@pleri/olam-cli 0.1.195 → 0.1.196
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/ask/knowledge-pack.generated.d.ts.map +1 -1
- package/dist/ask/knowledge-pack.generated.js +2 -0
- package/dist/ask/knowledge-pack.generated.js.map +1 -1
- package/dist/commands/services-tls.d.ts.map +1 -1
- package/dist/commands/services-tls.js +24 -10
- package/dist/commands/services-tls.js.map +1 -1
- package/dist/commands/setup.d.ts.map +1 -1
- package/dist/commands/setup.js +44 -9
- package/dist/commands/setup.js.map +1 -1
- package/dist/commands/skills-source.d.ts.map +1 -1
- package/dist/commands/skills-source.js +70 -1
- package/dist/commands/skills-source.js.map +1 -1
- package/dist/image-digests.json +8 -8
- package/dist/index.js +308 -39
- package/dist/lib/config.d.ts +28 -4
- package/dist/lib/config.d.ts.map +1 -1
- package/dist/lib/config.js +82 -11
- package/dist/lib/config.js.map +1 -1
- package/dist/lib/health-probes.d.ts.map +1 -1
- package/dist/lib/health-probes.js +36 -0
- package/dist/lib/health-probes.js.map +1 -1
- package/dist/mcp-server.js +124 -3
- package/hermes-bundle/version.json +1 -1
- package/host-cp/k8s/manifests/50-deployment.yaml +1 -1
- package/host-cp/k8s/manifests/65-tls-secret-template.yaml.tmpl +35 -0
- package/host-cp/k8s/manifests/auth-service/50-deployment.yaml +1 -1
- package/host-cp/k8s/manifests/kg-service/50-deployment.yaml +1 -1
- package/host-cp/k8s/manifests/mcp-auth-service/50-deployment.yaml +1 -1
- package/host-cp/k8s/manifests/memory-service/50-deployment.yaml +1 -1
- package/package.json +1 -1
|
@@ -118,7 +118,7 @@ spec:
|
|
|
118
118
|
# k3d), started by `olam upgrade` Step 0.7 — not inside this Pod.
|
|
119
119
|
containers:
|
|
120
120
|
- name: olam-host-cp
|
|
121
|
-
image: ghcr.io/pleri/olam-host-cp@sha256:
|
|
121
|
+
image: ghcr.io/pleri/olam-host-cp@sha256:1ca12d7e1d568459b5f2f679e1154195b622533cc5390befccb89a40616a2a13
|
|
122
122
|
imagePullPolicy: IfNotPresent
|
|
123
123
|
securityContext:
|
|
124
124
|
runAsNonRoot: true
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
# TLS secret template for olam-host-cp Traefik IngressRoute.
|
|
2
|
+
#
|
|
3
|
+
# DO NOT apply this template directly — the placeholders `__TLS_CRT_BASE64__`
|
|
4
|
+
# and `__TLS_KEY_BASE64__` are substituted at apply time by
|
|
5
|
+
# `olam services tls-install` (packages/cli/src/commands/services-tls.ts),
|
|
6
|
+
# which uses `mkcert` to mint a locally-trusted certificate for the SAN list
|
|
7
|
+
# olam.local 127.0.0.1 ::1
|
|
8
|
+
# and then `kubectl apply -f -` against the rendered manifest.
|
|
9
|
+
#
|
|
10
|
+
# Why a Secret of type kubernetes.io/tls (instead of a plain Opaque secret):
|
|
11
|
+
# Traefik's IngressRoute TLS resolver requires this exact type — it reads
|
|
12
|
+
# tls.crt + tls.key fields by convention. Using Opaque would silently fail
|
|
13
|
+
# the handshake at request time.
|
|
14
|
+
#
|
|
15
|
+
# Why the cert covers SANs (not just CN): modern browsers (Chrome 58+, Brave,
|
|
16
|
+
# Safari, Firefox) ignore the certificate CN entirely and only honour SANs.
|
|
17
|
+
# Without `127.0.0.1` + `::1` in the SAN list, hitting the IP directly fails
|
|
18
|
+
# even though the cert is "valid for olam.local".
|
|
19
|
+
#
|
|
20
|
+
# Renewal: certs minted by mkcert are valid ~2 years and 3 months. The
|
|
21
|
+
# tls-install command checks NotAfter and regenerates when within 30 days
|
|
22
|
+
# of expiry. To force regeneration: `kubectl -n olam delete secret olam-host-cp-tls`
|
|
23
|
+
# and re-run `olam services tls-install`.
|
|
24
|
+
apiVersion: v1
|
|
25
|
+
kind: Secret
|
|
26
|
+
metadata:
|
|
27
|
+
name: olam-host-cp-tls
|
|
28
|
+
namespace: olam
|
|
29
|
+
labels:
|
|
30
|
+
app: olam-host-cp
|
|
31
|
+
olam.io/component: host-stack
|
|
32
|
+
type: kubernetes.io/tls
|
|
33
|
+
data:
|
|
34
|
+
tls.crt: __TLS_CRT_BASE64__
|
|
35
|
+
tls.key: __TLS_KEY_BASE64__
|
|
@@ -70,7 +70,7 @@ spec:
|
|
|
70
70
|
mountPath: /data
|
|
71
71
|
containers:
|
|
72
72
|
- name: olam-auth-service
|
|
73
|
-
image: ghcr.io/pleri/olam-auth@sha256:
|
|
73
|
+
image: ghcr.io/pleri/olam-auth@sha256:494b11e9f1365d413cb98284d0271abb3134c817138a399b15c8aa3255c542bb
|
|
74
74
|
imagePullPolicy: IfNotPresent
|
|
75
75
|
securityContext:
|
|
76
76
|
runAsNonRoot: true
|
|
@@ -61,7 +61,7 @@ spec:
|
|
|
61
61
|
mountPath: /data
|
|
62
62
|
containers:
|
|
63
63
|
- name: olam-kg-service
|
|
64
|
-
image: ghcr.io/pleri/olam-kg-service@sha256:
|
|
64
|
+
image: ghcr.io/pleri/olam-kg-service@sha256:beb87b915fa3e7e04004c0b439397b26f0d2ce861b6b06bbc9435a26c7c0ec44
|
|
65
65
|
imagePullPolicy: IfNotPresent
|
|
66
66
|
securityContext:
|
|
67
67
|
runAsNonRoot: true
|
|
@@ -68,7 +68,7 @@ spec:
|
|
|
68
68
|
mountPath: /data
|
|
69
69
|
containers:
|
|
70
70
|
- name: olam-mcp-auth-service
|
|
71
|
-
image: ghcr.io/pleri/olam-mcp-auth@sha256:
|
|
71
|
+
image: ghcr.io/pleri/olam-mcp-auth@sha256:00fbc51f96357d5742a9ceb3cb804215b0d163c1a7826564772d428a787beffc
|
|
72
72
|
imagePullPolicy: IfNotPresent
|
|
73
73
|
securityContext:
|
|
74
74
|
runAsNonRoot: true
|
|
@@ -70,7 +70,7 @@ spec:
|
|
|
70
70
|
# bootstrap-placeholder comment + run `npm run refresh:manifest-digests`
|
|
71
71
|
# once ghcr.io/pleri/olam-memory-service has a real published digest.
|
|
72
72
|
# bootstrap-placeholder: pre-publish; refresh after first release
|
|
73
|
-
image: ghcr.io/pleri/olam-memory-service@sha256:
|
|
73
|
+
image: ghcr.io/pleri/olam-memory-service@sha256:fa6cc04244cf313d481f739839d9ee7926adabb20362489c279846ad09b07f74
|
|
74
74
|
imagePullPolicy: IfNotPresent
|
|
75
75
|
securityContext:
|
|
76
76
|
runAsNonRoot: true
|