--- # Agent Job Template # The dispatcher renders this template per-task, substituting: # AGENT_ROLE, TASK_ID, TASK_TITLE # # This is a reference template — not applied directly. # The dispatcher generates Job manifests from this pattern. apiVersion: batch/v1 kind: Job metadata: name: agent-${ROLE}-${TASK_ID} namespace: autojanet labels: autojanet/type: agent autojanet/role: ${ROLE} autojanet/task-id: "${TASK_ID}" spec: ttlSecondsAfterFinished: 3600 # clean up after 1 hour backoffLimit: 1 # retry once on failure template: metadata: labels: autojanet/type: agent autojanet/role: ${ROLE} autojanet/task-id: "${TASK_ID}" spec: serviceAccountName: agent-${ROLE} restartPolicy: Never # CPU nodes only — GPU reserved for LiteLLM nodeSelector: kubernetes.io/arch: amd64 tolerations: [] containers: - name: agent image: registry.ctz.fyi/autojanet/agent:latest imagePullPolicy: Always env: - name: AGENT_ROLE value: "${ROLE}" - name: TASK_ID value: "${TASK_ID}" - name: TASK_TITLE value: "${TASK_TITLE}" - name: OPENBAO_ROLE_ID valueFrom: secretKeyRef: name: agent-${ROLE}-approle key: role_id - name: OPENBAO_SECRET_ID valueFrom: secretKeyRef: name: agent-${ROLE}-approle key: secret_id - name: OPENBAO_ADDR value: "http://openbao.openbao.svc.cluster.local:8200" - name: LITELLM_BASE_URL value: "https://llm.ctz.fyi" - name: VIKUNJA_BASE_URL value: "https://tasks.ctz.fyi" - name: FORGEJO_BASE_URL value: "https://git.ctz.fyi" resources: requests: cpu: "250m" memory: "512Mi" limits: cpu: "2000m" memory: "2Gi" securityContext: allowPrivilegeEscalation: false runAsNonRoot: true runAsUser: 1000 readOnlyRootFilesystem: false capabilities: drop: ["ALL"]