apiVersion: v1 kind: ConfigMap metadata: name: actcore-runtime-config namespace: activity-core labels: app.kubernetes.io/name: activity-core app.kubernetes.io/part-of: activity-core data: TEMPORAL_HOST: actcore-temporal:7233 TEMPORAL_NAMESPACE: default NATS_URL: nats://actcore-nats:4222 STATE_HUB_URL: http://actcore-state-hub-bridge:8000 REPO_SCOPING_URL: http://repo-scoping.repo-scoping.svc.cluster.local:8020 ISSUE_CORE_URL: http://issue-core.issue-core.svc.cluster.local:8010 ISSUE_SINK_TYPE: "null" ACTIVITY_DEFINITION_DIRS: /etc/activity-core/external-definitions OPS_INVENTORY_PATH: /etc/activity-core/ops/service-inventory.yml INTER_HUB_URL: "" OPS_HUB_WIDGET_MAPPING: "" PROMETHEUS_BIND_ADDR: 0.0.0.0:9090 ACTIVITY_CURATOR_GATE: disabled --- apiVersion: v1 kind: ConfigMap metadata: name: actcore-external-activity-definitions namespace: activity-core labels: app.kubernetes.io/name: activity-core app.kubernetes.io/part-of: activity-core data: hourly-recently-on-scope.md: | --- id: "d104348c-d792-4377-943c-70a31e81a9bc" name: "Hourly RecentlyOnScope Reports" type: activity-definition version: "1.0" enabled: true owner: custodian governance: custodian status: active created: "2026-05-22" trigger: type: cron cron_expression: "0 * * * *" timezone: Europe/Berlin misfire_policy: skip context_sources: - type: state-hub query: recently_on_scope_hourly required: true params: range: "1h" active_only: true include_attention: false bind_to: context.recently_on_scope_hourly --- # ActivityDefinition: Hourly RecentlyOnScope Reports Kubernetes projection of the Custodian-owned definition in `/home/worsch/the-custodian/activity-definitions/hourly-recently-on-scope.md`. ops-service-inventory-probes.md: | --- id: "40d15a87-7ff6-4d8e-992c-37df15f95110" name: "Ops Service Inventory Probes" type: activity-definition version: "0.1" enabled: false owner: custodian governance: custodian status: proposed created: "2026-06-05" trigger: type: cron cron_expression: "15 * * * *" timezone: Europe/Berlin misfire_policy: skip context_sources: - type: ops-inventory query: probe_services required: false params: inventory_path: /etc/activity-core/ops/service-inventory.yml timeout_seconds: 10 include_kinds: - http - https allow_network: true evidence_sinks: - type: state-hub-progress event_type: ops_inventory_probe author: activity-core bind_to: context.ops_inventory_probe --- # ActivityDefinition: Ops Service Inventory Probes Disabled Railiance projection of the Custodian-owned definition in `/home/worsch/the-custodian/activity-definitions/ops-service-inventory-probes.md`. Keep disabled until ops-hub Inter-Hub evidence intake is active. --- apiVersion: v1 kind: ConfigMap metadata: name: actcore-ops-service-inventory namespace: activity-core labels: app.kubernetes.io/name: activity-core app.kubernetes.io/part-of: activity-core data: service-inventory.yml: | version: 1 last_reviewed: "2026-06-05" policy: non_secret_inventory: true source_of_truth: "/home/worsch/the-custodian/ops/service-inventory.yml" projection: "Railiance activity-core ConfigMap snapshot for disabled probes" environments: - id: local name: "Local Workstation" role: "Workstation development and local operations" lifecycle_state: observed - id: coulombcore name: "CoulombCore" role: "Transitional production-like runtime" lifecycle_state: observed - id: railiance01 name: "Railiance01" role: "First ThreePhoenix foundation node" lifecycle_state: observed - id: threephoenix-prod name: "ThreePhoenix Production" role: "Target governed production topology" lifecycle_state: planned hosts: - id: local-workstation environment: local role: "State Hub and operator workstation runtime" - id: coulombcore environment: coulombcore address: "92.205.130.254" role: "Current live production-like server" - id: railiance01 environment: railiance01 address: "92.205.62.239" role: "First ThreePhoenix foundation node" clusters: - id: coulombcore-k3s environment: coulombcore host: coulombcore kind: k3s lifecycle_state: observed - id: railiance01-k3s environment: railiance01 host: railiance01 kind: k3s lifecycle_state: observed services: - id: gitea name: "Gitea" kind: application lifecycle_state: observed health_status: unknown environment: coulombcore owner_repos: - railiance-apps runtime: type: k3s cluster: coulombcore-k3s namespace: default endpoints: - id: gitea-oci-registry type: https url: "https://gitea.coulomb.social/v2/" expected_status: 401 expected_signal: "OCI registry auth challenge" widget_ref: "ops:endpoint:gitea-registry" backing_stores: - "database:gitea-db" - "pvc:default/gitea-shared-storage" access_paths: - type: k8s target: "coulombcore-k3s/default" status: unknown evidence: [] gaps: - "Backup and restore evidence for database and shared storage not recorded in ops inventory." - id: state-hub name: "State Hub" kind: coordination-service lifecycle_state: observed health_status: observed_ok environment: local owner_repos: - state-hub - the-custodian runtime: type: local-process host: local-workstation endpoints: - id: state-hub-local-api type: http url: "http://actcore-state-hub-bridge:8000/state/health" expected_status: 200 expected_signal: "health response" backing_stores: - "postgresql:state-hub" access_paths: - type: http target: "http://actcore-state-hub-bridge:8000" status: observed_ok evidence: [] gaps: - "Future cluster deployment readiness still needs ops evidence." - id: inter-hub name: "Inter-Hub" kind: governance-service lifecycle_state: observed health_status: unknown environment: threephoenix-prod owner_repos: - inter-hub runtime: type: external public_endpoint: "https://hub.coulomb.social" endpoints: - id: inter-hub-openapi type: https url: "https://hub.coulomb.social/api/v2/openapi.json" expected_status: 200 expected_signal: "OpenAPI document" - id: inter-hub-ui type: https url: "https://hub.coulomb.social/Hubs" expected_status: 302 expected_signal: "login redirect when unauthenticated" backing_stores: [] access_paths: - type: https target: "https://hub.coulomb.social" status: unknown evidence: [] gaps: - "ops-hub bootstrap requires authenticated UI flow or deployment-side migration." - id: activity-core name: "activity-core" kind: automation-service lifecycle_state: observed health_status: observed_ok environment: railiance01 owner_repos: - activity-core - the-custodian runtime: type: k3s cluster: railiance01-k3s namespace: activity-core endpoints: - id: activity-core-api type: cluster-http url: "http://actcore-api:8010/health" expected_status: 200 expected_signal: "db" backing_stores: - "postgresql:activity-core" - "temporal:activity-core" - "nats:railiance01" access_paths: - type: k8s target: "railiance01-k3s/activity-core" status: observed_ok evidence: [] gaps: - "Add explicit ops inventory probes and evidence events." --- apiVersion: v1 kind: Service metadata: name: actcore-state-hub-bridge namespace: activity-core labels: app.kubernetes.io/name: actcore-state-hub-bridge app.kubernetes.io/part-of: activity-core spec: selector: app.kubernetes.io/name: actcore-state-hub-bridge ports: - name: http port: 8000 targetPort: http --- apiVersion: apps/v1 kind: Deployment metadata: name: actcore-state-hub-bridge namespace: activity-core labels: app.kubernetes.io/name: actcore-state-hub-bridge app.kubernetes.io/part-of: activity-core spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: actcore-state-hub-bridge template: metadata: labels: app.kubernetes.io/name: actcore-state-hub-bridge app.kubernetes.io/part-of: activity-core spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - name: proxy image: activity-core:railiance01-prod imagePullPolicy: Never ports: - name: http containerPort: 18080 command: - python - -c - | from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer from urllib.error import HTTPError, URLError from urllib.request import Request, urlopen TARGET = "http://127.0.0.1:18000" HOP_HEADERS = {"connection", "host", "keep-alive", "proxy-authenticate", "proxy-authorization", "te", "trailers", "transfer-encoding", "upgrade"} class Proxy(BaseHTTPRequestHandler): def do_GET(self): self._proxy() def do_POST(self): self._proxy() def do_PATCH(self): self._proxy() def _proxy(self): length = int(self.headers.get("content-length", "0") or "0") body = self.rfile.read(length) if length else None headers = { key: value for key, value in self.headers.items() if key.lower() not in HOP_HEADERS } request = Request( TARGET + self.path, data=body, headers=headers, method=self.command, ) try: with urlopen(request, timeout=30) as response: payload = response.read() self.send_response(response.status) for key, value in response.headers.items(): if key.lower() not in HOP_HEADERS: self.send_header(key, value) self.end_headers() self.wfile.write(payload) except HTTPError as exc: payload = exc.read() self.send_response(exc.code) self.end_headers() self.wfile.write(payload) except URLError as exc: self.send_response(502) self.end_headers() self.wfile.write(str(exc).encode()) ThreadingHTTPServer(("0.0.0.0", 18080), Proxy).serve_forever() readinessProbe: httpGet: path: /state/summary port: http initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 --- apiVersion: batch/v1 kind: Job metadata: name: actcore-migrate namespace: activity-core labels: app.kubernetes.io/name: actcore-migrate app.kubernetes.io/part-of: activity-core spec: backoffLimit: 3 template: metadata: labels: app.kubernetes.io/name: actcore-migrate app.kubernetes.io/part-of: activity-core spec: restartPolicy: OnFailure containers: - name: migrate image: activity-core:railiance01-prod imagePullPolicy: Never command: ["python", "-m", "alembic", "upgrade", "head"] envFrom: - configMapRef: name: actcore-runtime-config - secretRef: name: actcore-runtime-secret --- apiVersion: batch/v1 kind: Job metadata: name: actcore-sync namespace: activity-core labels: app.kubernetes.io/name: actcore-sync app.kubernetes.io/part-of: activity-core spec: backoffLimit: 3 template: metadata: labels: app.kubernetes.io/name: actcore-sync app.kubernetes.io/part-of: activity-core spec: restartPolicy: OnFailure containers: - name: sync image: activity-core:railiance01-prod imagePullPolicy: Never command: - sh - -c - python scripts/sync_event_types.py && python -m activity_core.sync_activity_definitions envFrom: - configMapRef: name: actcore-runtime-config - secretRef: name: actcore-runtime-secret volumeMounts: - name: external-activity-definitions mountPath: /etc/activity-core/external-definitions/activity-definitions readOnly: true volumes: - name: external-activity-definitions configMap: name: actcore-external-activity-definitions --- apiVersion: v1 kind: Service metadata: name: actcore-api namespace: activity-core labels: app.kubernetes.io/name: actcore-api app.kubernetes.io/part-of: activity-core spec: selector: app.kubernetes.io/name: actcore-api ports: - name: http port: 8010 targetPort: http --- apiVersion: apps/v1 kind: Deployment metadata: name: actcore-api namespace: activity-core labels: app.kubernetes.io/name: actcore-api app.kubernetes.io/part-of: activity-core spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: actcore-api template: metadata: labels: app.kubernetes.io/name: actcore-api app.kubernetes.io/part-of: activity-core spec: containers: - name: api image: activity-core:railiance01-prod imagePullPolicy: Never command: ["uvicorn", "activity_core.api:app", "--host", "0.0.0.0", "--port", "8010"] ports: - name: http containerPort: 8010 envFrom: - configMapRef: name: actcore-runtime-config - secretRef: name: actcore-runtime-secret volumeMounts: - name: external-activity-definitions mountPath: /etc/activity-core/external-definitions/activity-definitions readOnly: true readinessProbe: httpGet: path: /health port: http initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 livenessProbe: httpGet: path: /health port: http initialDelaySeconds: 45 periodSeconds: 20 timeoutSeconds: 5 volumes: - name: external-activity-definitions configMap: name: actcore-external-activity-definitions --- apiVersion: v1 kind: Service metadata: name: actcore-worker-metrics namespace: activity-core labels: app.kubernetes.io/name: actcore-worker app.kubernetes.io/part-of: activity-core spec: selector: app.kubernetes.io/name: actcore-worker ports: - name: metrics port: 9090 targetPort: metrics --- apiVersion: apps/v1 kind: Deployment metadata: name: actcore-worker namespace: activity-core labels: app.kubernetes.io/name: actcore-worker app.kubernetes.io/part-of: activity-core spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: actcore-worker template: metadata: labels: app.kubernetes.io/name: actcore-worker app.kubernetes.io/part-of: activity-core spec: containers: - name: worker image: activity-core:railiance01-prod imagePullPolicy: Never command: ["python", "-m", "activity_core.worker"] ports: - name: metrics containerPort: 9090 envFrom: - configMapRef: name: actcore-runtime-config - secretRef: name: actcore-runtime-secret volumeMounts: - name: external-activity-definitions mountPath: /etc/activity-core/external-definitions/activity-definitions readOnly: true - name: ops-service-inventory mountPath: /etc/activity-core/ops readOnly: true volumes: - name: external-activity-definitions configMap: name: actcore-external-activity-definitions - name: ops-service-inventory configMap: name: actcore-ops-service-inventory --- apiVersion: apps/v1 kind: Deployment metadata: name: actcore-event-router namespace: activity-core labels: app.kubernetes.io/name: actcore-event-router app.kubernetes.io/part-of: activity-core spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: actcore-event-router template: metadata: labels: app.kubernetes.io/name: actcore-event-router app.kubernetes.io/part-of: activity-core spec: containers: - name: event-router image: activity-core:railiance01-prod imagePullPolicy: Never command: ["python", "-m", "activity_core.event_router"] envFrom: - configMapRef: name: actcore-runtime-config - secretRef: name: actcore-runtime-secret