kitsudaiki
diff --git a/‎.github/workflows/build_test.yml‎
Lines changed: 7 additions & 31 deletions b/‎.github/workflows/build_test.yml‎
Lines changed: 7 additions & 31 deletions
diff --git a/‎.secrets.baseline‎
Lines changed: 51 additions & 5 deletions b/‎.secrets.baseline‎
Lines changed: 51 additions & 5 deletions
diff --git a/‎deploy/k8s/ainari/templates/hanami/hanami-config.yaml‎
Lines changed: 1 addition & 2 deletions b/‎deploy/k8s/ainari/templates/hanami/hanami-config.yaml‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎deploy/k8s/ainari/templates/hanami/hanami-pvc.yml‎
Lines changed: 1 addition & 1 deletion b/‎deploy/k8s/ainari/templates/hanami/hanami-pvc.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎deploy/k8s/ainari/templates/miko/miko-config.yaml‎
Lines changed: 8 additions & 16 deletions b/‎deploy/k8s/ainari/templates/miko/miko-config.yaml‎
Lines changed: 8 additions & 16 deletions
diff --git a/‎deploy/k8s/ainari/templates/miko/miko-pvc.yml‎
Lines changed: 1 addition & 1 deletion b/‎deploy/k8s/ainari/templates/miko/miko-pvc.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎deploy/k8s/ainari/templates/omamori/omamori-config.yaml‎
Lines changed: 1 addition & 2 deletions b/‎deploy/k8s/ainari/templates/omamori/omamori-config.yaml‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎deploy/k8s/ainari/templates/omamori/omamori-pvc.yml‎
Lines changed: 1 addition & 1 deletion b/‎deploy/k8s/ainari/templates/omamori/omamori-pvc.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎deploy/k8s/ainari/templates/onsen/onsen-config.yaml‎
Lines changed: 29 additions & 0 deletions b/‎deploy/k8s/ainari/templates/onsen/onsen-config.yaml‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎deploy/k8s/ainari/templates/onsen/onsen-deployment.yaml‎
Lines changed: 70 additions & 0 deletions b/‎deploy/k8s/ainari/templates/onsen/onsen-deployment.yaml‎
Lines changed: 70 additions & 0 deletions
@@ -680,7 +680,7 @@ jobs:
 
   docker_build:
     if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/develop' || github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') }}
-    name: "Build Docker-images"
+    name: "Build"
     needs: [ sdk_api_tests, cli_api_tests ]
     runs-on: ubuntu-24.04
     strategy:
@@ -966,37 +966,12 @@ jobs:
           kubectl create namespace cert-manager
           helm install cert-manager jetstack/cert-manager --namespace cert-manager --set installCRDs=true
       -
-        name: Install rancher-longhorn
+        name: Create wireguard-configs
         run: |
-          sudo apt-get update
-          sudo apt-get install -y open-iscsi nfs-common
-          sudo systemctl enable --now iscsid
-          helm repo add longhorn https://charts.longhorn.io
-          helm repo update
-          kubectl create namespace longhorn-system
-          helm install longhorn longhorn/longhorn --namespace longhorn-system --set defaultSettings.defaultDataPath="/mnt/longhorn"
-          sleep 60
-          cat <<EOF > longhorn-storageclass.yaml
-          ---
-
-          apiVersion: storage.k8s.io/v1
-          kind: StorageClass
-          metadata:
-            name: longhorn
-          provisioner: driver.longhorn.io
-          parameters:
-            numberOfReplicas: "1"
-            staleReplicaTimeout: "30"
-          volumeBindingMode: Immediate
-          reclaimPolicy: Delete
-          allowVolumeExpansion: true
-          mountOptions: []
-          parameters: {}
-
-          EOF
-          cat longhorn-storageclass.yaml
-          kubectl apply -f longhorn-storageclass.yaml
-          sleep 15
+          sudo apt-get install -y wireguard-tools
+          pip3 install jinja2
+          cd ${GITHUB_REPOSITORY#*/}/deploy/k8s
+          python3 wg_gen.py
       -
         name: Label nodes
         run: |
@@ -1006,6 +981,7 @@ jobs:
           kubectl label nodes --all sakura-node=true
           kubectl label nodes --all torii-node=true
           kubectl label nodes --all omamori-node=true
+          kubectl label nodes --all onsen-node=true
       -
         name: Install hanami
         run: |
 
@@ -193,6 +193,15 @@
         "line_number": 72
       }
     ],
+    "deploy/k8s/ainari/templates/onsen/onsen-deployment.yaml": [
+      {
+        "type": "Secret Keyword",
+        "filename": "deploy/k8s/ainari/templates/onsen/onsen-deployment.yaml",
+        "hashed_secret": "a191d9cb43e3f682b350dcdc74b2167ff78ed3b4",
+        "is_verified": false,
+        "line_number": 70
+      }
+    ],
     "deploy/k8s/ainari/templates/ryokan/ryokan-certificate.yaml": [
       {
         "type": "Secret Keyword",
@@ -208,7 +217,14 @@
         "filename": "deploy/k8s/ainari/templates/ryokan/ryokan-deployment.yaml",
         "hashed_secret": "04f5ffaec2d0437e26b1e224de6915e15247989f",
         "is_verified": false,
-        "line_number": 74
+        "line_number": 84
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "deploy/k8s/ainari/templates/ryokan/ryokan-deployment.yaml",
+        "hashed_secret": "8ecbfb09891f75ade7c286346fe355113e680af7",
+        "is_verified": false,
+        "line_number": 90
       }
     ],
     "deploy/k8s/ainari/templates/sakura/sakura-certificate.yaml": [
@@ -226,7 +242,14 @@
         "filename": "deploy/k8s/ainari/templates/sakura/sakura-deployment.yaml",
         "hashed_secret": "1db3a3e51c405b71091fd7885f714805187b5785",
         "is_verified": false,
-        "line_number": 74
+        "line_number": 80
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "deploy/k8s/ainari/templates/sakura/sakura-deployment.yaml",
+        "hashed_secret": "845e1c68668309b563d8a17950b9529de8b3616e",
+        "is_verified": false,
+        "line_number": 86
       }
     ],
     "deploy/k8s/ainari/templates/torii/torii-certificate.yaml": [
@@ -253,7 +276,30 @@
         "filename": "deploy/k8s/ainari/values.yaml",
         "hashed_secret": "9139236dfe89960fee34d53b6089795fe376682e",
         "is_verified": false,
-        "line_number": 24
+        "line_number": 25
+      }
+    ],
+    "deploy/k8s/wg_gen.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "deploy/k8s/wg_gen.py",
+        "hashed_secret": "a191d9cb43e3f682b350dcdc74b2167ff78ed3b4",
+        "is_verified": false,
+        "line_number": 36
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "deploy/k8s/wg_gen.py",
+        "hashed_secret": "8ecbfb09891f75ade7c286346fe355113e680af7",
+        "is_verified": false,
+        "line_number": 41
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "deploy/k8s/wg_gen.py",
+        "hashed_secret": "845e1c68668309b563d8a17950b9529de8b3616e",
+        "is_verified": false,
+        "line_number": 42
       }
     ],
     "example_configs/ainari/hanami.toml": [
@@ -305,7 +351,7 @@
         "filename": "example_configs/ainari/ryokan.toml",
         "hashed_secret": "3da541559918a808c2402bba5012f6c60b27661c",
         "is_verified": false,
-        "line_number": 19
+        "line_number": 18
       }
     ],
     "example_configs/ainari/sakura.toml": [
@@ -352,5 +398,5 @@
       }
     ]
   },
-  "generated_at": "2025-11-17T21:27:15Z"
+  "generated_at": "2025-11-19T11:52:41Z"
 }
@@ -18,8 +18,7 @@ data:
     file_path = "/etc/ainari/hanami/hanami_db"
     
     [miko]
-    address = "https://miko-tls-service.default.svc.cluster.local"
-    port = 8443
+    address = "https://miko-tls-service.default.svc.cluster.local:8443"
 
     [sakura]
     registation_key = "{{ .Values.hanami.registation_key }}"
 
@@ -5,7 +5,7 @@ metadata:
 spec:
   accessModes:
     - ReadWriteOnce
-  storageClassName: hanami-sc
+  storageClassName: {{ .Values.storage.storage_class }}
   resources:
     requests:
       storage: 100Mi
@@ -21,27 +21,19 @@ data:
     file_path = "/etc/ainari/miko/miko_db"
 
     [endpoints.hanami]
-    public_address = "https://local-hanami"
-    public_port = 443
-    internal_address = "https://hanami-tls-service.default.svc.cluster.local"
-    internal_port = 8443
+    public_address = "https://local-hanami:443"
+    internal_address = "https://hanami-tls-service.default.svc.cluster.local:8443"
 
     [endpoints.ryokan]
-    public_address = "https://local-ryokan"
-    public_port = 443
-    internal_address = "https://ryokan-tls-service.default.svc.cluster.local"
-    internal_port = 8443
+    public_address = "https://local-ryokan:443"
+    internal_address = "https://ryokan-tls-service.default.svc.cluster.local:8443"
 
     [endpoints.torii]
-    public_address = "https://local-torii"
-    public_port = 443
-    internal_address = "https://torii-tls-service.default.svc.cluster.local"
-    internal_port = 8443
+    public_address = "https://local-torii:443"
+    internal_address = "https://torii-tls-service.default.svc.cluster.local:8443"
 
     [endpoints.omamori]
-    public_address = "https://local-omamori"
-    public_port = 443
-    internal_address = "https://omamori-tls-service.default.svc.cluster.local"
-    internal_port = 8443
+    public_address = "https://local-omamori:443"
+    internal_address = "https://omamori-tls-service.default.svc.cluster.local:8443"
 
 kind: ConfigMap
@@ -5,7 +5,7 @@ metadata:
 spec:
   accessModes:
     - ReadWriteOnce
-  storageClassName: miko-sc
+  storageClassName: {{ .Values.storage.storage_class }}
   resources:
     requests:
       storage: 100Mi
@@ -18,8 +18,7 @@ data:
     file_path = "/etc/ainari/omamori/omamori_db"
     
     [miko]
-    address = "https://miko-tls-service.default.svc.cluster.local"
-    port = 8443
+    address = "https://miko-tls-service.default.svc.cluster.local:8443"
 
     [simple_crypto]
     key_b64 = "q9vN4CjOQm5wKzyzjZtS7t4oQp8oQK1JvU5xgq8vFzE="
 
@@ -5,7 +5,7 @@ metadata:
 spec:
   accessModes:
     - ReadWriteOnce
-  storageClassName: omamori-sc
+  storageClassName: {{ .Values.storage.storage_class }}
   resources:
     requests:
       storage: 100Mi
@@ -0,0 +1,29 @@
+apiVersion: v1
+metadata:
+  name: onsen-config
+data:
+  onsen.toml: |+
+    debug = true
+    log_path = ""
+    insecure_clients = true
+    address = "http://10.10.0.1:50051"
+
+    [storage]
+    dataset_location = "/etc/ainari/onsen_data/datasets"
+    checkpoint_location = "/etc/ainari/onsen_data/checkpoints"
+    tempfile_location = "/etc/ainari/onsen_data/tempfiles"
+
+    [api]
+    public_ip = "127.0.0.1"
+    public_port = 11416
+    internal_ip = "127.0.0.1"
+    internal_port = 10416
+    internal_api_key = "{{ .Values.api.internal_api_key }}"
+    
+    [miko]
+    address = "https://miko-tls-service.default.svc.cluster.local:8443"
+    
+    [ryokan]
+    registation_key = "test-registration-key"
+
+kind: ConfigMap
@@ -0,0 +1,70 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: onsen
+  labels:
+    app: onsen
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: onsen
+  template:
+    metadata:
+      labels:
+        app: onsen
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: onsen-node
+                operator: In
+                values:
+                - "true"
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - onsen
+            topologyKey: kubernetes.io/hostname
+      containers:
+      - name: onsen
+        image: {{ .Values.docker.registry }}/onsen:{{ .Values.docker.tag }}
+        imagePullPolicy: Always
+        env:
+        - name: RUST_LOG
+          value: "debug,h2=info"
+        ports:
+        - containerPort: 50051
+          name: grpc
+        volumeMounts:
+        - name: data-volume
+          mountPath: /etc/ainari/onsen/
+        - name: onsen-config
+          mountPath: /etc/ainari/onsen.toml
+          subPath: onsen.toml
+          readOnly: true
+        - name: wg-secret
+          mountPath: /etc/wireguard
+          readOnly: true
+        securityContext:
+          capabilities:
+            add:
+              - NET_ADMIN
+              - SYS_MODULE
+
+      volumes:
+        - name: onsen-config
+          configMap:
+            name: onsen-config
+        - name: data-volume
+          persistentVolumeClaim:
+            claimName: onsen-pvc
+        - name: wg-secret
+          secret:
+            secretName: wg-onsen-secret