUEUE_ENABLED value: "false" - name: ATLASBOT_DEBUG_PIPELINE value: "true" - name: ATLASBOT_NATS_URL value: nats://nats.nats.svc.cluster.local:4222 - name: ATLASBOT_NATS_STREAM value: atlasbot - name: ATLASBOT_NATS_SUBJECT value: atlasbot.requests - name: ATLASBOT_FAST_MAX_ANGLES value: "2" - name: ATLASBOT_SMART_MAX_ANGLES value: "5" - name: ATLASBOT_FAST_MAX_CANDIDATES value: "2" - name: ATLASBOT_SMART_MAX_CANDIDATES value: "6" - name: ATLASBOT_FAST_LLM_CALLS_MAX value: "24" - name: ATLASBOT_SMART_LLM_CALLS_MAX value: "48" - name: ATLASBOT_GENIUS_LLM_CALLS_MAX value: "96" ports: - name: http containerPort: 8090 resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi volumeMounts: - name: kb mountPath: /kb readOnly: true - name: vault-scripts mountPath: /vault/scripts readOnly: true - name: atlasbot-state mountPath: /data volumes: - name: kb configMap: name: atlas-kb items: - key: INDEX.md path: INDEX.md - key: atlas.json path: catalog/atlas.json - key: atlas-summary.json path: catalog/atlas-summary.json - key: metrics.json path: catalog/metrics.json - key: runbooks.json path: catalog/runbooks.json - key: atlas-http.mmd path: diagrams/atlas-http.mmd - name: vault-scripts configMap: name: atlasbot-vault-env defaultMode: 0555 - name: atlasbot-state emptyDir: {}