jordan/rdev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
812b8341be
rdev/deployments/k8s/base/rdev-api.yaml
jordan 72d16929ca feat: Implement hexagonal architecture with services, webhooks, queue, and telemetry 
Major refactoring to hexagonal (ports & adapters) architecture:

- Add service layer (apikey_service, project_service) for business logic
- Add webhook system with dispatcher and delivery tracking
- Add command queue with priority-based processing
- Add rate limiting with sliding window algorithm
- Add audit logging for command execution
- Add OpenTelemetry integration (traces, metrics, spans)
- Add circuit breaker for fault tolerance
- Add cached repository wrapper for performance
- Add comprehensive validation package
- Add Kubernetes client integration for pod management
- Add database migrations (allowed_ips, audit_log, rate_limiting, queue, webhooks)
- Add network policy and PodDisruptionBudget for k8s
- Remove legacy executor and projects/registry packages
- Untrack secrets.yaml (now managed via envault)
- Add coverage.out to .gitignore
- Add e2e test infrastructure with docker-compose
- Add comprehensive documentation (API, architecture, operations, plans)
- Add golangci-lint config and pre-commit hook

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-25 19:57:46 -07:00

154 lines
3.5 KiB
YAML
Raw Blame History

# rdev-api - Go REST API for controlling claudebox pods
# v0.5 - API Server with Authentication
apiVersion: apps/v1
kind: Deployment
metadata:
name: rdev-api
namespace: rdev
labels:
app.kubernetes.io/name: rdev-api
app.kubernetes.io/part-of: rdev
spec:
replicas: 1
selector:
matchLabels:
app: rdev-api
template:
metadata:
labels:
app: rdev-api
app.kubernetes.io/name: rdev-api
app.kubernetes.io/part-of: rdev
spec:
serviceAccountName: rdev-api
containers:
- name: rdev-api
image: ghcr.io/orchard9/rdev-api:v0.6.0
imagePullPolicy: Always
ports:
- containerPort: 8080
name: http
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "512Mi"
securityContext:
runAsNonRoot: true
runAsUser: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
livenessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 10
periodSeconds: 30
readinessProbe:
httpGet:
path: /ready
port: http
initialDelaySeconds: 5
periodSeconds: 10
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: PORT
value: "8080"
- name: DB_HOST
value: "postgres.databases.svc"
- name: DB_PORT
value: "5432"
- name: DB_USER
value: "appuser"
- name: DB_NAME
value: "rdev"
- name: DB_SSL_MODE
value: "disable"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: rdev-credentials
key: DB_PASSWORD
- name: RDEV_ADMIN_KEY
valueFrom:
secretKeyRef:
name: rdev-credentials
key: RDEV_ADMIN_KEY
imagePullSecrets:
- name: ghcr-secret
---
# Service for rdev-api
apiVersion: v1
kind: Service
metadata:
name: rdev-api
namespace: rdev
labels:
app.kubernetes.io/name: rdev-api
app.kubernetes.io/part-of: rdev
spec:
type: ClusterIP
selector:
app: rdev-api
ports:
- port: 8080
targetPort: http
name: http
---
# ServiceAccount for rdev-api
apiVersion: v1
kind: ServiceAccount
metadata:
name: rdev-api
namespace: rdev
---
# Role for rdev-api to exec into claudebox pods and read configmaps
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: rdev-api
namespace: rdev
rules:
# Pod access for discovery and status
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
# Pod exec for command execution
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create"]
# ConfigMap access for project configuration
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "list", "watch"]
---
# RoleBinding for rdev-api
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: rdev-api
namespace: rdev
subjects:
- kind: ServiceAccount
name: rdev-api
namespace: rdev
roleRef:
kind: Role
name: rdev-api
apiGroup: rbac.authorization.k8s.io
Reference in New Issue View Git Blame Copy Permalink