2026-03-15 21:21:01 +00:00
|
|
|
# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
|
|
|
|
|
terraform {
|
|
|
|
|
required_providers {
|
|
|
|
|
vault = {
|
|
|
|
|
source = "hashicorp/vault"
|
|
|
|
|
version = "~> 4.0"
|
|
|
|
|
}
|
2026-04-16 16:31:36 +00:00
|
|
|
cloudflare = {
|
|
|
|
|
source = "cloudflare/cloudflare"
|
|
|
|
|
version = "~> 4"
|
|
|
|
|
}
|
2026-05-09 13:16:24 +00:00
|
|
|
authentik = {
|
|
|
|
|
source = "goauthentik/authentik"
|
|
|
|
|
version = "~> 2024.10"
|
|
|
|
|
}
|
trading-bot: revive K8s stack + add meet-kevin-watcher
Uncomment the trading-bot stack (disabled 2026-04-06 due to resource
consumption) and add the new meet_kevin_watcher service container.
Changes:
- Uncomment the /* ... */ block enclosing the entire stack
- Fix db_init job: add -d postgres to psql commands (root user has no
root-named database — matches pattern used in claude-memory + others)
- Remove 3 disabled containers from trading-bot-workers Pod spec:
news-fetcher, sentiment-analyzer, trade-executor
- Add new meet-kevin-watcher container (image
viktorbarzin/trading-bot-service:latest, command
python -m services.meet_kevin_watcher.main, mem 128Mi/256Mi)
- Extend ExternalSecret with TRADING_OPENROUTER_API_KEY and
TRADING_MEET_KEVIN_CHANNEL_ID keys (sourced from Vault
secret/trading-bot)
- Add 4 common_env entries for the Meet Kevin pipeline
(poll interval, daily cost cap, model slug, prompt version)
- Update lifecycle.ignore_changes to 4 image indices
vault: re-enable pg-trading static role
- Add pg-trading to vault_database_secret_backend_connection allowed_roles
- Uncomment vault_database_secret_backend_static_role.pg_trading
(was disabled 2026-04-06 with the rest of trading-bot stack)
kyverno: add postgres* to trusted-registries allowlist
- trading-bot db_init uses postgres:16-alpine (Docker Hub library image)
- postgres* was not in the DockerHub bare-name allowlist (unlike mysql*,
alpine*, nginx*, python* which were already there)
Final workers Pod containers (in order):
[0] signal-generator
[1] learning-engine
[2] market-data
[3] meet-kevin-watcher (NEW)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-22 11:23:30 +00:00
|
|
|
# kubectl (gavinbunney) — workaround for hashicorp/kubernetes
|
|
|
|
|
# `kubernetes_manifest` panics on Kyverno CRDs. See beads code-e2dp.
|
|
|
|
|
# Declared for all stacks but only used where opted-in.
|
|
|
|
|
kubectl = {
|
|
|
|
|
source = "gavinbunney/kubectl"
|
|
|
|
|
version = "~> 1.14"
|
|
|
|
|
}
|
2026-05-26 21:09:48 +00:00
|
|
|
proxmox = {
|
|
|
|
|
source = "telmate/proxmox"
|
|
|
|
|
version = "3.0.2-rc07"
|
|
|
|
|
}
|
2026-03-15 21:21:01 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
variable "kube_config_path" {
|
|
|
|
|
type = string
|
|
|
|
|
default = "~/.kube/config"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
provider "kubernetes" {
|
|
|
|
|
config_path = var.kube_config_path
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
provider "helm" {
|
|
|
|
|
kubernetes = {
|
|
|
|
|
config_path = var.kube_config_path
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
provider "vault" {
|
|
|
|
|
address = "https://vault.viktorbarzin.me"
|
|
|
|
|
skip_child_token = true
|
|
|
|
|
}
|
trading-bot: revive K8s stack + add meet-kevin-watcher
Uncomment the trading-bot stack (disabled 2026-04-06 due to resource
consumption) and add the new meet_kevin_watcher service container.
Changes:
- Uncomment the /* ... */ block enclosing the entire stack
- Fix db_init job: add -d postgres to psql commands (root user has no
root-named database — matches pattern used in claude-memory + others)
- Remove 3 disabled containers from trading-bot-workers Pod spec:
news-fetcher, sentiment-analyzer, trade-executor
- Add new meet-kevin-watcher container (image
viktorbarzin/trading-bot-service:latest, command
python -m services.meet_kevin_watcher.main, mem 128Mi/256Mi)
- Extend ExternalSecret with TRADING_OPENROUTER_API_KEY and
TRADING_MEET_KEVIN_CHANNEL_ID keys (sourced from Vault
secret/trading-bot)
- Add 4 common_env entries for the Meet Kevin pipeline
(poll interval, daily cost cap, model slug, prompt version)
- Update lifecycle.ignore_changes to 4 image indices
vault: re-enable pg-trading static role
- Add pg-trading to vault_database_secret_backend_connection allowed_roles
- Uncomment vault_database_secret_backend_static_role.pg_trading
(was disabled 2026-04-06 with the rest of trading-bot stack)
kyverno: add postgres* to trusted-registries allowlist
- trading-bot db_init uses postgres:16-alpine (Docker Hub library image)
- postgres* was not in the DockerHub bare-name allowlist (unlike mysql*,
alpine*, nginx*, python* which were already there)
Final workers Pod containers (in order):
[0] signal-generator
[1] learning-engine
[2] market-data
[3] meet-kevin-watcher (NEW)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-22 11:23:30 +00:00
|
|
|
|
|
|
|
|
provider "kubectl" {
|
|
|
|
|
config_path = var.kube_config_path
|
|
|
|
|
load_config_file = true
|
|
|
|
|
}
|
