# services/comms/atlasbot-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: atlasbot namespace: comms labels: app: atlasbot spec: replicas: 1 selector: matchLabels: app: atlasbot template: metadata: labels: app: atlasbot annotations: checksum/atlasbot-configmap: manual-atlasbot-101 vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/role: "comms" vault.hashicorp.com/agent-inject-secret-turn-secret: "kv/data/atlas/comms/turn-shared-secret" vault.hashicorp.com/agent-inject-template-turn-secret: | {{- with secret "kv/data/atlas/comms/turn-shared-secret" -}}{{ .Data.data.TURN_STATIC_AUTH_SECRET }}{{- end -}} vault.hashicorp.com/agent-inject-secret-livekit-primary: "kv/data/atlas/comms/livekit-api" vault.hashicorp.com/agent-inject-template-livekit-primary: | {{- with secret "kv/data/atlas/comms/livekit-api" -}}{{ .Data.data.primary }}{{- end -}} vault.hashicorp.com/agent-inject-secret-bot-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime" vault.hashicorp.com/agent-inject-template-bot-pass: | {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "bot-password" }}{{- end -}} vault.hashicorp.com/agent-inject-secret-seeder-pass: "kv/data/atlas/comms/atlasbot-credentials-runtime" vault.hashicorp.com/agent-inject-template-seeder-pass: | {{- with secret "kv/data/atlas/comms/atlasbot-credentials-runtime" -}}{{ index .Data.data "seeder-password" }}{{- end -}} vault.hashicorp.com/agent-inject-secret-chat-matrix: "kv/data/atlas/shared/chat-ai-keys-runtime" vault.hashicorp.com/agent-inject-template-chat-matrix: | {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.matrix }}{{- end -}} vault.hashicorp.com/agent-inject-secret-chat-homepage: "kv/data/atlas/shared/chat-ai-keys-runtime" vault.hashicorp.com/agent-inject-template-chat-homepage: | {{- with secret "kv/data/atlas/shared/chat-ai-keys-runtime" -}}{{ .Data.data.homepage }}{{- end -}} vault.hashicorp.com/agent-inject-secret-mas-admin-secret: "kv/data/atlas/comms/mas-admin-client-runtime" vault.hashicorp.com/agent-inject-template-mas-admin-secret: | {{- with secret "kv/data/atlas/comms/mas-admin-client-runtime" -}}{{ .Data.data.client_secret }}{{- end -}} vault.hashicorp.com/agent-inject-secret-synapse-db-pass: "kv/data/atlas/comms/synapse-db" vault.hashicorp.com/agent-inject-template-synapse-db-pass: | {{- with secret "kv/data/atlas/comms/synapse-db" -}}{{ .Data.data.POSTGRES_PASSWORD }}{{- end -}} vault.hashicorp.com/agent-inject-secret-mas-db-pass: "kv/data/atlas/comms/mas-db" vault.hashicorp.com/agent-inject-template-mas-db-pass: | {{- with secret "kv/data/atlas/comms/mas-db" -}}{{ .Data.data.password }}{{- end -}} vault.hashicorp.com/agent-inject-secret-mas-matrix-shared: "kv/data/atlas/comms/mas-secrets-runtime" vault.hashicorp.com/agent-inject-template-mas-matrix-shared: | {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.matrix_shared_secret }}{{- end -}} vault.hashicorp.com/agent-inject-secret-mas-kc-secret: "kv/data/atlas/comms/mas-secrets-runtime" vault.hashicorp.com/agent-inject-template-mas-kc-secret: | {{- with secret "kv/data/atlas/comms/mas-secrets-runtime" -}}{{ .Data.data.keycloak_client_secret }}{{- end -}} spec: serviceAccountName: atlasbot nodeSelector: hardware: rpi5 containers: - name: atlasbot image: registry.bstein.dev/bstein/atlasbot:0.1.0-0 command: ["/bin/sh","-c"] args: - | . /vault/scripts/comms_vault_env.sh exec python -m atlasbot.main env: - name: MATRIX_BASE value: http://othrys-synapse-matrix-synapse:8008 - name: AUTH_BASE value: http://matrix-authentication-service:8080 - name: KB_DIR value: /kb - name: VM_URL value: http://victoria-metrics-single-server.monitoring.svc.cluster.local:8428 - name: ARIADNE_STATE_URL value: http://ariadne.maintenance.svc.cluster.local/api/internal/cluster/state - name: BOT_USER value: atlasbot - name: BOT_MENTIONS value: atlasbot,aatlasbot,atlas-quick,atlas-smart - name: OLLAMA_URL value: http://ollama.ai.svc.cluster.local:11434 - name: OLLAMA_MODEL value: qwen2.5:14b-instruct - name: ATLASBOT_MODEL_FAST value: qwen2.5:14b-instruct-q4_0 - name: ATLASBOT_MODEL_SMART value: qwen2.5:14b-instruct - name: OLLAMA_FALLBACK_MODEL value: qwen2.5:14b-instruct-q4_0 - name: OLLAMA_TIMEOUT_SEC value: "600" - name: ATLASBOT_THINKING_INTERVAL_SEC value: "30" - name: ATLASBOT_SNAPSHOT_TTL_SEC value: "30" - name: ATLASBOT_HTTP_PORT value: "8090" - name: ATLASBOT_QUEUE_ENABLED value: "true" - name: ATLASBOT_NATS_URL value: nats://nats.nats.svc.cluster.local:4222 - name: ATLASBOT_NATS_STREAM value: atlasbot - name: ATLASBOT_NATS_SUBJECT value: atlasbot.requests - name: ATLASBOT_FAST_MAX_ANGLES value: "2" - name: ATLASBOT_SMART_MAX_ANGLES value: "5" - name: ATLASBOT_FAST_MAX_CANDIDATES value: "2" - name: ATLASBOT_SMART_MAX_CANDIDATES value: "6" ports: - name: http containerPort: 8090 resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi volumeMounts: - name: kb mountPath: /kb readOnly: true - name: vault-scripts mountPath: /vault/scripts readOnly: true volumes: - name: kb configMap: name: atlas-kb items: - key: INDEX.md path: INDEX.md - key: atlas.json path: catalog/atlas.json - key: atlas-summary.json path: catalog/atlas-summary.json - key: metrics.json path: catalog/metrics.json - key: runbooks.json path: catalog/runbooks.json - key: atlas-http.mmd path: diagrams/atlas-http.mmd - name: vault-scripts configMap: name: comms-vault-env defaultMode: 0555