feat: support dev code queue deployment

This commit is contained in:
Codex
2026-05-18 01:31:58 +00:00
parent 21a9b73850
commit 50ef729827
9 changed files with 831 additions and 35 deletions
+1 -1
View File
@@ -36,7 +36,7 @@ UniDesk 是一个以主 server 为统一入口的分布式工作平台;本文
- `bun scripts/cli.ts ssh <providerId> [ssh-like args...]`:通过 provider-gateway 的 Host SSH / WSL SSH 维护桥打开近似原生 ssh 的交互会话或远端命令,并在远端 PATH 注入 `apply_patch``glob``skill-discover``apply-patch``py``skills`、结构化 `find``glob``argv` 子命令用于避免远端补丁、Python stdin、skill 发现与常用只读命令的嵌套转义问题,使用规则见 `docs/reference/cli.md``docs/reference/provider-gateway.md`
- `bun scripts/cli.ts microservice list/status/health/diagnostics/tunnel-self-test/proxy`:管理和验证挂载在主 server、计算节点 Docker 或 k3s 控制面上的用户服务,`proxy` 支持受控 JSON bodyOA Event Flow/Todo Note/Baidu Netdisk/Code Queue Manager on main-server、k3s Control/Code Queue 执行面/MDTODO/Decision Center/FindJob/Pipeline/MET Nonlinear on D601 的规则见 `docs/reference/microservices.md`
- `bun scripts/cli.ts decision upload/list/show/health`:通过 backend-core 用户服务代理上传会议记录/决议 Markdown、列出记录和查看详情;Decision Center 运行在 D601 k3s,规则见 `docs/reference/microservices.md`
- `bun scripts/cli.ts deploy check/plan/apply [--file deploy.json|--env dev|prod] [--service <id>]`:按根目录或固定环境 ref 的服务 repo 和 commit 期望状态校验或更新用户服务;`--env dev` 当前开放 backend-core/frontend 开发环境部署,目标侧自行 fetch、构建、部署和 live commit 验证;规则见 `docs/reference/deploy.md`
- `bun scripts/cli.ts deploy check/plan/apply [--file deploy.json|--env dev|prod] [--service <id>]`:按根目录或固定环境 ref 的服务 repo 和 commit 期望状态校验或更新用户服务;`--env dev` 当前开放 backend-core/frontend/code-queue 开发环境部署,目标侧自行 fetch、构建、部署和 live commit 验证;规则见 `docs/reference/deploy.md`
- `bun scripts/cli.ts dev-env validate [--manifest path] [--kubectl-dry-run]` / `dev-env prewarm-images`:离线校验 D601 `unidesk-dev` 生产隔离护栏,或把开发底座基础镜像预热到 D601 原生 k3s containerd,规则见 `docs/reference/deploy.md``docs/reference/microservices.md`
- `bun scripts/cli.ts ci install/status/run/logs`:在 D601 原生 k3s 上安装和运行 Tekton CI,只做每 commit 检查和 Code Queue 只读性能门禁,不部署 CD;规则见 `docs/reference/ci.md`
- `bun scripts/cli.ts codex deploy <commitId>`:Code Queue 兼容部署入口,会生成临时 desired manifest 并调用 `deploy apply --service code-queue` 的同一条 target-side build 与 live commit 验证路径;规则见 `docs/reference/codex-deploy.md`
+6 -3
View File
@@ -236,13 +236,16 @@
技术决策:
- 第一版默认应使用 smoke/dry-run 执行,除非立刻需要真实任务执行
- 如果启用真实任务执行,使用 dev 专用 queue prefix 或 dev 数据库,并默认禁用生产 ClaudeQQ 通知
- 第一版采用真实 Code Queue 进程和 dev PostgreSQL,但部署验收先以执行面可部署、`/health` 通过和 dev DB 隔离为准
- dev scheduler 使用 `D601-dev` 作为本机 Provider 标识,默认工作目录为 `/workspace-dev`,远程工作目录为 `/home/ubuntu/unidesk-dev-workspace`
- 默认禁用生产 ClaudeQQ 通知,不使用生产 `d601-tcp-egress-gateway` 或生产 PostgreSQL 入口。
- dev frontend/backend-core 的稳定 `code-queue` 业务路由需要等 `code-queue-mgr-dev` 和 dev service catalog 完成后再接入,本阶段不把 dev 执行面伪装成完整业务入口。
验收标准:
- dev Code Queue `/health` 返回 ok,并包含 `environment=dev`
- dev scheduler 可以拾取 dev queued task,并推进到终态
- `deploy apply --env dev --service code-queue` 可以根据 `origin/deploy/dev:deploy.json` 构建 `unidesk-code-queue:dev`,部署 `code-queue-scheduler-dev``code-queue-read-dev``code-queue-write-dev`,并验证 health commit
- 后续接入 `code-queue-mgr-dev` 后,dev scheduler 可以拾取 dev queued task,并推进到终态。
- 重启 dev scheduler 不影响生产 running task。
- dev Code Queue rollout 期间,生产 `code-queue` health 仍健康。
+2 -2
View File
@@ -21,8 +21,8 @@ UniDesk 的统一 CLI 入口是根目录 `scripts/cli.ts`,运行方式固定
- `ssh <providerId> skills [--scope all|wsl|windows] [--limit N]` 发现目标节点上的 WSL/Linux skill 根目录;当 provider 是 WSL 时同一次调用还会扫描 Windows 用户目录下的 `.agents/skills``.codex/skills`
- `microservice list/status/health/diagnostics/tunnel-self-test/proxy` 通过 backend-core 内网 API 管理挂载在计算节点 Docker 或 k3s 控制面中的用户服务(底层命令名仍为 microservice);`health``diagnostics``tunnel-self-test``proxy` 会走真实 backend-core -> provider-gateway 或 k3sctl-adapter -> 节点服务链路,`proxy` 支持受控 JSON 请求体并对超大响应 body 默认输出有界预览,规则见 `docs/reference/microservices.md`
- `decision upload/list/show/health` 通过 backend-core 用户服务代理访问 D601 k3s Decision Center,用于上传会议记录/决议 Markdown、列出权威记录、查看详情和健康检查;它不得直连 D601 Service、NodePort 或 provider-gateway 业务 HTTP。
- `deploy check/plan/apply` 默认从根目录 `deploy.json` 读取服务 repo 与 commit 期望状态,join `config.json` 和现有 manifest 后使用 target-side build 单一路径校验或更新直管服务与 k3s 代管服务;`deploy plan --env dev|prod` 只从固定 Git ref 读取 manifest 并输出 dry-run 环境计划,不使用本地 dirty worktree`deploy apply --env dev --service backend-core|frontend` 可按 `origin/deploy/dev:deploy.json` 部署第一版 dev core`--env prod` apply 仍禁用;规则见 `docs/reference/deploy.md`
- `dev-env validate [--manifest path] [--kubectl-dry-run]` 离线校验 D601 `unidesk-dev` namespace、dev PostgreSQL 底座和 dev backend/frontend manifest。默认检查 `src/components/microservices/k3sctl-adapter/k3s/dev/unidesk-dev-foundation.k8s.yaml`;也可显式校验 `src/components/microservices/k3sctl-adapter/k3s/dev/unidesk-dev-core.k8s.yaml`。所有 namespaced 对象必须只落到 `unidesk-dev`foundation manifest 必须包含 `postgres-dev` StatefulSet/Service、dev secret/config、迁移 Job 和 DB URL guardcore manifest 必须包含 `backend-core-dev`/`frontend-dev` Deployment/Service。加 `--kubectl-dry-run` 时额外执行 `kubectl apply --dry-run=client --validate=false -f <manifest>`,仍不 apply 资源。
- `deploy check/plan/apply` 默认从根目录 `deploy.json` 读取服务 repo 与 commit 期望状态,join `config.json` 和现有 manifest 后使用 target-side build 单一路径校验或更新直管服务与 k3s 代管服务;`deploy plan --env dev|prod` 只从固定 Git ref 读取 manifest 并输出 dry-run 环境计划,不使用本地 dirty worktree`deploy apply --env dev --service backend-core|frontend|code-queue` 可按 `origin/deploy/dev:deploy.json` 部署当前 D601 dev slice`--env prod` apply 仍禁用;规则见 `docs/reference/deploy.md`
- `dev-env validate [--manifest path] [--kubectl-dry-run]` 离线校验 D601 `unidesk-dev` namespace、dev PostgreSQL 底座和 dev workload manifest。默认检查 `src/components/microservices/k3sctl-adapter/k3s/dev/unidesk-dev-foundation.k8s.yaml`;也可显式校验 `src/components/microservices/k3sctl-adapter/k3s/dev/unidesk-dev-core.k8s.yaml``src/components/microservices/k3sctl-adapter/k3s/dev/unidesk-dev-code-queue.k8s.yaml`。所有 namespaced 对象必须只落到 `unidesk-dev`foundation manifest 必须包含 `postgres-dev` StatefulSet/Service、dev secret/config、迁移 Job 和 DB URL guardcore manifest 必须包含 `backend-core-dev`/`frontend-dev` Deployment/ServiceCode Queue dev manifest 必须包含 `code-queue-scheduler-dev``code-queue-read-dev``code-queue-write-dev` 和 dev provider egress proxy。加 `--kubectl-dry-run` 时额外执行 `kubectl apply --dry-run=client --validate=false -f <manifest>`,仍不 apply 资源。
- `dev-env prewarm-images [--image image] [--provider-id D601] [--no-pull] [--proxy-url URL] [--pull-timeout-ms N] [--dry-run]` 创建异步 job,通过 UniDesk SSH 维护桥在 D601 上把开发底座依赖镜像从 Docker 缓存导入原生 k3s containerd。默认镜像是 `postgres:16-alpine``rancher/mirrored-library-busybox:1.36.1`,用于避免 `postgres-dev` 与 local-path helper pod 卡在外部 registry 拉取。该命令固定验证 `/etc/rancher/k3s/k3s.yaml` 指向的 native k3s 上下文,并输出 `dev_env_containerd_image_ready=...` 作为成功判据;它不 apply manifest、不修改生产 `unidesk` namespace。
- `codex deploy <commitId>` 是 Code Queue 兼容部署入口,会生成临时 desired manifest 并调用 `deploy apply --service code-queue` 的同一条 target-side build、k3s import、rollout 和 live commit 验证路径;详细规则见 `docs/reference/codex-deploy.md`
- `codex submit [prompt] [--prompt-file path|--prompt-stdin] [--queue queueId] [--provider-id id] [--cwd path] [--model model] [--reasoning-effort effort] [--execution-mode mode] [--max-attempts N] [--reference-task-id id] [--dry-run]` 通过 backend-core 私有代理向稳定 `code-queue` 用户服务路径提交任务;prompt 必须且只能来自位置参数、文件或 stdin 之一,`--dry-run` 只返回结构化请求且不实际入队。提交确认和 dry-run 必须返回完整 prompt、字符数和 `truncated=false`,不能套用任务详情的预览截断策略,否则长任务 prompt 无法被人工验收。backend-core 默认把提交、队列 CRUD、已读状态、历史摘要和轻量 Trace 读取分流到主 server `code-queue-mgr`,由它写入主 PostgreSQLD601 scheduler 只轮询并执行已入库任务。
+10 -2
View File
@@ -29,7 +29,7 @@ Environment mode never reads the local working tree manifest. The mapping is fix
- `dev -> origin/deploy/dev`
- `prod -> origin/deploy/prod`
`deploy check --env ...` and `deploy plan --env ...` fetch the fixed ref, read `deploy.json` from that ref, validate the declared environment, and report the manifest commit/blob, service commit IDs, target namespace, database fingerprint and Provider identity without mutating runtime resources. `deploy apply --env dev` is enabled only for the first dev-core slice, currently `backend-core` and `frontend`. If no `--service` is given and the dev manifest still includes unsupported later-stage services such as Code Queue, the command fails before changing runtime resources. `deploy apply --env prod` remains disabled until the production environment executor and authorization policy are explicitly added.
`deploy check --env ...` and `deploy plan --env ...` fetch the fixed ref, read `deploy.json` from that ref, validate the declared environment, and report the manifest commit/blob, service commit IDs, target namespace, database fingerprint and Provider identity without mutating runtime resources. `deploy apply --env dev` is enabled for the current isolated D601 dev slice: `backend-core`, `frontend` and `code-queue`. If no `--service` is given and the dev manifest still includes unsupported later-stage services such as `code-queue-mgr`, the command fails before changing runtime resources. `deploy apply --env prod` remains disabled until the production environment executor and authorization policy are explicitly added.
The `deploy/dev` and `deploy/prod` branches are environment desired-state branches, not source branches. They should contain only `deploy.json`; Kubernetes manifests, Dockerfiles and executor code continue to live on `master` and are selected through the commit IDs declared in the environment manifest.
@@ -69,6 +69,14 @@ The manifest keeps placeholder image tags and deploy commit values in source con
backend-core and frontend keep their production health payload shape by default. They add `environment`, `namespace`, `databaseName`, `serviceId`, `deployRef` and deploy commit metadata only when `UNIDESK_ENV=dev` or `UNIDESK_NAMESPACE=unidesk-dev` is set. The frontend shell shows a visible DEV ribbon only under the same dev identity.
## D601 Dev Code Queue
Phase 5 introduces the dev Code Queue execution manifest at `src/components/microservices/k3sctl-adapter/k3s/dev/unidesk-dev-code-queue.k8s.yaml`. It may create only Code Queue dev execution objects in `unidesk-dev`: `code-queue-scheduler-dev`, `code-queue-read-dev`, `code-queue-write-dev` and the supporting `d601-dev-provider-egress-proxy`.
All dev Code Queue components must use `unidesk-dev-runtime-config` and `unidesk-dev-runtime-secrets`, connect to `postgres-dev.../unidesk_dev`, write logs and state under `/home/ubuntu/unidesk-dev-code-queue-deploy/state`, and expose HTTP on 4222 only as ClusterIP services. The scheduler uses `CODE_QUEUE_MAIN_PROVIDER_ID=D601-dev`, `CODE_QUEUE_WORKDIR=/workspace-dev`, `CODE_QUEUE_REMOTE_WORKDIR=/home/ubuntu/unidesk-dev-workspace`, disables ClaudeQQ notifications by default, and does not use the production `d601-tcp-egress-gateway` or production PostgreSQL route.
`deploy apply --env dev --service code-queue` fetches `origin/deploy/dev:deploy.json`, materializes the requested source commit on D601, copies the dev Code Queue control manifest, narrows it to Code Queue dev objects, replaces placeholders with the requested commit and `unidesk-code-queue:dev`, builds on D601, imports the image into native k3s containerd, applies only `unidesk-dev` objects and stamps the dev Deployments. This first dev execution slice proves deployability, health and dev database isolation; wiring the dev frontend stable `code-queue` route through a dev `code-queue-mgr` is a separate later phase.
## CLI
`bun scripts/cli.ts deploy check [--file deploy.json] [--service <id>]` checks the live runtime against the desired repo and commit without changing the system.
@@ -77,7 +85,7 @@ backend-core and frontend keep their production health payload shape by default.
`bun scripts/cli.ts deploy plan --env dev [--service <id>]` reads `origin/deploy/dev:deploy.json` and prints a dry-run environment plan without checking or mutating live runtime resources. `deploy check --env dev` uses the same dry-run environment plan. `--env prod` is available for parity as a dry-run planning path; it reads `origin/deploy/prod:deploy.json` and must not use a dirty local `deploy.json`.
`bun scripts/cli.ts deploy apply [--file deploy.json | --env dev] [--service <id>] [--dry-run] [--force]` starts an asynchronous job. Use `bun scripts/cli.ts job status <jobId> --tail-bytes 30000` to observe progress. `--dry-run` resolves the same plan but does not build or replace runtime objects. `--force` rebuilds even when the live commit matches. Environment apply is currently limited to `--env dev --service backend-core` and `--env dev --service frontend`; `--env prod` apply is rejected.
`bun scripts/cli.ts deploy apply [--file deploy.json | --env dev] [--service <id>] [--dry-run] [--force]` starts an asynchronous job. Use `bun scripts/cli.ts job status <jobId> --tail-bytes 30000` to observe progress. `--dry-run` resolves the same plan but does not build or replace runtime objects. `--force` rebuilds even when the live commit matches. Environment apply currently supports `--env dev --service backend-core`, `--env dev --service frontend` and `--env dev --service code-queue`; `--env prod` apply is rejected.
All deploy commands output JSON. Long operations must use `.state/jobs/` and bounded log tails; no deploy path may succeed with missing progress output.
+50 -26
View File
@@ -131,7 +131,7 @@ const nativeK3sInstallVersion = "v1.34.1+k3s1";
const nativeK3sImage = "rancher/k3s:v1.34.1-k3s1";
const nativeK3sCtrAddress = "/run/k3s/containerd/containerd.sock";
const unideskRepoUrl = "https://github.com/pikasTech/unidesk";
const devApplySupportedServiceIds = new Set(["backend-core", "frontend"]);
const devApplySupportedServiceIds = new Set(["backend-core", "frontend", "code-queue"]);
const deployEnvironmentTargets: Record<DeployEnvironment, DeployEnvironmentTarget> = {
dev: {
environment: "dev",
@@ -568,12 +568,13 @@ function frontendCoreDeployService(config: UniDeskConfig): UniDeskMicroserviceCo
};
}
function devCoreDeployService(id: string): UniDeskMicroserviceConfig | undefined {
function devK3sDeployService(id: string): UniDeskMicroserviceConfig | undefined {
const specs: Record<string, {
name: string;
description: string;
dockerfile: string;
composeService: string;
composeFile: string;
containerName: string;
nodeBaseUrl: string;
nodePort: number;
@@ -586,6 +587,7 @@ function devCoreDeployService(id: string): UniDeskMicroserviceConfig | undefined
name: "UniDesk Dev Backend Core",
description: "Isolated dev backend-core deployed into D601 native k3s namespace unidesk-dev.",
dockerfile: "src/components/backend-core/Dockerfile",
composeFile: "src/components/microservices/k3sctl-adapter/k3s/dev/unidesk-dev-core.k8s.yaml",
composeService: "backend-core-dev",
containerName: "k3s:backend-core-dev",
nodeBaseUrl: "k3s://backend-core-dev",
@@ -599,6 +601,7 @@ function devCoreDeployService(id: string): UniDeskMicroserviceConfig | undefined
name: "UniDesk Dev Frontend",
description: "Isolated dev frontend deployed into D601 native k3s namespace unidesk-dev.",
dockerfile: "src/components/frontend/Dockerfile",
composeFile: "src/components/microservices/k3sctl-adapter/k3s/dev/unidesk-dev-core.k8s.yaml",
composeService: "frontend-dev",
containerName: "k3s:frontend-dev",
nodeBaseUrl: "k3s://frontend-dev",
@@ -608,6 +611,20 @@ function devCoreDeployService(id: string): UniDeskMicroserviceConfig | undefined
allowedMethods: ["GET", "HEAD"],
allowedPathPrefixes: ["/"],
},
"code-queue": {
name: "UniDesk Dev Code Queue",
description: "Isolated dev Code Queue execution plane deployed into D601 native k3s namespace unidesk-dev.",
dockerfile: "src/components/microservices/code-queue/Dockerfile",
composeFile: "src/components/microservices/k3sctl-adapter/k3s/dev/unidesk-dev-code-queue.k8s.yaml",
composeService: "code-queue-scheduler-dev",
containerName: "k3s:code-queue-scheduler-dev",
nodeBaseUrl: "k3s://code-queue-dev",
nodePort: 4222,
healthPath: "/health",
route: "/dev/code-queue",
allowedMethods: ["GET", "HEAD", "POST", "PUT", "PATCH", "DELETE"],
allowedPathPrefixes: ["/", "/api/", "/logs"],
},
};
const spec = specs[id];
if (spec === undefined) return undefined;
@@ -620,7 +637,7 @@ function devCoreDeployService(id: string): UniDeskMicroserviceConfig | undefined
url: unideskRepoUrl,
commitId: "deploy-dev",
dockerfile: spec.dockerfile,
composeFile: "src/components/microservices/k3sctl-adapter/k3s/dev/unidesk-dev-core.k8s.yaml",
composeFile: spec.composeFile,
composeService: spec.composeService,
containerName: spec.containerName,
},
@@ -647,7 +664,9 @@ function devCoreDeployService(id: string): UniDeskMicroserviceConfig | undefined
development: {
providerId: "D601",
sshPassthrough: true,
worktreePath: `/home/ubuntu/unidesk-dev-core-deploy/${id}`,
worktreePath: id === "code-queue"
? "/home/ubuntu/unidesk-dev-code-queue-deploy/code-queue"
: `/home/ubuntu/unidesk-dev-core-deploy/${id}`,
},
frontend: {
route: spec.route,
@@ -657,7 +676,7 @@ function devCoreDeployService(id: string): UniDeskMicroserviceConfig | undefined
}
function coreDeployService(config: UniDeskConfig, id: string, environment: DeployEnvironment | null): UniDeskMicroserviceConfig | undefined {
if (environment === "dev") return devCoreDeployService(id);
if (environment === "dev") return devK3sDeployService(id);
if (id === "frontend") return frontendCoreDeployService(config);
return undefined;
}
@@ -666,7 +685,7 @@ function isCoreDeployService(service: UniDeskMicroserviceConfig): boolean {
return service.id === "frontend" && service.providerId === "main-server" && service.backend.proxyMode === "core-direct";
}
function isDevK3sCoreService(service: UniDeskMicroserviceConfig): boolean {
function isDevK3sDeployService(service: UniDeskMicroserviceConfig): boolean {
return service.deployment.mode === "k3sctl-managed"
&& service.deployment.namespace === deployEnvironmentTargets.dev.namespace
&& devApplySupportedServiceIds.has(service.id);
@@ -685,7 +704,7 @@ function selectServices(config: UniDeskConfig, manifest: DeployManifest, service
if (serviceId !== null && selected.length === 0) throw new Error(`deploy manifest does not contain service: ${serviceId}`);
return selected.map((desired) => {
if (manifest.environment === "dev") {
const service = devCoreDeployService(desired.id);
const service = devK3sDeployService(desired.id);
if (service === undefined) {
throw new Error(`deploy --env dev service ${desired.id} is not enabled in this executor yet; currently supported: ${[...devApplySupportedServiceIds].join(", ")}`);
}
@@ -746,7 +765,7 @@ function targetExportDir(service: UniDeskMicroserviceConfig, runId: string): str
}
function targetWorkDir(service: UniDeskMicroserviceConfig): string {
if (isDevK3sCoreService(service)) return service.development.worktreePath;
if (isDevK3sDeployService(service)) return service.development.worktreePath;
if (service.deployment.mode === "k3sctl-managed") return k3sDeployDir;
if (targetIsMain(service) && isUnideskRepo(service.repository.url)) {
return rootPath(".state", "deploy", "work", safeId(service.id));
@@ -780,7 +799,7 @@ function sourceBuildContext(service: UniDeskMicroserviceConfig): string {
}
function buildImageTag(service: UniDeskMicroserviceConfig): string {
if (isDevK3sCoreService(service)) return `unidesk-${service.id}:dev`;
if (isDevK3sDeployService(service)) return `unidesk-${service.id}:dev`;
if (service.deployment.mode === "k3sctl-managed") return `unidesk-${service.id}:d601`;
if (targetIsMain(service)) {
if (["project-manager", "baidu-netdisk", "oa-event-flow"].includes(service.repository.composeService)) return service.repository.composeService;
@@ -1025,7 +1044,7 @@ function claudeqqDeployAssetOverlayCommands(): string[] {
}
function syncK8sControlManifestsScript(service: UniDeskMicroserviceConfig): string {
if (isDevK3sCoreService(service)) {
if (isDevK3sDeployService(service)) {
const manifest = k8sManifestPath(service);
if (!existsSync(rootPath(manifest))) throw new Error(`${service.id} dev k3s control manifest missing: ${manifest}`);
const encoded = Buffer.from(readFileSync(rootPath(manifest), "utf8"), "utf8").toString("base64");
@@ -1098,7 +1117,7 @@ function buildImageScript(service: UniDeskMicroserviceConfig, desired: DeployMan
"if ! docker buildx version >/dev/null 2>&1; then",
" if ! docker buildx inspect default >/dev/null 2>&1; then echo target_build_builder=missing >&2; exit 1; fi",
"fi",
...(isDevK3sCoreService(service) ? [
...(isDevK3sDeployService(service) ? [
"if ! docker image inspect oven/bun:1-alpine >/dev/null 2>&1; then",
" docker pull oven/bun:1-alpine",
"fi",
@@ -1113,12 +1132,11 @@ function buildImageScript(service: UniDeskMicroserviceConfig, desired: DeployMan
].filter((line) => line.length > 0).join("\n");
}
function patchDevK3sCoreManifestScript(service: UniDeskMicroserviceConfig, desired: DeployManifestService, resolvedCommit: string): string {
function patchDevK3sManifestScript(service: UniDeskMicroserviceConfig, desired: DeployManifestService, resolvedCommit: string): string {
const manifest = `${targetWorkDir(service)}/${k8sManifestPath(service)}`;
const image = buildImageTag(service);
const serviceId = service.id;
const deploymentName = service.repository.composeService;
const manifestServiceId = deploymentName;
return [
"set -euo pipefail",
`manifest=${shellQuote(manifest)}`,
@@ -1128,27 +1146,27 @@ function patchDevK3sCoreManifestScript(service: UniDeskMicroserviceConfig, desir
`repo=${shellQuote(desired.repo)}`,
`commit=${shellQuote(resolvedCommit)}`,
`requested_commit=${shellQuote(desired.commitId)}`,
`manifest_service_id=${shellQuote(manifestServiceId)}`,
`python3 - "$manifest" "$service_id" "$deployment_name" "$image" "$repo" "$commit" "$requested_commit" "$manifest_service_id" <<'PY'`,
`python3 - "$manifest" "$service_id" "$deployment_name" "$image" "$repo" "$commit" "$requested_commit" <<'PY'`,
"import re",
"import sys",
"path, service_id, deployment_name, image, repo, commit, requested_commit, manifest_service_id = sys.argv[1:]",
"path, service_id, deployment_name, image, repo, commit, requested_commit = sys.argv[1:]",
"text = open(path, encoding='utf-8').read()",
"segments = re.split(r'(?m)^---\\s*$', text)",
"kept = []",
"for segment in segments:",
" if not segment.strip():",
" continue",
" if f'\\n name: {deployment_name}\\n' in ('\\n' + segment + '\\n'):",
" haystack = '\\n' + segment + '\\n'",
" if f'unidesk.ai/deploy-service-id: {service_id}' in segment or f'\\n name: {deployment_name}\\n' in haystack:",
" kept.append(segment)",
"if not kept:",
" raise SystemExit(f'deployment/service {deployment_name} not found in {path}')",
" raise SystemExit(f'dev service {service_id}/{deployment_name} not found in {path}')",
"patched = []",
"for segment in kept:",
" segment = segment.replace('unidesk.ai/image-source: deploy-dev-commit', 'unidesk.ai/image-source: deploy-env-commit')",
" segment = re.sub(r'image: unidesk-[^\\n]+:dev-placeholder', f'image: {image}', segment)",
" segment = re.sub(r'value: replace-with-deploy-dev-commit', f'value: {commit}', segment)",
" segment = segment.replace(f'value: {manifest_service_id}', f'value: {service_id}')",
" segment = segment.replace('value: https://github.com/pikasTech/unidesk', f'value: {repo}')",
" patched.append(segment.strip() + '\\n')",
"out = '---\\n'.join(patched)",
"open(path, 'w', encoding='utf-8').write(out)",
@@ -1480,6 +1498,7 @@ function importK3sImageScript(service: UniDeskMicroserviceConfig): string {
function cleanupLegacyDirectCodeQueueScript(service: UniDeskMicroserviceConfig): string {
if (service.id !== "code-queue") return "";
if (isDevK3sDeployService(service)) return "";
return [
"set -euo pipefail",
"container=code-queue-backend",
@@ -1507,6 +1526,9 @@ function k8sNamespaceForService(service: UniDeskMicroserviceConfig): string {
}
function k8sDeploymentsForService(service: UniDeskMicroserviceConfig): string[] {
if (isDevK3sDeployService(service) && service.id === "code-queue") {
return ["d601-dev-provider-egress-proxy", "code-queue-scheduler-dev", "code-queue-read-dev", "code-queue-write-dev"];
}
if (service.id === "code-queue") return ["d601-provider-egress-proxy", "d601-tcp-egress-gateway", "code-queue", "code-queue-read", "code-queue-write"];
return [service.repository.composeService];
}
@@ -1514,7 +1536,7 @@ function k8sDeploymentsForService(service: UniDeskMicroserviceConfig): string[]
function applyK8sScript(service: UniDeskMicroserviceConfig): string {
const manifest = `${targetWorkDir(service)}/${k8sManifestPath(service)}`;
const namespace = k8sNamespaceForService(service);
const cleanup = service.id === "code-queue"
const cleanup = service.id === "code-queue" && !isDevK3sDeployService(service)
? [
`KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl -n ${shellQuote(namespace)} delete endpointslice d601-provider-egress-proxy --ignore-not-found`,
`KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl -n ${shellQuote(namespace)} delete deployment code-queue-d518 --ignore-not-found`,
@@ -1636,14 +1658,16 @@ function devK3sServiceHealthScript(service: UniDeskMicroserviceConfig): string {
const namespace = k8sNamespaceForService(service);
const deployment = service.repository.composeService;
const path = service.backend.healthPath;
const port = service.backend.nodePort;
return [
"set -euo pipefail",
`namespace=${shellQuote(namespace)}`,
`deployment=${shellQuote(deployment)}`,
`path=${shellQuote(path)}`,
`pod=$(KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl -n "$namespace" get pod -l app.kubernetes.io/name=${shellQuote(service.id)},unidesk.ai/environment=dev -o jsonpath='{.items[0].metadata.name}' 2>/dev/null || true)`,
`port=${shellQuote(String(port))}`,
`pod=$(KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl -n "$namespace" get pod -l app.kubernetes.io/instance="$deployment",unidesk.ai/deploy-service-id=${shellQuote(service.id)},unidesk.ai/environment=dev -o jsonpath='{.items[0].metadata.name}' 2>/dev/null || true)`,
"if [ -z \"$pod\" ]; then echo '{\"ok\":false,\"error\":\"dev deployment pod not found\"}'; exit 0; fi",
`KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl -n "$namespace" exec "$pod" -- wget -q -T 5 -O - "http://127.0.0.1:8080$path"`,
`KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl -n "$namespace" exec "$pod" -- wget -q -T 5 -O - "http://127.0.0.1:$port$path"`,
].join("\n");
}
@@ -1651,7 +1675,7 @@ async function serviceHealth(config: UniDeskConfig, service: UniDeskMicroservice
if (isCoreDeployService(service)) {
return await directHttpJson(`${service.backend.nodeBaseUrl}${service.backend.healthPath}`, service.backend.timeoutMs);
}
if (isDevK3sCoreService(service)) {
if (isDevK3sDeployService(service)) {
const result = await runTargetCommand(config, service, devK3sServiceHealthScript(service), "/home/ubuntu", 30_000, 20_000);
let body: unknown = null;
try {
@@ -1918,7 +1942,7 @@ async function step(
}
async function readDockerImageCommit(config: UniDeskConfig, service: UniDeskMicroserviceConfig): Promise<string | null> {
if (isDevK3sCoreService(service)) return null;
if (isDevK3sDeployService(service)) return null;
const result = await runTargetCommand(config, service, dockerCommitProbeScript(service), targetIsMain(service) ? repoRoot : "/home/ubuntu", 30_000, 20_000);
const commit = parseFullCommit(result.stdout);
return commit.length > 0 ? commit : null;
@@ -2066,8 +2090,8 @@ async function applyOneService(config: UniDeskConfig, service: UniDeskMicroservi
if (!pushStep(steps, controlManifestSync)) return { ok: false, serviceId: service.id, startedAt, finishedAt: nowIso(), resolvedCommit, before, steps };
}
if (isDevK3sCoreService(service)) {
const patchManifest = await step(config, service, "patch-dev-k3s-manifest", patchDevK3sCoreManifestScript(service, desired, resolvedCommit), targetWorkDir(service), 60_000, false);
if (isDevK3sDeployService(service)) {
const patchManifest = await step(config, service, "patch-dev-k3s-manifest", patchDevK3sManifestScript(service, desired, resolvedCommit), targetWorkDir(service), 60_000, false);
if (!pushStep(steps, patchManifest)) return { ok: false, serviceId: service.id, startedAt, finishedAt: nowIso(), resolvedCommit, before, steps };
}
+13 -1
View File
@@ -28,6 +28,17 @@ const coreRequiredKinds = new Set([
"Service/frontend-dev",
"Deployment/frontend-dev",
]);
const codeQueueRequiredKinds = new Set([
"Service/code-queue-scheduler-dev",
"Service/code-queue-read-dev",
"Service/code-queue-write-dev",
"Service/d601-dev-provider-egress-proxy",
"ConfigMap/d601-dev-provider-egress-proxy",
"Deployment/d601-dev-provider-egress-proxy",
"Deployment/code-queue-scheduler-dev",
"Deployment/code-queue-read-dev",
"Deployment/code-queue-write-dev",
]);
interface ManifestDocument {
index: number;
@@ -160,6 +171,7 @@ function parseManifestDocuments(text: string): ManifestDocument[] {
function requiredResourcesFor(resources: string[]): Set<string> {
const resourceSet = new Set(resources);
if (resourceSet.has("Deployment/code-queue-scheduler-dev") || resourceSet.has("Service/code-queue-scheduler-dev")) return codeQueueRequiredKinds;
if (resourceSet.has("Deployment/backend-core-dev") || resourceSet.has("Deployment/frontend-dev")) return coreRequiredKinds;
return foundationRequiredKinds;
}
@@ -288,7 +300,7 @@ function devEnvHelp(): Record<string, unknown> {
defaultPrewarmImages,
checks: [
"all namespaced resources must target unidesk-dev",
"required foundation resources or backend-core-dev/frontend-dev resources must exist",
"required foundation resources, backend-core-dev/frontend-dev resources, or code-queue-dev resources must exist",
"dev DATABASE_URL values must target postgres-dev/unidesk_dev and not production routes",
"--kubectl-dry-run optionally asks kubectl to client-dry-run the manifest without applying it",
"prewarm-images imports dev foundation images from Docker into native k3s containerd on D601",
@@ -356,6 +356,11 @@ function readConfig(): RuntimeConfig {
port: envNumber("PORT", 4222),
dataDir,
instanceId: envString("CODE_QUEUE_INSTANCE_ID", mainProviderId),
environment: envString("UNIDESK_ENV", ""),
namespace: envString("UNIDESK_NAMESPACE", ""),
databaseName: envString("UNIDESK_DATABASE_NAME", envString("UNIDESK_DEV_DATABASE_NAME", "")),
deployServiceId: envString("UNIDESK_DEPLOY_SERVICE_ID", "code-queue"),
deployRef: envString("UNIDESK_DEPLOY_REF", ""),
deployCommit: envString("CODE_QUEUE_DEPLOY_COMMIT", "unknown"),
deployRequestedCommit: envString("CODE_QUEUE_DEPLOY_REQUESTED_COMMIT", ""),
serviceRole,
@@ -483,6 +488,16 @@ async function providerGatewayEgressProxyStatus(): Promise<JsonValue> {
}
}
function runtimeIdentity(): Record<string, JsonValue> {
return {
environment: config.environment || null,
namespace: config.namespace || null,
databaseName: config.databaseName || null,
serviceId: config.deployServiceId || "code-queue",
deployRef: config.deployRef || null,
};
}
function createLogger(service: string, logFile: string) {
const writer = createHourlyJsonlWriter({
baseLogFile: logFile,
@@ -5000,6 +5015,7 @@ async function route(req: Request): Promise<Response> {
service: "code-queue",
instanceId: config.instanceId,
role: config.serviceRole,
...runtimeIdentity(),
deploy: {
commit: config.deployCommit,
requestedCommit: config.deployRequestedCommit,
@@ -5014,6 +5030,7 @@ async function route(req: Request): Promise<Response> {
service: "code-queue",
instanceId: config.instanceId,
role: config.serviceRole,
...runtimeIdentity(),
deploy: {
commit: config.deployCommit,
requestedCommit: config.deployRequestedCommit,
@@ -5028,6 +5045,7 @@ async function route(req: Request): Promise<Response> {
service: "code-queue",
instanceId: config.instanceId,
role: config.serviceRole,
...runtimeIdentity(),
deploy: {
commit: config.deployCommit,
requestedCommit: config.deployRequestedCommit,
@@ -35,6 +35,11 @@ export interface RuntimeConfig {
port: number;
dataDir: string;
instanceId: string;
environment: string;
namespace: string;
databaseName: string;
deployServiceId: string;
deployRef: string;
deployCommit: string;
deployRequestedCommit: string;
serviceRole: CodeQueueServiceRole;
@@ -0,0 +1,726 @@
apiVersion: v1
kind: Service
metadata:
name: code-queue-scheduler-dev
namespace: unidesk-dev
labels:
app.kubernetes.io/name: code-queue
app.kubernetes.io/component: scheduler
app.kubernetes.io/part-of: unidesk
app.kubernetes.io/instance: code-queue-scheduler-dev
unidesk.ai/environment: dev
unidesk.ai/deployment-mode: k3sctl-managed
unidesk.ai/deploy-service-id: code-queue
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: code-queue
app.kubernetes.io/component: scheduler
app.kubernetes.io/instance: code-queue-scheduler-dev
unidesk.ai/environment: dev
unidesk.ai/deploy-service-id: code-queue
ports:
- name: http
port: 4222
targetPort: http
---
apiVersion: v1
kind: Service
metadata:
name: code-queue-read-dev
namespace: unidesk-dev
labels:
app.kubernetes.io/name: code-queue
app.kubernetes.io/component: read
app.kubernetes.io/part-of: unidesk
app.kubernetes.io/instance: code-queue-read-dev
unidesk.ai/environment: dev
unidesk.ai/deployment-mode: k3sctl-managed
unidesk.ai/deploy-service-id: code-queue
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: code-queue
app.kubernetes.io/component: read
app.kubernetes.io/instance: code-queue-read-dev
unidesk.ai/environment: dev
unidesk.ai/deploy-service-id: code-queue
ports:
- name: http
port: 4222
targetPort: http
---
apiVersion: v1
kind: Service
metadata:
name: code-queue-write-dev
namespace: unidesk-dev
labels:
app.kubernetes.io/name: code-queue
app.kubernetes.io/component: write
app.kubernetes.io/part-of: unidesk
app.kubernetes.io/instance: code-queue-write-dev
unidesk.ai/environment: dev
unidesk.ai/deployment-mode: k3sctl-managed
unidesk.ai/deploy-service-id: code-queue
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: code-queue
app.kubernetes.io/component: write
app.kubernetes.io/instance: code-queue-write-dev
unidesk.ai/environment: dev
unidesk.ai/deploy-service-id: code-queue
ports:
- name: http
port: 4222
targetPort: http
---
apiVersion: v1
kind: Service
metadata:
name: d601-dev-provider-egress-proxy
namespace: unidesk-dev
labels:
app.kubernetes.io/name: provider-egress-proxy
app.kubernetes.io/part-of: unidesk
app.kubernetes.io/instance: d601-dev-provider-egress-proxy
unidesk.ai/environment: dev
unidesk.ai/provider-id: D601-dev
unidesk.ai/deploy-service-id: code-queue
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: provider-egress-proxy
app.kubernetes.io/instance: d601-dev-provider-egress-proxy
unidesk.ai/environment: dev
unidesk.ai/provider-id: D601-dev
unidesk.ai/deploy-service-id: code-queue
ports:
- name: http
port: 18789
targetPort: http
---
apiVersion: v1
kind: ConfigMap
metadata:
name: d601-dev-provider-egress-proxy
namespace: unidesk-dev
labels:
app.kubernetes.io/name: provider-egress-proxy
app.kubernetes.io/part-of: unidesk
unidesk.ai/environment: dev
unidesk.ai/provider-id: D601-dev
unidesk.ai/deploy-service-id: code-queue
data:
provider-egress-proxy.js: |
const net = require("node:net");
const listenPort = Number(process.env.PROVIDER_EGRESS_LISTEN_PORT || 18790);
const upstreamHost = process.env.PROVIDER_EGRESS_UPSTREAM_HOST || "127.0.0.1";
const upstreamPort = Number(process.env.PROVIDER_EGRESS_UPSTREAM_PORT || 18789);
function closeBoth(left, right) {
left.destroy();
right.destroy();
}
net.createServer((client) => {
const upstream = net.connect({ host: upstreamHost, port: upstreamPort });
client.pipe(upstream);
upstream.pipe(client);
client.on("error", () => closeBoth(client, upstream));
upstream.on("error", () => closeBoth(client, upstream));
}).listen(listenPort, "0.0.0.0", () => {
console.log(JSON.stringify({
ts: new Date().toISOString(),
service: "provider-egress-proxy-dev",
level: "info",
message: "listening",
data: { listenPort, upstream: `${upstreamHost}:${upstreamPort}` },
}));
});
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: d601-dev-provider-egress-proxy
namespace: unidesk-dev
labels:
app.kubernetes.io/name: provider-egress-proxy
app.kubernetes.io/part-of: unidesk
app.kubernetes.io/instance: d601-dev-provider-egress-proxy
unidesk.ai/environment: dev
unidesk.ai/provider-id: D601-dev
unidesk.ai/deployment-mode: k3sctl-managed
unidesk.ai/deploy-service-id: code-queue
annotations:
unidesk.ai/deploy-ref: origin/deploy/dev
unidesk.ai/image-source: deploy-dev-commit
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: provider-egress-proxy
app.kubernetes.io/instance: d601-dev-provider-egress-proxy
unidesk.ai/environment: dev
unidesk.ai/provider-id: D601-dev
unidesk.ai/deploy-service-id: code-queue
template:
metadata:
labels:
app.kubernetes.io/name: provider-egress-proxy
app.kubernetes.io/part-of: unidesk
app.kubernetes.io/instance: d601-dev-provider-egress-proxy
unidesk.ai/environment: dev
unidesk.ai/provider-id: D601-dev
unidesk.ai/node-id: D601
unidesk.ai/deploy-service-id: code-queue
spec:
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
nodeSelector:
unidesk.ai/node-id: D601
containers:
- name: provider-egress-proxy
image: unidesk-code-queue:dev-placeholder
imagePullPolicy: IfNotPresent
command:
- bun
- /etc/unidesk-provider-egress/provider-egress-proxy.js
ports:
- name: http
containerPort: 18791
env:
- name: PROVIDER_EGRESS_LISTEN_PORT
value: "18791"
- name: PROVIDER_EGRESS_UPSTREAM_HOST
value: "127.0.0.1"
- name: PROVIDER_EGRESS_UPSTREAM_PORT
value: "18789"
- name: UNIDESK_DEPLOY_SERVICE_ID
value: code-queue
- name: UNIDESK_DEPLOY_REPO
value: https://github.com/pikasTech/unidesk
- name: UNIDESK_DEPLOY_COMMIT
value: replace-with-deploy-dev-commit
- name: UNIDESK_DEPLOY_REQUESTED_COMMIT
value: replace-with-deploy-dev-commit
volumeMounts:
- name: script
mountPath: /etc/unidesk-provider-egress
readOnly: true
readinessProbe:
tcpSocket:
port: http
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 12
livenessProbe:
tcpSocket:
port: http
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 6
volumes:
- name: script
configMap:
name: d601-dev-provider-egress-proxy
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: code-queue-scheduler-dev
namespace: unidesk-dev
labels:
app.kubernetes.io/name: code-queue
app.kubernetes.io/component: scheduler
app.kubernetes.io/part-of: unidesk
app.kubernetes.io/instance: code-queue-scheduler-dev
unidesk.ai/environment: dev
unidesk.ai/deployment-mode: k3sctl-managed
unidesk.ai/deploy-service-id: code-queue
annotations:
unidesk.ai/deploy-ref: origin/deploy/dev
unidesk.ai/image-source: deploy-dev-commit
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
selector:
matchLabels:
app.kubernetes.io/name: code-queue
app.kubernetes.io/component: scheduler
app.kubernetes.io/instance: code-queue-scheduler-dev
unidesk.ai/environment: dev
unidesk.ai/deploy-service-id: code-queue
template:
metadata:
labels:
app.kubernetes.io/name: code-queue
app.kubernetes.io/component: scheduler
app.kubernetes.io/part-of: unidesk
app.kubernetes.io/instance: code-queue-scheduler-dev
unidesk.ai/environment: dev
unidesk.ai/node-id: D601
unidesk.ai/deploy-service-id: code-queue
spec:
nodeSelector:
unidesk.ai/node-id: D601
terminationGracePeriodSeconds: 30
containers:
- name: code-queue
image: unidesk-code-queue:dev-placeholder
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 4222
envFrom:
- configMapRef:
name: unidesk-dev-runtime-config
- secretRef:
name: unidesk-dev-runtime-secrets
env:
- name: HOST
value: "0.0.0.0"
- name: PORT
value: "4222"
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: unidesk-dev-runtime-secrets
key: DATABASE_URL
- name: UNIDESK_DATABASE_NAME
value: unidesk_dev
- name: UNIDESK_DEPLOY_SERVICE_ID
value: code-queue
- name: UNIDESK_DEPLOY_REPO
value: https://github.com/pikasTech/unidesk
- name: UNIDESK_DEPLOY_COMMIT
value: replace-with-deploy-dev-commit
- name: UNIDESK_DEPLOY_REQUESTED_COMMIT
value: replace-with-deploy-dev-commit
- name: CODE_QUEUE_DEPLOY_COMMIT
value: replace-with-deploy-dev-commit
- name: CODE_QUEUE_DEPLOY_REQUESTED_COMMIT
value: replace-with-deploy-dev-commit
- name: CODE_QUEUE_INSTANCE_ID
value: D601-dev
- name: CODE_QUEUE_SERVICE_ROLE
value: scheduler
- name: CODE_QUEUE_SCHEDULER_ENABLED
value: "true"
- name: CODE_QUEUE_SCHEDULER_POLL_INTERVAL_MS
value: "3000"
- name: CODE_QUEUE_DATABASE_POOL_MAX
value: "2"
- name: CODE_QUEUE_MAX_ACTIVE_QUEUES
value: "1"
- name: CODE_QUEUE_SANDBOX
value: danger-full-access
- name: CODE_QUEUE_APPROVAL_POLICY
value: never
- name: CODE_QUEUE_EGRESS_PROXY_ENABLED
value: "true"
- name: CODE_QUEUE_EGRESS_PROXY_URL
value: http://d601-dev-provider-egress-proxy.unidesk-dev.svc.cluster.local:18789
- name: CODE_QUEUE_EGRESS_PROXY_NO_PROXY
value: localhost,127.0.0.1,::1,host.docker.internal,d601-dev-provider-egress-proxy,d601-dev-provider-egress-proxy.unidesk-dev,d601-dev-provider-egress-proxy.unidesk-dev.svc,d601-dev-provider-egress-proxy.unidesk-dev.svc.cluster.local,postgres-dev,postgres-dev.unidesk-dev,postgres-dev.unidesk-dev.svc,postgres-dev.unidesk-dev.svc.cluster.local,backend-core-dev,frontend-dev
- name: HTTP_PROXY
value: http://d601-dev-provider-egress-proxy.unidesk-dev.svc.cluster.local:18789
- name: HTTPS_PROXY
value: http://d601-dev-provider-egress-proxy.unidesk-dev.svc.cluster.local:18789
- name: ALL_PROXY
value: http://d601-dev-provider-egress-proxy.unidesk-dev.svc.cluster.local:18789
- name: http_proxy
value: http://d601-dev-provider-egress-proxy.unidesk-dev.svc.cluster.local:18789
- name: https_proxy
value: http://d601-dev-provider-egress-proxy.unidesk-dev.svc.cluster.local:18789
- name: all_proxy
value: http://d601-dev-provider-egress-proxy.unidesk-dev.svc.cluster.local:18789
- name: NO_PROXY
value: localhost,127.0.0.1,::1,host.docker.internal,d601-dev-provider-egress-proxy,d601-dev-provider-egress-proxy.unidesk-dev,d601-dev-provider-egress-proxy.unidesk-dev.svc,d601-dev-provider-egress-proxy.unidesk-dev.svc.cluster.local,postgres-dev,postgres-dev.unidesk-dev,postgres-dev.unidesk-dev.svc,postgres-dev.unidesk-dev.svc.cluster.local,backend-core-dev,frontend-dev
- name: no_proxy
value: localhost,127.0.0.1,::1,host.docker.internal,d601-dev-provider-egress-proxy,d601-dev-provider-egress-proxy.unidesk-dev,d601-dev-provider-egress-proxy.unidesk-dev.svc,d601-dev-provider-egress-proxy.unidesk-dev.svc.cluster.local,postgres-dev,postgres-dev.unidesk-dev,postgres-dev.unidesk-dev.svc,postgres-dev.unidesk-dev.svc.cluster.local,backend-core-dev,frontend-dev
- name: OA_EVENT_FLOW_BASE_URL
value: http://127.0.0.1:9
- name: CODE_QUEUE_NOTIFY_CLAUDEQQ_ENABLED
value: "false"
- name: CODE_QUEUE_CODEX_SQLITE_LOG_EXPORT_ENABLED
value: "false"
- name: NODE_OPTIONS
value: --max-old-space-size=1024
- name: LOG_FILE
value: /var/log/unidesk-dev/code-queue-scheduler-dev.jsonl
volumeMounts:
- name: docker-sock
mountPath: /var/run/docker.sock
- name: workspace
mountPath: /workspace-dev
- name: workspace
mountPath: /home/ubuntu/unidesk-dev-workspace
- name: repo
mountPath: /root/unidesk
readOnly: true
- name: codex-config
mountPath: /root/.codex/config.toml
readOnly: true
- name: codex-auth
mountPath: /root/.codex/auth.json
readOnly: true
- name: ssh-dir
mountPath: /root/.ssh
readOnly: true
- name: logs
mountPath: /var/log/unidesk-dev
- name: state
mountPath: /var/lib/unidesk-dev/code-queue
readinessProbe:
httpGet:
path: /health
port: http
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 20
livenessProbe:
httpGet:
path: /live
port: http
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 6
startupProbe:
httpGet:
path: /live
port: http
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 60
resources:
requests:
cpu: 150m
memory: 384Mi
limits:
memory: 3Gi
volumes:
- name: docker-sock
hostPath:
path: /var/run/docker.sock
type: Socket
- name: workspace
hostPath:
path: /home/ubuntu/unidesk-dev-workspace
type: DirectoryOrCreate
- name: repo
hostPath:
path: /home/ubuntu/unidesk-dev-code-queue-deploy/code-queue
type: Directory
- name: codex-config
hostPath:
path: /home/ubuntu/.codex/config.toml
type: File
- name: codex-auth
hostPath:
path: /home/ubuntu/.codex/auth.json
type: File
- name: ssh-dir
hostPath:
path: /home/ubuntu/.ssh
type: Directory
- name: logs
hostPath:
path: /home/ubuntu/unidesk-dev-code-queue-deploy/state/logs
type: DirectoryOrCreate
- name: state
hostPath:
path: /home/ubuntu/unidesk-dev-code-queue-deploy/state/code-queue
type: DirectoryOrCreate
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: code-queue-read-dev
namespace: unidesk-dev
labels:
app.kubernetes.io/name: code-queue
app.kubernetes.io/component: read
app.kubernetes.io/part-of: unidesk
app.kubernetes.io/instance: code-queue-read-dev
unidesk.ai/environment: dev
unidesk.ai/deployment-mode: k3sctl-managed
unidesk.ai/deploy-service-id: code-queue
annotations:
unidesk.ai/deploy-ref: origin/deploy/dev
unidesk.ai/image-source: deploy-dev-commit
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: code-queue
app.kubernetes.io/component: read
app.kubernetes.io/instance: code-queue-read-dev
unidesk.ai/environment: dev
unidesk.ai/deploy-service-id: code-queue
template:
metadata:
labels:
app.kubernetes.io/name: code-queue
app.kubernetes.io/component: read
app.kubernetes.io/part-of: unidesk
app.kubernetes.io/instance: code-queue-read-dev
unidesk.ai/environment: dev
unidesk.ai/node-id: D601
unidesk.ai/deploy-service-id: code-queue
spec:
nodeSelector:
unidesk.ai/node-id: D601
terminationGracePeriodSeconds: 20
containers:
- name: code-queue
image: unidesk-code-queue:dev-placeholder
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 4222
envFrom:
- configMapRef:
name: unidesk-dev-runtime-config
- secretRef:
name: unidesk-dev-runtime-secrets
env:
- name: HOST
value: "0.0.0.0"
- name: PORT
value: "4222"
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: unidesk-dev-runtime-secrets
key: DATABASE_URL
- name: UNIDESK_DATABASE_NAME
value: unidesk_dev
- name: UNIDESK_DEPLOY_SERVICE_ID
value: code-queue
- name: UNIDESK_DEPLOY_REPO
value: https://github.com/pikasTech/unidesk
- name: UNIDESK_DEPLOY_COMMIT
value: replace-with-deploy-dev-commit
- name: UNIDESK_DEPLOY_REQUESTED_COMMIT
value: replace-with-deploy-dev-commit
- name: CODE_QUEUE_DEPLOY_COMMIT
value: replace-with-deploy-dev-commit
- name: CODE_QUEUE_DEPLOY_REQUESTED_COMMIT
value: replace-with-deploy-dev-commit
- name: CODE_QUEUE_INSTANCE_ID
value: D601-dev-read
- name: CODE_QUEUE_SERVICE_ROLE
value: read
- name: CODE_QUEUE_SCHEDULER_ENABLED
value: "false"
- name: CODE_QUEUE_DATABASE_POOL_MAX
value: "2"
- name: CODE_QUEUE_EGRESS_PROXY_ENABLED
value: "false"
- name: CODE_QUEUE_NOTIFY_CLAUDEQQ_ENABLED
value: "false"
- name: CODE_QUEUE_CODEX_SQLITE_LOG_EXPORT_ENABLED
value: "false"
- name: NODE_OPTIONS
value: --max-old-space-size=512
- name: LOG_FILE
value: /var/log/unidesk-dev/code-queue-read-dev.jsonl
volumeMounts:
- name: repo
mountPath: /root/unidesk
readOnly: true
- name: logs
mountPath: /var/log/unidesk-dev
- name: state
mountPath: /var/lib/unidesk-dev/code-queue
readinessProbe:
httpGet:
path: /live
port: http
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 20
livenessProbe:
httpGet:
path: /live
port: http
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 6
startupProbe:
httpGet:
path: /live
port: http
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 60
resources:
requests:
cpu: 80m
memory: 192Mi
limits:
memory: 768Mi
volumes:
- name: repo
hostPath:
path: /home/ubuntu/unidesk-dev-code-queue-deploy/code-queue
type: Directory
- name: logs
hostPath:
path: /home/ubuntu/unidesk-dev-code-queue-deploy/state/logs
type: DirectoryOrCreate
- name: state
hostPath:
path: /home/ubuntu/unidesk-dev-code-queue-deploy/state/code-queue
type: DirectoryOrCreate
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: code-queue-write-dev
namespace: unidesk-dev
labels:
app.kubernetes.io/name: code-queue
app.kubernetes.io/component: write
app.kubernetes.io/part-of: unidesk
app.kubernetes.io/instance: code-queue-write-dev
unidesk.ai/environment: dev
unidesk.ai/deployment-mode: k3sctl-managed
unidesk.ai/deploy-service-id: code-queue
annotations:
unidesk.ai/deploy-ref: origin/deploy/dev
unidesk.ai/image-source: deploy-dev-commit
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: code-queue
app.kubernetes.io/component: write
app.kubernetes.io/instance: code-queue-write-dev
unidesk.ai/environment: dev
unidesk.ai/deploy-service-id: code-queue
template:
metadata:
labels:
app.kubernetes.io/name: code-queue
app.kubernetes.io/component: write
app.kubernetes.io/part-of: unidesk
app.kubernetes.io/instance: code-queue-write-dev
unidesk.ai/environment: dev
unidesk.ai/node-id: D601
unidesk.ai/deploy-service-id: code-queue
spec:
nodeSelector:
unidesk.ai/node-id: D601
terminationGracePeriodSeconds: 20
containers:
- name: code-queue
image: unidesk-code-queue:dev-placeholder
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 4222
envFrom:
- configMapRef:
name: unidesk-dev-runtime-config
- secretRef:
name: unidesk-dev-runtime-secrets
env:
- name: HOST
value: "0.0.0.0"
- name: PORT
value: "4222"
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: unidesk-dev-runtime-secrets
key: DATABASE_URL
- name: UNIDESK_DATABASE_NAME
value: unidesk_dev
- name: UNIDESK_DEPLOY_SERVICE_ID
value: code-queue
- name: UNIDESK_DEPLOY_REPO
value: https://github.com/pikasTech/unidesk
- name: UNIDESK_DEPLOY_COMMIT
value: replace-with-deploy-dev-commit
- name: UNIDESK_DEPLOY_REQUESTED_COMMIT
value: replace-with-deploy-dev-commit
- name: CODE_QUEUE_DEPLOY_COMMIT
value: replace-with-deploy-dev-commit
- name: CODE_QUEUE_DEPLOY_REQUESTED_COMMIT
value: replace-with-deploy-dev-commit
- name: CODE_QUEUE_INSTANCE_ID
value: D601-dev-write
- name: CODE_QUEUE_SERVICE_ROLE
value: write
- name: CODE_QUEUE_SCHEDULER_ENABLED
value: "false"
- name: CODE_QUEUE_DATABASE_POOL_MAX
value: "2"
- name: CODE_QUEUE_EGRESS_PROXY_ENABLED
value: "false"
- name: CODE_QUEUE_NOTIFY_CLAUDEQQ_ENABLED
value: "false"
- name: CODE_QUEUE_CODEX_SQLITE_LOG_EXPORT_ENABLED
value: "false"
- name: NODE_OPTIONS
value: --max-old-space-size=512
- name: LOG_FILE
value: /var/log/unidesk-dev/code-queue-write-dev.jsonl
volumeMounts:
- name: repo
mountPath: /root/unidesk
readOnly: true
- name: logs
mountPath: /var/log/unidesk-dev
- name: state
mountPath: /var/lib/unidesk-dev/code-queue
readinessProbe:
httpGet:
path: /health
port: http
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 20
livenessProbe:
httpGet:
path: /live
port: http
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 6
startupProbe:
httpGet:
path: /live
port: http
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 60
resources:
requests:
cpu: 80m
memory: 192Mi
limits:
memory: 768Mi
volumes:
- name: repo
hostPath:
path: /home/ubuntu/unidesk-dev-code-queue-deploy/code-queue
type: Directory
- name: logs
hostPath:
path: /home/ubuntu/unidesk-dev-code-queue-deploy/state/logs
type: DirectoryOrCreate
- name: state
hostPath:
path: /home/ubuntu/unidesk-dev-code-queue-deploy/state/code-queue
type: DirectoryOrCreate