@eve-horizon/cli 0.2.27 → 0.2.28

package/assets/local-k8s/base/worker-deployment.yaml

@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: eve-worker
+  namespace: eve
+  labels:
+    app.kubernetes.io/name: eve-worker
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: eve-worker
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: eve-worker
+    spec:
+      serviceAccountName: eve-worker
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: worker
+          securityContext:
+            allowPrivilegeEscalation: false
+          image: eve-horizon/worker:local
+          imagePullPolicy: IfNotPresent
+          envFrom:
+            # Mount all secrets from eve-app (auth tokens, etc.)
+            - secretRef:
+                name: eve-app
+          env:
+            - name: EVE_RUNTIME
+              value: k8s
+            - name: EVE_K8S_NAMESPACE
+              value: eve
+            - name: EVE_BUILDKIT_ADDR
+              value: tcp://buildkitd.eve.svc:1234
+            # Image used for spawning runner pods in the Kubernetes cluster
+            - name: EVE_RUNNER_IMAGE
+              value: eve-horizon/worker:local
+            - name: EVE_RUNNER_SERVICE_ACCOUNT
+              value: eve-worker
+            - name: EVE_API_URL
+              value: http://eve-api:4701
+            - name: EVE_PUBLIC_API_URL
+              value: http://api.eve.lvh.me
+            - name: DATABASE_URL
+              value: postgres://eve:eve@postgres.eve.svc.cluster.local:5432/eve
+            - name: WORKER_PORT
+              value: "4749"
+            - name: EVE_DEFAULT_DOMAIN
+              value: lvh.me
+          ports:
+            - name: http
+              containerPort: 4749
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 5
+            failureThreshold: 10
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: http
+            initialDelaySeconds: 20
+            periodSeconds: 10

package/assets/local-k8s/base/worker-rbac.yaml

@@ -0,0 +1,124 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: eve-worker
+  namespace: eve
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: eve-worker
+  namespace: eve
+rules:
+  - apiGroups: [""]
+    resources:
+      - pods
+      - pods/status
+      - pods/exec
+      - persistentvolumeclaims
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+      - patch
+      - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: eve-worker
+rules:
+  - apiGroups: [""]
+    resources:
+      - namespaces
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+      - patch
+      - update
+  - apiGroups: [""]
+    resources:
+      - pods
+      - pods/status
+      - persistentvolumeclaims
+      - services
+      - configmaps
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+      - patch
+      - update
+  - apiGroups: ["apps"]
+    resources:
+      - deployments
+      - replicasets
+      - statefulsets
+      - daemonsets
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+      - patch
+      - update
+  - apiGroups: ["batch"]
+    resources:
+      - jobs
+      - cronjobs
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+      - patch
+      - update
+  - apiGroups: ["networking.k8s.io"]
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+      - patch
+      - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: eve-worker
+  namespace: eve
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: eve-worker
+subjects:
+  - kind: ServiceAccount
+    name: eve-worker
+    namespace: eve
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: eve-worker
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: eve-worker
+subjects:
+  - kind: ServiceAccount
+    name: eve-worker
+    namespace: eve

package/assets/local-k8s/base/worker-service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: eve-worker
+  namespace: eve
+  labels:
+    app.kubernetes.io/name: eve-worker
+spec:
+  selector:
+    app.kubernetes.io/name: eve-worker
+  ports:
+    - name: http
+      port: 4749
+      targetPort: http

package/assets/local-k8s/overlays/local/agent-runtime-org-id.patch.yaml

@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: eve-agent-runtime
+  namespace: eve
+spec:
+  template:
+    spec:
+      serviceAccountName: eve-worker
+      containers:
+        - name: agent-runtime
+          env:
+            - name: AGENT_RUNTIME_MULTI_ORG
+              value: "true"
+            - name: EVE_AGENT_RUNTIME_EXECUTION_MODE
+              value: inline
+            - name: EVE_AGENT_CLI_PATH
+              value: /app/packages/eve-agent-cli/bin/eve-agent-cli.js
+            - name: EVE_RUNNER_IMAGE
+              value: eve-horizon/worker:local
+            - name: EVE_RUNNER_SERVICE_ACCOUNT
+              value: eve-worker

package/assets/local-k8s/overlays/local/agent-runtime-pvc.patch.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: eve-org-fs-org-default
+  namespace: eve
+spec:
+  accessModes:
+    - ReadWriteOnce

package/assets/local-k8s/overlays/local/app-secret-ollama.patch.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: eve-app
+  namespace: eve
+stringData:
+  EVE_OLLAMA_BASE_URL: "http://host.docker.internal:11434"

package/assets/local-k8s/overlays/local/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base
+namespace: eve
+patchesStrategicMerge:
+  - agent-runtime-pvc.patch.yaml
+  - agent-runtime-org-id.patch.yaml
+  - managed-db.patch.yaml
+  - app-secret-ollama.patch.yaml

package/assets/local-k8s/overlays/local/managed-db.patch.yaml

@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: eve-orchestrator
+  namespace: eve
+spec:
+  template:
+    spec:
+      containers:
+        - name: orchestrator
+          env:
+            - name: EVE_MANAGED_DB_RECONCILER_ENABLED
+              value: "true"
+            - name: EVE_MANAGED_DB_LOCAL_SEED
+              value: "true"
+            - name: ORCH_LOOP_INTERVAL_MS
+              value: "1000"
+            - name: EVE_WORKER_POLL_INTERVAL_MS
+              value: "1000"
+            - name: EVE_AGENT_RUNTIME_POLL_INTERVAL_MS
+              value: "200"