farhoodlabs/trebuchet
8
0
Fork 0
Code Issues Pull Requests 5 Actions Packages Projects Releases Wiki Activity

fix(api): use trebuchet-* names + dedicated worker SA in Job spec
CI / Build & push worker image (pull_request) Has been skipped
Details
CI / Type-check & lint (pull_request) Failing after 2m9s
Details
CI / Build & push API image (pull_request) Has been skipped
Details

Browse Source 
The app was renamed hightower → trebuchet but the worker Job spec still
referenced hightower-workspaces PVC, hightower-temporal Service, and used
the default ServiceAccount.  These break at runtime (the hightower-*
resources don't exist) and block tightening the Istio ambient
AuthorizationPolicies in farhoodlabs/infra.

- PVC claimName: hightower-workspaces → trebuchet-workspaces
- TEMPORAL_ADDRESS env: hightower-temporal:7233 → trebuchet-temporal:7233
- serviceAccountName: default → trebuchet-worker
- config.ts default: hightower-temporal:7233 → trebuchet-temporal:7233

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Chris Farhood
2026-05-23 16:06:42 +00:00
committed by Hugh Commit [agent]
parent 70af2b12db
commit a96bd1065a
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/api/src/config.ts
+1 -1
View File
@@ -30,7 +30,7 @@ export function loadConfig(): Config {
return {
port: Number(process.env.PORT) || 3000,
mcpPort: Number(process.env.MCP_PORT) || 3100,
temporalAddress: process.env.TEMPORAL_ADDRESS || 'hightower-temporal:7233',
temporalAddress: process.env.TEMPORAL_ADDRESS || 'trebuchet-temporal:7233',
apiKey,
k8sNamespace: process.env.K8S_NAMESPACE || 'hightower',
workerImage,
apps/api/src/services/job-builder.ts
+3 -3
View File
@@ -43,7 +43,7 @@ export function buildJobSpec(params: JobParams): k8s.V1Job {
// 2. Build volumes and mounts
const volumes: k8s.V1Volume[] = [
{ name: 'workspaces', persistentVolumeClaim: { claimName: 'hightower-workspaces' } },
{ name: 'workspaces', persistentVolumeClaim: { claimName: 'trebuchet-workspaces' } },
{ name: 'shm', emptyDir: { medium: 'Memory', sizeLimit: '2Gi' } },
];
@@ -96,7 +96,7 @@ export function buildJobSpec(params: JobParams): k8s.V1Job {
}
// 4. Env vars
const env: k8s.V1EnvVar[] = [{ name: 'TEMPORAL_ADDRESS', value: 'hightower-temporal:7233' }];
const env: k8s.V1EnvVar[] = [{ name: 'TEMPORAL_ADDRESS', value: 'trebuchet-temporal:7233' }];
// 5. Construct the Job
return {
@@ -123,7 +123,7 @@ export function buildJobSpec(params: JobParams): k8s.V1Job {
},
spec: {
restartPolicy: 'Never',
serviceAccountName: 'default',
serviceAccountName: 'trebuchet-worker',
securityContext: {
seccompProfile: { type: 'Unconfined' },
// Claude Code refuses --allow-dangerously-skip-permissions as root.