codeiq/scripts/aks-launch.sh at main · RandomCodeSpace/codeiq · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/usr/bin/env bash
# AKS read-only deploy launcher for `codeiq serve`.
#
# Encodes the JVM flag preset that lets `serve` boot under
# securityContext.readOnlyRootFilesystem=true with /tmp mounted writable.
# Spec: docs/specs/2026-04-28-aks-read-only-deploy-design.md.
# Runbook: shared/runbooks/aks-read-only-deploy.md.
#
# Usage: aks-launch.sh /tmp/codeiq-data
set -euo pipefail

if [[ $# -ne 1 ]]; then
  echo "usage: $(basename "$0") <data-dir>" >&2
  exit 64
fi
DATA_DIR="$1"

if [[ ! -d "$DATA_DIR" ]]; then
  echo "fatal: data dir does not exist: $DATA_DIR" >&2
  exit 66
fi

# Resolve the codeiq JAR. Container image installs it at /app/code-iq.jar
# by default; override via $CODEIQ_JAR for local testing.
JAR="${CODEIQ_JAR:-/app/code-iq.jar}"
if [[ ! -f "$JAR" ]]; then
  echo "fatal: codeiq JAR not found at $JAR (override with \$CODEIQ_JAR)" >&2
  exit 66
fi

# Pre-flight: ensure /tmp has enough headroom. 1 GB is the absolute floor —
# Neo4j tx logs + Spring Boot loader extraction + JVM heap dump on OOM
# headroom. Real deploys want 2–4 GB depending on graph size.
TMP_FREE_KB="$(df -Pk /tmp | awk 'NR==2 {print $4}')"
if [[ "${TMP_FREE_KB:-0}" -lt 1048576 ]]; then
  echo "fatal: /tmp has < 1 GB free (${TMP_FREE_KB:-?} KB)" >&2
  exit 70
fi

mkdir -p /tmp/spring-boot-loader

# JVM flag preset. Every entry has a non-default behavior that without it
# would write outside /tmp OR break under cgroup memory limits. Order: -D
# system properties first, then -XX. Don't reorder — keep it greppable for
# the sentinel test.
#
# Memory caps explained:
#   MaxRAMPercentage=50     Heap ceiling = 50% of cgroup memory limit. The
#                           remaining 50% covers Neo4j off-heap page cache
#                           (capped at 256 MB in Neo4jConfig), Metaspace,
#                           JIT code cache, Tomcat NIO buffers, and OS slack.
#                           At limits.memory: 4Gi this lands the JVM at
#                           ~2 GiB heap which is 4× the working set of a
#                           200 K-node graph.
#   InitialRAMPercentage=25 Lower start, lets G1 grow on demand. Avoids
#                           paying the full heap reservation up-front so a
#                           pod that's only doing health probes stays small.
#   ExitOnOutOfMemoryError  Fail-fast on JVM-side OOM. Lets K8s restart
#                           cleanly instead of looping in a degraded state
#                           where readiness probes timeout.
JAVA_OPTS=(
  -Dorg.springframework.boot.loader.tmpDir=/tmp/spring-boot-loader
  -Djava.io.tmpdir=/tmp
  -XX:MaxRAMPercentage=50
  -XX:InitialRAMPercentage=25
  -XX:+UseG1GC
  -XX:+ExitOnOutOfMemoryError
  -XX:ErrorFile=/tmp/hs_err_pid%p.log
  -XX:HeapDumpPath=/tmp
  -XX:+HeapDumpOnOutOfMemoryError
)

# Exec to PID 1 so signals (SIGTERM on pod stop) reach the JVM directly.
exec java "${JAVA_OPTS[@]}" -jar "$JAR" serve "$DATA_DIR"