apiVersion: k3d.io/v1alpha5
kind: Simple
metadata:
  name: amp-local
image: rancher/k3s:v1.32.9-k3s1
servers: 1
agents: 0
kubeAPI:
  hostPort: "6550"
# Single cluster mode exposes all plane port ranges for consistency with multi-cluster setup
ports:
  # AMP Console UI (NodePort service on port 3000)
  - port: 3000:3000
    nodeFilters:
      - loadbalancer
  # AMP API (LoadBalancer service on port 9000)
  - port: 9000:9000
    nodeFilters:
      - loadbalancer
  # AMP Internal API Endpoint (LoadBalancer service on port 9243)
  - port: 9243:9243
    nodeFilters:
      - loadbalancer
  # AMP Traces Observer (NodePort service on port 9098)
  - port: 9098:9098
    nodeFilters:
      - loadbalancer
  # OTel Collector (NodePort service on port 21893)
  - port: 21893:21893
    nodeFilters:
      - loadbalancer
  # Observability Gateway HTTP (LoadBalancer service on port 22893)
  - port: 22893:22893
    nodeFilters:
      - loadbalancer
  # Observability Gateway HTTPS (LoadBalancer service on port 22894)
  - port: 22894:22894
    nodeFilters:
      - loadbalancer
  # Control Plane uses port range 8xxx
  # HTTP traffic to OpenChoreo UI and API (Kgateway LoadBalancer)
  - port: 8080:8080
    nodeFilters:
      - loadbalancer
  # HTTPS traffic to OpenChoreo UI and API (Kgateway LoadBalancer)
  - port: 8443:8443
    nodeFilters:
      - loadbalancer
  # HTTP traffic to default ai gateway
  - port: 8084:8084
    nodeFilters:
      - loadbalancer
  # HTTPS traffic to default ai gateway
  - port: 8243:8243
    nodeFilters:
      - loadbalancer
  # Workflow Plane uses port range 10xxx
  # Container Registry for storing built images
  - port: 10082:10082
    nodeFilters:
      - loadbalancer
  # Data Plane uses port range 19xxx (matches kind and other cluster setups)
  # HTTP traffic to workloads via Gateway
  - port: 19080:19080
    nodeFilters:
      - loadbalancer
  # HTTPS traffic to workloads via Gateway
  - port: 19443:19443
    nodeFilters:
      - loadbalancer
  # Observability Plane uses port range 11xxx
  # Observer API
  - port: 11080:11080
    nodeFilters:
      - loadbalancer
  # HTTPS traffic for OpenSearch access (Kgateway LoadBalancer)
  - port: 11085:11085
    nodeFilters:
      - loadbalancer
  # OpenSearch API for Fluent Bit data pushing
  - port: 11082:9200
    nodeFilters:
      - loadbalancer
options:
  k3s:
    extraArgs:
      # Add host.k3d.internal to API server TLS certificate SANs.
      # This allows consistent DataPlane configuration across single and multi-cluster setups
      # where Control Plane pods can access the API server via host.k3d.internal:6550
      - arg: "--tls-san=host.k3d.internal --disable=traefik"
        nodeFilters:
          - server:*
      # Configure kubelet eviction thresholds to prevent resource exhaustion
      - arg: "--kubelet-arg=eviction-hard=imagefs.available<10%,nodefs.available<10%"
        nodeFilters:
          - server:*
      - arg: "--kubelet-arg=eviction-minimum-reclaim=imagefs.available=5%,nodefs.available=5%"
        nodeFilters:
          - server:*
# Configure insecure registries for HTTP access
# Allows kubelet to pull images from Workflow Plane registry via HTTP
registries:
  config: |
    mirrors:
      "host.k3d.internal:10082":
        endpoint:
          - http://host.k3d.internal:10082