The webhook for adding Python versions has been cancelled. Now, ops is used exclusively for modifying Jenkins.

Reviewed-on: https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-ops/pulls/4

freeleaps-devops-reconciler/alpha/ci/Jenkinsfile

@@ -0,0 +1,38 @@
+@Library('first-class-pipeline@Nicolas_local_ops') _
+
+executeFreeleapsPipeline {
+  serviceName = 'freeleaps'
+  environmentSlug = 'alpha'
+  serviceGitBranch = 'master'
+  serviceGitRepo = "https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-devops-reconciler.git"
+  serviceGitRepoType = 'monorepo'
+  serviceGitCredentialsId = 'freeleaps-ops-git-credentials'
+  executeMode = 'fully'
+  commitMessageLintEnabled = false
+  components = [
+    [
+      name: 'reconciler',
+      root: 'reconciler',
+      language: 'python',
+      dependenciesManager: 'pip',
+      requirementsFile: 'requirements.txt',
+      buildCacheEnabled: true,
+      buildAgentImage: 'python:3.12-slim',
+      buildArtifacts: ['.'],
+      lintEnabled: false,
+      sastEnabled: false,
+      imageRegistry: 'docker.io',
+      imageRepository: 'freeleaps',
+      imageName: 'reconciler',
+      imageBuilder: 'dind',
+      dockerfilePath: '../Dockerfile',
+      imageBuildRoot: '..',
+      imageReleaseArchitectures: ['linux/amd64', 'linux/arm64/v8'],
+      registryCredentialsId: 'freeleaps-devops-docker-hub-credentials',
+      semanticReleaseEnabled: true,
+      argoControlledRepo: 'https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-ops.git',
+      argoControlledRepoCredentialsId: 'freeleaps-ops-credentials',
+      argoControlledRepoBranch: 'Nicolas_local_ops'
+    ]
+  ]
+} 

freeleaps-devops-reconciler/helm-pkg/reconciler/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: reconciler
+description: A Helm Chart of reconciler service, which part of Freeleaps Platform, powered by Freeleaps.
+type: application
+version: 0.0.1
+appVersion: "0.0.1"

freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/certificate.yaml

@@ -0,0 +1,27 @@
+{{ $namespace := .Release.Namespace }}
+{{ $appVersion := .Chart.AppVersion | quote }}
+{{ $releaseCertificate := .Release.Service }}
+{{ $releaseName := .Release.Name }}
+{{- range $ingress := .Values.reconciler.ingresses }}
+{{- if not $ingress.tls.exists  }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ $ingress.name }}
+  namespace: {{ $namespace }}
+  labels:
+    app.kubernetes.io/version: {{ $appVersion }}
+    app.kubernetes.io/name: {{ $ingress.name | quote }}
+    app.kubernetes.io/managed-by: {{ $releaseCertificate }}
+    app.kubernetes.io/instance: {{ $releaseName }}
+spec:
+  commonName: {{ $ingress.host }}
+  dnsNames:
+    - {{ $ingress.host }}
+  issuerRef:
+    name: {{ $ingress.tls.issuerRef.name }}
+    kind: {{ $ingress.tls.issuerRef.kind }}
+  secretName: {{ $ingress.tls.name }}
+{{- end }}
+{{- end }}

freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/deployment.yaml

@@ -0,0 +1,121 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+    app.kubernetes.io/name: "reconciler"
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Values.logIngest.enabled }}
+  annotations:
+      opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/reconciler/opentelemetry.yaml") . | sha256sum }}
+{{- end }}
+  name: "reconciler"
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: "reconciler"
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+      app.kubernetes.io/managed-by: {{ .Release.Service }}
+  replicas: {{ .Values.reconciler.replicas }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+        app.kubernetes.io/name: "reconciler"
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+      annotations:
+        app.kubernetes.io/config-checksum: {{ include (print $.Template.BasePath "/reconciler/reconciler-config.yaml") . | sha256sum }}
+{{- if .Values.logIngest.enabled }}
+        opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/reconciler/opentelemetry.yaml") . | sha256sum }}
+        sidecar.opentelemetry.io/inject: "{{ .Release.Namespace}}/{{ .Release.Name }}-opentelemetry-collector"
+{{- end }}
+    spec:
+{{- if .Values.logIngest.enabled }}
+      serviceAccountName: "{{ .Release.Name }}-otel-collector"
+{{- end }}
+      containers:
+        - name: "reconciler"
+          image: "{{ coalesce .Values.reconciler.image.registry .Values.global.registry "docker.io"}}/{{ coalesce .Values.reconciler.image.repository .Values.global.repository }}/{{ .Values.reconciler.image.name }}:{{ .Values.reconciler.image.tag | default "latest" }}"
+          imagePullPolicy: {{ .Values.reconciler.image.imagePullPolicy | default "IfNotPresent" }}
+          ports:
+            {{- range $port := .Values.reconciler.ports }}
+            - containerPort: {{ $port.containerPort }}
+              name: {{ $port.name }}
+              protocol: {{ $port.protocol }}
+            {{- end }}
+          {{- if .Values.reconciler.resources }}  
+          resources:
+            {{- toYaml .Values.reconciler.resources | nindent 12 }}
+          {{- end }}
+          {{- if .Values.reconciler.probes }}
+          {{- if and (.Values.reconciler.probes.liveness) (eq .Values.reconciler.probes.liveness.type "httpGet") }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.reconciler.probes.liveness.config.path }}
+              port: {{ .Values.reconciler.probes.liveness.config.port }}
+            {{- if .Values.reconciler.probes.liveness.config.initialDelaySeconds }}
+            initialDelaySeconds: {{ .Values.reconciler.probes.liveness.config.initialDelaySeconds }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.liveness.config.periodSeconds }}
+            periodSeconds: {{ .Values.reconciler.probes.liveness.config.periodSeconds }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.liveness.config.timeoutSeconds }}
+            timeoutSeconds: {{ .Values.reconciler.probes.liveness.config.timeoutSeconds }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.liveness.config.successThreshold }}
+            successThreshold: {{ .Values.reconciler.probes.liveness.config.successThreshold }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.liveness.config.failureThreshold }}
+            failureThreshold: {{ .Values.reconciler.probes.liveness.config.failureThreshold }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.liveness.config.terminationGracePeriodSeconds }}
+            terminationGracePeriodSeconds: {{ .Values.reconciler.probes.liveness.config.terminationGracePeriodSeconds }}
+            {{- end }}
+          {{- end }}
+          {{- if and (.Values.reconciler.probes.readiness) (eq .Values.reconciler.probes.readiness.type "httpGet") }}
+          readinessProbe:
+            httpGet:
+              path: {{ .Values.reconciler.probes.readiness.config.path }}
+              port: {{ .Values.reconciler.probes.readiness.config.port }}
+            {{- if .Values.reconciler.probes.readiness.config.initialDelaySeconds }}
+            initialDelaySeconds: {{ .Values.reconciler.probes.readiness.config.initialDelaySeconds }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.readiness.config.periodSeconds }}
+            periodSeconds: {{ .Values.reconciler.probes.readiness.config.periodSeconds }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.readiness.config.timeoutSeconds }}
+            timeoutSeconds: {{ .Values.reconciler.probes.readiness.config.timeoutSeconds }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.readiness.config.successThreshold }}
+            successThreshold: {{ .Values.reconciler.probes.readiness.config.successThreshold }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.readiness.config.failureThreshold }}
+            failureThreshold: {{ .Values.reconciler.probes.readiness.config.failureThreshold }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.readiness.config.terminationGracePeriodSeconds }}
+            terminationGracePeriodSeconds: {{ .Values.reconciler.probes.readiness.config.terminationGracePeriodSeconds }}
+            {{- end }}
+          {{- end }}
+          {{- end}}
+          env:
+            {{- range $key, $value := .Values.reconciler.configs }}
+            - name: {{ $key | snakecase | upper }}
+              valueFrom:
+                secretKeyRef:
+                  name: reconciler-config
+                  key: {{ $key | snakecase | upper }}
+            {{- end }}
+{{- if .Values.logIngest.enabled }}
+          volumeMounts:
+            - name: app-logs
+              mountPath: {{ .Values.logIngest.logPath }}
+{{- end }}
+{{- if .Values.logIngest.enabled }}
+      volumes:
+        - name: app-logs
+          emptyDir: {}
+{{- end }}

freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/ingress.yaml

@@ -0,0 +1,36 @@
+{{ $namespace := .Release.Namespace }}
+{{ $appVersion := .Chart.AppVersion | quote }}
+{{ $releaseIngress := .Release.Service }}
+{{ $releaseName := .Release.Name }}
+{{- range $ingress := .Values.reconciler.ingresses }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $ingress.name }}
+  namespace: {{ $namespace }}
+  labels:
+    app.kubernetes.io/version: {{ $appVersion }}
+    app.kubernetes.io/name: {{ $ingress.name | quote }}
+    app.kubernetes.io/managed-by: {{ $releaseIngress }}
+    app.kubernetes.io/instance: {{ $releaseName }}
+spec:
+{{- if $ingress.class }}
+  ingressClassName: {{ $ingress.class }}
+{{- end }}
+{{- if $ingress.tls }}
+  tls:
+    - hosts:
+        - {{ $ingress.host }}
+{{- if $ingress.tls.exists }}
+      secretName: {{ $ingress.tls.secretRef.name }}
+{{- else }}
+      secretName: {{ $ingress.tls.name }}
+{{- end }}
+{{- end }}
+  rules:
+    - host: {{ $ingress.host }}
+      http:
+        paths:
+{{- toYaml $ingress.rules | nindent 10 }}
+{{- end }}

freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/reconciler-config.yaml

@@ -0,0 +1,70 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: reconciler-config
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  DEBUG: {{ .Values.reconciler.configs.debug | b64enc | quote }}
+  K8S_CLUSTER_DOMAIN: {{ .Values.reconciler.configs.k8sClusterDomain | b64enc | quote }}
+  AUTO_DISCOVER_K8S_CLUSTER_DOMAIN_MAX_RETRIES: {{ .Values.reconciler.configs.autoDiscoverK8sClusterDomainMaxRetries | toString | b64enc | quote }}
+  RABBITMQ_HOST: {{ .Values.reconciler.configs.rabbitmqHost | b64enc | quote }}
+  RABBITMQ_PORT: {{ .Values.reconciler.configs.rabbitmqPort | toString | b64enc | quote }}
+  RABBITMQ_USERNAME: {{ .Values.reconciler.configs.rabbitmqUsername | b64enc | quote }}
+  RABBITMQ_PASSWORD: {{ .Values.reconciler.configs.rabbitmqPassword | b64enc | quote }}
+  RABBITMQ_VHOST: {{ .Values.reconciler.configs.rabbitmqVhost | b64enc | quote }}
+  RABBITMQ_INPUT_QUEUE: {{ .Values.reconciler.configs.rabbitmqInputQueue | b64enc | quote }}
+  RABBITMQ_OUTPUT_QUEUE: {{ .Values.reconciler.configs.rabbitmqOutputQueue | b64enc | quote }}
+  RABBITMQ_ENABLE_EXCHANGE_BINDING: {{ .Values.reconciler.configs.rabbitmqEnableExchangeBinding | b64enc | quote }}
+  RABBITMQ_INPUT_EXCHANGE: {{ .Values.reconciler.configs.rabbitmqInputExchange | b64enc | quote }}
+  RABBITMQ_INPUT_EXCHANGE_TYPE: {{ .Values.reconciler.configs.rabbitmqInputExchangeType | b64enc | quote }}
+  RABBITMQ_INPUT_ROUTING_KEY: {{ .Values.reconciler.configs.rabbitmqInputRoutingKey | b64enc | quote }}
+  RABBITMQ_OUTPUT_EXCHANGE: {{ .Values.reconciler.configs.rabbitmqOutputExchange | b64enc | quote }}
+  RABBITMQ_OUTPUT_ROUTING_KEY: {{ .Values.reconciler.configs.rabbitmqOutputRoutingKey | b64enc | quote }}
+  JENKINS_ENDPOINT: {{ .Values.reconciler.configs.jenkinsEndpoint | b64enc | quote }}
+  JENKINS_USERNAME: {{ .Values.reconciler.configs.jenkinsUsername | b64enc | quote }}
+  JENKINS_TOKEN: {{ .Values.reconciler.configs.jenkinsToken | b64enc | quote }}
+  JENKINS_API_TIMEOUT: {{ .Values.reconciler.configs.jenkinsApiTimeout | toString | b64enc | quote }}
+  JENKINS_FOLDER_CREATION_RETRY_COUNT: {{ .Values.reconciler.configs.jenkinsFolderCreationRetryCount | toString | b64enc | quote }}
+  ARGOCD_ENDPOINT: {{ .Values.reconciler.configs.argocdEndpoint | b64enc | quote }}
+  ARGOCD_USERNAME: {{ .Values.reconciler.configs.argocdUsername | b64enc | quote }}
+  ARGOCD_PASSWORD: {{ .Values.reconciler.configs.argocdPassword | b64enc | quote }}
+  ARGOCD_API_TIMEOUT: {{ .Values.reconciler.configs.argocdApiTimeout | toString | b64enc | quote }}
+  ARGOCD_RESOURCE_CREATION_TIMEOUT: {{ .Values.reconciler.configs.argocdResourceCreationTimeout | toString | b64enc | quote }}
+  DEFAULT_GIT_USERNAME: {{ .Values.reconciler.configs.defaultGitUsername | b64enc | quote }}
+  DEFAULT_GIT_PASSWORD: {{ .Values.reconciler.configs.defaultGitPassword | b64enc | quote }}
+  DEFAULT_REGISTRY_USERNAME: {{ .Values.reconciler.configs.defaultRegistryUsername | b64enc | quote }}
+  DEFAULT_REGISTRY_PASSWORD: {{ .Values.reconciler.configs.defaultRegistryPassword | b64enc | quote }}
+  KUBERNETES_API_TIMEOUT: {{ .Values.reconciler.configs.kubernetesApiTimeout | toString | b64enc | quote }}
+  DEFAULT_HTTP_TIMEOUT: {{ .Values.reconciler.configs.defaultHttpTimeout | toString | b64enc | quote }}
+  ALLOW_HTTP_GIT_URLS: {{ .Values.reconciler.configs.allowHttpGitUrls | b64enc | quote }}
+  LOG_LEVEL: {{ .Values.reconciler.configs.logLevel | b64enc | quote }}
+  LOG_FORMAT: {{ .Values.reconciler.configs.logFormat | b64enc | quote }}
+  OPERATOR_NAMESPACE: {{ .Values.reconciler.configs.operatorNamespace | b64enc | quote }}
+  RECONCILE_INTERVAL: {{ .Values.reconciler.configs.reconcileInterval | toString | b64enc | quote }}
+  ENABLE_MOCK_SERVICE: {{ .Values.reconciler.configs.enableMockService | b64enc | quote }}
+  MOCK_SERVICE_PORT: {{ .Values.reconciler.configs.mockServicePort | toString | b64enc | quote }}
+  DEV_MODE: {{ .Values.reconciler.configs.devMode | b64enc | quote }}
+  GODADDY_API_KEY: {{ .Values.reconciler.configs.godaddyApiKey | b64enc | quote }}
+  GODADDY_API_SECRET: {{ .Values.reconciler.configs.godaddyApiSecret | b64enc | quote }}
+  GODADDY_BASE_DOMAIN: {{ .Values.reconciler.configs.godaddyBaseDomain | b64enc | quote }}
+  DOMAIN_TEMPLATE: {{ .Values.reconciler.configs.domainTemplate | b64enc | quote }}
+  INGRESS_CLASS_NAME: {{ .Values.reconciler.configs.ingressClassName | b64enc | quote }}
+  CERT_MANAGER_CLUSTER_ISSUER: {{ .Values.reconciler.configs.certManagerClusterIssuer | b64enc | quote }}
+  DNS_CREATION_TIMEOUT: {{ .Values.reconciler.configs.dnsCreationTimeout | toString | b64enc | quote }}
+  CERTIFICATE_ISSUANCE_TIMEOUT: {{ .Values.reconciler.configs.certificateIssuanceTimeout | toString | b64enc | quote }}
+  INGRESS_READY_TIMEOUT: {{ .Values.reconciler.configs.ingressReadyTimeout | toString | b64enc | quote }}
+  NETWORK_RESOURCE_CLEANUP_TIMEOUT: {{ .Values.reconciler.configs.networkResourceCleanupTimeout | toString | b64enc | quote }}
+  NETWORK_RESOURCE_RETRY_COUNT: {{ .Values.reconciler.configs.networkResourceRetryCount | toString | b64enc | quote }}
+  NETWORK_RESOURCE_RETRY_DELAY: {{ .Values.reconciler.configs.networkResourceRetryDelay | toString | b64enc | quote }}
+  SERVICE_API_ACCESS_HOST: {{ .Values.reconciler.configs.serviceApiAccessHost | b64enc | quote }}
+  SERVICE_API_ACCESS_PORT: {{ .Values.reconciler.configs.serviceApiAccessPort | toString | b64enc | quote }}
+  MONGODB_NAME: {{ .Values.reconciler.configs.mongodbName | b64enc | quote }}
+  MONGODB_URI: {{ .Values.reconciler.configs.mongodbUri | b64enc | quote }}
+  MONGODB_PORT: {{ .Values.reconciler.configs.mongodbPort | toString | b64enc | quote }}
+  REDIS_URL: {{ .Values.reconciler.configs.redisUrl | b64enc | quote }}
+  REDIS_IS_CLUSTER: {{ .Values.reconciler.configs.redisIsCluster | b64enc | quote }}
+  JWT_SECRET_KEY: {{ .Values.reconciler.configs.jwtSecretKey | b64enc | quote }}
+  JWT_ALGORITHM: {{ .Values.reconciler.configs.jwtAlgorithm | b64enc | quote }}
+  METRICS_ENABLED: {{ .Values.reconciler.configs.metricsEnabled | b64enc | quote }}
+  PROBES_ENABLED: {{ .Values.reconciler.configs.probesEnabled | b64enc | quote }}

freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/service.yaml

@@ -0,0 +1,26 @@
+{{ $namespace := .Release.Namespace }}
+{{ $appVersion := .Chart.AppVersion | quote }}
+{{ $releaseService := .Release.Service }}
+{{ $releaseName := .Release.Name }}
+{{- range $service := .Values.reconciler.services }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ $service.name }}
+  namespace: {{ $namespace }}
+  labels:
+    app.kubernetes.io/version: {{ $appVersion }}
+    app.kubernetes.io/name: {{ $service.name | quote }}
+    app.kubernetes.io/managed-by: {{ $releaseService }}
+    app.kubernetes.io/instance: {{ $releaseName }}
+spec:
+  ports:
+    - port: {{ $service.port }}
+      targetPort: {{ $service.targetPort }}
+  selector:
+    app.kubernetes.io/version: {{ $appVersion }}
+    app.kubernetes.io/name: "reconciler"
+    app.kubernetes.io/managed-by: {{ $releaseService }}
+    app.kubernetes.io/instance: {{ $releaseName }}
+{{- end }}

freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/servicemonitor.yaml

@@ -0,0 +1,40 @@
+{{ $namespace := .Release.Namespace }}
+{{ $appVersion := .Chart.AppVersion | quote }}
+{{ $releaseService := .Release.Service }}
+{{ $releaseName := .Release.Name }}
+
+{{- range $service := .Values.reconciler.services }}
+{{- if $service.serviceMonitor.enabled }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ $service.name }}-monitor
+  namespace: {{ $service.serviceMonitor.namespace }}
+  labels:
+    app.kubernetes.io/version: {{ $appVersion }}
+    app.kubernetes.io/name: {{ $service.name }}-monitor
+    app.kubernetes.io/managed-by: {{ $releaseService }}
+    app.kubernetes.io/instance: {{ $releaseName }}
+    {{- if $service.serviceMonitor.labels }}
+    {{- toYaml $service.serviceMonitor.labels | nindent 4 }}
+    {{- end }}
+spec:
+  endpoints:
+    - path: /api/_/metrics
+      targetPort: {{ $service.targetPort }}
+      {{- if $service.serviceMonitor.interval }}
+      interval: {{ $service.serviceMonitor.interval }}
+      {{- end }}
+      {{- if $service.serviceMonitor.scrapeTimeout }}
+      scrapeTimeout: {{ $service.serviceMonitor.scrapeTimeout }}
+      {{- end }}
+  namespaceSelector:
+    matchNames:
+      - {{ $namespace | quote }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ $service.name }}
+      app.kubernetes.io/instance: {{ $releaseName }}
+{{- end }}
+{{- end }}

freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/vpa.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.reconciler.vpa }}
+---
+apiVersion: autoscaling.k8s.io/v1
+kind: VerticalPodAutoscaler
+metadata:
+  name: {{ .Release.Name }}-reconciler-vpa
+  namespace: {{ .Release.Namespace }}
+spec:
+  targetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: reconciler
+  resourcePolicy:
+    containerPolicies:
+      - containerName: '*'
+        {{- if .Values.reconciler.vpa.minAllowed.enabled }}
+        minAllowed:
+          cpu: {{ .Values.reconciler.vpa.minAllowed.cpu }}
+          memory: {{ .Values.reconciler.vpa.minAllowed.memory }}
+        {{- end }}
+        {{- if .Values.reconciler.vpa.maxAllowed.enabled }}
+        maxAllowed:
+          cpu: {{ .Values.reconciler.vpa.maxAllowed.cpu }}
+          memory: {{ .Values.reconciler.vpa.maxAllowed.memory }}
+        {{- end }}
+        {{- if .Values.reconciler.vpa.controlledResources }}
+        controlledResources:
+          {{- range .Values.reconciler.vpa.controlledResources }}
+          - {{ . }}
+          {{- end }}
+        {{- end }}
+{{- end }}

freeleaps-devops-reconciler/helm-pkg/reconciler/values.alpha.yaml

@@ -0,0 +1,131 @@
+global:
+  registry: docker.io
+  repository: freeleaps
+  nodeSelector: {}
+logIngest:
+  enabled: false
+reconciler:
+  replicas: 1
+  image:
+    registry:
+    repository: freeleaps
+    name: reconciler
+    tag: 1.0.0
+    imagePullPolicy: IfNotPresent
+  ports:
+    - name: http
+      containerPort: 8080
+      protocol: TCP
+  resources:
+    requests:
+      cpu: "0.1"
+      memory: "64Mi"
+    limits:
+      cpu: "0.2"
+      memory: "128Mi"
+  # FIXME: Wait until the developers implements the probes APIs
+  probes: {}
+  services:
+    - name: reconciler-service
+      type: ClusterIP
+      port: 8080
+      targetPort: 8080
+      serviceMonitor:
+        enabled: false
+        labels:
+          release: kube-prometheus-stack
+        namespace: freeleaps-monitoring-system
+        interval: 30s
+        scrapeTimeout: ""
+  # Defaults to {}, which means doesn't have any ingress
+  ingresses: {}
+  configs:
+    # General
+    debug: "false"
+    k8sClusterDomain: "kubernetes.default.svc.cluster.local"
+    autoDiscoverK8sClusterDomainMaxRetries: 5
+    # RabbitMQ
+    rabbitmqHost: "localhost"
+    rabbitmqPort: 5672
+    rabbitmqUsername: "admin"
+    rabbitmqPassword: "admin"
+    rabbitmqVhost: "/"
+    rabbitmqInputQueue: "freeleaps.devops.reconciler.input"
+    rabbitmqOutputQueue: "freeleaps.devops.reconciler.output"
+    rabbitmqEnableExchangeBinding: "true"
+    rabbitmqInputExchange: "freeleaps.notification.exchange"
+    rabbitmqInputExchangeType: "direct"
+    rabbitmqInputRoutingKey: "freeleaps.devops.reconciler.input"
+    rabbitmqOutputExchange: "freeleaps.notification.exchange"
+    rabbitmqOutputRoutingKey: "freeleaps.devops.reconciler.output"
+    # Jenkins
+    jenkinsEndpoint: "http://localhost:8080"
+    jenkinsUsername: "admin"
+    jenkinsToken: "admin"
+    jenkinsApiTimeout: 30
+    jenkinsFolderCreationRetryCount: 3
+    # ArgoCD
+    argocdEndpoint: "http://localhost:8080"
+    argocdUsername: "admin"
+    argocdPassword: "admin"
+    argocdApiTimeout: 30
+    argocdResourceCreationTimeout: 30
+    # Default Credentials
+    defaultGitUsername: "admin"
+    defaultGitPassword: "admin"
+    defaultRegistryUsername: "admin"
+    defaultRegistryPassword: "admin"
+    # API Timeouts
+    kubernetesApiTimeout: 30
+    defaultHttpTimeout: 30
+    # Git
+    allowHttpGitUrls: "false"
+    # Advanced
+    logLevel: "INFO"
+    logFormat: "text"
+    operatorNamespace: "freeleaps-devops-system"
+    reconcileInterval: 30
+    # Development
+    enableMockService: "false"
+    mockServicePort: 5000
+    devMode: "false"
+    # Network Resource Management
+    godaddyApiKey: ""
+    godaddyApiSecret: ""
+    godaddyBaseDomain: "mathmast.com"
+    domainTemplate: "{env}.{project_id}.mathmast.com"
+    ingressClassName: "nginx"
+    certManagerClusterIssuer: "letsencrypt-prod"
+    dnsCreationTimeout: 300
+    certificateIssuanceTimeout: 600
+    ingressReadyTimeout: 300
+    networkResourceCleanupTimeout: 300
+    networkResourceRetryCount: 3
+    networkResourceRetryDelay: 30
+    # Service
+    serviceApiAccessHost: "0.0.0.0"
+    serviceApiAccessPort: "8080"
+    # MongoDB/Redis (add if needed)
+    mongodbName: ""
+    mongodbUri: ""
+    mongodbPort: ""
+    redisUrl: ""
+    redisIsCluster: "false"
+    # JWT
+    jwtSecretKey: ""
+    jwtAlgorithm: ""
+    # Metrics/Probes
+    metricsEnabled: "false"
+    probesEnabled: "false"
+  vpa:
+    minAllowed:
+      enabled: false
+      cpu: "0.1"
+      memory: "64Mi"
+    maxAllowed:
+      enabled: true
+      cpu: "0.2"
+      memory: "128Mi"
+    controlledResources:
+      - cpu
+      - memory

freeleaps-devops-reconciler/helm-pkg/reconciler/values.yaml

@@ -0,0 +1,131 @@
+global:
+  registry: docker.io
+  repository: freeleaps
+  nodeSelector: {}
+logIngest:
+  enabled: false
+reconciler:
+  replicas: 1
+  image:
+    registry:
+    repository: freeleaps
+    name: reconciler
+    tag: 1.0.0
+    imagePullPolicy: IfNotPresent
+  ports:
+    - name: http
+      containerPort: 8080
+      protocol: TCP
+  resources:
+    requests:
+      cpu: "0.1"
+      memory: "64Mi"
+    limits:
+      cpu: "0.2"
+      memory: "128Mi"
+  # FIXME: Wait until the developers implements the probes APIs
+  probes: {}
+  services:
+    - name: reconciler-service
+      type: ClusterIP
+      port: 8080
+      targetPort: 8080
+      serviceMonitor:
+        enabled: false
+        labels:
+          release: kube-prometheus-stack
+        namespace: freeleaps-monitoring-system
+        interval: 30s
+        scrapeTimeout: ""
+  # Defaults to {}, which means doesn't have any ingress
+  ingresses: {}
+  configs:
+    # General
+    debug: "false"
+    k8sClusterDomain: "kubernetes.default.svc.cluster.local"
+    autoDiscoverK8sClusterDomainMaxRetries: 5
+    # RabbitMQ
+    rabbitmqHost: "localhost"
+    rabbitmqPort: 5672
+    rabbitmqUsername: "admin"
+    rabbitmqPassword: "admin"
+    rabbitmqVhost: "/"
+    rabbitmqInputQueue: "freeleaps.devops.reconciler.input"
+    rabbitmqOutputQueue: "freeleaps.devops.reconciler.output"
+    rabbitmqEnableExchangeBinding: "true"
+    rabbitmqInputExchange: "freeleaps.notification.exchange"
+    rabbitmqInputExchangeType: "direct"
+    rabbitmqInputRoutingKey: "freeleaps.devops.reconciler.input"
+    rabbitmqOutputExchange: "freeleaps.notification.exchange"
+    rabbitmqOutputRoutingKey: "freeleaps.devops.reconciler.output"
+    # Jenkins
+    jenkinsEndpoint: "http://localhost:8080"
+    jenkinsUsername: "admin"
+    jenkinsToken: "admin"
+    jenkinsApiTimeout: 30
+    jenkinsFolderCreationRetryCount: 3
+    # ArgoCD
+    argocdEndpoint: "http://localhost:8080"
+    argocdUsername: "admin"
+    argocdPassword: "admin"
+    argocdApiTimeout: 30
+    argocdResourceCreationTimeout: 30
+    # Default Credentials
+    defaultGitUsername: "admin"
+    defaultGitPassword: "admin"
+    defaultRegistryUsername: "admin"
+    defaultRegistryPassword: "admin"
+    # API Timeouts
+    kubernetesApiTimeout: 30
+    defaultHttpTimeout: 30
+    # Git
+    allowHttpGitUrls: "false"
+    # Advanced
+    logLevel: "INFO"
+    logFormat: "text"
+    operatorNamespace: "freeleaps-devops-system"
+    reconcileInterval: 30
+    # Development
+    enableMockService: "false"
+    mockServicePort: 5000
+    devMode: "false"
+    # Network Resource Management
+    godaddyApiKey: ""
+    godaddyApiSecret: ""
+    godaddyBaseDomain: "mathmast.com"
+    domainTemplate: "{env}.{project_id}.mathmast.com"
+    ingressClassName: "nginx"
+    certManagerClusterIssuer: "letsencrypt-prod"
+    dnsCreationTimeout: 300
+    certificateIssuanceTimeout: 600
+    ingressReadyTimeout: 300
+    networkResourceCleanupTimeout: 300
+    networkResourceRetryCount: 3
+    networkResourceRetryDelay: 30
+    # Service
+    serviceApiAccessHost: "0.0.0.0"
+    serviceApiAccessPort: "8080"
+    # MongoDB/Redis (add if needed)
+    mongodbName: ""
+    mongodbUri: ""
+    mongodbPort: ""
+    redisUrl: ""
+    redisIsCluster: "false"
+    # JWT
+    jwtSecretKey: ""
+    jwtAlgorithm: ""
+    # Metrics/Probes
+    metricsEnabled: "false"
+    probesEnabled: "false"
+  vpa:
+    minAllowed:
+      enabled: false
+      cpu: "0.1"
+      memory: "64Mi"
+    maxAllowed:
+      enabled: true
+      cpu: "0.2"
+      memory: "128Mi"
+    controlledResources:
+      - cpu
+      - memory

freeleaps-devops-reconciler/prod/.gitkeep

@@ -0,0 +1 @@
+ 

freeleaps/alpha/ci/freeleaps-service-hub/Jenkinsfile

@@ -1,12 +1,13 @@
-library 'first-class-pipeline'
+@Library('first-class-pipeline@Nicolas_local_ops') _
 
 executeFreeleapsPipeline {
   serviceName = 'freeleaps'
   environmentSlug = 'alpha'
-  serviceGitBranch = 'dev'
+  // Ensure this branch exists in the freeleaps-service-hub repository
+  serviceGitBranch = 'Nicolas_service_hub'
   serviceGitRepo = "https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-service-hub.git"
   serviceGitRepoType = 'monorepo'
-  serviceGitCredentialsId = 'freeleaps-repos-gitea-credentails'
+  serviceGitCredentialsId = 'freeleaps-ops-git-credentials'
   executeMode = 'fully'
   commitMessageLintEnabled = false
   components = [
@@ -114,6 +115,27 @@ executeFreeleapsPipeline {
       imageReleaseArchitectures: ['linux/amd64', 'linux/arm64/v8'],
       registryCredentialsId: 'freeleaps-devops-docker-hub-credentials',
       semanticReleaseEnabled: true
+    ],
+    [
+      name: 'devops',
+      root: 'apps/devops',
+      language: 'python',
+      dependenciesManager: 'pip',
+      requirementsFile: 'requirements.txt',
+      buildCacheEnabled: true,
+      buildAgentImage: 'python:3.12-slim',
+      buildArtifacts: ['.'],
+      lintEnabled: false,
+      sastEnabled: false,
+      imageRegistry: 'docker.io',
+      imageRepository: 'freeleaps',
+      imageName: 'devops',
+      imageBuilder: 'dind',
+      dockerfilePath: 'Dockerfile',
+      imageBuildRoot: '.',
+      imageReleaseArchitectures: ['linux/amd64', 'linux/arm64/v8'],
+      registryCredentialsId: 'freeleaps-devops-docker-hub-credentials',
+      semanticReleaseEnabled: true
     ]
   ]
 }

freeleaps/helm-pkg/devops/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: devops
+description: A Helm Chart of devops, which part of Freeleaps Platform, powered by Freeleaps.
+type: application
+version: 0.0.1
+appVersion: "0.0.1"

freeleaps/helm-pkg/devops/templates/devops/certificate.yaml

@@ -0,0 +1,27 @@
+{{ $namespace := .Release.Namespace }}
+{{ $appVersion := .Chart.AppVersion | quote }}
+{{ $releaseCertificate := .Release.Service }}
+{{ $releaseName := .Release.Name }}
+{{- range $ingress := .Values.devops.ingresses }}
+{{- if not $ingress.tls.exists  }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ $ingress.name }}
+  namespace: {{ $namespace }}
+  labels:
+    app.kubernetes.io/version: {{ $appVersion }}
+    app.kubernetes.io/name: {{ $ingress.name | quote }}
+    app.kubernetes.io/managed-by: {{ $releaseCertificate }}
+    app.kubernetes.io/instance: {{ $releaseName }}
+spec:
+  commonName: {{ $ingress.host }}
+  dnsNames:
+    - {{ $ingress.host }}
+  issuerRef:
+    name: {{ $ingress.tls.issuerRef.name }}
+    kind: {{ $ingress.tls.issuerRef.kind }}
+  secretName: {{ $ingress.tls.name }}
+{{- end }}
+{{- end }}

freeleaps/helm-pkg/devops/templates/devops/deployment.yaml

@@ -0,0 +1,118 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+    app.kubernetes.io/name: "devops"
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+# {{- if .Values.logIngest.enabled }}
+#   annotations:
+#       opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/devops/opentelemetry.yaml") . | sha256sum }}
+# {{- end }}
+  name: "devops"
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: "devops"
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+      app.kubernetes.io/managed-by: {{ .Release.Service }}
+  replicas: {{ .Values.devops.replicas }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+        app.kubernetes.io/name: "devops"
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+      annotations:
+        app.kubernetes.io/config-checksum: {{ include (print $.Template.BasePath "/devops/devops-config.yaml") . | sha256sum }}
+{{- if .Values.logIngest.enabled }}
+        opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/devops/opentelemetry.yaml") . | sha256sum }}
+        sidecar.opentelemetry.io/inject: "{{ .Release.Namespace}}/{{ .Release.Name }}-opentelemetry-collector"
+{{- end }}
+    spec:
+# {{- if .Values.logIngest.enabled }}
+#       serviceAccountName: "{{ .Release.Name }}-otel-collector"
+# {{- end }}
+      containers:
+        - name: "devops"
+          image: "{{ coalesce .Values.devops.image.registry .Values.global.registry "docker.io"}}/{{ coalesce .Values.devops.image.repository .Values.global.repository }}/{{ .Values.devops.image.name }}:{{ .Values.devops.image.tag | default "latest" }}"
+          imagePullPolicy: {{ .Values.devops.image.imagePullPolicy | default "IfNotPresent" }}
+          ports:
+            {{- range $port := .Values.devops.ports }}
+            - containerPort: {{ $port.containerPort }}
+              name: {{ $port.name }}
+              protocol: {{ $port.protocol }}
+            {{- end }}
+          {{- if .Values.devops.resources }}  
+          resources:
+            {{- toYaml .Values.devops.resources | nindent 12 }}
+          {{- end }}
+          {{- if .Values.devops.probes }}
+          {{- if and (.Values.devops.probes.liveness) (eq .Values.devops.probes.liveness.type "httpGet") }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.devops.probes.liveness.config.path }}
+              port: {{ .Values.devops.probes.liveness.config.port }}
+            {{- if .Values.devops.probes.liveness.config.initialDelaySeconds }}
+            initialDelaySeconds: {{ .Values.devops.probes.liveness.config.initialDelaySeconds }}
+            {{- end }}
+            {{- if .Values.devops.probes.liveness.config.periodSeconds }}
+            periodSeconds: {{ .Values.devops.probes.liveness.config.periodSeconds }}
+            {{- end }}
+            {{- if .Values.devops.probes.liveness.config.timeoutSeconds }}
+            timeoutSeconds: {{ .Values.devops.probes.liveness.config.timeoutSeconds }}
+            {{- end }}
+            {{- if .Values.devops.probes.liveness.config.successThreshold }}
+            successThreshold: {{ .Values.devops.probes.liveness.config.successThreshold }}
+            {{- end }}
+            {{- if .Values.devops.probes.liveness.config.failureThreshold }}
+            failureThreshold: {{ .Values.devops.probes.liveness.config.failureThreshold }}
+            {{- end }}
+            {{- if .Values.devops.probes.liveness.config.terminationGracePeriodSeconds }}
+            terminationGracePeriodSeconds: {{ .Values.devops.probes.liveness.config.terminationGracePeriodSeconds }}
+            {{- end }}
+          {{- end }}
+          {{- if and (.Values.devops.probes.readiness) (eq .Values.devops.probes.readiness.type "httpGet") }}
+          readinessProbe:
+            httpGet:
+              path: {{ .Values.devops.probes.readiness.config.path }}
+              port: {{ .Values.devops.probes.readiness.config.port }}
+            {{- if .Values.devops.probes.readiness.config.initialDelaySeconds }}
+            initialDelaySeconds: {{ .Values.devops.probes.readiness.config.initialDelaySeconds }}
+            {{- end }}
+            {{- if .Values.devops.probes.readiness.config.periodSeconds }}
+            periodSeconds: {{ .Values.devops.probes.readiness.config.periodSeconds }}
+            {{- end }}
+            {{- if .Values.devops.probes.readiness.config.timeoutSeconds }}
+            timeoutSeconds: {{ .Values.devops.probes.readiness.config.timeoutSeconds }}
+            {{- end }}
+            {{- if .Values.devops.probes.readiness.config.successThreshold }}
+            successThreshold: {{ .Values.devops.probes.readiness.config.successThreshold }}
+            {{- end }}
+            {{- if .Values.devops.probes.readiness.config.failureThreshold }}
+            failureThreshold: {{ .Values.devops.probes.readiness.config.failureThreshold }}
+            {{- end }}
+          {{- end }}
+          {{- end}}
+          env:
+            {{- range $key, $value := .Values.devops.configs }}
+            - name: {{ $key | snakecase | upper }}
+              valueFrom:
+                secretKeyRef:
+                  name: devops-config
+                  key: {{ $key | snakecase | upper }}
+            {{- end }}
+# {{- if .Values.logIngest.enabled }}
+#         volumeMounts:
+#           - name: app-logs
+#             mountPath: {{ .Values.logIngest.logPath }}
+# {{- end }}
+# {{- if .Values.logIngest.enabled }}
+#       volumes:
+#         - name: app-logs
+#           emptyDir: {}
+# {{- end }}

freeleaps/helm-pkg/devops/templates/devops/devops-config.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: devops-config
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  TZ: {{ .Values.devops.configs.tz | b64enc | quote }}
+  APP_NAME: {{ .Values.devops.configs.appName | b64enc | quote }}
+  JWT_SECRET_KEY: {{ .Values.devops.configs.jwtSecretKey | b64enc | quote }}
+  JWT_ALGORITHM: {{ .Values.devops.configs.jwtAlgorithm | b64enc | quote }}
+  ACCESS_TOKEN_EXPIRE_MINUTES: {{ .Values.devops.configs.accessTokenExpireMinutes | toString | b64enc | quote }}
+  REFRESH_TOKEN_EXPIRE_DAYS: {{ .Values.devops.configs.refreshTokenExpireDays | toString | b64enc | quote }}
+  MONGODB_NAME: {{ .Values.devops.configs.mongodbName | b64enc | quote }}
+  MONGODB_PORT: {{ .Values.devops.configs.mongodbPort | toString | b64enc | quote }}
+  MONGODB_URI: {{ .Values.devops.configs.mongodbUri | b64enc | quote }}
+  METRICS_ENABLED: {{ .Values.devops.configs.metricsEnabled | toString | b64enc | quote }}
+  PROBES_ENABLED: {{ .Values.devops.configs.probesEnabled | toString | b64enc | quote }}
+  BASE_GITEA_URL: {{ .Values.devops.configs.baseGiteaUrl | b64enc | quote }}
+  BASE_RECONCILE_URL: {{ .Values.devops.configs.baseReconcileUrl | b64enc | quote }}
+  BASE_LOKI_URL: {{ .Values.devops.configs.baseLokiUrl | b64enc | quote }}
+  LOG_BASE_PATH: {{ .Values.devops.configs.logBasePath | b64enc | quote }}
+  LOG_RETENTION: {{ .Values.devops.configs.logRetention | b64enc | quote }}
+  LOG_ROTATION: {{ .Values.devops.configs.logRotation | b64enc | quote }}
+  LOG_BACKUP_FILES: {{ .Values.devops.configs.logBackupFiles | toString | b64enc | quote }}
+  LOG_ROTATION_BYTES: {{ .Values.devops.configs.logRotationBytes | toString | b64enc | quote }}
+  MOCK_MODE: {{ .Values.devops.configs.mockMode | toString | b64enc | quote }}
+  MOCK_RESPONSE_DELAY: {{ .Values.devops.configs.mockResponseDelay | toString | b64enc | quote }}

freeleaps/helm-pkg/devops/templates/devops/ingress.yaml

@@ -0,0 +1,36 @@
+{{ $namespace := .Release.Namespace }}
+{{ $appVersion := .Chart.AppVersion | quote }}
+{{ $releaseIngress := .Release.Service }}
+{{ $releaseName := .Release.Name }}
+{{- range $ingress := .Values.devops.ingresses }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $ingress.name }}
+  namespace: {{ $namespace }}
+  labels:
+    app.kubernetes.io/version: {{ $appVersion }}
+    app.kubernetes.io/name: {{ $ingress.name | quote }}
+    app.kubernetes.io/managed-by: {{ $releaseIngress }}
+    app.kubernetes.io/instance: {{ $releaseName }}
+spec:
+{{- if $ingress.class }}
+  ingressClassName: {{ $ingress.class }}
+{{- end }}
+{{- if $ingress.tls }}
+  tls:
+    - hosts:
+        - {{ $ingress.host }}
+{{- if $ingress.tls.exists }}
+      secretName: {{ $ingress.tls.secretRef.name }}
+{{- else }}
+      secretName: {{ $ingress.tls.name }}
+{{- end }}
+{{- end }}
+  rules:
+    - host: {{ $ingress.host }}
+      http:
+        paths:
+{{- toYaml $ingress.rules | nindent 10 }}
+{{- end }}

freeleaps/helm-pkg/devops/templates/devops/service.yaml

@@ -0,0 +1,26 @@
+{{ $namespace := .Release.Namespace }}
+{{ $appVersion := .Chart.AppVersion | quote }}
+{{ $releaseService := .Release.Service }}
+{{ $releaseName := .Release.Name }}
+{{- range $service := .Values.devops.services }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ $service.name }}
+  namespace: {{ $namespace }}
+  labels:
+    app.kubernetes.io/version: {{ $appVersion }}
+    app.kubernetes.io/name: {{ $service.name | quote }}
+    app.kubernetes.io/managed-by: {{ $releaseService }}
+    app.kubernetes.io/instance: {{ $releaseName }}
+spec:
+  ports:
+    - port: {{ $service.port }}
+      targetPort: {{ $service.targetPort }}
+  selector:
+    app.kubernetes.io/version: {{ $appVersion }}
+    app.kubernetes.io/name: "devops"
+    app.kubernetes.io/managed-by: {{ $releaseService }}
+    app.kubernetes.io/instance: {{ $releaseName }}
+{{- end }}

freeleaps/helm-pkg/devops/templates/devops/servicemonitor.yaml

@@ -0,0 +1,40 @@
+{{ $namespace := .Release.Namespace }}
+{{ $appVersion := .Chart.AppVersion | quote }}
+{{ $releaseService := .Release.Service }}
+{{ $releaseName := .Release.Name }}
+
+{{- range $service := .Values.devops.services }}
+{{- if $service.serviceMonitor.enabled }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ $service.name }}-monitor
+  namespace: {{ $service.serviceMonitor.namespace }}
+  labels:
+    app.kubernetes.io/version: {{ $appVersion }}
+    app.kubernetes.io/name: {{ $service.name }}-monitor
+    app.kubernetes.io/managed-by: {{ $releaseService }}
+    app.kubernetes.io/instance: {{ $releaseName }}
+    {{- if $service.serviceMonitor.labels }}
+    {{- toYaml $service.serviceMonitor.labels | nindent 4 }}
+    {{- end }}
+spec:
+  endpoints:
+    - path: /api/_/metrics
+      targetPort: {{ $service.targetPort }}
+      {{- if $service.serviceMonitor.interval }}
+      interval: {{ $service.serviceMonitor.interval }}
+      {{- end }}
+      {{- if $service.serviceMonitor.scrapeTimeout }}
+      scrapeTimeout: {{ $service.serviceMonitor.scrapeTimeout }}
+      {{- end }}
+  namespaceSelector:
+    matchNames:
+      - {{ $namespace | quote }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ $service.name }}
+      app.kubernetes.io/instance: {{ $releaseName }}
+{{- end }}
+{{- end }}

freeleaps/helm-pkg/devops/templates/devops/vpa.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.devops.vpa }}
+---
+apiVersion: autoscaling.k8s.io/v1
+kind: VerticalPodAutoscaler
+metadata:
+  name: {{ .Release.Name }}-vpa
+  namespace: {{ .Release.Namespace }}
+spec:
+  targetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: devops
+  resourcePolicy:
+    containerPolicies:
+      - containerName: '*'
+        {{- if .Values.devops.vpa.minAllowed.enabled }}
+        minAllowed:
+          cpu: {{ .Values.devops.vpa.minAllowed.cpu }}
+          memory: {{ .Values.devops.vpa.minAllowed.memory }}
+        {{- end }}
+        {{- if .Values.devops.vpa.maxAllowed.enabled }}
+        maxAllowed:
+          cpu: {{ .Values.devops.vpa.maxAllowed.cpu }}
+          memory: {{ .Values.devops.vpa.maxAllowed.memory }}
+        {{- end }}
+        {{- if .Values.devops.vpa.controlledResources }}
+        controlledResources:
+          {{- range .Values.devops.vpa.controlledResources }}
+          - {{ . }}
+          {{- end }}
+        {{- end }}
+{{- end }}

freeleaps/helm-pkg/devops/values.alpha.yaml

@@ -0,0 +1,88 @@
+global:
+  registry: docker.io
+  repository: freeleaps
+  nodeSelector: {}
+logIngest:
+  enabled: false
+devops:
+  replicas: 1
+  image:
+    registry:
+    repository: freeleaps
+    name: devops
+    tag: 1.0.0
+    imagePullPolicy: IfNotPresent
+  ports:
+    - name: http
+      containerPort: 8014
+      protocol: TCP
+  resources:
+    requests:
+      cpu: "0.1"
+      memory: "64Mi"
+    limits:
+      cpu: "0.2"
+      memory: "128Mi"
+  # FIXME: Wait until the developers implements the probes APIs
+  probes: {}
+  services:
+    - name: devops-service
+      type: ClusterIP
+      port: 8014
+      targetPort: 8014
+      serviceMonitor:
+        enabled: false
+        labels:
+          release: kube-prometheus-stack
+        namespace: freeleaps-monitoring-system
+        interval: 30s
+        scrapeTimeout: ""
+  # Defaults to {}, which means doesn't have any ingress
+  ingresses: {}
+  configs:
+    # Basic configuration
+    tz: "UTC"
+    appName: "devops"
+    
+    # JWT configuration
+    jwtSecretKey: ""
+    jwtAlgorithm: "HS256"
+    accessTokenExpireMinutes: "3600"
+    refreshTokenExpireDays: "1"
+    
+    # MongoDB configuration
+    mongodbName: ""
+    mongodbPort: "27017"
+    mongodbUri: ""
+    
+    # Feature switches
+    metricsEnabled: "false"
+    probesEnabled: "true"
+    
+    # External service URLs
+    baseGiteaUrl: "https://gitea.freeleaps.mathmast.com"
+    baseReconcileUrl: "https://reconcile.freeleaps.mathmast.com"
+    baseLokiUrl: "http://loki-gateway.freeleaps-logging-system"
+    
+    # Log configuration
+    logBasePath: "/app/log"
+    logRetention: "30 days"
+    logRotation: "00:00"
+    logBackupFiles: "5"
+    logRotationBytes: "10485760"
+    
+    # Mock mode configuration
+    mockMode: "false"
+    mockResponseDelay: "1000"
+  vpa:
+    minAllowed:
+      enabled: false
+      cpu: 100m
+      memory: 64Mi
+    maxAllowed:
+      enabled: true
+      cpu: 100m
+      memory: 128Mi
+    controlledResources:
+      - cpu
+      - memory

freeleaps/helm-pkg/devops/values.prod.yaml

@@ -0,0 +1,89 @@
+global:
+  registry: docker.io
+  repository: freeleaps
+  nodeSelector: {}
+dashboard:
+  enabled: true
+  name: freeleaps-prod-authentication-dashboard
+  title: Authentication Service Dashboard (PROD)
+  metricsPrefix: freeleaps_authentication
+authentication:
+  replicas: 1
+  image:
+    registry: docker.io
+    repository: null
+    name: authentication
+    tag: snapshot-40e0faf
+    imagePullPolicy: IfNotPresent
+  ports:
+  - name: http
+    containerPort: 8004
+    protocol: TCP
+  resources:
+    requests:
+      cpu: 200m
+      memory: 64Mi
+    limits:
+      cpu: 300m
+      memory: 128Mi
+  probes:
+    readiness:
+      type: httpGet
+      config:
+        path: /api/_/readyz
+        port: 8004
+        initialDelaySeconds: 5
+        periodSeconds: 30
+        timeoutSeconds: 3
+        successThreshold: 1
+        failureThreshold: 3
+    liveness:
+      type: httpGet
+      config:
+        path: /api/_/livez
+        port: 8004
+        initialDelaySeconds: 5
+        periodSeconds: 15
+        timeoutSeconds: 3
+        successThreshold: 1
+        failureThreshold: 3
+        terminationGracePeriodSeconds: 30
+  services:
+  - name: authentication-service
+    type: ClusterIP
+    port: 8004
+    targetPort: 8004
+    serviceMonitor:
+      enabled: true
+      labels:
+        release: kube-prometheus-stack
+      namespace: freeleaps-monitoring-system
+      interval: 30s
+      scrapeTimeout: ''
+  ingresses: {}
+  configs:
+    tz: UTC
+    appName: authentication
+    devsvcWebapiUrlBase: http://devsvc-service.freeleaps-prod.svc.freeleaps.cluster:8007/api/devsvc/
+    notificationWebapiUrlBase: http://notification-service.freeleaps-prod.svc.freeleaps.cluster:8003/api/notification/
+    jwtSecretKey: ea84edf152976b2fcec12b78aa8e45bc26a5cf0ef61bf16f5c317ae33b3fd8b0
+    jwtAlgorithm: HS256
+    serviceApiAccessHost: 0.0.0.0
+    serviceApiAccessPort: 8004
+    mongodbName: freeleaps2
+    mongodbPort: 27017
+    mongodbUri: mongodb+srv://freeadmin:0eMV0bt8oyaknA0m@freeleaps2.zmsmpos.mongodb.net/?retryWrites=true&w=majority
+    metricsEnabled: 'true'
+    probesEnabled: 'true'
+  vpa:
+    minAllowed:
+      enabled: true
+      cpu: 50m
+      memory: 64Mi
+    maxAllowed:
+      enabled: true
+      cpu: 200m
+      memory: 128Mi
+    controlledResources:
+      - cpu
+      - memory

freeleaps/helm-pkg/devops/values.yaml

@@ -0,0 +1,86 @@
+global:
+  registry: docker.io
+  repository: freeleaps
+  nodeSelector: {}
+devops:
+  replicas: 1
+  image:
+    registry:
+    repository: freeleaps
+    name: devops
+    tag: 1.0.0
+    imagePullPolicy: IfNotPresent
+  ports:
+    - name: http
+      containerPort: 8014
+      protocol: TCP
+  resources:
+    requests:
+      cpu: "0.1"
+      memory: "64Mi"
+    limits:
+      cpu: "0.2"
+      memory: "128Mi"
+  # FIXME: Wait until the developers implements the probes APIs
+  probes: {}
+  services:
+    - name: devops-service
+      type: ClusterIP
+      port: 8014
+      targetPort: 8014
+      serviceMonitor:
+        enabled: false
+        labels:
+          release: kube-prometheus-stack
+        namespace: freeleaps-monitoring-system
+        interval: 30s
+        scrapeTimeout: ""
+  # Defaults to {}, which means doesn't have any ingress
+  ingresses: {}
+  configs:
+    # Basic configuration
+    tz: "UTC"
+    appName: "devops"
+    
+    # JWT configuration
+    jwtSecretKey: ""
+    jwtAlgorithm: "HS256"
+    accessTokenExpireMinutes: "3600"
+    refreshTokenExpireDays: "1"
+    
+    # MongoDB configuration
+    mongodbName: ""
+    mongodbPort: "27017"
+    mongodbUri: ""
+    
+    # Feature switches
+    metricsEnabled: "false"
+    probesEnabled: "true"
+    
+    # External service URLs
+    baseGiteaUrl: "https://gitea.freeleaps.mathmast.com"
+    baseReconcileUrl: "https://reconcile.freeleaps.mathmast.com"
+    baseLokiUrl: "http://loki-gateway.freeleaps-logging-system"
+    
+    # Log configuration
+    logBasePath: "/app/log"
+    logRetention: "30 days"
+    logRotation: "00:00"
+    logBackupFiles: "5"
+    logRotationBytes: "10485760"
+    
+    # Mock mode configuration
+    mockMode: "false"
+    mockResponseDelay: "1000"
+  vpa:
+    minAllowed:
+      enabled: false
+      cpu: 100m
+      memory: 64Mi
+    maxAllowed:
+      enabled: true
+      cpu: 100m
+      memory: 128Mi
+    controlledResources:
+      - cpu
+      - memory