CUBE - 127 - Fix deployment #130

WashingtonKK · 2026-01-13T14:24:56Z

What type of PR is this?

What does this do?

Which issue(s) does this PR fix/relate to?

Resolves Fix test deployment and make it robust #127

Have you included tests for your changes?

Did you document any new/modified features?

Notes

SammyOina · 2026-01-14T10:18:05Z

.github/workflows/deploy-cloud.yaml

            sed -i "s|__CUBE_PUBLIC_URL__|${{ secrets.CUBE_PUBLIC_URL }}|g" .env
            sed -i "s|__CUBE_AGENT_URL__|https://${{ secrets.CUBE_SERVER_IP }}:6193|g" .env
+            # Revert to https once tls is returned
+            sed -i "s|__CUBE_AGENT_URL__|http://10.172.192.41:6193|g" ../guardrails/rails/config.yml


use secrets we don't want our ips exposed and the ports

SammyOina · 2026-01-14T10:19:49Z

docker/cloud-compose.yaml

      logging: "cube-proxy"
      service: "proxy"
+
+  cube-guardrails-db:


was this missing previously?

SammyOina · 2026-01-14T10:20:29Z

docker/config.json

      {
        "name": "attestation",
-        "target_url": "https://10.172.192.41:6193",
+        "target_url": "http://10.172.192.41:6193",


do not expose ip addresses, and they are variable so use host names

SammyOina · 2026-01-14T10:20:34Z

docker/config.json

      {
        "name": "agent",
-        "target_url": "https://10.172.192.41:6193",
+        "target_url": "http://10.172.192.41:6193",


SammyOina · 2026-01-14T10:21:08Z

guardrails/rails/config.yml

    model: llama3.2:latest
    parameters:
-      base_url: http://cube-agent:8901
+      base_url: __CUBE_AGENT_URL__


this is internal communication so the docker host name should be fine

In the deployment, agent runs in the cvm

SammyOina · 2026-01-14T10:21:43Z

hal/buildroot/cvm-monitor.sh

is this pr rebased, since this file is already on main

The PR is up todate

SammyOina · 2026-01-14T10:22:38Z

Makefile

 	@echo "  up                 Start with configured backend (AI_BACKEND=ollama|vllm)"
 	@echo "  up-ollama          Start with Ollama backend (pulls models automatically)"
 	@echo "  up-vllm            Start with vLLM backend"
+	@echo "  up-cloud           Start cloud deployment with local defaults"


local defaults? what happens when we use make up

why do we need seprate make up and make up-cloud anyway, what differs is only env

SammyOina · 2026-01-19T12:59:05Z

.github/workflows/deploy-cloud.yaml

    branches:
      - main
-      - cube-92
+      - cube-127


leave only main

SammyOina · 2026-01-19T13:01:40Z

docker/cloud-compose.yaml

+      # Agent maTLS Configuration
+      # UV_CUBE_AGENT_CLIENT_CERT: ${UV_CUBE_AGENT_CLIENT_CERT:+/etc/cube/agent-certs/client.crt}
+      # UV_CUBE_AGENT_CLIENT_KEY: ${UV_CUBE_AGENT_CLIENT_KEY:+/etc/cube/agent-certs/client.key}
+      # UV_CUBE_AGENT_SERVER_CA_CERTS: ${UV_CUBE_AGENT_SERVER_CA_CERTS:+/etc/cube/agent-certs/ca.pem}
+      # UV_CUBE_AGENT_ATTESTED_TLS: ${UV_CUBE_AGENT_ATTESTED_TLS}
+      # UV_CUBE_AGENT_ATTESTATION_POLICY: ${UV_CUBE_AGENT_ATTESTATION_POLICY:+/etc/cube/attestation-policy.json}
+      # UV_CUBE_AGENT_PRODUCT_NAME: ${UV_CUBE_AGENT_PRODUCT_NAME}


matls should be functional now with guardrails disabled

SammyOina · 2026-01-19T13:02:43Z

docker/config.json

      {
        "name": "agent",
-        "target_url": "https://10.172.192.41:6193",
+        "target_url": "__CUBE_INTERNAL_AGENT_URL__",


consolidate with cube_agent_url I don't think we need both

One is an internal ip, the other is a public ip which does not need to be used here.

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

SammyOina requested changes Jan 14, 2026

View reviewed changes

WashingtonKK self-assigned this Jan 19, 2026

WashingtonKK changed the title ~~(DRAFT) - CUBE - 127 - Fix deployment~~ CUBE - 127 - Fix deployment Jan 19, 2026

SammyOina requested changes Jan 19, 2026

View reviewed changes

SammyOina approved these changes Jan 19, 2026

View reviewed changes

WashingtonKK added 24 commits January 20, 2026 11:35

set trigger for deployment

0345a70

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

revert buildroot changes

7a38025

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

ignore backup files

7fc7bea

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

update makefile to override cloud configs

c72478a

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

revert defconfig

93d9986

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

update qemu script

2503c5b

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

add cvm monitor script

465d18f

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

add mtls certs for proxy

3e05b9c

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

update env

1dde284

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

add guardrails

b747771

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

update guardrails agent url

1a31d22

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

update guardrails agent url

92369ab

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

update guardrails agent url

65c2d7d

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

add attested tls to proxy

fc3c8b5

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

add attestation policy

1763454

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

update attestation policy location

5548a9c

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

Remove atls from deployment

d4b562c

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

disable guardrails

2bad336

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

disable guardrails

3991197

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

address comments

84ba121

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

remove exposed ports on vm

db916e5

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

update cvm script and monitor to match docs

ea1b179

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

return matls

84a03f5

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

consolidate agent url

21721e9

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

WashingtonKK force-pushed the cube-127 branch from 8f1f447 to 21721e9 Compare January 20, 2026 08:35

WashingtonKK added 2 commits January 27, 2026 15:24

Use admin email from secrets

43a2a92

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

Use admin password from secrets

1df0dba

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

drasko merged commit 6dbac20 into ultravioletrs:main Jan 27, 2026
5 checks passed

WashingtonKK mentioned this pull request Jan 28, 2026

Do not track backup files #133

Closed

CUBE - 127 - Fix deployment #130

CUBE - 127 - Fix deployment #130

Uh oh!

Conversation

WashingtonKK commented Jan 13, 2026

What type of PR is this?

What does this do?

Which issue(s) does this PR fix/relate to?

Have you included tests for your changes?

Did you document any new/modified features?

Notes

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants