Solana/Agave validators require at least 2 CPU threads for the
ip-echo-server. Increased defaults to support more resource-intensive
workloads.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
ConfigMaps containing scripts need execute permissions.
Without this, scripts mounted from ConfigMaps fail with
"permission denied" when used as container commands.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Docker-compose command and entrypoint are now passed to K8s:
- entrypoint -> K8s command (overrides ENTRYPOINT)
- command -> K8s args (overrides CMD)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Implement _expand_shell_vars to handle ${VAR}, ${VAR:-default}, ${VAR-default}
- Pass config file values to envs_from_compose_file for variable substitution
- Variables from config file still override expanded defaults
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Parse protocol suffix (e.g., "8001/udp") in port definitions
- Support multiple ports per container instead of just the first
- Include protocol in NodePort service names for uniqueness
- Enables Solana RPC deployments that require UDP for QUIC protocol
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add get_kind_cluster() to detect existing kind clusters
- Modify create_cluster() to reuse existing clusters automatically
- Add 'laconic-so deploy k8s list cluster' command
- Skip --stack requirement for k8s subcommand
This allows multiple deployments to share the same kind cluster,
simplifying local development workflows.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace nginx with Caddy as the default ingress controller for kind
deployments. Caddy provides automatic HTTPS via Let's Encrypt without
requiring cert-manager.
Changes:
- Add ingress-caddy-kind-deploy.yaml manifest with full RBAC setup
- Modify helpers.py to support configurable ingress_type parameter
- Update cluster_info.py to use caddy ingress class
- Add port 443 mapping for HTTPS support in kind config
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Lint Checks / Run linter (push) Failing after 5sDetails
Publish / Build and publish (push) Failing after 4sDetails
Webapp Test / Run webapp test suite (push) Failing after 3sDetails
Deploy Test / Run deploy test suite (push) Failing after 3sDetails
Smoke Test / Run basic test suite (push) Failing after 3sDetails
This adds two new commands: `publish-webapp-deployer` and `request-webapp-deployment`.
`publish-webapp-deployer` creates a `WebappDeployer` record, which provides information to requestors like the API URL, minimum required payment, payment address, and public key to use for encrypting config.
```
$ laconic-so publish-deployer-to-registry \
--laconic-config ~/.laconic/laconic.yml \
--api-url https://webapp-deployer-api.dev.vaasl.io \
--public-key-file webapp-deployer-api.dev.vaasl.io.pgp.pub \
--lrn lrn://laconic/deployers/webapp-deployer-api.dev.vaasl.io \
--min-required-payment 100000
```
`request-webapp-deployment` simplifies publishing a `WebappDeploymentRequest` and can also handle automatic payment, and encryption and upload of configuration.
```
$ laconic-so request-webapp-deployment \
--laconic-config ~/.laconic/laconic.yml \
--deployer lrn://laconic/deployers/webapp-deployer-api.dev.vaasl.io \
--app lrn://cerc-io/applications/webapp-hello-world@0.1.3 \
--env-file ~/yaml/hello.env \
--make-payment auto
```
Related changes are included for the deploy/undeploy commands for decrypting and using config, using the payment address from the WebappDeployer record, etc.
Reviewed-on: https://git.vdb.to/cerc-io/stack-orchestrator/pulls/938
Deploy Test / Run deploy test suite (push) Failing after 4sDetails
Webapp Test / Run webapp test suite (push) Failing after 3sDetails
Smoke Test / Run basic test suite (push) Failing after 4sDetails
Publish / Build and publish (push) Failing after 4sDetails
K8s Deployment Control Test / Run deployment control suite on kind/k8s (push) Failing after 3sDetails
Lint Checks / Run linter (push) Failing after 3sDetails
Reviewed-on: https://git.vdb.to/cerc-io/stack-orchestrator/pulls/917
Reviewed-by: Thomas E Lackey <telackey@noreply.git.vdb.to>
Co-authored-by: David Boreham <david@bozemanpass.com>
Co-committed-by: David Boreham <david@bozemanpass.com>
Lint Checks / Run linter (push) Failing after 4sDetails
Webapp Test / Run webapp test suite (push) Failing after 3sDetails
Publish / Build and publish (push) Failing after 5sDetails
Deploy Test / Run deploy test suite (push) Failing after 3sDetails
Smoke Test / Run basic test suite (push) Failing after 3sDetails
The str type check doesn't work if the port is a ruamel.yaml.scalarstring.SingleQuotedScalarString or ruamel.yaml.scalarstring.DoubleQuotedScalarString
Reviewed-on: https://git.vdb.to/cerc-io/stack-orchestrator/pulls/919
Co-authored-by: Thomas E Lackey <telackey@bozemanpass.com>
Co-committed-by: Thomas E Lackey <telackey@bozemanpass.com>
Reviewed-on: https://git.vdb.to/cerc-io/stack-orchestrator/pulls/918
Reviewed-by: Thomas E Lackey <telackey@noreply.git.vdb.to>
Co-authored-by: David Boreham <david@bozemanpass.com>
Co-committed-by: David Boreham <david@bozemanpass.com>
Deploy Test / Run deploy test suite (push) Failing after 3sDetails
Webapp Test / Run webapp test suite (push) Failing after 2sDetails
Publish / Build and publish (push) Failing after 4sDetails
Smoke Test / Run basic test suite (push) Failing after 2sDetails
Lint Checks / Run linter (push) Failing after 2sDetails
NodePort example:
```
network:
ports:
caddy:
- 1234
- 32020:2020
```
Replicas example:
```
replicas: 2
```
This also adds an optimization for k8s where if a directory matching the name of a configmap exists in beneath config/ in the stack, its contents will be copied into the corresponding configmap.
For example:
```
# Config files in the stack
❯ ls stack-orchestrator/config/caddyconfig
Caddyfile Caddyfile.one-req-per-upstream-example
# ConfigMap in the spec
❯ cat foo.yml | grep config
...
configmaps:
caddyconfig: ./configmaps/caddyconfig
# Create the deployment
❯ laconic-so --stack ~/cerc/caddy-ethcache/stack-orchestrator/stacks/caddy-ethcache deploy create --spec-file foo.yml
# The files from beneath config/<config_map_name> have been copied to the ConfigMap directory from the spec.
❯ ls deployment-001/configmaps/caddyconfig
Caddyfile Caddyfile.one-req-per-upstream-example
```
Reviewed-on: https://git.vdb.to/cerc-io/stack-orchestrator/pulls/913
Reviewed-by: David Boreham <dboreham@noreply.git.vdb.to>
Co-authored-by: Thomas E Lackey <telackey@bozemanpass.com>
Co-committed-by: Thomas E Lackey <telackey@bozemanpass.com>
Webapp Test / Run webapp test suite (push) Failing after 4sDetails
Deploy Test / Run deploy test suite (push) Failing after 3sDetails
Publish / Build and publish (push) Failing after 4sDetails
Smoke Test / Run basic test suite (push) Failing after 3sDetails
Lint Checks / Run linter (push) Failing after 3sDetails
Reviewed-on: https://git.vdb.to/cerc-io/stack-orchestrator/pulls/838
Reviewed-by: Thomas E Lackey <telackey@noreply.git.vdb.to>
Co-authored-by: David Boreham <david@bozemanpass.com>
Co-committed-by: David Boreham <david@bozemanpass.com>
Publish / Build and publish (push) Successful in 53sDetails
Deploy Test / Run deploy test suite (push) Successful in 3m39sDetails
Webapp Test / Run webapp test suite (push) Successful in 2m47sDetails
Smoke Test / Run basic test suite (push) Successful in 3m54sDetails
Lint Checks / Run linter (push) Failing after 3sDetails
Rather than always requesting a certificate, attempt to re-use an existing certificate if it already exists in the k8s cluster. This includes matching to a wildcard certificate.
Reviewed-on: https://git.vdb.to/cerc-io/stack-orchestrator/pulls/779
Co-authored-by: Thomas E Lackey <telackey@bozemanpass.com>
Co-committed-by: Thomas E Lackey <telackey@bozemanpass.com>
In kind, when we bind-mount a host directory it is first mounted into the kind container at /mnt, then into the pod at the desired location.
We accidentally picked this up for full-blown k8s, and were creating volumes at /mnt. This changes the behavior for both kind and regular k8s so that bind mounts are only allowed if a fully-qualified path is specified. If no path is specified at all, a default storageClass is assumed to be present, and the volume managed by a provisioner.
Eg, for kind, the default provisioner is: https://github.com/rancher/local-path-provisioner
```
stack: test
deploy-to: k8s-kind
config:
test-variable-1: test-value-1
network:
ports:
test:
- '80'
volumes:
# this will be bind-mounted to a host-path
test-data-bind: /srv/data
# this will be managed by the k8s node
test-data-auto:
configmaps:
test-config: ./configmap/test-config
```
Reviewed-on: https://git.vdb.to/cerc-io/stack-orchestrator/pulls/741
Co-authored-by: Thomas E Lackey <telackey@bozemanpass.com>
Co-committed-by: Thomas E Lackey <telackey@bozemanpass.com>
A. F. Dudley
Thomas E Lackey
David Boreham
Thomas E Lackey
David Boreham