Olympus docs

Appearance

Deployment

Olympus runs as a single Kubernetes Deployment (dashboard + orchestrator + bus + all agent runtimes incl. the main coordinator and hpc), exposed via a Service/NodePort and fronted by a TLS reverse proxy. There are three ways to stand it up.

Self-host (the intended path)

For operators who own their infrastructure. In the main 01p5 repo, infra/ provisions a kubeadm cluster on AWS or Proxmox (Terraform) and deploys the Helm chart (Ansible):

bash
# in 01p5/infra
cp env.sh.template env.sh && $EDITOR env.sh   # creds, domain, CF token
# layer 2: cluster, layer 3: ansible + helm install

See infra/README.md and infra/k8s/README.md in the repo. The chart's self-protection node list (hardening.selfNodes) should list the cluster nodes so Olympus can't manage the hosts it runs on.

Reproducible AWS (sandbox)

The public clone-and-deploy path: a real 2-node kubeadm cluster on EC2, the dashboard, and Let's Encrypt TLS — at a domain you control. Everything project-specific comes from a gitignored inf/env.sh.

bash
cp inf/env.sh.template inf/env.sh && $EDITOR inf/env.sh
./inf/preflight.sh        # tools, AWS creds, hostname, Cloudflare token+zone
./inf/deploy.sh           # terraform apply + ansible (~15-20 min)
./inf/verify.sh           # DNS, TLS, /healthz, dashboard

deploy.sh modes: bare (apply + ansible), --fresh (destroy + redeploy), --ansible-only (re-run the playbook), --destroy, netdb-up (stand up the persistent NetDB/DNS server). Preflight runs before the apply paths; verify runs after.

Prerequisites: Terraform ≥ 1.6, Ansible, AWS credentials (~/.aws or AWS_* env), and a domain in a Cloudflare zone with a Zone:DNS:Edit token. Cost: two EC2 instances + an EIP — a few dollars/day in us-west-2; --destroy when done.

The live demo

demo.0lympu5.com runs on AWS (kubeadm/EC2/Helm/TLS) with auth, admin accounting, the HPC/Slurm/GPU pages, and NetDB over MCP (IPAM/DNS/DHCP authoritative for lab.0lympu5.com, on a persistent server that survives cluster redeploys). Health is public:

bash
curl https://demo.0lympu5.com/healthz   # → {"ok": true}

Everything else is behind login (Google OAuth / email OTP).

What you configure at deploy time

Auth (allowlist, OAuth, email-OTP), router (manual vs llm + provider key), self-protection nodes, per-user cost caps, memory backend, and any MCP servers — all via env / Helm values / Ansible extra-vars. The full list is in Configuration.

Extending with MCP

To graft a third-party tool source onto an agent, declare it in OLYMPUS_MCP_SERVERS (stdio or HTTP), name the target_agent, and list the destructive verbs. Tools register prefixed onto that agent and go through the same gating + approval + self-protection as native tools. The production example is NetDB; a copy-paste stdio starter ships at infra/demo-mcp-server/.