armadaproject · d2burkhalter · May 20, 2026 · May 20, 2026 · May 20, 2026 · May 20, 2026
diff --git a/.vscode/launch.json b/.vscode/launch.json
diff --git a/.vscode/tasks.json b/.vscode/tasks.json
@@ -9,38 +9,198 @@
   },
   "tasks": [
     {
+      "label": "Start dependencies",
       "type": "shell",
-      "command": "go",
-      "args": ["mod", "download"],
-      "label": "Download Go modules"
+      "command": "mage kind && mage dev:up no-auth -dap",
+      "isBackground": true,
+      "problemMatcher": {
+        "owner": "armada-deps",
+        "pattern": { "regexp": "^$" },
+        "background": {
+          "activeOnStart": true,
+          "beginsPattern": "\\| Starting .* on port",
+          "endsPattern": "initialized successfully"
+        }
+      }
     },
     {
+      "label": "Start dependencies with Fake Executor",
       "type": "shell",
-      "command": "mage kind && mage dev:deps",
-      "label": "Start dependencies"
+      "command": "mage dev:up fake-executor -dap",
+      "isBackground": true,
+      "problemMatcher": {
+        "owner": "armada-deps",
+        "pattern": { "regexp": "^$" },
+        "background": {
+          "activeOnStart": true,
+          "beginsPattern": "\\| Starting .* on port",
+          "endsPattern": "initialized successfully"
+        }
+      }
     },
     {
+      "label": "Start dependencies with Prometheus",
       "type": "shell",
-      "command": "mage dev:migrate",
-      "label": "Run migrations"
+      "command": "mage kind && mage dev:up prometheus -dap",
+      "isBackground": true,
+      "problemMatcher": {
+        "owner": "armada-deps",
+        "pattern": { "regexp": "^$" },
+        "background": {
+          "activeOnStart": true,
+          "beginsPattern": "\\| Starting .* on port",
+          "endsPattern": "initialized successfully"
+        }
+      }
     },
     {
-      "label": "Set up dependencies",
+      "label": "Start dependencies with Auth",
+      "type": "shell",
+      "command": "mage kind && mage dev:up auth -dap",
+      "isBackground": true,
+      "problemMatcher": {
+        "owner": "armada-deps",
+        "pattern": { "regexp": "^$" },
+        "background": {
+          "activeOnStart": true,
+          "beginsPattern": "\\| Starting .* on port",
+          "endsPattern": "Keycloak ready"
+        }
+      }
+    },
+    {
+      "label": "Start dependencies with Fake Executor and Prometheus",
+      "type": "shell",
+      "command": "mage dev:up fake-executor,prometheus -dap",
+      "isBackground": true,
+      "problemMatcher": {
+        "owner": "armada-deps",
+        "pattern": { "regexp": "^$" },
+        "background": {
+          "activeOnStart": true,
+          "beginsPattern": "\\| Starting .* on port",
+          "endsPattern": "initialized successfully"
+        }
+      }
+    },
+    {
+      "label": "Start dependencies with Auth and Prometheus",
+      "type": "shell",
+      "command": "mage kind && mage dev:up auth,prometheus -dap",
+      "isBackground": true,
+      "problemMatcher": {
+        "owner": "armada-deps",
+        "pattern": { "regexp": "^$" },
+        "background": {
+          "activeOnStart": true,
+          "beginsPattern": "\\| Starting .* on port",
+          "endsPattern": "Keycloak ready"
+        }
+      }
+    },
+    {
+      "label": "Prepare LookoutUI",
+      "type": "shell",
+      "command": [
+        "scripts/yarn-registry-mirror.sh --cwd ${workspaceFolder}/internal/lookoutui install &&",
+        "scripts/yarn-registry-mirror.sh --cwd ${workspaceFolder}/internal/lookoutui openapi"
+      ]
+    },
+    {
+      "label": "Check for port conflicts",
+      "type": "shell",
+      "command": "_local/scripts/check-port-conflicts.sh",
+      "problemMatcher": []
+    },
+    {
+      "label": "Kill port conflicts",
+      "type": "shell",
+      "command": "_local/scripts/kill-port-conflicts.sh",
+      "problemMatcher": []
+    },
+    {
+      "label": "Wait for dlv (standard)",
+      "type": "shell",
+      "command": "_local/scripts/wait-for-dlv.sh standard",
+      "problemMatcher": []
+    },
+    {
+      "label": "Wait for dlv (fake-executor)",
+      "type": "shell",
+      "command": "_local/scripts/wait-for-dlv.sh fake-executor",
+      "problemMatcher": []
+    },
+    {
+      "label": "Pre-build Go services",
+      "type": "shell",
+      "command": "_local/scripts/prebuild-services.sh",
+      "problemMatcher": []
+    },
+    {
+      "label": "Stop dependencies",
+      "type": "shell",
+      "command": "mage dev:down",
+      "problemMatcher": []
+    },
+    {
+      "label": "Set up and start (no-auth)",
       "dependsOrder": "sequence",
       "dependsOn": [
-        "Download Go modules",
+        "Pre-build Go services",
+        "Check for port conflicts",
         "Start dependencies",
-        "Run migrations"
+        "Wait for dlv (standard)"
       ]
     },
     {
-      "type": "shell",
-      "command": [
-        "scripts/yarn-registry-mirror.sh --cwd ${workspaceFolder}/internal/lookoutui &&",
-        "scripts/yarn-registry-mirror.sh --cwd ${workspaceFolder}/internal/lookoutui openapi &&",
-        "scripts/yarn-registry-mirror.sh --cwd ${workspaceFolder}/internal/lookoutui build"
-      ],
-      "label": "Build Lookout UI"
+      "label": "Set up and start (auth)",
+      "dependsOrder": "sequence",
+      "dependsOn": [
+        "Pre-build Go services",
+        "Check for port conflicts",
+        "Start dependencies with Auth",
+        "Wait for dlv (standard)"
+      ]
+    },
+    {
+      "label": "Set up and start (fake-executor)",
+      "dependsOrder": "sequence",
+      "dependsOn": [
+        "Pre-build Go services",
+        "Check for port conflicts",
+        "Start dependencies with Fake Executor",
+        "Wait for dlv (fake-executor)"
+      ]
+    },
+    {
+      "label": "Set up and start (no-auth with prometheus)",
+      "dependsOrder": "sequence",
+      "dependsOn": [
+        "Pre-build Go services",
+        "Check for port conflicts",
+        "Start dependencies with Prometheus",
+        "Wait for dlv (standard)"
+      ]
+    },
+    {
+      "label": "Set up and start (fake-executor with prometheus)",
+      "dependsOrder": "sequence",
+      "dependsOn": [
+        "Pre-build Go services",
+        "Check for port conflicts",
+        "Start dependencies with Fake Executor and Prometheus",
+        "Wait for dlv (fake-executor)"
+      ]
+    },
+    {
+      "label": "Set up and start (auth with prometheus)",
+      "dependsOrder": "sequence",
+      "dependsOn": [
+        "Pre-build Go services",
+        "Check for port conflicts",
+        "Start dependencies with Auth and Prometheus",
+        "Wait for dlv (standard)"
+      ]
     }
   ]
 }
diff --git a/_local/.armadactl.yaml b/_local/.armadactl.yaml
@@ -61,7 +61,7 @@ contexts:
   auth-exec:
     armadaUrl: localhost:50051
     execAuth:
-      cmd: "/path/to/token-helper"  # Note: field is 'cmd' not 'command'
+      cmd: "/path/to/token-helper" # Note: field is 'cmd' not 'command'
       args: ["--get-token"]
       # Optional: environment variables to pass to the command
       env:

diff --git a/_local/binoculars/config-auth.yaml b/_local/binoculars/config-auth.yaml
@@ -24,4 +24,4 @@ auth:
     cancel_any_jobs: ["admins"]
     reprioritize_any_jobs: ["admins"]
     watch_all_events: ["admins"]
-    execute_jobs: ["admins", "executors"]
+    execute_jobs: ["admins", "executors"]
diff --git a/_local/compose/stack.yaml b/_local/compose/stack.yaml
@@ -67,7 +67,8 @@ services:
       - "8090:8080"
     restart: unless-stopped
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8080/admin/v2/brokers/health"]
+      test:
+        ["CMD", "curl", "-f", "http://localhost:8080/admin/v2/brokers/health"]
       interval: 30s
       timeout: 10s
       retries: 5
@@ -94,3 +95,29 @@ services:
     # No healthcheck on purpose: keycloak's realm import + warmup is slower than
     # `docker compose up --wait` is willing to block for. `mage dev:up auth` polls the
     # realm endpoint via waitForKeycloak before starting goreman.
+
+  prometheus:
+    container_name: prometheus
+    image: ${PROMETHEUS_IMAGE:-prom/prometheus:v3.11.3}
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    ports:
+      - "9090:9090"
+    volumes:
+      - "../prometheus.yml:/etc/prometheus/prometheus.yml"
+    command:
+      - "--config.file=/etc/prometheus/prometheus.yml"
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "wget",
+          "--quiet",
+          "--tries=1",
+          "--spider",
+          "http://localhost:9090/-/healthy",
+        ]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    profiles: [prometheus]
diff --git a/_local/fakeexecutor/config.yaml b/_local/fakeexecutor/config.yaml
@@ -18,4 +18,4 @@ nodes:
       ephemeral-storage: "100Gi"
     labels:
       node.kubernetes.io/instance-type: "Standard_D8s_v3"
-    taints: []
+    taints: []
diff --git a/_local/keycloak/README.md b/_local/keycloak/README.md
@@ -11,36 +11,42 @@ When Keycloak starts with the `auth` Docker Compose profile, it automatically im
 The imported configuration includes:
 
 ### Realm: `armada`
+
 - Display Name: Armada
 - Login with email allowed
 - SSL required for external requests
 
 ### Clients
 
 #### `armada-server`
+
 - Type: Public client (no secret required)
 - PKCE enabled (S256 challenge method)
 - Redirect URIs configured for:
-  - armadactl: `http://localhost:8085/*`
-  - Lookout UI: `http://localhost:3000/*`, `http://localhost:3001/*`
+    - armadactl: `http://localhost:8085/*`
+    - Lookout UI: `http://localhost:3000/*`, `http://localhost:3001/*`
 
 #### `armada-executor`
+
 - Type: Confidential client (service account)
 - Client secret: `executor-secret`
 - Used for service-to-service authentication (executor, scheduler)
 
 ### User: `admin`
+
 - Username: `admin`
 - Password: `admin`
 - Email: `admin@example.com`
 - Group membership: `admins`
 
 ### Groups
+
 - `admins` - Administrative users
 - `executors` - Service accounts for executors
 - `users` - Regular users
 
 ### Token Configuration
+
 - Access token lifespan: 5 minutes
 - SSO session idle: 30 minutes
 - SSO session max: 10 hours
@@ -68,4 +74,4 @@ All components use OIDC authentication with Keycloak:
 - **Executor**: Uses OIDC client credentials flow (service account)
 - **Lookout API**: Accepts OIDC tokens and basic auth
 - **Lookout UI**: Browser-based OIDC authentication
-- **armadactl**: OIDC authorization code flow with PKCE (user authentication)
+- **armadactl**: OIDC authorization code flow with PKCE (user authentication)