Add harness app: agent orchestrator with cluster deployment

- Next.js app for orchestrating coding agent benchmarks (Claude Code, Codex, OpenCode) - Dockerfile installs git, gh CLI, and agent CLIs for headless execution - K8s deployment with workspace volume, sealed credentials for Claude + OpenCode - Traefik IngressRoute at harness.coreworlds.io with internal-only middleware + TLS - CI pipeline path filter for harness builds - Fix OpenCode runtime flags (subcommand-based headless mode)
2026-03-21 15:26:09 +00:00
parent 9e7077cd82
commit 6dde7c8aef
46 changed files with 4675 additions and 0 deletions
--- a/apps/harness/k8s/base/deployment.yaml
+++ b/apps/harness/k8s/base/deployment.yaml
@@ -0,0 +1,67 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: harness
+  labels:
+    app: harness
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: harness
+  template:
+    metadata:
+      labels:
+        app: harness
+    spec:
+      imagePullSecrets:
+        - name: ghcr-pull-secret
+      containers:
+        - name: harness
+          image: ghcr.io/lazorgurl/homelab-harness:latest
+          ports:
+            - containerPort: 3100
+          env:
+            - name: HARNESS_WORK_DIR
+              value: /data/harness
+            - name: CLAUDE_CONFIG_DIR
+              value: /secrets/claude
+            - name: OPENCODE_CONFIG_DIR
+              value: /secrets/opencode
+          volumeMounts:
+            - name: workspace
+              mountPath: /data/harness
+            - name: claude-credentials
+              mountPath: /secrets/claude
+              readOnly: true
+            - name: opencode-credentials
+              mountPath: /secrets/opencode
+              readOnly: true
+          resources:
+            requests:
+              memory: 256Mi
+              cpu: 100m
+            limits:
+              memory: 1Gi
+          readinessProbe:
+            httpGet:
+              path: /api/health
+              port: 3100
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /api/health
+              port: 3100
+            initialDelaySeconds: 15
+            periodSeconds: 20
+      volumes:
+        - name: workspace
+          emptyDir:
+            sizeLimit: 2Gi
+        - name: claude-credentials
+          secret:
+            secretName: harness-claude-credentials
+        - name: opencode-credentials
+          secret:
+            secretName: harness-opencode-credentials
--- a/apps/harness/k8s/base/harness-claude-credentials-sealed.yaml
+++ b/apps/harness/k8s/base/harness-claude-credentials-sealed.yaml
--- a/apps/harness/k8s/base/harness-opencode-credentials-sealed.yaml
+++ b/apps/harness/k8s/base/harness-opencode-credentials-sealed.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: harness-opencode-credentials
+  namespace: apps
+spec:
+  encryptedData:
+    auth.json: AgBNDx8eNC6AiMRrZn0JZIJACWL7Wg/JhbeuPiNdsLOpnc3db7vrI+25AjIwk7f+EMh1XKDf9QMbPJAyC3/ZiO3hJ45JJjuAmb/QYH9c+Zgnsms/VhurMz5pYvaN04B5J6lzJusILjU2sqQjaHL5ARPh1jrqrXnk+pRY/WG4vZVGrVZ/J9rvswfQuXwPdpD2KBCia3rR44WgpBxRT+bIQso2FFWYCLTdRPz7HFH+jSuFTEA0MujWZj4vCyf8w+5kZ1fwWBze2pAuj3iTLl3+TX0TMJhS7G/wARbxEYxrSntBCK6LsAByn7Ul400rcbOLugPbe9QFJrnxyjvjVeoQrjP2x1yIYWo8UHy5iExCVR+wkTD8EDQceqkqZ4KGoIa5GZpqdRMl20PjhPXfvX2XgTJjyOL2uhszRD/8z/WPVEM2gDSdmI7KUGdxmnPcqEyS6cVwp0DuSoaCWmN3GxS8EvrQVnlLQNK6RWsibGmmYwt1O7PxE4T+8CEcRwfUkdXRtVqMURnr9aIvAhl+judMkxPAdh68s6L8WehHAbPyYBeA29FVKO3JsXhMoFfQGugCxxBvPH50GOHh0Ncxdvz2wzH/of+QP4vmkddV7JbQMMruLSEzF90pIk7pLDR0Vhd9OxehKeAeAHot7DqH21VG8UnqUn+NZstCCDtB57IY5JakSrcE1+pPSMR13a5PQ/lNYWjgFT5HVF/cGMYoUG74zo2BzgJK4k3S1yDvTANxqeQnO+ybxITVh4Azo1WE151t2Fsh2SmpKsADBwuNFQprJRz1OxZYphNMNnI7KlSua1+KlljkotFItLwEEmsLgO3/zm0HIRNPbZHzX4/d5+jSIb72QdVLiiVPSM4KtkbFVbuoHPdnsqwf9pzTIwSIGkTj6EBqECIBACaytwAQUf3ZmvAKXCTa34CxyXlfzQHgc7Hyzv+1u9csO49H+P7I8iMqr43NpUliDz9mcu+0964209DpBsaVNQBp9GUB3dnrraDG/bpVOzwljgZnwaV0WKfJSvk2uoMkKOZXEIqvX1A=
+  template:
+    metadata:
+      name: harness-opencode-credentials
+      namespace: apps
--- a/apps/harness/k8s/base/kustomization.yaml
+++ b/apps/harness/k8s/base/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment.yaml
+  - service.yaml
+  - harness-claude-credentials-sealed.yaml
+  - harness-opencode-credentials-sealed.yaml
--- a/apps/harness/k8s/base/service.yaml
+++ b/apps/harness/k8s/base/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: harness
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      targetPort: 3100
+      protocol: TCP
+  selector:
+    app: harness
--- a/apps/harness/k8s/overlays/preview/kustomization.yaml
+++ b/apps/harness/k8s/overlays/preview/kustomization.yaml
@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base
+patches:
+  - target:
+      kind: Deployment
+      name: harness
+    patch: |
+      apiVersion: apps/v1
+      kind: Deployment
+      metadata:
+        name: harness
+      spec:
+        replicas: 1
--- a/apps/harness/k8s/overlays/production/kustomization.yaml
+++ b/apps/harness/k8s/overlays/production/kustomization.yaml
@@ -0,0 +1,19 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../base
+patches:
+- patch: |
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      name: harness
+    spec:
+      replicas: 1
+  target:
+    kind: Deployment
+    name: harness
+images:
+- name: ghcr.io/lazorgurl/homelab-harness
+  newName: ghcr.io/lazorgurl/homelab-harness
+  newTag: latest