alldigital/PSA
2
0
Fork 0
Code Issues Pull Requests Actions 15 Packages Projects Releases Wiki Activity
PSA/ee/appliance/control-plane/manifests/workload.yaml
Hermes 284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Details
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Details
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
Details
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
Details
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Details
Integration Tests / Check for relevant changes (push) Waiting to run
Details
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Details
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Details
Mobile checks / Mobile unit tests (push) Waiting to run
Details
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Details
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Details
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Details
Temporal Readiness / fast-readiness (push) Waiting to run
Details
Temporal Readiness / docker-parity (push) Waiting to run
Details
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Details
Unit Tests / Skipped-test budget (push) Waiting to run
Details
Unit Tests / Nx affected unit tests (push) Waiting to run
Details
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Details
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Details
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
Details
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Details
Initial import of AlgaPSA codebase from PSA server 
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz

Source: /opt/alga-psa on psa.joliet.tech
2026-06-22 16:12:17 -05:00

136 lines
4.6 KiB
YAML
Raw Permalink Blame History

apiVersion: v1
kind: ConfigMap
metadata:
name: appliance-control-plane-config
namespace: alga-appliance-control-plane
labels:
app.kubernetes.io/name: appliance-control-plane
app.kubernetes.io/part-of: alga-appliance
data:
ALGA_APPLIANCE_PORT: "8080"
ALGA_APPLIANCE_MODE: "kubernetes-control-plane"
ALGA_APPLIANCE_STATE_FILE: "/var/lib/alga-appliance/install-state.json"
# Token is read directly from the shared host volume (written 0644 by
# init-token.mjs), not from a Kubernetes Secret. This lets the host-side reset
# CLI re-arm the token with no kubectl/secret-sync round trip.
ALGA_APPLIANCE_TOKEN_FILE: "/var/lib/alga-appliance/setup-token"
ALGA_APPLIANCE_ADMIN_CREDENTIAL_FILE: "/var/lib/alga-appliance/admin-ui-credential.json"
ALGA_APPLIANCE_SESSION_SECRET_FILE: "/var/lib/alga-appliance/session-secret"
ALGA_APPLIANCE_KUBECONFIG: "/tmp/alga-appliance/kubeconfig"
ALGA_APPLIANCE_HOST_AGENT_SOCKET: "/run/alga-appliance/host-agent.sock"
ALGA_APPLIANCE_SETUP_INPUTS_FILE: "/var/lib/alga-appliance/setup-inputs.json"
ALGA_APPLIANCE_RELEASE_SELECTION_FILE: "/var/lib/alga-appliance/release-selection.json"
ALGA_APPLIANCE_BUNDLE_ORIGIN: "baked-iso"
# Public license control-plane endpoint the appliance redeems install codes
# against at setup (POST /register) and checks in with. Path-scoped public
# ingress; see nm-kube-config/alga-license/istio-gateway.yaml.
ALGA_LICENSE_SERVICE_URL: "https://license.nineminds.com"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: appliance-control-plane
namespace: alga-appliance-control-plane
labels:
app.kubernetes.io/name: appliance-control-plane
app.kubernetes.io/part-of: alga-appliance
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: appliance-control-plane
template:
metadata:
labels:
app.kubernetes.io/name: appliance-control-plane
app.kubernetes.io/part-of: alga-appliance
spec:
serviceAccountName: appliance-control-plane
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
initContainers:
- name: init-state-permissions
image: localhost/alga-appliance-control-plane:baked
imagePullPolicy: IfNotPresent
command: ["sh", "-c", "mkdir -p /var/lib/alga-appliance && chown 10001:10001 /var/lib/alga-appliance"]
volumeMounts:
- name: state
mountPath: /var/lib/alga-appliance
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
runAsNonRoot: false
runAsUser: 0
runAsGroup: 0
capabilities:
drop: ["ALL"]
add: ["CHOWN"]
containers:
- name: setup-api
image: localhost/alga-appliance-control-plane:baked
imagePullPolicy: IfNotPresent
ports:
- name: setup-http
containerPort: 8080
hostPort: 8080
protocol: TCP
envFrom:
- configMapRef:
name: appliance-control-plane-config
volumeMounts:
- name: state
mountPath: /var/lib/alga-appliance
- name: host-agent-socket
mountPath: /run/alga-appliance
readinessProbe:
httpGet:
path: /healthz
port: setup-http
initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 2
livenessProbe:
httpGet:
path: /healthz
port: setup-http
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 2
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 10001
runAsGroup: 10001
capabilities:
drop: ["ALL"]
volumes:
- name: state
hostPath:
path: /var/lib/alga-appliance
type: DirectoryOrCreate
- name: host-agent-socket
hostPath:
path: /run/alga-appliance
type: DirectoryOrCreate
---
apiVersion: v1
kind: Service
metadata:
name: appliance-control-plane
namespace: alga-appliance-control-plane
labels:
app.kubernetes.io/name: appliance-control-plane
app.kubernetes.io/part-of: alga-appliance
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: appliance-control-plane
ports:
- name: setup-http
port: 8080
targetPort: setup-http
protocol: TCP
Reference in New Issue View Git Blame Copy Permalink