gitea-admin/ab-initio-manifests
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial render: k3s-dev environment

Browse Source
This commit is contained in:
gitea-admin
2026-03-07 15:00:05 +00:00
commit a787720f2a
306 changed files with 75879 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

168
rendered/manifests/k3s-dev/abinitio-platform/runtime-locator/apps_v1_deployment_runtime-locator.yaml Normal file
View File

@@ -0,0 +1,168 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: runtime-locator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: runtime-locator
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: runtime-locator-2.4.3-a
name: runtime-locator
namespace: abinitio
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: runtime-locator
app.kubernetes.io/name: runtime-locator
template:
metadata:
labels:
app.kubernetes.io/instance: runtime-locator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: runtime-locator
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: runtime-locator-2.4.3-a
spec:
containers:
- args:
- -v
- "3"
- --port
- "8888"
- --context-root
- runtime-locator
- --tls-cert-file
- /var/run/secrets/abinitio/cert/server.crt
- --tls-key-file
- /var/run/secrets/abinitio/cert/server.key
- --ag-url
- http://authgateway:8080/authgateway
- --default-product-name
- Runtime Locator
- --full-permissions
- --post-events
- --contact-url
- https://aidp.k3s.sg.ic.cloudguild.gcp.abinitio.com/bridge
- --locations-file
- /tmp/locations.conf
- --upstreams-file
- /tmp/upstreams.conf
- --monitor-interval
- "0"
env:
- name: AB_PASSWORD_KEY_FILE
value: /secrets/password_key_file/password
- name: AB_AG_USERNAME
value: aiadmin
- name: AB_AG_ENCRYPTED_PASSWORD
value: FORMAT_3_AIADMIN_PASSWORD
image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/runtime-locator:4.4.1.1-1
imagePullPolicy: IfNotPresent
name: runtime-locator
resources:
limits:
cpu: 100m
ephemeral-storage: 100Mi
memory: 30Mi
requests:
cpu: 100m
ephemeral-storage: 10Mi
memory: 20Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: tmp-volume
- mountPath: /secrets/password_key_file/password
name: password-key-file
subPath: password
- args:
- nginx
- -g
- daemon off;
command:
- /nginx-watcher-entrypoint.sh
env:
- name: LOG_DIR
value: /tmp/logs/nginx
- name: LOCATIONS_CONFIG_FILE
value: /tmp/locations.conf
- name: UPSTREAMS_CONFIG_FILE
value: /tmp/upstreams.conf
- name: NGINX_PID_FILE
value: /tmp/nginx.pid
- name: DEBUG_NGINX_LOCATIONS_CONFIG_WATCHER_SH
value: "true"
image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/portal-nginx:4.4.1.1-1
imagePullPolicy: IfNotPresent
name: bridge-gateway
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 8443
protocol: TCP
resources:
limits:
ephemeral-storage: 2Gi
memory: 4Gi
requests:
cpu: 1m
ephemeral-storage: 1Gi
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: tmp-volume
- mountPath: /etc/nginx/nginx.conf
name: nginx-config
readOnly: true
subPath: nginx.conf
hostAliases:
- hostnames:
- runtime-locator.abinitio
ip: 127.0.0.1
hostname: runtime-locator
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
serviceAccountName: runtime-locator
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: tmp-volume
- configMap:
defaultMode: 420
items:
- key: nginx.conf
path: nginx.conf
name: runtime-locator-nginx-conf
name: nginx-config
- name: password-key-file
secret:
defaultMode: 420
secretName: password-key-file

133
rendered/manifests/k3s-dev/abinitio-platform/runtime-locator/cloud.abinitio.com_v1_cooperatingsystemruntimetemplate_hello-world.yaml Normal file
View File

@@ -0,0 +1,133 @@
apiVersion: cloud.abinitio.com/v1
kind: CoOperatingSystemRuntimeTemplate
metadata:
name: hello-world
namespace: abinitio
spec:
authGatewayServers:
- products:
- groups:
- GDE Users
url: http://authgateway:8080/authgateway
jobTemplate:
bridgeConfig:
authorizationGateway:
password: file=/secrets/runtime_locator_join_user/password
productIdentifier: runtime-locator-bridge
productName: Runtime Locator (Bridge)
url: http://authgateway:8080/authgateway
username: runtime_locator_join_user
name: default-bridge
transportProtocol: http
jobDeletePolicy: AlwaysRetainPvcs
launcher:
jobRecoveryVolumeClaim:
metadata:
name: launcher-claim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
pod:
metadata:
name: launcher-pod
spec:
containers:
- env:
- name: AB_BRIDGE_SECURITY_ALLOW_UNSECURED_AG_OVER_HTTP
value: "true"
- name: AB_BRIDGE_SECURITY_ALLOW_UNSECURED_BASIC_AUTH_OVER_HTTP
value: "true"
- name: AB_CONFIGURATION
value: /config/pod/abinitiorc:/config/pod/apphubrc
- name: AB_CONTAINER_DYNAMIC_ALLOCATION_TIMEOUT
value: "120"
- name: AB_CONTAINER_VDL_ALLOCATION_TIMEOUT
value: "120"
- name: AB_HOSTNAME_KEYSERVER_URLS
value: abks://key-server:6151
- name: AB_IPV4_ONLY
value: "true"
- name: AB_KEY_DAEMON_DIR
value: /tmp/abkc/data
- name: AB_PASSWORD_KEY_FILE
value: /secrets/password_key_file/password
- name: AB_YARN_ALIAS_MISSING_HOSTS_ON_RECOVERY
value: "0"
- name: LOAD_PHYSOBJECTS
value: "true"
image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/cooperating-system-with-examples:4.4.1.1-1
imagePullPolicy: IfNotPresent
name: launcher-container
ports:
- containerPort: 7070
protocol: TCP
volumeMounts:
- mountPath: /abinitio
name: persistent-storage
- mountPath: /config/pod
name: pod-config
readOnly: true
- mountPath: /var/run/secrets/abinitio/password-key-file
name: password-key-file
readOnly: true
restartPolicy: Never
securityContext:
fsGroup: 1000
serviceAccountName: abinitio-sa
terminationGracePeriodSeconds: 0
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: launcher-claim
- configMap:
defaultMode: 511
name: runtime-locator
name: pod-config
- name: password-key-file
secret:
secretName: password-key-file-secret
releasePvcUponDelete: true
launcherRestartPolicy: IfFailedOrMissing
maxIdleSeconds: "3600"
useExternalConfigProvider: false
workerTemplateSpec:
jobRecoveryVolumeClaim:
metadata:
name: worker-claim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
pod:
metadata:
name: worker-pod
spec:
containers:
- env:
- name: AB_CHARSET
value: utf-8
- name: AB_HOSTNAME_KEYSERVER_URLS
value: abks://key-server:6151
- name: AB_KEY_DAEMON_DIR
value: /tmp/abkc/data
image: asia-southeast1-docker.pkg.dev/str-22391/cloudplatform-proxy/aidp/cooperating-system-with-examples:4.4.1.1-1
imagePullPolicy: IfNotPresent
name: worker-container
volumeMounts:
- mountPath: /abinitio
name: persistent-storage
restartPolicy: Never
securityContext:
fsGroup: 1000
serviceAccountName: abinitio-sa
terminationGracePeriodSeconds: 0
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: worker-claim
releasePvcUponDelete: true

48
rendered/manifests/k3s-dev/abinitio-platform/runtime-locator/rbac.authorization.k8s.io_v1_role_runtime-locator.yaml Normal file
View File

@@ -0,0 +1,48 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/instance: runtime-locator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: runtime-locator
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: runtime-locator-2.4.3-a
name: runtime-locator
namespace: abinitio
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- cloud.abinitio.com
resources:
- cooperatingsystemruntimes
- cooperatingsystemruntimeclaims
verbs:
- create
- list
- get
- patch
- delete
- apiGroups:
- cloud.abinitio.com
resources:
- cooperatingsystemruntimepools
- cooperatingsystemruntimeprofiles
- cooperatingsystemruntimetemplates
verbs:
- list
- get
- watch

20
rendered/manifests/k3s-dev/abinitio-platform/runtime-locator/rbac.authorization.k8s.io_v1_rolebinding_runtime-locator.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/instance: runtime-locator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: runtime-locator
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: runtime-locator-2.4.3-a
name: runtime-locator
namespace: abinitio
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: runtime-locator
subjects:
- kind: ServiceAccount
name: runtime-locator
namespace: abinitio

47
rendered/manifests/k3s-dev/abinitio-platform/runtime-locator/v1_configmap_runtime-locator-examples.yaml Normal file
View File

@@ -0,0 +1,47 @@
apiVersion: v1
data:
gde-config-internal.yaml: |
---
externalConfig:
gde:
authentication:
type: AG
authorization:
type: AG
authorizationGateway:
url: https://aidp.k3s.sg.ic.cloudguild.gcp.abinitio.com/authgateway
productName: Runtime Locator
runtimeLocator:
url: https://aidp.k3s.sg.ic.cloudguild.gcp.abinitio.com/runtime-locator
serviceMesh: true
interop:
dataCatalogServices:
queryItAgProductName: Query>It
gde-config.yaml: |
---
externalConfig:
gde:
authentication:
type: AG
authorization:
type: AG
authorizationGateway:
url: https://aidp.k3s.sg.ic.cloudguild.gcp.abinitio.com/authgateway
productName: Runtime Locator
runtimeLocator:
url: https://aidp.k3s.sg.ic.cloudguild.gcp.abinitio.com/runtime-locator/external
serviceMesh: true
interop:
dataCatalogServices:
queryItAgProductName: Query>It
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: runtime-locator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: runtime-locator
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: runtime-locator-2.4.3-a
name: runtime-locator-examples
namespace: abinitio

73
rendered/manifests/k3s-dev/abinitio-platform/runtime-locator/v1_configmap_runtime-locator-nginx-conf.yaml Normal file
View File

@@ -0,0 +1,73 @@
apiVersion: v1
data:
nginx.conf: |
worker_processes auto;
error_log stderr;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
# When running as non root user, set *temp* paths to /tmp/*
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_intercept_errors on;
client_max_body_size 100m;
include /etc/nginx/mime.types;
default_type application/octet-stream;
map $http_upgrade $connection_upgrade {
default upgrade;
# See https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
'' '';
}
map $http_x_request_id $req_id {
default $http_x_request_id;
"" $request_id;
}
include /tmp/upstreams.conf;
# Main AIDP ingress must route /bridge/ paths to this HTTPS service
server {
listen 8080;
listen 8443 ssl;
server_name _;
root /usr/share/nginx/html;
ssl_certificate /var/run/secrets/abinitio/cert/server.crt;
ssl_certificate_key /var/run/secrets/abinitio/cert/server.key;
ssl_protocols TLSv1.2 TLSv1.3; # Adjust as necessary
ssl_ciphers HIGH:!aNULL:!MD5; # Ensure strong ciphers
include /tmp/locations.conf;
}
}
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: runtime-locator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: runtime-locator
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: runtime-locator-2.4.3-a
name: runtime-locator-nginx-conf
namespace: abinitio

30
rendered/manifests/k3s-dev/abinitio-platform/runtime-locator/v1_configmap_runtime-locator.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: v1
data:
abinitiorc: |
AB_BRIDGE_URL @ eme-0 : http://eme-0.eme-headless:7070
AB_CHARSET : utf-8
AB_CONNECTION @ eme-0 : bridge_tunnel
AB_ENV_ROOT : /abinitio/sandboxes/sand/stdenv
AB_HOME @ eme-0 : /usr/local/abinitio
AB_NODES @ eme-0 : eme-0 eme-0.eme-headless
AB_PROC_DIR : /tmp
AB_WORK_DIR : /abinitio/work
apphubrc: |
AB_AIR_BRANCHES @ eme : main
AB_AIR_ROOT @ eme : //eme-0/abinitio/eme/eme
AB_BRIDGE_VOLATILE_DIR : /tmp/ab-bridge-volatile-dir
AB_DESCRIPTION @ eme : Default technical repository deployed in eme StatefulSet
AB_DISPLAY_NAME @ eme : Ab Initio Data Platform technical repository
AB_EME_REPOSITORIES : eme
AB_TRW_SHARED_MODULES_URL : https://aidp.k3s.sg.ic.cloudguild.gcp.abinitio.com/trw/app
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: runtime-locator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: runtime-locator
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: runtime-locator-2.4.3-a
name: runtime-locator
namespace: abinitio

31
rendered/manifests/k3s-dev/abinitio-platform/runtime-locator/v1_service_runtime-locator.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: runtime-locator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: runtime-locator
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: runtime-locator-2.4.3-a
name: runtime-locator
namespace: abinitio
spec:
ports:
- name: runtime-locator
port: 8888
protocol: TCP
targetPort: 8888
- name: bridge-gateway
port: 8080
protocol: TCP
targetPort: 8080
- name: bridge-gateway-https
port: 8443
protocol: TCP
targetPort: 8443
selector:
app.kubernetes.io/instance: runtime-locator
app.kubernetes.io/name: runtime-locator
sessionAffinity: None
type: ClusterIP

12
rendered/manifests/k3s-dev/abinitio-platform/runtime-locator/v1_serviceaccount_runtime-locator.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: runtime-locator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: runtime-locator
app.kubernetes.io/part-of: AbInitio
app.kubernetes.io/version: 4.4.1
helm.sh/chart: runtime-locator-2.4.3-a
name: runtime-locator
namespace: abinitio