icecheng/freeleaps-ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

The webhook for adding Python versions has been cancelled. Now, ops is used exclusively for modifying Jenkins.

Browse Source 
Reviewed-on: https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-ops/pulls/4
This commit is contained in:
Nicolas 2025-07-24 06:28:56 +00:00
commit 83f3b02fb9
24 changed files with 1260 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
freeleaps-devops-reconciler/alpha/ci/Jenkinsfile vendored Normal file
View File

@ -0,0 +1,38 @@
@Library('first-class-pipeline@Nicolas_local_ops') _
executeFreeleapsPipeline {
serviceName = 'freeleaps'
environmentSlug = 'alpha'
serviceGitBranch = 'master'
serviceGitRepo = "https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-devops-reconciler.git"
serviceGitRepoType = 'monorepo'
serviceGitCredentialsId = 'freeleaps-ops-git-credentials'
executeMode = 'fully'
commitMessageLintEnabled = false
components = [
[
name: 'reconciler',
root: 'reconciler',
language: 'python',
dependenciesManager: 'pip',
requirementsFile: 'requirements.txt',
buildCacheEnabled: true,
buildAgentImage: 'python:3.12-slim',
buildArtifacts: ['.'],
lintEnabled: false,
sastEnabled: false,
imageRegistry: 'docker.io',
imageRepository: 'freeleaps',
imageName: 'reconciler',
imageBuilder: 'dind',
dockerfilePath: '../Dockerfile',
imageBuildRoot: '..',
imageReleaseArchitectures: ['linux/amd64', 'linux/arm64/v8'],
registryCredentialsId: 'freeleaps-devops-docker-hub-credentials',
semanticReleaseEnabled: true,
argoControlledRepo: 'https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-ops.git',
argoControlledRepoCredentialsId: 'freeleaps-ops-credentials',
argoControlledRepoBranch: 'Nicolas_local_ops'
]
]
}

6
freeleaps-devops-reconciler/helm-pkg/reconciler/Chart.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v2
name: reconciler
description: A Helm Chart of reconciler service, which part of Freeleaps Platform, powered by Freeleaps.
type: application
version: 0.0.1
appVersion: "0.0.1"

27
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/certificate.yaml Normal file
View File

@ -0,0 +1,27 @@
{{ $namespace := .Release.Namespace }}
{{ $appVersion := .Chart.AppVersion | quote }}
{{ $releaseCertificate := .Release.Service }}
{{ $releaseName := .Release.Name }}
{{- range $ingress := .Values.reconciler.ingresses }}
{{- if not $ingress.tls.exists }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ $ingress.name }}
namespace: {{ $namespace }}
labels:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: {{ $ingress.name | quote }}
app.kubernetes.io/managed-by: {{ $releaseCertificate }}
app.kubernetes.io/instance: {{ $releaseName }}
spec:
commonName: {{ $ingress.host }}
dnsNames:
- {{ $ingress.host }}
issuerRef:
name: {{ $ingress.tls.issuerRef.name }}
kind: {{ $ingress.tls.issuerRef.kind }}
secretName: {{ $ingress.tls.name }}
{{- end }}
{{- end }}

121
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/deployment.yaml Normal file
View File

@ -0,0 +1,121 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/name: "reconciler"
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.logIngest.enabled }}
annotations:
opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/reconciler/opentelemetry.yaml") . | sha256sum }}
{{- end }}
name: "reconciler"
namespace: {{ .Release.Namespace | quote }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: "reconciler"
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
replicas: {{ .Values.reconciler.replicas }}
template:
metadata:
labels:
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/name: "reconciler"
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
annotations:
app.kubernetes.io/config-checksum: {{ include (print $.Template.BasePath "/reconciler/reconciler-config.yaml") . | sha256sum }}
{{- if .Values.logIngest.enabled }}
opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/reconciler/opentelemetry.yaml") . | sha256sum }}
sidecar.opentelemetry.io/inject: "{{ .Release.Namespace}}/{{ .Release.Name }}-opentelemetry-collector"
{{- end }}
spec:
{{- if .Values.logIngest.enabled }}
serviceAccountName: "{{ .Release.Name }}-otel-collector"
{{- end }}
containers:
- name: "reconciler"
image: "{{ coalesce .Values.reconciler.image.registry .Values.global.registry "docker.io"}}/{{ coalesce .Values.reconciler.image.repository .Values.global.repository }}/{{ .Values.reconciler.image.name }}:{{ .Values.reconciler.image.tag | default "latest" }}"
imagePullPolicy: {{ .Values.reconciler.image.imagePullPolicy | default "IfNotPresent" }}
ports:
{{- range $port := .Values.reconciler.ports }}
- containerPort: {{ $port.containerPort }}
name: {{ $port.name }}
protocol: {{ $port.protocol }}
{{- end }}
{{- if .Values.reconciler.resources }}
resources:
{{- toYaml .Values.reconciler.resources | nindent 12 }}
{{- end }}
{{- if .Values.reconciler.probes }}
{{- if and (.Values.reconciler.probes.liveness) (eq .Values.reconciler.probes.liveness.type "httpGet") }}
livenessProbe:
httpGet:
path: {{ .Values.reconciler.probes.liveness.config.path }}
port: {{ .Values.reconciler.probes.liveness.config.port }}
{{- if .Values.reconciler.probes.liveness.config.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.reconciler.probes.liveness.config.initialDelaySeconds }}
{{- end }}
{{- if .Values.reconciler.probes.liveness.config.periodSeconds }}
periodSeconds: {{ .Values.reconciler.probes.liveness.config.periodSeconds }}
{{- end }}
{{- if .Values.reconciler.probes.liveness.config.timeoutSeconds }}
timeoutSeconds: {{ .Values.reconciler.probes.liveness.config.timeoutSeconds }}
{{- end }}
{{- if .Values.reconciler.probes.liveness.config.successThreshold }}
successThreshold: {{ .Values.reconciler.probes.liveness.config.successThreshold }}
{{- end }}
{{- if .Values.reconciler.probes.liveness.config.failureThreshold }}
failureThreshold: {{ .Values.reconciler.probes.liveness.config.failureThreshold }}
{{- end }}
{{- if .Values.reconciler.probes.liveness.config.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.reconciler.probes.liveness.config.terminationGracePeriodSeconds }}
{{- end }}
{{- end }}
{{- if and (.Values.reconciler.probes.readiness) (eq .Values.reconciler.probes.readiness.type "httpGet") }}
readinessProbe:
httpGet:
path: {{ .Values.reconciler.probes.readiness.config.path }}
port: {{ .Values.reconciler.probes.readiness.config.port }}
{{- if .Values.reconciler.probes.readiness.config.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.reconciler.probes.readiness.config.initialDelaySeconds }}
{{- end }}
{{- if .Values.reconciler.probes.readiness.config.periodSeconds }}
periodSeconds: {{ .Values.reconciler.probes.readiness.config.periodSeconds }}
{{- end }}
{{- if .Values.reconciler.probes.readiness.config.timeoutSeconds }}
timeoutSeconds: {{ .Values.reconciler.probes.readiness.config.timeoutSeconds }}
{{- end }}
{{- if .Values.reconciler.probes.readiness.config.successThreshold }}
successThreshold: {{ .Values.reconciler.probes.readiness.config.successThreshold }}
{{- end }}
{{- if .Values.reconciler.probes.readiness.config.failureThreshold }}
failureThreshold: {{ .Values.reconciler.probes.readiness.config.failureThreshold }}
{{- end }}
{{- if .Values.reconciler.probes.readiness.config.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.reconciler.probes.readiness.config.terminationGracePeriodSeconds }}
{{- end }}
{{- end }}
{{- end}}
env:
{{- range $key, $value := .Values.reconciler.configs }}
- name: {{ $key | snakecase | upper }}
valueFrom:
secretKeyRef:
name: reconciler-config
key: {{ $key | snakecase | upper }}
{{- end }}
{{- if .Values.logIngest.enabled }}
volumeMounts:
- name: app-logs
mountPath: {{ .Values.logIngest.logPath }}
{{- end }}
{{- if .Values.logIngest.enabled }}
volumes:
- name: app-logs
emptyDir: {}
{{- end }}

36
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/ingress.yaml Normal file
View File

@ -0,0 +1,36 @@
{{ $namespace := .Release.Namespace }}
{{ $appVersion := .Chart.AppVersion | quote }}
{{ $releaseIngress := .Release.Service }}
{{ $releaseName := .Release.Name }}
{{- range $ingress := .Values.reconciler.ingresses }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $ingress.name }}
namespace: {{ $namespace }}
labels:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: {{ $ingress.name | quote }}
app.kubernetes.io/managed-by: {{ $releaseIngress }}
app.kubernetes.io/instance: {{ $releaseName }}
spec:
{{- if $ingress.class }}
ingressClassName: {{ $ingress.class }}
{{- end }}
{{- if $ingress.tls }}
tls:
- hosts:
- {{ $ingress.host }}
{{- if $ingress.tls.exists }}
secretName: {{ $ingress.tls.secretRef.name }}
{{- else }}
secretName: {{ $ingress.tls.name }}
{{- end }}
{{- end }}
rules:
- host: {{ $ingress.host }}
http:
paths:
{{- toYaml $ingress.rules | nindent 10 }}
{{- end }}

70
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/reconciler-config.yaml Normal file
View File

@ -0,0 +1,70 @@
apiVersion: v1
kind: Secret
metadata:
name: reconciler-config
namespace: {{ .Release.Namespace }}
type: Opaque
data:
DEBUG: {{ .Values.reconciler.configs.debug | b64enc | quote }}
K8S_CLUSTER_DOMAIN: {{ .Values.reconciler.configs.k8sClusterDomain | b64enc | quote }}
AUTO_DISCOVER_K8S_CLUSTER_DOMAIN_MAX_RETRIES: {{ .Values.reconciler.configs.autoDiscoverK8sClusterDomainMaxRetries | toString | b64enc | quote }}
RABBITMQ_HOST: {{ .Values.reconciler.configs.rabbitmqHost | b64enc | quote }}
RABBITMQ_PORT: {{ .Values.reconciler.configs.rabbitmqPort | toString | b64enc | quote }}
RABBITMQ_USERNAME: {{ .Values.reconciler.configs.rabbitmqUsername | b64enc | quote }}
RABBITMQ_PASSWORD: {{ .Values.reconciler.configs.rabbitmqPassword | b64enc | quote }}
RABBITMQ_VHOST: {{ .Values.reconciler.configs.rabbitmqVhost | b64enc | quote }}
RABBITMQ_INPUT_QUEUE: {{ .Values.reconciler.configs.rabbitmqInputQueue | b64enc | quote }}
RABBITMQ_OUTPUT_QUEUE: {{ .Values.reconciler.configs.rabbitmqOutputQueue | b64enc | quote }}
RABBITMQ_ENABLE_EXCHANGE_BINDING: {{ .Values.reconciler.configs.rabbitmqEnableExchangeBinding | b64enc | quote }}
RABBITMQ_INPUT_EXCHANGE: {{ .Values.reconciler.configs.rabbitmqInputExchange | b64enc | quote }}
RABBITMQ_INPUT_EXCHANGE_TYPE: {{ .Values.reconciler.configs.rabbitmqInputExchangeType | b64enc | quote }}
RABBITMQ_INPUT_ROUTING_KEY: {{ .Values.reconciler.configs.rabbitmqInputRoutingKey | b64enc | quote }}
RABBITMQ_OUTPUT_EXCHANGE: {{ .Values.reconciler.configs.rabbitmqOutputExchange | b64enc | quote }}
RABBITMQ_OUTPUT_ROUTING_KEY: {{ .Values.reconciler.configs.rabbitmqOutputRoutingKey | b64enc | quote }}
JENKINS_ENDPOINT: {{ .Values.reconciler.configs.jenkinsEndpoint | b64enc | quote }}
JENKINS_USERNAME: {{ .Values.reconciler.configs.jenkinsUsername | b64enc | quote }}
JENKINS_TOKEN: {{ .Values.reconciler.configs.jenkinsToken | b64enc | quote }}
JENKINS_API_TIMEOUT: {{ .Values.reconciler.configs.jenkinsApiTimeout | toString | b64enc | quote }}
JENKINS_FOLDER_CREATION_RETRY_COUNT: {{ .Values.reconciler.configs.jenkinsFolderCreationRetryCount | toString | b64enc | quote }}
ARGOCD_ENDPOINT: {{ .Values.reconciler.configs.argocdEndpoint | b64enc | quote }}
ARGOCD_USERNAME: {{ .Values.reconciler.configs.argocdUsername | b64enc | quote }}
ARGOCD_PASSWORD: {{ .Values.reconciler.configs.argocdPassword | b64enc | quote }}
ARGOCD_API_TIMEOUT: {{ .Values.reconciler.configs.argocdApiTimeout | toString | b64enc | quote }}
ARGOCD_RESOURCE_CREATION_TIMEOUT: {{ .Values.reconciler.configs.argocdResourceCreationTimeout | toString | b64enc | quote }}
DEFAULT_GIT_USERNAME: {{ .Values.reconciler.configs.defaultGitUsername | b64enc | quote }}
DEFAULT_GIT_PASSWORD: {{ .Values.reconciler.configs.defaultGitPassword | b64enc | quote }}
DEFAULT_REGISTRY_USERNAME: {{ .Values.reconciler.configs.defaultRegistryUsername | b64enc | quote }}
DEFAULT_REGISTRY_PASSWORD: {{ .Values.reconciler.configs.defaultRegistryPassword | b64enc | quote }}
KUBERNETES_API_TIMEOUT: {{ .Values.reconciler.configs.kubernetesApiTimeout | toString | b64enc | quote }}
DEFAULT_HTTP_TIMEOUT: {{ .Values.reconciler.configs.defaultHttpTimeout | toString | b64enc | quote }}
ALLOW_HTTP_GIT_URLS: {{ .Values.reconciler.configs.allowHttpGitUrls | b64enc | quote }}
LOG_LEVEL: {{ .Values.reconciler.configs.logLevel | b64enc | quote }}
LOG_FORMAT: {{ .Values.reconciler.configs.logFormat | b64enc | quote }}
OPERATOR_NAMESPACE: {{ .Values.reconciler.configs.operatorNamespace | b64enc | quote }}
RECONCILE_INTERVAL: {{ .Values.reconciler.configs.reconcileInterval | toString | b64enc | quote }}
ENABLE_MOCK_SERVICE: {{ .Values.reconciler.configs.enableMockService | b64enc | quote }}
MOCK_SERVICE_PORT: {{ .Values.reconciler.configs.mockServicePort | toString | b64enc | quote }}
DEV_MODE: {{ .Values.reconciler.configs.devMode | b64enc | quote }}
GODADDY_API_KEY: {{ .Values.reconciler.configs.godaddyApiKey | b64enc | quote }}
GODADDY_API_SECRET: {{ .Values.reconciler.configs.godaddyApiSecret | b64enc | quote }}
GODADDY_BASE_DOMAIN: {{ .Values.reconciler.configs.godaddyBaseDomain | b64enc | quote }}
DOMAIN_TEMPLATE: {{ .Values.reconciler.configs.domainTemplate | b64enc | quote }}
INGRESS_CLASS_NAME: {{ .Values.reconciler.configs.ingressClassName | b64enc | quote }}
CERT_MANAGER_CLUSTER_ISSUER: {{ .Values.reconciler.configs.certManagerClusterIssuer | b64enc | quote }}
DNS_CREATION_TIMEOUT: {{ .Values.reconciler.configs.dnsCreationTimeout | toString | b64enc | quote }}
CERTIFICATE_ISSUANCE_TIMEOUT: {{ .Values.reconciler.configs.certificateIssuanceTimeout | toString | b64enc | quote }}
INGRESS_READY_TIMEOUT: {{ .Values.reconciler.configs.ingressReadyTimeout | toString | b64enc | quote }}
NETWORK_RESOURCE_CLEANUP_TIMEOUT: {{ .Values.reconciler.configs.networkResourceCleanupTimeout | toString | b64enc | quote }}
NETWORK_RESOURCE_RETRY_COUNT: {{ .Values.reconciler.configs.networkResourceRetryCount | toString | b64enc | quote }}
NETWORK_RESOURCE_RETRY_DELAY: {{ .Values.reconciler.configs.networkResourceRetryDelay | toString | b64enc | quote }}
SERVICE_API_ACCESS_HOST: {{ .Values.reconciler.configs.serviceApiAccessHost | b64enc | quote }}
SERVICE_API_ACCESS_PORT: {{ .Values.reconciler.configs.serviceApiAccessPort | toString | b64enc | quote }}
MONGODB_NAME: {{ .Values.reconciler.configs.mongodbName | b64enc | quote }}
MONGODB_URI: {{ .Values.reconciler.configs.mongodbUri | b64enc | quote }}
MONGODB_PORT: {{ .Values.reconciler.configs.mongodbPort | toString | b64enc | quote }}
REDIS_URL: {{ .Values.reconciler.configs.redisUrl | b64enc | quote }}
REDIS_IS_CLUSTER: {{ .Values.reconciler.configs.redisIsCluster | b64enc | quote }}
JWT_SECRET_KEY: {{ .Values.reconciler.configs.jwtSecretKey | b64enc | quote }}
JWT_ALGORITHM: {{ .Values.reconciler.configs.jwtAlgorithm | b64enc | quote }}
METRICS_ENABLED: {{ .Values.reconciler.configs.metricsEnabled | b64enc | quote }}
PROBES_ENABLED: {{ .Values.reconciler.configs.probesEnabled | b64enc | quote }}

26
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/service.yaml Normal file
View File

@ -0,0 +1,26 @@
{{ $namespace := .Release.Namespace }}
{{ $appVersion := .Chart.AppVersion | quote }}
{{ $releaseService := .Release.Service }}
{{ $releaseName := .Release.Name }}
{{- range $service := .Values.reconciler.services }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $service.name }}
namespace: {{ $namespace }}
labels:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: {{ $service.name | quote }}
app.kubernetes.io/managed-by: {{ $releaseService }}
app.kubernetes.io/instance: {{ $releaseName }}
spec:
ports:
- port: {{ $service.port }}
targetPort: {{ $service.targetPort }}
selector:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: "reconciler"
app.kubernetes.io/managed-by: {{ $releaseService }}
app.kubernetes.io/instance: {{ $releaseName }}
{{- end }}

40
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/servicemonitor.yaml Normal file
View File

@ -0,0 +1,40 @@
{{ $namespace := .Release.Namespace }}
{{ $appVersion := .Chart.AppVersion | quote }}
{{ $releaseService := .Release.Service }}
{{ $releaseName := .Release.Name }}
{{- range $service := .Values.reconciler.services }}
{{- if $service.serviceMonitor.enabled }}
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ $service.name }}-monitor
namespace: {{ $service.serviceMonitor.namespace }}
labels:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: {{ $service.name }}-monitor
app.kubernetes.io/managed-by: {{ $releaseService }}
app.kubernetes.io/instance: {{ $releaseName }}
{{- if $service.serviceMonitor.labels }}
{{- toYaml $service.serviceMonitor.labels | nindent 4 }}
{{- end }}
spec:
endpoints:
- path: /api/_/metrics
targetPort: {{ $service.targetPort }}
{{- if $service.serviceMonitor.interval }}
interval: {{ $service.serviceMonitor.interval }}
{{- end }}
{{- if $service.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ $service.serviceMonitor.scrapeTimeout }}
{{- end }}
namespaceSelector:
matchNames:
- {{ $namespace | quote }}
selector:
matchLabels:
app.kubernetes.io/name: {{ $service.name }}
app.kubernetes.io/instance: {{ $releaseName }}
{{- end }}
{{- end }}

32
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/vpa.yaml Normal file
View File

@ -0,0 +1,32 @@
{{- if .Values.reconciler.vpa }}
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: {{ .Release.Name }}-reconciler-vpa
namespace: {{ .Release.Namespace }}
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: reconciler
resourcePolicy:
containerPolicies:
- containerName: '*'
{{- if .Values.reconciler.vpa.minAllowed.enabled }}
minAllowed:
cpu: {{ .Values.reconciler.vpa.minAllowed.cpu }}
memory: {{ .Values.reconciler.vpa.minAllowed.memory }}
{{- end }}
{{- if .Values.reconciler.vpa.maxAllowed.enabled }}
maxAllowed:
cpu: {{ .Values.reconciler.vpa.maxAllowed.cpu }}
memory: {{ .Values.reconciler.vpa.maxAllowed.memory }}
{{- end }}
{{- if .Values.reconciler.vpa.controlledResources }}
controlledResources:
{{- range .Values.reconciler.vpa.controlledResources }}
- {{ . }}
{{- end }}
{{- end }}
{{- end }}

131
freeleaps-devops-reconciler/helm-pkg/reconciler/values.alpha.yaml Normal file
View File

@ -0,0 +1,131 @@
global:
registry: docker.io
repository: freeleaps
nodeSelector: {}
logIngest:
enabled: false
reconciler:
replicas: 1
image:
registry:
repository: freeleaps
name: reconciler
tag: 1.0.0
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
protocol: TCP
resources:
requests:
cpu: "0.1"
memory: "64Mi"
limits:
cpu: "0.2"
memory: "128Mi"
# FIXME: Wait until the developers implements the probes APIs
probes: {}
services:
- name: reconciler-service
type: ClusterIP
port: 8080
targetPort: 8080
serviceMonitor:
enabled: false
labels:
release: kube-prometheus-stack
namespace: freeleaps-monitoring-system
interval: 30s
scrapeTimeout: ""
# Defaults to {}, which means doesn't have any ingress
ingresses: {}
configs:
# General
debug: "false"
k8sClusterDomain: "kubernetes.default.svc.cluster.local"
autoDiscoverK8sClusterDomainMaxRetries: 5
# RabbitMQ
rabbitmqHost: "localhost"
rabbitmqPort: 5672
rabbitmqUsername: "admin"
rabbitmqPassword: "admin"
rabbitmqVhost: "/"
rabbitmqInputQueue: "freeleaps.devops.reconciler.input"
rabbitmqOutputQueue: "freeleaps.devops.reconciler.output"
rabbitmqEnableExchangeBinding: "true"
rabbitmqInputExchange: "freeleaps.notification.exchange"
rabbitmqInputExchangeType: "direct"
rabbitmqInputRoutingKey: "freeleaps.devops.reconciler.input"
rabbitmqOutputExchange: "freeleaps.notification.exchange"
rabbitmqOutputRoutingKey: "freeleaps.devops.reconciler.output"
# Jenkins
jenkinsEndpoint: "http://localhost:8080"
jenkinsUsername: "admin"
jenkinsToken: "admin"
jenkinsApiTimeout: 30
jenkinsFolderCreationRetryCount: 3
# ArgoCD
argocdEndpoint: "http://localhost:8080"
argocdUsername: "admin"
argocdPassword: "admin"
argocdApiTimeout: 30
argocdResourceCreationTimeout: 30
# Default Credentials
defaultGitUsername: "admin"
defaultGitPassword: "admin"
defaultRegistryUsername: "admin"
defaultRegistryPassword: "admin"
# API Timeouts
kubernetesApiTimeout: 30
defaultHttpTimeout: 30
# Git
allowHttpGitUrls: "false"
# Advanced
logLevel: "INFO"
logFormat: "text"
operatorNamespace: "freeleaps-devops-system"
reconcileInterval: 30
# Development
enableMockService: "false"
mockServicePort: 5000
devMode: "false"
# Network Resource Management
godaddyApiKey: ""
godaddyApiSecret: ""
godaddyBaseDomain: "mathmast.com"
domainTemplate: "{env}.{project_id}.mathmast.com"
ingressClassName: "nginx"
certManagerClusterIssuer: "letsencrypt-prod"
dnsCreationTimeout: 300
certificateIssuanceTimeout: 600
ingressReadyTimeout: 300
networkResourceCleanupTimeout: 300
networkResourceRetryCount: 3
networkResourceRetryDelay: 30
# Service
serviceApiAccessHost: "0.0.0.0"
serviceApiAccessPort: "8080"
# MongoDB/Redis (add if needed)
mongodbName: ""
mongodbUri: ""
mongodbPort: ""
redisUrl: ""
redisIsCluster: "false"
# JWT
jwtSecretKey: ""
jwtAlgorithm: ""
# Metrics/Probes
metricsEnabled: "false"
probesEnabled: "false"
vpa:
minAllowed:
enabled: false
cpu: "0.1"
memory: "64Mi"
maxAllowed:
enabled: true
cpu: "0.2"
memory: "128Mi"
controlledResources:
- cpu
- memory

131
freeleaps-devops-reconciler/helm-pkg/reconciler/values.yaml Normal file
View File

@ -0,0 +1,131 @@
global:
registry: docker.io
repository: freeleaps
nodeSelector: {}
logIngest:
enabled: false
reconciler:
replicas: 1
image:
registry:
repository: freeleaps
name: reconciler
tag: 1.0.0
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
protocol: TCP
resources:
requests:
cpu: "0.1"
memory: "64Mi"
limits:
cpu: "0.2"
memory: "128Mi"
# FIXME: Wait until the developers implements the probes APIs
probes: {}
services:
- name: reconciler-service
type: ClusterIP
port: 8080
targetPort: 8080
serviceMonitor:
enabled: false
labels:
release: kube-prometheus-stack
namespace: freeleaps-monitoring-system
interval: 30s
scrapeTimeout: ""
# Defaults to {}, which means doesn't have any ingress
ingresses: {}
configs:
# General
debug: "false"
k8sClusterDomain: "kubernetes.default.svc.cluster.local"
autoDiscoverK8sClusterDomainMaxRetries: 5
# RabbitMQ
rabbitmqHost: "localhost"
rabbitmqPort: 5672
rabbitmqUsername: "admin"
rabbitmqPassword: "admin"
rabbitmqVhost: "/"
rabbitmqInputQueue: "freeleaps.devops.reconciler.input"
rabbitmqOutputQueue: "freeleaps.devops.reconciler.output"
rabbitmqEnableExchangeBinding: "true"
rabbitmqInputExchange: "freeleaps.notification.exchange"
rabbitmqInputExchangeType: "direct"
rabbitmqInputRoutingKey: "freeleaps.devops.reconciler.input"
rabbitmqOutputExchange: "freeleaps.notification.exchange"
rabbitmqOutputRoutingKey: "freeleaps.devops.reconciler.output"
# Jenkins
jenkinsEndpoint: "http://localhost:8080"
jenkinsUsername: "admin"
jenkinsToken: "admin"
jenkinsApiTimeout: 30
jenkinsFolderCreationRetryCount: 3
# ArgoCD
argocdEndpoint: "http://localhost:8080"
argocdUsername: "admin"
argocdPassword: "admin"
argocdApiTimeout: 30
argocdResourceCreationTimeout: 30
# Default Credentials
defaultGitUsername: "admin"
defaultGitPassword: "admin"
defaultRegistryUsername: "admin"
defaultRegistryPassword: "admin"
# API Timeouts
kubernetesApiTimeout: 30
defaultHttpTimeout: 30
# Git
allowHttpGitUrls: "false"
# Advanced
logLevel: "INFO"
logFormat: "text"
operatorNamespace: "freeleaps-devops-system"
reconcileInterval: 30
# Development
enableMockService: "false"
mockServicePort: 5000
devMode: "false"
# Network Resource Management
godaddyApiKey: ""
godaddyApiSecret: ""
godaddyBaseDomain: "mathmast.com"
domainTemplate: "{env}.{project_id}.mathmast.com"
ingressClassName: "nginx"
certManagerClusterIssuer: "letsencrypt-prod"
dnsCreationTimeout: 300
certificateIssuanceTimeout: 600
ingressReadyTimeout: 300
networkResourceCleanupTimeout: 300
networkResourceRetryCount: 3
networkResourceRetryDelay: 30
# Service
serviceApiAccessHost: "0.0.0.0"
serviceApiAccessPort: "8080"
# MongoDB/Redis (add if needed)
mongodbName: ""
mongodbUri: ""
mongodbPort: ""
redisUrl: ""
redisIsCluster: "false"
# JWT
jwtSecretKey: ""
jwtAlgorithm: ""
# Metrics/Probes
metricsEnabled: "false"
probesEnabled: "false"
vpa:
minAllowed:
enabled: false
cpu: "0.1"
memory: "64Mi"
maxAllowed:
enabled: true
cpu: "0.2"
memory: "128Mi"
controlledResources:
- cpu
- memory

1
freeleaps-devops-reconciler/prod/.gitkeep Normal file
View File

@ -0,0 +1 @@

28
freeleaps/alpha/ci/freeleaps-service-hub/Jenkinsfile vendored
View File

@ -1,12 +1,13 @@
library 'first-class-pipeline' @Library('first-class-pipeline@Nicolas_local_ops') _
executeFreeleapsPipeline { executeFreeleapsPipeline {
serviceName = 'freeleaps' serviceName = 'freeleaps'
environmentSlug = 'alpha' environmentSlug = 'alpha'
serviceGitBranch = 'dev' // Ensure this branch exists in the freeleaps-service-hub repository
serviceGitBranch = 'Nicolas_service_hub'
serviceGitRepo = "https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-service-hub.git" serviceGitRepo = "https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-service-hub.git"
serviceGitRepoType = 'monorepo' serviceGitRepoType = 'monorepo'
serviceGitCredentialsId = 'freeleaps-repos-gitea-credentails' serviceGitCredentialsId = 'freeleaps-ops-git-credentials'
executeMode = 'fully' executeMode = 'fully'
commitMessageLintEnabled = false commitMessageLintEnabled = false
components = [ components = [
@ -114,6 +115,27 @@ executeFreeleapsPipeline {
imageReleaseArchitectures: ['linux/amd64', 'linux/arm64/v8'], imageReleaseArchitectures: ['linux/amd64', 'linux/arm64/v8'],
registryCredentialsId: 'freeleaps-devops-docker-hub-credentials', registryCredentialsId: 'freeleaps-devops-docker-hub-credentials',
semanticReleaseEnabled: true semanticReleaseEnabled: true
],
[
name: 'devops',
root: 'apps/devops',
language: 'python',
dependenciesManager: 'pip',
requirementsFile: 'requirements.txt',
buildCacheEnabled: true,
buildAgentImage: 'python:3.12-slim',
buildArtifacts: ['.'],
lintEnabled: false,
sastEnabled: false,
imageRegistry: 'docker.io',
imageRepository: 'freeleaps',
imageName: 'devops',
imageBuilder: 'dind',
dockerfilePath: 'Dockerfile',
imageBuildRoot: '.',
imageReleaseArchitectures: ['linux/amd64', 'linux/arm64/v8'],
registryCredentialsId: 'freeleaps-devops-docker-hub-credentials',
semanticReleaseEnabled: true
] ]
] ]
} }

6
freeleaps/helm-pkg/devops/Chart.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v2
name: devops
description: A Helm Chart of devops, which part of Freeleaps Platform, powered by Freeleaps.
type: application
version: 0.0.1
appVersion: "0.0.1"

27
freeleaps/helm-pkg/devops/templates/devops/certificate.yaml Normal file
View File

@ -0,0 +1,27 @@
{{ $namespace := .Release.Namespace }}
{{ $appVersion := .Chart.AppVersion | quote }}
{{ $releaseCertificate := .Release.Service }}
{{ $releaseName := .Release.Name }}
{{- range $ingress := .Values.devops.ingresses }}
{{- if not $ingress.tls.exists }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ $ingress.name }}
namespace: {{ $namespace }}
labels:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: {{ $ingress.name | quote }}
app.kubernetes.io/managed-by: {{ $releaseCertificate }}
app.kubernetes.io/instance: {{ $releaseName }}
spec:
commonName: {{ $ingress.host }}
dnsNames:
- {{ $ingress.host }}
issuerRef:
name: {{ $ingress.tls.issuerRef.name }}
kind: {{ $ingress.tls.issuerRef.kind }}
secretName: {{ $ingress.tls.name }}
{{- end }}
{{- end }}

118
freeleaps/helm-pkg/devops/templates/devops/deployment.yaml Normal file
View File

@ -0,0 +1,118 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/name: "devops"
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
# {{- if .Values.logIngest.enabled }}
# annotations:
# opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/devops/opentelemetry.yaml") . | sha256sum }}
# {{- end }}
name: "devops"
namespace: {{ .Release.Namespace | quote }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: "devops"
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
replicas: {{ .Values.devops.replicas }}
template:
metadata:
labels:
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/name: "devops"
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
annotations:
app.kubernetes.io/config-checksum: {{ include (print $.Template.BasePath "/devops/devops-config.yaml") . | sha256sum }}
{{- if .Values.logIngest.enabled }}
opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/devops/opentelemetry.yaml") . | sha256sum }}
sidecar.opentelemetry.io/inject: "{{ .Release.Namespace}}/{{ .Release.Name }}-opentelemetry-collector"
{{- end }}
spec:
# {{- if .Values.logIngest.enabled }}
# serviceAccountName: "{{ .Release.Name }}-otel-collector"
# {{- end }}
containers:
- name: "devops"
image: "{{ coalesce .Values.devops.image.registry .Values.global.registry "docker.io"}}/{{ coalesce .Values.devops.image.repository .Values.global.repository }}/{{ .Values.devops.image.name }}:{{ .Values.devops.image.tag | default "latest" }}"
imagePullPolicy: {{ .Values.devops.image.imagePullPolicy | default "IfNotPresent" }}
ports:
{{- range $port := .Values.devops.ports }}
- containerPort: {{ $port.containerPort }}
name: {{ $port.name }}
protocol: {{ $port.protocol }}
{{- end }}
{{- if .Values.devops.resources }}
resources:
{{- toYaml .Values.devops.resources | nindent 12 }}
{{- end }}
{{- if .Values.devops.probes }}
{{- if and (.Values.devops.probes.liveness) (eq .Values.devops.probes.liveness.type "httpGet") }}
livenessProbe:
httpGet:
path: {{ .Values.devops.probes.liveness.config.path }}
port: {{ .Values.devops.probes.liveness.config.port }}
{{- if .Values.devops.probes.liveness.config.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.devops.probes.liveness.config.initialDelaySeconds }}
{{- end }}
{{- if .Values.devops.probes.liveness.config.periodSeconds }}
periodSeconds: {{ .Values.devops.probes.liveness.config.periodSeconds }}
{{- end }}
{{- if .Values.devops.probes.liveness.config.timeoutSeconds }}
timeoutSeconds: {{ .Values.devops.probes.liveness.config.timeoutSeconds }}
{{- end }}
{{- if .Values.devops.probes.liveness.config.successThreshold }}
successThreshold: {{ .Values.devops.probes.liveness.config.successThreshold }}
{{- end }}
{{- if .Values.devops.probes.liveness.config.failureThreshold }}
failureThreshold: {{ .Values.devops.probes.liveness.config.failureThreshold }}
{{- end }}
{{- if .Values.devops.probes.liveness.config.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.devops.probes.liveness.config.terminationGracePeriodSeconds }}
{{- end }}
{{- end }}
{{- if and (.Values.devops.probes.readiness) (eq .Values.devops.probes.readiness.type "httpGet") }}
readinessProbe:
httpGet:
path: {{ .Values.devops.probes.readiness.config.path }}
port: {{ .Values.devops.probes.readiness.config.port }}
{{- if .Values.devops.probes.readiness.config.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.devops.probes.readiness.config.initialDelaySeconds }}
{{- end }}
{{- if .Values.devops.probes.readiness.config.periodSeconds }}
periodSeconds: {{ .Values.devops.probes.readiness.config.periodSeconds }}
{{- end }}
{{- if .Values.devops.probes.readiness.config.timeoutSeconds }}
timeoutSeconds: {{ .Values.devops.probes.readiness.config.timeoutSeconds }}
{{- end }}
{{- if .Values.devops.probes.readiness.config.successThreshold }}
successThreshold: {{ .Values.devops.probes.readiness.config.successThreshold }}
{{- end }}
{{- if .Values.devops.probes.readiness.config.failureThreshold }}
failureThreshold: {{ .Values.devops.probes.readiness.config.failureThreshold }}
{{- end }}
{{- end }}
{{- end}}
env:
{{- range $key, $value := .Values.devops.configs }}
- name: {{ $key | snakecase | upper }}
valueFrom:
secretKeyRef:
name: devops-config
key: {{ $key | snakecase | upper }}
{{- end }}
# {{- if .Values.logIngest.enabled }}
# volumeMounts:
# - name: app-logs
# mountPath: {{ .Values.logIngest.logPath }}
# {{- end }}
# {{- if .Values.logIngest.enabled }}
# volumes:
# - name: app-logs
# emptyDir: {}
# {{- end }}

28
freeleaps/helm-pkg/devops/templates/devops/devops-config.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: v1
kind: Secret
metadata:
name: devops-config
namespace: {{ .Release.Namespace }}
type: Opaque
data:
TZ: {{ .Values.devops.configs.tz | b64enc | quote }}
APP_NAME: {{ .Values.devops.configs.appName | b64enc | quote }}
JWT_SECRET_KEY: {{ .Values.devops.configs.jwtSecretKey | b64enc | quote }}
JWT_ALGORITHM: {{ .Values.devops.configs.jwtAlgorithm | b64enc | quote }}
ACCESS_TOKEN_EXPIRE_MINUTES: {{ .Values.devops.configs.accessTokenExpireMinutes | toString | b64enc | quote }}
REFRESH_TOKEN_EXPIRE_DAYS: {{ .Values.devops.configs.refreshTokenExpireDays | toString | b64enc | quote }}
MONGODB_NAME: {{ .Values.devops.configs.mongodbName | b64enc | quote }}
MONGODB_PORT: {{ .Values.devops.configs.mongodbPort | toString | b64enc | quote }}
MONGODB_URI: {{ .Values.devops.configs.mongodbUri | b64enc | quote }}
METRICS_ENABLED: {{ .Values.devops.configs.metricsEnabled | toString | b64enc | quote }}
PROBES_ENABLED: {{ .Values.devops.configs.probesEnabled | toString | b64enc | quote }}
BASE_GITEA_URL: {{ .Values.devops.configs.baseGiteaUrl | b64enc | quote }}
BASE_RECONCILE_URL: {{ .Values.devops.configs.baseReconcileUrl | b64enc | quote }}
BASE_LOKI_URL: {{ .Values.devops.configs.baseLokiUrl | b64enc | quote }}
LOG_BASE_PATH: {{ .Values.devops.configs.logBasePath | b64enc | quote }}
LOG_RETENTION: {{ .Values.devops.configs.logRetention | b64enc | quote }}
LOG_ROTATION: {{ .Values.devops.configs.logRotation | b64enc | quote }}
LOG_BACKUP_FILES: {{ .Values.devops.configs.logBackupFiles | toString | b64enc | quote }}
LOG_ROTATION_BYTES: {{ .Values.devops.configs.logRotationBytes | toString | b64enc | quote }}
MOCK_MODE: {{ .Values.devops.configs.mockMode | toString | b64enc | quote }}
MOCK_RESPONSE_DELAY: {{ .Values.devops.configs.mockResponseDelay | toString | b64enc | quote }}

36
freeleaps/helm-pkg/devops/templates/devops/ingress.yaml Normal file
View File

@ -0,0 +1,36 @@
{{ $namespace := .Release.Namespace }}
{{ $appVersion := .Chart.AppVersion | quote }}
{{ $releaseIngress := .Release.Service }}
{{ $releaseName := .Release.Name }}
{{- range $ingress := .Values.devops.ingresses }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $ingress.name }}
namespace: {{ $namespace }}
labels:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: {{ $ingress.name | quote }}
app.kubernetes.io/managed-by: {{ $releaseIngress }}
app.kubernetes.io/instance: {{ $releaseName }}
spec:
{{- if $ingress.class }}
ingressClassName: {{ $ingress.class }}
{{- end }}
{{- if $ingress.tls }}
tls:
- hosts:
- {{ $ingress.host }}
{{- if $ingress.tls.exists }}
secretName: {{ $ingress.tls.secretRef.name }}
{{- else }}
secretName: {{ $ingress.tls.name }}
{{- end }}
{{- end }}
rules:
- host: {{ $ingress.host }}
http:
paths:
{{- toYaml $ingress.rules | nindent 10 }}
{{- end }}

26
freeleaps/helm-pkg/devops/templates/devops/service.yaml Normal file
View File

@ -0,0 +1,26 @@
{{ $namespace := .Release.Namespace }}
{{ $appVersion := .Chart.AppVersion | quote }}
{{ $releaseService := .Release.Service }}
{{ $releaseName := .Release.Name }}
{{- range $service := .Values.devops.services }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $service.name }}
namespace: {{ $namespace }}
labels:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: {{ $service.name | quote }}
app.kubernetes.io/managed-by: {{ $releaseService }}
app.kubernetes.io/instance: {{ $releaseName }}
spec:
ports:
- port: {{ $service.port }}
targetPort: {{ $service.targetPort }}
selector:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: "devops"
app.kubernetes.io/managed-by: {{ $releaseService }}
app.kubernetes.io/instance: {{ $releaseName }}
{{- end }}

40
freeleaps/helm-pkg/devops/templates/devops/servicemonitor.yaml Normal file
View File

@ -0,0 +1,40 @@
{{ $namespace := .Release.Namespace }}
{{ $appVersion := .Chart.AppVersion | quote }}
{{ $releaseService := .Release.Service }}
{{ $releaseName := .Release.Name }}
{{- range $service := .Values.devops.services }}
{{- if $service.serviceMonitor.enabled }}
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ $service.name }}-monitor
namespace: {{ $service.serviceMonitor.namespace }}
labels:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: {{ $service.name }}-monitor
app.kubernetes.io/managed-by: {{ $releaseService }}
app.kubernetes.io/instance: {{ $releaseName }}
{{- if $service.serviceMonitor.labels }}
{{- toYaml $service.serviceMonitor.labels | nindent 4 }}
{{- end }}
spec:
endpoints:
- path: /api/_/metrics
targetPort: {{ $service.targetPort }}
{{- if $service.serviceMonitor.interval }}
interval: {{ $service.serviceMonitor.interval }}
{{- end }}
{{- if $service.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ $service.serviceMonitor.scrapeTimeout }}
{{- end }}
namespaceSelector:
matchNames:
- {{ $namespace | quote }}
selector:
matchLabels:
app.kubernetes.io/name: {{ $service.name }}
app.kubernetes.io/instance: {{ $releaseName }}
{{- end }}
{{- end }}

32
freeleaps/helm-pkg/devops/templates/devops/vpa.yaml Normal file
View File

@ -0,0 +1,32 @@
{{- if .Values.devops.vpa }}
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: {{ .Release.Name }}-vpa
namespace: {{ .Release.Namespace }}
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: devops
resourcePolicy:
containerPolicies:
- containerName: '*'
{{- if .Values.devops.vpa.minAllowed.enabled }}
minAllowed:
cpu: {{ .Values.devops.vpa.minAllowed.cpu }}
memory: {{ .Values.devops.vpa.minAllowed.memory }}
{{- end }}
{{- if .Values.devops.vpa.maxAllowed.enabled }}
maxAllowed:
cpu: {{ .Values.devops.vpa.maxAllowed.cpu }}
memory: {{ .Values.devops.vpa.maxAllowed.memory }}
{{- end }}
{{- if .Values.devops.vpa.controlledResources }}
controlledResources:
{{- range .Values.devops.vpa.controlledResources }}
- {{ . }}
{{- end }}
{{- end }}
{{- end }}

88
freeleaps/helm-pkg/devops/values.alpha.yaml Normal file
View File

@ -0,0 +1,88 @@
global:
registry: docker.io
repository: freeleaps
nodeSelector: {}
logIngest:
enabled: false
devops:
replicas: 1
image:
registry:
repository: freeleaps
name: devops
tag: 1.0.0
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8014
protocol: TCP
resources:
requests:
cpu: "0.1"
memory: "64Mi"
limits:
cpu: "0.2"
memory: "128Mi"
# FIXME: Wait until the developers implements the probes APIs
probes: {}
services:
- name: devops-service
type: ClusterIP
port: 8014
targetPort: 8014
serviceMonitor:
enabled: false
labels:
release: kube-prometheus-stack
namespace: freeleaps-monitoring-system
interval: 30s
scrapeTimeout: ""
# Defaults to {}, which means doesn't have any ingress
ingresses: {}
configs:
# Basic configuration
tz: "UTC"
appName: "devops"
# JWT configuration
jwtSecretKey: ""
jwtAlgorithm: "HS256"
accessTokenExpireMinutes: "3600"
refreshTokenExpireDays: "1"
# MongoDB configuration
mongodbName: ""
mongodbPort: "27017"
mongodbUri: ""
# Feature switches
metricsEnabled: "false"
probesEnabled: "true"
# External service URLs
baseGiteaUrl: "https://gitea.freeleaps.mathmast.com"
baseReconcileUrl: "https://reconcile.freeleaps.mathmast.com"
baseLokiUrl: "http://loki-gateway.freeleaps-logging-system"
# Log configuration
logBasePath: "/app/log"
logRetention: "30 days"
logRotation: "00:00"
logBackupFiles: "5"
logRotationBytes: "10485760"
# Mock mode configuration
mockMode: "false"
mockResponseDelay: "1000"
vpa:
minAllowed:
enabled: false
cpu: 100m
memory: 64Mi
maxAllowed:
enabled: true
cpu: 100m
memory: 128Mi
controlledResources:
- cpu
- memory

89
freeleaps/helm-pkg/devops/values.prod.yaml Normal file
View File

@ -0,0 +1,89 @@
global:
registry: docker.io
repository: freeleaps
nodeSelector: {}
dashboard:
enabled: true
name: freeleaps-prod-authentication-dashboard
title: Authentication Service Dashboard (PROD)
metricsPrefix: freeleaps_authentication
authentication:
replicas: 1
image:
registry: docker.io
repository: null
name: authentication
tag: snapshot-40e0faf
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8004
protocol: TCP
resources:
requests:
cpu: 200m
memory: 64Mi
limits:
cpu: 300m
memory: 128Mi
probes:
readiness:
type: httpGet
config:
path: /api/_/readyz
port: 8004
initialDelaySeconds: 5
periodSeconds: 30
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 3
liveness:
type: httpGet
config:
path: /api/_/livez
port: 8004
initialDelaySeconds: 5
periodSeconds: 15
timeoutSeconds: 3
successThreshold: 1
failureThreshold: 3
terminationGracePeriodSeconds: 30
services:
- name: authentication-service
type: ClusterIP
port: 8004
targetPort: 8004
serviceMonitor:
enabled: true
labels:
release: kube-prometheus-stack
namespace: freeleaps-monitoring-system
interval: 30s
scrapeTimeout: ''
ingresses: {}
configs:
tz: UTC
appName: authentication
devsvcWebapiUrlBase: http://devsvc-service.freeleaps-prod.svc.freeleaps.cluster:8007/api/devsvc/
notificationWebapiUrlBase: http://notification-service.freeleaps-prod.svc.freeleaps.cluster:8003/api/notification/
jwtSecretKey: ea84edf152976b2fcec12b78aa8e45bc26a5cf0ef61bf16f5c317ae33b3fd8b0
jwtAlgorithm: HS256
serviceApiAccessHost: 0.0.0.0
serviceApiAccessPort: 8004
mongodbName: freeleaps2
mongodbPort: 27017
mongodbUri: mongodb+srv://freeadmin:0eMV0bt8oyaknA0m@freeleaps2.zmsmpos.mongodb.net/?retryWrites=true&w=majority
metricsEnabled: 'true'
probesEnabled: 'true'
vpa:
minAllowed:
enabled: true
cpu: 50m
memory: 64Mi
maxAllowed:
enabled: true
cpu: 200m
memory: 128Mi
controlledResources:
- cpu
- memory

86
freeleaps/helm-pkg/devops/values.yaml Normal file
View File

@ -0,0 +1,86 @@
global:
registry: docker.io
repository: freeleaps
nodeSelector: {}
devops:
replicas: 1
image:
registry:
repository: freeleaps
name: devops
tag: 1.0.0
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8014
protocol: TCP
resources:
requests:
cpu: "0.1"
memory: "64Mi"
limits:
cpu: "0.2"
memory: "128Mi"
# FIXME: Wait until the developers implements the probes APIs
probes: {}
services:
- name: devops-service
type: ClusterIP
port: 8014
targetPort: 8014
serviceMonitor:
enabled: false
labels:
release: kube-prometheus-stack
namespace: freeleaps-monitoring-system
interval: 30s
scrapeTimeout: ""
# Defaults to {}, which means doesn't have any ingress
ingresses: {}
configs:
# Basic configuration
tz: "UTC"
appName: "devops"
# JWT configuration
jwtSecretKey: ""
jwtAlgorithm: "HS256"
accessTokenExpireMinutes: "3600"
refreshTokenExpireDays: "1"
# MongoDB configuration
mongodbName: ""
mongodbPort: "27017"
mongodbUri: ""
# Feature switches
metricsEnabled: "false"
probesEnabled: "true"
# External service URLs
baseGiteaUrl: "https://gitea.freeleaps.mathmast.com"
baseReconcileUrl: "https://reconcile.freeleaps.mathmast.com"
baseLokiUrl: "http://loki-gateway.freeleaps-logging-system"
# Log configuration
logBasePath: "/app/log"
logRetention: "30 days"
logRotation: "00:00"
logBackupFiles: "5"
logRotationBytes: "10485760"
# Mock mode configuration
mockMode: "false"
mockResponseDelay: "1000"
vpa:
minAllowed:
enabled: false
cpu: 100m
memory: 64Mi
maxAllowed:
enabled: true
cpu: 100m
memory: 128Mi
controlledResources:
- cpu
- memory