NOISSUE - Fix local dev startup issues and harden config management#186
Open
WashingtonKK wants to merge 9 commits intoultravioletrs:mainfrom
Open
NOISSUE - Fix local dev startup issues and harden config management#186WashingtonKK wants to merge 9 commits intoultravioletrs:mainfrom
WashingtonKK wants to merge 9 commits intoultravioletrs:mainfrom
Conversation
WashingtonKK
force-pushed
the
fix/local-dev-startup-issues
branch
from
1c57198 to
9d7317d
Compare
Fixes ultravioletrs#180, ultravioletrs#181, ultravioletrs#179, partially addresses ultravioletrs#178 Changes: - Disable attested TLS for local dev (make up) to prevent proxy crash when cert files don't exist (fixes ultravioletrs#180 - proxy "is a directory" error) - Keep attested TLS enabled for cloud deployments (make up-cloud) - Expose UI port 6193 directly to host for local dev (fixes ultravioletrs#181) - Add missing environment variables to silence warnings (fixes ultravioletrs#179): * SMQ_AUTH_LOGIN_TOKEN_DURATION * Optional services variables (groups, channels, clients) - Replace fragile backup/restore pattern with git checkout to prevent stale backups from clobbering newly added environment variables - Remove restore-cloud-config from down targets to fix "invalid hostPort: __TRAEFIK_HTTP_PORT__" error (partially fixes ultravioletrs#178) - Fix dependency ordering so git checkout runs before enable-guardrails and config-backend to avoid clobbering their changes - Decouple deploy-cloud workflow from local-dev make targets to prevent config-cloud-local from overwriting secrets with localhost defaults - Add missing Google OAuth placeholder replacements in deploy workflow Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
Revert placeholder replacements that were committed but should remain as placeholders for secret/environment-specific values: - Email configuration placeholders - Google OAuth placeholders - Public URL placeholders - Agent URL placeholders - Traefik port placeholders - Agent mTLS certificate paths These placeholders are replaced at deployment time by: - config-cloud-local target (for local dev) - deploy-cloud.yaml workflow (for cloud deployment) Keep only the intentional additions: - SMQ_AUTH_LOGIN_TOKEN_DURATION variable (issue ultravioletrs#179) - Optional services variables section (issue ultravioletrs#179) Signed-off-by: Washington Oganda <washingtonoganda@gmail.com>
WashingtonKK
force-pushed
the
fix/local-dev-startup-issues
branch
from
71be885 to
acb9e9e
Compare
- Fix down-volumes target to stop all services including cloud and vllm profiles instead of only default profile - Add CUBE_AI_PROXY_URL variable to .env (renamed from CUBE_AI_ATTESTATION_URL in commit d5e66a9) to fix docker-compose warning Signed-off-by: Washington Oganda <washingtonoganda@gmail.com> Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
- Remove make up-cloud, down-cloud, down-cloud-volumes, and restart-cloud targets (not used by deploy-cloud.yaml workflow) - Keep logs-cloud target (used by workflow for debugging) - Update README.md to reflect local dev vs cloud deployment: * Document direct UI access on port 6193 * Update all API examples to use https://localhost:49211 * Clarify cloud deployment uses GitHub Actions workflow * Remove references to make up-cloud Signed-off-by: Washington Oganda <washingtonoganda@gmail.com> Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
SammyOina
requested changes
Feb 13, 2026
docker/.env
Outdated
Comment on lines
266
to
274
| ## Optional Services (Groups, Channels, Clients) | ||
| ## These variables are referenced by the domains service but the services may not be deployed | ||
| SMQ_GROUPS_GRPC_URL= | ||
| SMQ_GROUPS_GRPC_TIMEOUT= | ||
| SMQ_CHANNELS_URL= | ||
| SMQ_CHANNELS_GRPC_URL= | ||
| SMQ_CHANNELS_GRPC_TIMEOUT= | ||
| SMQ_CLIENTS_GRPC_URL= | ||
| SMQ_CLIENTS_GRPC_TIMEOUT= |
Contributor
There was a problem hiding this comment.
cube does not have any of these services
docker/supermq-compose.yaml
Outdated
| networks: | ||
| - cube-network | ||
| ports: | ||
| - ${UI_PORT}:${UI_PORT} |
Contributor
There was a problem hiding this comment.
only traefik should expose ports 80 and 443, all the rest are not to be exposed
Makefile
Outdated
|
|
||
| .PHONY: up | ||
| up: enable-guardrails config-backend config-cloud-local | ||
| up: config-cloud-local enable-guardrails config-backend disable-atls |
Contributor
There was a problem hiding this comment.
why do we have config-cloud-local when make up-cloud is removed
README.md
Outdated
| ``` | ||
|
|
||
| **Local Development Access:** | ||
| - UI: http://localhost:6193 |
Contributor
There was a problem hiding this comment.
should be through traefik
README.md
Outdated
Comment on lines
96
to
97
| - Traefik Gateway: https://localhost:49211 | ||
| - Traefik Dashboard: http://localhost:49212 |
Contributor
There was a problem hiding this comment.
use standard ports, also expose dashboard through traefik rather than exposed port
README.md
Outdated
|
|
||
| ```bash | ||
| curl -ksSiX POST https://localhost/users/tokens/issue \ | ||
| curl -ksSiX POST https://localhost:49211/users/tokens/issue \ |
Contributor
There was a problem hiding this comment.
use traefik on standard ports for local deployment
- Configure local dev to use standard ports (80, 443, 8080) - Cloud deployment continues using custom ports from secrets - Update all README examples to use https://localhost instead of :49211 - Local: Traefik on 80/443, Dashboard on 8080 - Cloud: Traefik on custom ports from GitHub secrets Signed-off-by: Washington Oganda <washingtonoganda@gmail.com> Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
Signed-off-by: Washington Oganda <washingtonoganda@gmail.com> Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
SammyOina
requested changes
Feb 13, 2026
README.md
Outdated
Comment on lines
98
to
100
| **Cloud Deployment:** | ||
| Cloud deployment is automated via GitHub Actions workflow (`.github/workflows/deploy-cloud.yaml`). | ||
| The workflow handles configuration, secret injection, and service deployment automatically. |
Contributor
There was a problem hiding this comment.
Suggested change
| **Cloud Deployment:** | |
| Cloud deployment is automated via GitHub Actions workflow (`.github/workflows/deploy-cloud.yaml`). | |
| The workflow handles configuration, secret injection, and service deployment automatically. |
Makefile
Outdated
| @echo "Stopping Cube Cloud services and removing volumes..." | ||
| docker compose -f docker/compose.yaml --profile cloud down -v | ||
| @$(MAKE) restore-cloud-config | ||
| docker compose -f docker/compose.yaml --profile cloud --profile vllm down -v |
Contributor
There was a problem hiding this comment.
what about default profile is it covered by default
Signed-off-by: Washington Oganda <washingtonoganda@gmail.com> Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
Signed-off-by: Washington Oganda <washingtonoganda@gmail.com> Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
Signed-off-by: Washington Oganda <washingtonoganda@gmail.com> Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
What does this do?
Which issue(s) does this PR fix/relate to?
Have you included tests for your changes?
Did you document any new/modified features?
Notes