Files
pikasTech-unidesk/docs/reference/nc01.md
T

2.5 KiB

NC01 Reference

NC01 is the current host registered as a UniDesk provider-gateway node. Host maintenance uses trans NC01 ...; Kubernetes maintenance uses trans NC01:k3s ....

Source Of Truth

  • Host k8s/provider config: config/unidesk-host-k8s.yaml.
  • Host proxy config: config/platform-infra/host-proxy.yaml#targets.NC01; NC01 host-proxy uses /root/vpn-server as the VPN server source.
  • HWLAB node/lane config: config/hwlab-node-lanes.yaml#lanes.v03.targets.NC01.
  • HWLAB control-plane config: config/hwlab-node-control-plane.yaml#nodes.NC01.
  • AgentRun config: config/agentrun.yaml, lane nc01-v02.
  • NC01 host PostgreSQL config: config/platform-db/postgres-nc01.yaml.

Fixed Repos

  • HWLAB v0.3 fixed repo: /root/hwlab, branch v0.3.
  • AgentRun v0.2 fixed repo: /root/agentrun, branch v0.2.
  • UniDesk source/config authority remains /root/unidesk.

Database Boundary

NC01 databases run on host-native PostgreSQL, not Docker or Kubernetes. Kubernetes workloads that need PostgreSQL must use YAML-declared external PostgreSQL bridge objects and Secrets.

For HWLAB v0.3, the Kubernetes Service nc01-host-postgres in namespace hwlab-v03 points to host PostgreSQL at 10.42.0.1:5432. Runtime database Secrets are sourced from .state/secrets/hwlab/* via YAML sourceRef and must only be reported as present/fingerprint metadata, never as full values.

GitHub Token

The local GitHub token source is .env/gh_token.txt. It must be stored as a bare token and consumed through controlled YAML/sourceRef or temporary non-printing credential helpers. Do not place the token in command argv, logs, committed files, or rendered manifests.

Public Exposure

NC01 HWLAB v0.3 does not require publicExposure unless YAML explicitly declares it and a real FRP token source is available. When publicExposure is absent, control-plane public probe is skipped and must not block runtime readiness.

Web-probe sentinel deployments that need public ingress must declare their own YAML publicExposure and Secret sourceRef. Do not create placeholder FRP tokens; a missing platform-infra/pk01-frp.env token source is a deployment blocker for FRP-backed public exposure.

Validation Entrypoints

  • Provider/trans: scripts/trans NC01 argv true.
  • NC01 k8s route: scripts/trans NC01:k3s kubectl get nodes -o wide.
  • HWLAB v0.3: bun scripts/cli.ts hwlab nodes control-plane status --node NC01 --lane v03 --full.
  • AgentRun v0.2: bun scripts/cli.ts agentrun control-plane status --node NC01 --lane nc01-v02.