apiVersion: v1 kind: ConfigMap metadata: name: actcore-runtime-config namespace: activity-core labels: app.kubernetes.io/name: activity-core app.kubernetes.io/part-of: activity-core data: TEMPORAL_HOST: actcore-temporal:7233 TEMPORAL_NAMESPACE: default NATS_URL: nats://actcore-nats:4222 STATE_HUB_URL: http://actcore-state-hub-bridge:8000 REPO_SCOPING_URL: http://repo-scoping.repo-scoping.svc.cluster.local:8020 ISSUE_CORE_URL: http://issue-core.issue-core.svc.cluster.local:8010 ISSUE_SINK_TYPE: "null" ACTIVITY_DEFINITION_DIRS: /etc/activity-core/external-definitions PROMETHEUS_BIND_ADDR: 0.0.0.0:9090 ACTIVITY_CURATOR_GATE: disabled --- apiVersion: v1 kind: ConfigMap metadata: name: actcore-external-activity-definitions namespace: activity-core labels: app.kubernetes.io/name: activity-core app.kubernetes.io/part-of: activity-core data: hourly-recently-on-scope.md: | --- id: "d104348c-d792-4377-943c-70a31e81a9bc" name: "Hourly RecentlyOnScope Reports" type: activity-definition version: "1.0" enabled: true owner: custodian governance: custodian status: active created: "2026-05-22" trigger: type: cron cron_expression: "0 * * * *" timezone: Europe/Berlin misfire_policy: skip context_sources: - type: state-hub query: recently_on_scope_hourly required: true params: range: "1h" active_only: true include_attention: false bind_to: context.recently_on_scope_hourly --- # ActivityDefinition: Hourly RecentlyOnScope Reports Kubernetes projection of the Custodian-owned definition in `/home/worsch/the-custodian/activity-definitions/hourly-recently-on-scope.md`. --- apiVersion: v1 kind: Service metadata: name: actcore-state-hub-bridge namespace: activity-core labels: app.kubernetes.io/name: actcore-state-hub-bridge app.kubernetes.io/part-of: activity-core spec: selector: app.kubernetes.io/name: actcore-state-hub-bridge ports: - name: http port: 8000 targetPort: http --- apiVersion: apps/v1 kind: Deployment metadata: name: actcore-state-hub-bridge namespace: activity-core labels: app.kubernetes.io/name: actcore-state-hub-bridge app.kubernetes.io/part-of: activity-core spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: actcore-state-hub-bridge template: metadata: labels: app.kubernetes.io/name: actcore-state-hub-bridge app.kubernetes.io/part-of: activity-core spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - name: proxy image: activity-core:railiance01-prod imagePullPolicy: Never ports: - name: http containerPort: 18080 command: - python - -c - | from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer from urllib.error import HTTPError, URLError from urllib.request import Request, urlopen TARGET = "http://127.0.0.1:18000" HOP_HEADERS = {"connection", "host", "keep-alive", "proxy-authenticate", "proxy-authorization", "te", "trailers", "transfer-encoding", "upgrade"} class Proxy(BaseHTTPRequestHandler): def do_GET(self): self._proxy() def do_POST(self): self._proxy() def do_PATCH(self): self._proxy() def _proxy(self): length = int(self.headers.get("content-length", "0") or "0") body = self.rfile.read(length) if length else None headers = { key: value for key, value in self.headers.items() if key.lower() not in HOP_HEADERS } request = Request( TARGET + self.path, data=body, headers=headers, method=self.command, ) try: with urlopen(request, timeout=30) as response: payload = response.read() self.send_response(response.status) for key, value in response.headers.items(): if key.lower() not in HOP_HEADERS: self.send_header(key, value) self.end_headers() self.wfile.write(payload) except HTTPError as exc: payload = exc.read() self.send_response(exc.code) self.end_headers() self.wfile.write(payload) except URLError as exc: self.send_response(502) self.end_headers() self.wfile.write(str(exc).encode()) ThreadingHTTPServer(("0.0.0.0", 18080), Proxy).serve_forever() readinessProbe: httpGet: path: /state/summary port: http initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 --- apiVersion: batch/v1 kind: Job metadata: name: actcore-migrate namespace: activity-core labels: app.kubernetes.io/name: actcore-migrate app.kubernetes.io/part-of: activity-core spec: backoffLimit: 3 template: metadata: labels: app.kubernetes.io/name: actcore-migrate app.kubernetes.io/part-of: activity-core spec: restartPolicy: OnFailure containers: - name: migrate image: activity-core:railiance01-prod imagePullPolicy: Never command: ["python", "-m", "alembic", "upgrade", "head"] envFrom: - configMapRef: name: actcore-runtime-config - secretRef: name: actcore-runtime-secret --- apiVersion: batch/v1 kind: Job metadata: name: actcore-sync namespace: activity-core labels: app.kubernetes.io/name: actcore-sync app.kubernetes.io/part-of: activity-core spec: backoffLimit: 3 template: metadata: labels: app.kubernetes.io/name: actcore-sync app.kubernetes.io/part-of: activity-core spec: restartPolicy: OnFailure containers: - name: sync image: activity-core:railiance01-prod imagePullPolicy: Never command: - sh - -c - python scripts/sync_event_types.py && python -m activity_core.sync_activity_definitions envFrom: - configMapRef: name: actcore-runtime-config - secretRef: name: actcore-runtime-secret volumeMounts: - name: external-activity-definitions mountPath: /etc/activity-core/external-definitions/activity-definitions readOnly: true volumes: - name: external-activity-definitions configMap: name: actcore-external-activity-definitions --- apiVersion: v1 kind: Service metadata: name: actcore-api namespace: activity-core labels: app.kubernetes.io/name: actcore-api app.kubernetes.io/part-of: activity-core spec: selector: app.kubernetes.io/name: actcore-api ports: - name: http port: 8010 targetPort: http --- apiVersion: apps/v1 kind: Deployment metadata: name: actcore-api namespace: activity-core labels: app.kubernetes.io/name: actcore-api app.kubernetes.io/part-of: activity-core spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: actcore-api template: metadata: labels: app.kubernetes.io/name: actcore-api app.kubernetes.io/part-of: activity-core spec: containers: - name: api image: activity-core:railiance01-prod imagePullPolicy: Never command: ["uvicorn", "activity_core.api:app", "--host", "0.0.0.0", "--port", "8010"] ports: - name: http containerPort: 8010 envFrom: - configMapRef: name: actcore-runtime-config - secretRef: name: actcore-runtime-secret volumeMounts: - name: external-activity-definitions mountPath: /etc/activity-core/external-definitions/activity-definitions readOnly: true readinessProbe: httpGet: path: /health port: http initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 livenessProbe: httpGet: path: /health port: http initialDelaySeconds: 45 periodSeconds: 20 timeoutSeconds: 5 volumes: - name: external-activity-definitions configMap: name: actcore-external-activity-definitions --- apiVersion: v1 kind: Service metadata: name: actcore-worker-metrics namespace: activity-core labels: app.kubernetes.io/name: actcore-worker app.kubernetes.io/part-of: activity-core spec: selector: app.kubernetes.io/name: actcore-worker ports: - name: metrics port: 9090 targetPort: metrics --- apiVersion: apps/v1 kind: Deployment metadata: name: actcore-worker namespace: activity-core labels: app.kubernetes.io/name: actcore-worker app.kubernetes.io/part-of: activity-core spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: actcore-worker template: metadata: labels: app.kubernetes.io/name: actcore-worker app.kubernetes.io/part-of: activity-core spec: containers: - name: worker image: activity-core:railiance01-prod imagePullPolicy: Never command: ["python", "-m", "activity_core.worker"] ports: - name: metrics containerPort: 9090 envFrom: - configMapRef: name: actcore-runtime-config - secretRef: name: actcore-runtime-secret volumeMounts: - name: external-activity-definitions mountPath: /etc/activity-core/external-definitions/activity-definitions readOnly: true volumes: - name: external-activity-definitions configMap: name: actcore-external-activity-definitions --- apiVersion: apps/v1 kind: Deployment metadata: name: actcore-event-router namespace: activity-core labels: app.kubernetes.io/name: actcore-event-router app.kubernetes.io/part-of: activity-core spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: actcore-event-router template: metadata: labels: app.kubernetes.io/name: actcore-event-router app.kubernetes.io/part-of: activity-core spec: containers: - name: event-router image: activity-core:railiance01-prod imagePullPolicy: Never command: ["python", "-m", "activity_core.event_router"] envFrom: - configMapRef: name: actcore-runtime-config - secretRef: name: actcore-runtime-secret