feat: add complete dir-staging deployment setup #8
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 tasks
tkircsi
reviewed
Nov 3, 2025
Contributor
tkircsi
left a comment
tkircsi
left a comment
There was a problem hiding this comment.
I have proposed some changes, but it is just some from my list. (fixed)
- ZOT Storage Persistence - Fixed
- Routing Datastore Persistence (PVC) - Fixed
- Node Identity (Private Key) - Pending (skipped)
- Hardcoded Credentials - Pending (skipped)
- Image Tag 'latest' - Fixed
- Resource Limits - Pending (skipped)
- Rate Limiting - Fixed
- Production Logging - Fixed
- Monitoring/Observability - Pending (skipped)
- Worker Counts - Fixed
- NodePort vs LoadBalancer - Pending (skipped)
- Ingress Annotations - Fixed
- Pod Disruption Budget - Pending (skipped)
- Node Affinity Rules - Pending (skipped)
Let's discuss it. For me, the remained most important one is
3. Node Identity (Private Key) - Pending (skipped)
tkircsi
reviewed
Nov 3, 2025
tkircsi
reviewed
Nov 3, 2025
tkircsi
reviewed
Nov 3, 2025
Comment on lines
+186
to
+188
| extraEnv: | ||
| - name: SSL_CERT_DIR | ||
| value: "/etc/ca-certs" |
Contributor
There was a problem hiding this comment.
Suggested change
| extraEnv: | |
| - name: SSL_CERT_DIR | |
| value: "/etc/ca-certs" | |
| extraEnv: | |
| - name: SSL_CERT_DIR | |
| value: "/etc/ca-certs" | |
| - name: DIRECTORY_SERVER_STORE_OCI_AUTH_CONFIG_USERNAME | |
| value: "admin" | |
| - name: DIRECTORY_SERVER_STORE_OCI_AUTH_CONFIG_PASSWORD | |
| valueFrom: | |
| secretKeyRef: | |
| name: dir-prod-credentials | |
| key: oci-password | |
| - name: DIRECTORY_SERVER_SYNC_AUTH_CONFIG_USERNAME | |
| value: "sync-prod" | |
| - name: DIRECTORY_SERVER_SYNC_AUTH_CONFIG_PASSWORD | |
| valueFrom: | |
| secretKeyRef: | |
| name: dir-prod-credentials | |
| key: sync-password |
tkircsi
reviewed
Nov 3, 2025
Comment on lines
+109
to
+110
| username: "admin" | ||
| password: "admin" |
Contributor
There was a problem hiding this comment.
Suggested change
| username: "admin" | |
| password: "admin" | |
| username: "" # From env: DIRECTORY_SERVER_STORE_OCI_AUTH_CONFIG_USERNAME | |
| password: "" # From env: DIRECTORY_SERVER_STORE_OCI_AUTH_CONFIG_PASSWORD |
Comment on lines
+170
to
+171
| username: "user" | ||
| password: "user" |
Contributor
There was a problem hiding this comment.
Suggested change
| username: "user" | |
| password: "user" | |
| username: "" # From env: DIRECTORY_SERVER_SYNC_AUTH_CONFIG_USERNAME | |
| password: "" # From env: DIRECTORY_SERVER_SYNC_AUTH_CONFIG_PASSWORD |
tkircsi
reviewed
Nov 3, 2025
Comment on lines
+200
to
+201
| - name: dir-ca-certs | ||
| mountPath: /etc/ca-certs |
Contributor
There was a problem hiding this comment.
Suggested change
| - name: dir-ca-certs | |
| mountPath: /etc/ca-certs | |
| - name: dir-ca-certs | |
| mountPath: /etc/ca-certs | |
| - name: node-identity | |
| mountPath: /etc/routing/node.privkey | |
| subPath: node.privkey | |
| readOnly: true |
Comment on lines
+211
to
+216
| - name: dir-ca-certs | ||
| secret: | ||
| secretName: prod-zot-directory-outshift-test-tls | ||
| items: | ||
| - key: ca.crt | ||
| path: zot-ca.crt |
Contributor
There was a problem hiding this comment.
Suggested change
| - name: dir-ca-certs | |
| secret: | |
| secretName: prod-zot-directory-outshift-test-tls | |
| items: | |
| - key: ca.crt | |
| path: zot-ca.crt | |
| - name: dir-ca-certs | |
| secret: | |
| secretName: prod-zot-directory-outshift-test-tls | |
| items: | |
| - key: ca.crt | |
| path: zot-ca.crt | |
| - name: node-identity | |
| secret: | |
| secretName: dir-prod-node-identity | |
| items: | |
| - key: node.privkey | |
| path: node.privkey |
- Add prod directory deployment with ArgoCD - Configure prod.directory.outshift environment - Ingress-based external access with TLS - External OCI registry with SSL passthrough - Production logging and federation endpoints - Update onboarding templates and federation examples Partial implementation of #6 Signed-off-by: Tibor Kircsi <tkircsi@cisco.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces a comprehensive GitOps deployment setup for the AGNTCY Directory project using ArgoCD. The setup provides a complete staging environment for the decentralized AI agent discovery network.
🔧 Key Features
🌍 Environments
Development (
dev.directory.outshift):Production (
prod.directory.outshift):🔍 Type of Change
This establishes the foundation for running the AGNTCY Directory staging environment and provides a clear path for organizations to federate with the Directory network.