icecheng/freeleaps-ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(devsvc): restructure reconciler Helm chart and remove deprecated files

Browse Source 
- Deleted Jenkinsfile as CI/CD configuration is now handled differently.
- Updated Chart.yaml to reflect new service name and versioning.
- Enhanced values.yaml and values.alpha.yaml with comprehensive operator configuration and environment settings.
- Removed obsolete templates for deployment, service, ingress, and monitoring.
- Streamlined configuration for RabbitMQ, Jenkins, and ArgoCD integration.

Signed-off-by: zhenyus <zhenyus@mathmast.com>
This commit is contained in:
zhenyus 2025-07-31 23:21:24 +08:00
parent 54420c53bf
commit eae6ba99e2
26 changed files with 2033 additions and 610 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
freeleaps-devops-reconciler/alpha/ci/Jenkinsfile → freeleaps-devops-reconciler/alpha/ci/freeleaps-devops-reconciler/Jenkinsfile vendored
View File

25
freeleaps-devops-reconciler/helm-pkg/reconciler/Chart.yaml
View File

@ -1,6 +1,23 @@
apiVersion: v2 apiVersion: v2
name: reconciler name: freeleaps-devops-reconciler
description: A Helm Chart of reconciler service, which part of Freeleaps Platform, powered by Freeleaps. description: A Kubernetes operator that automates and orchestrates DevOps workflows
type: application type: application
version: 0.0.1 version: 0.1.0
appVersion: "0.0.1" appVersion: "0.1.0"
home: https://freeleaps.com
sources:
- https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-devops-reconciler
maintainers:
- name: Freeleaps DevOps Team
email: devops@freeleaps.com
keywords:
- kubernetes
- operator
- devops
- jenkins
- argocd
- gitops
- ci-cd
annotations:
category: DevOps
licenses: Apache-2.0

49
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/NOTES.txt Normal file
View File

@ -0,0 +1,49 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "freeleaps-devops-reconciler.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "freeleaps-devops-reconciler.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "freeleaps-devops-reconciler.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "{{ include "freeleaps-devops-reconciler.selectorLabels" . }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}
2. Check the status of the FreeleapsDevOps Reconciler:
kubectl get pods -n {{ .Release.Namespace }}
kubectl logs -n {{ .Release.Namespace }} deployment/{{ include "freeleaps-devops-reconciler.fullname" . }}
3. Verify CRDs are installed:
kubectl get crds | grep freeleaps.com
4. View available Custom Resources:
kubectl get devopsprojects -A
kubectl get argosettings -A
kubectl get jenkinssettings -A
kubectl get deploymentrecords -A
{{- if .Values.crds.install }}
5. The following CRDs have been installed:
- devopsprojects.freeleaps.com
- argosettings.freeleaps.com
- jenkinssettings.freeleaps.com
- containerregistries.freeleaps.com
- gitcredentials.freeleaps.com
- deploymentrecords.freeleaps.com
- ingressresources.freeleaps.com
{{- end }}
For more information and examples, visit:
https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-devops-reconciler

275
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,275 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "freeleaps-devops-reconciler.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "freeleaps-devops-reconciler.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "freeleaps-devops-reconciler.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "freeleaps-devops-reconciler.labels" -}}
helm.sh/chart: {{ include "freeleaps-devops-reconciler.chart" . }}
{{ include "freeleaps-devops-reconciler.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "freeleaps-devops-reconciler.selectorLabels" -}}
app.kubernetes.io/name: {{ include "freeleaps-devops-reconciler.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "freeleaps-devops-reconciler.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "freeleaps-devops-reconciler.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Create the image reference
*/}}
{{- define "freeleaps-devops-reconciler.image" -}}
{{- $tag := .Values.image.tag | default .Chart.AppVersion }}
{{- printf "%s:%s" .Values.image.repository $tag }}
{{- end }}
{{/*
Environment variables template
*/}}
{{- define "freeleaps-devops-reconciler.env" -}}
- name: RECONCILER_DEBUG
value: {{ .Values.env.reconcilerDebug | quote }}
- name: DEFAULT_HTTP_TIMEOUT
value: {{ .Values.env.defaultHttpTimeout | quote }}
- name: K8S_CLUSTER_DOMAIN
value: {{ .Values.env.k8sClusterDomain | quote }}
- name: KUBERNETES_API_TIMEOUT
value: {{ .Values.env.kubernetesApiTimeout | quote }}
- name: AUTO_DISCOVER_K8S_CLUSTER_DOMAIN_MAX_RETRIES
value: {{ .Values.env.autoDiscoverK8sClusterDomainMaxRetries | quote }}
- name: LOG_LEVEL
value: {{ .Values.env.logLevel | quote }}
- name: LOG_FORMAT
value: {{ .Values.env.logFormat | quote }}
- name: OPERATOR_NAMESPACE
value: {{ .Values.env.operatorNamespace | quote }}
- name: RECONCILE_INTERVAL
value: {{ .Values.env.reconcileInterval | quote }}
- name: RABBITMQ_HOST
value: {{ .Values.env.rabbitmq.host | quote }}
- name: RABBITMQ_PORT
value: {{ .Values.env.rabbitmq.port | quote }}
- name: RABBITMQ_VHOST
value: {{ .Values.env.rabbitmq.vhost | quote }}
- name: RABBITMQ_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: rabbitmq-username
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: rabbitmq-password
- name: RABBITMQ_INPUT_QUEUE
value: {{ .Values.env.rabbitmq.inputQueue | quote }}
- name: RABBITMQ_OUTPUT_QUEUE
value: {{ .Values.env.rabbitmq.outputQueue | quote }}
- name: RABBITMQ_ENABLE_EXCHANGE_BINDING
value: {{ .Values.env.rabbitmq.enableExchangeBinding | quote }}
- name: RABBITMQ_INPUT_EXCHANGE
value: {{ .Values.env.rabbitmq.inputExchange | quote }}
- name: RABBITMQ_INPUT_EXCHANGE_TYPE
value: {{ .Values.env.rabbitmq.inputExchangeType | quote }}
- name: RABBITMQ_INPUT_ROUTING_KEY
value: {{ .Values.env.rabbitmq.inputRoutingKey | quote }}
- name: RABBITMQ_OUTPUT_EXCHANGE
value: {{ .Values.env.rabbitmq.outputExchange | quote }}
- name: RABBITMQ_OUTPUT_ROUTING_KEY
value: {{ .Values.env.rabbitmq.outputRoutingKey | quote }}
- name: JENKINS_ENDPOINT
value: {{ .Values.env.jenkins.endpoint | quote }}
- name: JENKINS_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: jenkins-username
- name: JENKINS_TOKEN
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: jenkins-token
- name: JENKINS_API_TIMEOUT
value: {{ .Values.env.jenkins.apiTimeout | quote }}
- name: JENKINS_FOLDER_CREATION_RETRY_COUNT
value: {{ .Values.env.jenkins.folderCreationRetryCount | quote }}
- name: ARGOCD_ENDPOINT
value: {{ .Values.env.argocd.endpoint | quote }}
- name: ARGOCD_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: argocd-username
- name: ARGOCD_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: argocd-password
- name: ARGOCD_API_TIMEOUT
value: {{ .Values.env.argocd.apiTimeout | quote }}
- name: ARGOCD_RESOURCE_CREATION_TIMEOUT
value: {{ .Values.env.argocd.resourceCreationTimeout | quote }}
- name: DEFAULT_GIT_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: default-git-username
- name: DEFAULT_GIT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: default-git-password
- name: DEFAULT_DOCKER_REGISTRY_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: default-docker-registry-username
- name: DEFAULT_DOCKER_REGISTRY_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: default-docker-registry-password
- name: DOCKER_REGISTRY_PAT_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: docker-registry-pat-username
- name: DOCKER_REGISTRY_PAT
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: docker-registry-pat
- name: ALLOW_HTTP_GIT_URLS
value: {{ .Values.env.allowHttpGitUrls | quote }}
- name: DOMAIN_TEMPLATE
value: {{ .Values.env.networkResources.domainTemplate | quote }}
- name: INGRESS_CLASS_NAME
value: {{ .Values.env.networkResources.ingressClassName | quote }}
- name: CERT_MANAGER_CLUSTER_ISSUER
value: {{ .Values.env.networkResources.certManagerClusterIssuer | quote }}
- name: INGRESS_CONTROLLER_IP
value: {{ .Values.env.networkResources.ingressControllerIp | quote }}
- name: DNS_CREATION_TIMEOUT
value: {{ .Values.env.networkResources.dnsCreationTimeout | quote }}
- name: CERTIFICATE_ISSUANCE_TIMEOUT
value: {{ .Values.env.networkResources.certificateIssuanceTimeout | quote }}
- name: INGRESS_READY_TIMEOUT
value: {{ .Values.env.networkResources.ingressReadyTimeout | quote }}
- name: NETWORK_RESOURCE_CLEANUP_TIMEOUT
value: {{ .Values.env.networkResources.networkResourceCleanupTimeout | quote }}
- name: NETWORK_RESOURCE_RETRY_COUNT
value: {{ .Values.env.networkResources.networkResourceRetryCount | quote }}
- name: NETWORK_RESOURCE_RETRY_DELAY
value: {{ .Values.env.networkResources.networkResourceRetryDelay | quote }}
- name: AZURE_KEY_VAULT_ENDPOINT
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: azure-key-vault-endpoint
- name: AZURE_KEY_VAULT_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: azure-key-vault-client-id
- name: AZURE_KEY_VAULT_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: azure-key-vault-client-secret
- name: AZURE_KEY_VAULT_TENANT_ID
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: azure-key-vault-tenant-id
- name: AZURE_KEY_VAULT_RESOURCE_GROUP
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: azure-key-vault-resource-group
- name: AZURE_KEY_VAULT_SUBSCRIPTION_ID
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: azure-key-vault-subscription-id
- name: AZURE_KEY_VAULT_NAME
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: azure-key-vault-name
- name: AZURE_DNS_SUBSCRIPTION_ID
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: azure-dns-subscription-id
- name: AZURE_DNS_TENANT_ID
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: azure-dns-tenant-id
- name: AZURE_DNS_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: azure-dns-client-id
- name: AZURE_DNS_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: azure-dns-client-secret
- name: AZURE_DNS_RESOURCE_GROUP
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: azure-dns-resource-group
- name: AZURE_DNS_ZONE_NAME
valueFrom:
secretKeyRef:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
key: azure-dns-zone-name
{{- end }}

119
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/argosettings.yaml Normal file
View File

@ -0,0 +1,119 @@
{{- if .Values.crds.install }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: argosettings.freeleaps.com
labels:
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-5"
{{- if .Values.crds.keep }}
"helm.sh/resource-policy": keep
{{- end }}
spec:
group: freeleaps.com
scope: Namespaced
names:
kind: ArgoSetting
listKind: ArgoSettingList
singular: argosetting
plural: argosettings
shortNames:
- argo
- argos
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
required: ['spec']
properties:
spec:
type: object
required:
- projectId
- environments
properties:
projectId:
type: string
description: "Reference to DevOpsProject ID"
environments:
type: array
items:
type: object
required:
- name
- namespace
- repoUrl
properties:
name:
type: string
enum: ["dev", "staging", "prod"]
namespace:
type: string
description: "Target Kubernetes namespace"
repoUrl:
type: string
description: "Helm chart repository URL"
path:
type: string
description: "Path to chart in repository"
default: "."
targetRevision:
type: string
description: "Git branch or tag"
default: "HEAD"
syncPolicy:
type: object
properties:
automated:
type: object
properties:
prune:
type: boolean
default: false
selfHeal:
type: boolean
default: false
syncOptions:
type: array
items:
type: string
status:
type: object
properties:
argoSettings:
type: object
properties:
status:
type: string
enum: ["invalid", "valid", "synced"]
synced:
type: boolean
ready:
type: boolean
lastProbeTime:
type: string
format: date-time
subresources:
status: {}
additionalPrinterColumns:
- name: Project ID
type: string
jsonPath: .spec.projectId
- name: Environments
type: string
jsonPath: .spec.environments[*].name
- name: Status
type: string
jsonPath: .status.argoSettings.status
- name: Ready
type: boolean
jsonPath: .status.argoSettings.ready
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
{{- end }}

125
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/containerregistries.yaml Normal file
View File

@ -0,0 +1,125 @@
{{- if .Values.crds.install }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: containerregistries.freeleaps.com
labels:
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-5"
{{- if .Values.crds.keep }}
"helm.sh/resource-policy": keep
{{- end }}
spec:
group: freeleaps.com
scope: Namespaced
names:
kind: ContainerRegistry
listKind: ContainerRegistryList
singular: containerregistry
plural: containerregistries
shortNames:
- registry
- reg
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
required: ['spec']
properties:
spec:
type: object
required:
- projectId
- registryUrl
- project
properties:
projectId:
type: string
description: "Reference to DevOpsProject ID"
registryUrl:
type: string
description: "Container registry URL"
project:
type: string
description: "Registry project/namespace"
credentialsRef:
type: object
required:
- name
properties:
name:
type: string
description: "Secret name containing registry credentials"
namespace:
type: string
description: "Secret namespace"
repositories:
type: array
items:
type: object
required:
- name
properties:
name:
type: string
description: "Repository name"
description:
type: string
description: "Repository description"
public:
type: boolean
default: false
status:
type: object
properties:
containerRegistry:
type: object
properties:
status:
type: string
enum: ["invalid", "valid", "synced"]
synced:
type: boolean
ready:
type: boolean
lastProbeTime:
type: string
format: date-time
repositories:
type: array
items:
type: object
properties:
name:
type: string
url:
type: string
created:
type: boolean
subresources:
status: {}
additionalPrinterColumns:
- name: Project ID
type: string
jsonPath: .spec.projectId
- name: Registry URL
type: string
jsonPath: .spec.registryUrl
- name: Project
type: string
jsonPath: .spec.project
- name: Status
type: string
jsonPath: .status.containerRegistry.status
- name: Ready
type: boolean
jsonPath: .status.containerRegistry.ready
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
{{- end }}

139
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/deploymentrecords.yaml Normal file
View File

@ -0,0 +1,139 @@
{{- if .Values.crds.install }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: deploymentrecords.freeleaps.com
labels:
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-5"
{{- if .Values.crds.keep }}
"helm.sh/resource-policy": keep
{{- end }}
spec:
group: freeleaps.com
scope: Namespaced
names:
kind: DeploymentRecord
listKind: DeploymentRecordList
singular: deploymentrecord
plural: deploymentrecords
shortNames:
- deploy
- dr
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
required: ['spec']
properties:
spec:
type: object
required:
- projectId
- version
- environment
properties:
projectId:
type: string
description: "Reference to DevOpsProject ID"
version:
type: string
description: "Application version to deploy"
environment:
type: string
enum: ["dev", "staging", "prod"]
description: "Target environment"
gitCommitHash:
type: string
description: "Git commit hash for this deployment"
buildTrigger:
type: string
enum: ["manual", "webhook", "schedule", "api"]
default: "manual"
description: "What triggered this deployment"
operation:
type: string
enum: ["start", "terminate", "restart"]
default: "start"
description: "Deployment operation to perform"
ttlSeconds:
type: integer
minimum: 0
description: "TTL for this deployment in seconds"
parameters:
type: object
additionalProperties:
type: string
description: "Additional deployment parameters"
status:
type: object
properties:
deploymentRecord:
type: object
properties:
status:
type: string
enum: ["running", "success", "failed", "terminated"]
phase:
type: string
enum: ["initializing", "commit-message-linting", "execute-mode-detection", "code-changes-detection", "build-agent-setup", "dependencies-resolving", "semantic-releasing", "compilation-packaging", "image-builder-setup", "image-building", "app-version-updating", "deployment-triggering", "deployment-syncing", "deployment-verification", "resource-cleanup", "finished"]
startTime:
type: string
format: date-time
completionTime:
type: string
format: date-time
lastProbeTime:
type: string
format: date-time
jenkinsBuildNumber:
type: integer
description: "Jenkins build number"
jenkinsBuildUrl:
type: string
description: "Jenkins build URL"
argoSyncStatus:
type: string
description: "Argo CD sync status"
message:
type: string
description: "Status message"
networkResources:
type: object
properties:
domain:
type: string
certificate:
type: string
ingress:
type: string
subresources:
status: {}
additionalPrinterColumns:
- name: Project ID
type: string
jsonPath: .spec.projectId
- name: Version
type: string
jsonPath: .spec.version
- name: Environment
type: string
jsonPath: .spec.environment
- name: Status
type: string
jsonPath: .status.deploymentRecord.status
- name: Phase
type: string
jsonPath: .status.deploymentRecord.phase
- name: Build
type: integer
jsonPath: .status.deploymentRecord.jenkinsBuildNumber
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
{{- end }}

145
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/devopsprojects.yaml Normal file
View File

@ -0,0 +1,145 @@
{{- if .Values.crds.install }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: devopsprojects.freeleaps.com
labels:
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-5"
{{- if .Values.crds.keep }}
"helm.sh/resource-policy": keep
{{- end }}
spec:
group: freeleaps.com
scope: Namespaced
names:
kind: DevOpsProject
listKind: DevOpsProjectList
singular: devopsproject
plural: devopsprojects
shortNames:
- dop
- dops
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
required: ['spec']
properties:
metadata:
type: object
properties:
name:
type: string
maxLength: 63
spec:
type: object
required:
- projectName
- projectId
- git
- registry
- environments
properties:
projectName:
type: string
description: "Human readable project name"
projectId:
type: string
description: "Unique project identifier"
pattern: "^[a-z0-9]([a-z0-9-]*[a-z0-9])?$"
git:
type: object
required:
- url
- branch
properties:
url:
type: string
description: "Git repository URL"
branch:
type: string
description: "Default git branch"
default: "main"
credentialsRef:
type: object
properties:
name:
type: string
namespace:
type: string
registry:
type: object
required:
- url
- project
properties:
url:
type: string
description: "Container registry URL"
project:
type: string
description: "Registry project/namespace"
credentialsRef:
type: object
properties:
name:
type: string
namespace:
type: string
environments:
type: array
items:
type: object
required:
- name
- branch
properties:
name:
type: string
enum: ["dev", "staging", "prod"]
branch:
type: string
autoSync:
type: boolean
default: false
status:
type: object
properties:
devopsProject:
type: object
properties:
status:
type: string
enum: ["invalid", "valid", "synced"]
synced:
type: boolean
ready:
type: boolean
lastProbeTime:
type: string
format: date-time
subresources:
status: {}
additionalPrinterColumns:
- name: Project ID
type: string
jsonPath: .spec.projectId
- name: Git URL
type: string
jsonPath: .spec.git.url
- name: Status
type: string
jsonPath: .status.devopsProject.status
- name: Ready
type: boolean
jsonPath: .status.devopsProject.ready
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
{{- end }}

97
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/gitcredentials.yaml Normal file
View File

@ -0,0 +1,97 @@
{{- if .Values.crds.install }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: gitcredentials.freeleaps.com
labels:
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-5"
{{- if .Values.crds.keep }}
"helm.sh/resource-policy": keep
{{- end }}
spec:
group: freeleaps.com
scope: Namespaced
names:
kind: GitCredentials
listKind: GitCredentialsList
singular: gitcredentials
plural: gitcredentials
shortNames:
- gitcred
- gc
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
required: ['spec']
properties:
spec:
type: object
required:
- gitUrl
- credentialsRef
properties:
gitUrl:
type: string
description: "Git repository URL or domain"
credentialsRef:
type: object
required:
- name
properties:
name:
type: string
description: "Secret name containing git credentials"
namespace:
type: string
description: "Secret namespace"
credentialsId:
type: string
description: "Jenkins credentials ID to create/update"
description:
type: string
description: "Description for the credentials"
status:
type: object
properties:
gitCredentials:
type: object
properties:
status:
type: string
enum: ["invalid", "valid", "synced"]
synced:
type: boolean
ready:
type: boolean
lastProbeTime:
type: string
format: date-time
jenkinsCredentialsId:
type: string
description: "Created Jenkins credentials ID"
subresources:
status: {}
additionalPrinterColumns:
- name: Git URL
type: string
jsonPath: .spec.gitUrl
- name: Credentials ID
type: string
jsonPath: .status.gitCredentials.jenkinsCredentialsId
- name: Status
type: string
jsonPath: .status.gitCredentials.status
- name: Ready
type: boolean
jsonPath: .status.gitCredentials.ready
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
{{- end }}

162
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/ingressresources.yaml Normal file
View File

@ -0,0 +1,162 @@
{{- if .Values.crds.install }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: ingressresources.freeleaps.com
labels:
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-5"
{{- if .Values.crds.keep }}
"helm.sh/resource-policy": keep
{{- end }}
spec:
group: freeleaps.com
scope: Namespaced
names:
kind: IngressResources
listKind: IngressResourcesList
singular: ingressresources
plural: ingressresources
shortNames:
- ingress
- ir
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
required: ['spec']
properties:
spec:
type: object
required:
- projectId
- environment
- domain
properties:
projectId:
type: string
description: "Reference to DevOpsProject ID"
environment:
type: string
enum: ["dev", "staging", "prod"]
description: "Target environment"
domain:
type: string
description: "Domain name for the ingress"
serviceName:
type: string
description: "Backend service name"
servicePort:
type: integer
description: "Backend service port"
default: 80
tlsEnabled:
type: boolean
description: "Enable TLS/SSL"
default: true
certificateIssuer:
type: string
description: "cert-manager ClusterIssuer name"
default: "letsencrypt-prod"
ingressClassName:
type: string
description: "Ingress class name"
default: "nginx"
annotations:
type: object
additionalProperties:
type: string
description: "Additional ingress annotations"
paths:
type: array
items:
type: object
required:
- path
properties:
path:
type: string
description: "Path pattern"
pathType:
type: string
enum: ["Exact", "Prefix", "ImplementationSpecific"]
default: "Prefix"
serviceName:
type: string
description: "Override service name for this path"
servicePort:
type: integer
description: "Override service port for this path"
status:
type: object
properties:
ingressResources:
type: object
properties:
status:
type: string
enum: ["invalid", "creating", "ready", "failed"]
ready:
type: boolean
lastProbeTime:
type: string
format: date-time
domain:
type: object
properties:
name:
type: string
created:
type: boolean
dnsReady:
type: boolean
certificate:
type: object
properties:
name:
type: string
issued:
type: boolean
ready:
type: boolean
ingress:
type: object
properties:
name:
type: string
created:
type: boolean
ready:
type: boolean
loadBalancerIP:
type: string
subresources:
status: {}
additionalPrinterColumns:
- name: Project ID
type: string
jsonPath: .spec.projectId
- name: Environment
type: string
jsonPath: .spec.environment
- name: Domain
type: string
jsonPath: .spec.domain
- name: TLS
type: boolean
jsonPath: .spec.tlsEnabled
- name: Status
type: string
jsonPath: .status.ingressResources.status
- name: Ready
type: boolean
jsonPath: .status.ingressResources.ready
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
{{- end }}

136
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/jenkinssettings.yaml Normal file
View File

@ -0,0 +1,136 @@
{{- if .Values.crds.install }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: jenkinssettings.freeleaps.com
labels:
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-5"
{{- if .Values.crds.keep }}
"helm.sh/resource-policy": keep
{{- end }}
spec:
group: freeleaps.com
scope: Namespaced
names:
kind: JenkinsSetting
listKind: JenkinsSettingList
singular: jenkinssetting
plural: jenkinssettings
shortNames:
- jenkins
- jen
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
required: ['spec']
properties:
spec:
type: object
required:
- projectId
- gitUrl
- environments
properties:
projectId:
type: string
description: "Reference to DevOpsProject ID"
gitUrl:
type: string
description: "Git repository URL for Jenkins pipelines"
gitCredentialsId:
type: string
description: "Jenkins credentials ID for Git access"
environments:
type: array
items:
type: object
required:
- name
- branch
properties:
name:
type: string
enum: ["dev", "staging", "prod"]
branch:
type: string
description: "Git branch for this environment"
pipelineScript:
type: string
description: "Custom Jenkinsfile content"
buildTriggers:
type: object
properties:
webhook:
type: boolean
default: true
schedule:
type: string
description: "Cron schedule for builds"
folder:
type: object
properties:
name:
type: string
description: "Jenkins folder name"
description:
type: string
description: "Jenkins folder description"
status:
type: object
properties:
jenkinsSettings:
type: object
properties:
status:
type: string
enum: ["invalid", "valid", "synced"]
synced:
type: boolean
ready:
type: boolean
lastProbeTime:
type: string
format: date-time
folderUrl:
type: string
description: "Jenkins folder URL"
jobs:
type: array
items:
type: object
properties:
name:
type: string
environment:
type: string
url:
type: string
subresources:
status: {}
additionalPrinterColumns:
- name: Project ID
type: string
jsonPath: .spec.projectId
- name: Git URL
type: string
jsonPath: .spec.gitUrl
- name: Environments
type: string
jsonPath: .spec.environments[*].name
- name: Status
type: string
jsonPath: .status.jenkinsSettings.status
- name: Ready
type: boolean
jsonPath: .status.jenkinsSettings.ready
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
{{- end }}

93
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/deployment.yaml Normal file
View File

@ -0,0 +1,93 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}
labels:
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
strategy:
{{- toYaml .Values.strategy | nindent 4 }}
selector:
matchLabels:
{{- include "freeleaps-devops-reconciler.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
# Force pod restart on secret changes
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
labels:
{{- include "freeleaps-devops-reconciler.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "freeleaps-devops-reconciler.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: {{ include "freeleaps-devops-reconciler.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.service.targetPort }}
protocol: TCP
env:
{{- include "freeleaps-devops-reconciler.env" . | nindent 12 }}
{{- if .Values.healthcheck.livenessProbe.enabled }}
livenessProbe:
{{- with .Values.healthcheck.livenessProbe.httpGet }}
httpGet:
{{- toYaml . | nindent 14 }}
{{- end }}
initialDelaySeconds: {{ .Values.healthcheck.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.healthcheck.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.healthcheck.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.healthcheck.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.healthcheck.readinessProbe.enabled }}
readinessProbe:
{{- with .Values.healthcheck.readinessProbe.httpGet }}
httpGet:
{{- toYaml . | nindent 14 }}
{{- end }}
initialDelaySeconds: {{ .Values.healthcheck.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.healthcheck.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.healthcheck.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.healthcheck.readinessProbe.failureThreshold }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- if .Values.securityContext.readOnlyRootFilesystem }}
- name: tmp
mountPath: /tmp
- name: logs
mountPath: /app/logs
{{- end }}
volumes:
{{- if .Values.securityContext.readOnlyRootFilesystem }}
- name: tmp
emptyDir: {}
- name: logs
emptyDir: {}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

59
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/ingress.yaml Normal file
View File

@ -0,0 +1,59 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "freeleaps-devops-reconciler.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class")) }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

84
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/rbac.yaml Normal file
View File

@ -0,0 +1,84 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}
labels:
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
rules:
# Core Kubernetes resources
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch"]
- apiGroups: [""]
resources: ["secrets", "configmaps"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
# Apps resources
- apiGroups: ["apps"]
resources: ["deployments", "replicasets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
# Networking resources
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["networking.k8s.io"]
resources: ["networkpolicies"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
# cert-manager resources
- apiGroups: ["cert-manager.io"]
resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
# Argo CD resources
- apiGroups: ["argoproj.io"]
resources: ["applications", "appprojects"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
# Custom resources - FreeleapsDevOps
- apiGroups: ["freeleaps.com"]
resources: ["devopsprojects", "argosettings", "jenkinssettings", "containerregistries", "gitcredentials", "deploymentrecords", "ingressresources"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["freeleaps.com"]
resources: ["devopsprojects/status", "argosettings/status", "jenkinssettings/status", "containerregistries/status", "gitcredentials/status", "deploymentrecords/status", "ingressresources/status"]
verbs: ["get", "update", "patch"]
- apiGroups: ["freeleaps.com"]
resources: ["devopsprojects/finalizers", "argosettings/finalizers", "jenkinssettings/finalizers", "containerregistries/finalizers", "gitcredentials/finalizers", "deploymentrecords/finalizers", "ingressresources/finalizers"]
verbs: ["update"]
# Kopf framework requirements
- apiGroups: ["zalando.org"]
resources: ["kopfpeerings"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "watch"]
# Additional rules from values
{{- with .Values.rbac.additionalRules }}
{{- toYaml . | nindent 2 }}
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}
labels:
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "freeleaps-devops-reconciler.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "freeleaps-devops-reconciler.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

27
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/certificate.yaml
View File

@ -1,27 +0,0 @@
{{ $namespace := .Release.Namespace }}
{{ $appVersion := .Chart.AppVersion | quote }}
{{ $releaseCertificate := .Release.Service }}
{{ $releaseName := .Release.Name }}
{{- range $ingress := .Values.reconciler.ingresses }}
{{- if not $ingress.tls.exists }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ $ingress.name }}
namespace: {{ $namespace }}
labels:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: {{ $ingress.name | quote }}
app.kubernetes.io/managed-by: {{ $releaseCertificate }}
app.kubernetes.io/instance: {{ $releaseName }}
spec:
commonName: {{ $ingress.host }}
dnsNames:
- {{ $ingress.host }}
issuerRef:
name: {{ $ingress.tls.issuerRef.name }}
kind: {{ $ingress.tls.issuerRef.kind }}
secretName: {{ $ingress.tls.name }}
{{- end }}
{{- end }}

131
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/deployment.yaml
View File

@ -1,131 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/name: "reconciler"
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{/* logIngest related code commented out
{{- if .Values.logIngest.enabled }}
annotations:
opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/reconciler/opentelemetry.yaml") . | sha256sum }}
{{- end }}
*/}}
name: "reconciler"
namespace: {{ .Release.Namespace | quote }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: "reconciler"
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
replicas: {{ .Values.reconciler.replicas }}
template:
metadata:
labels:
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/name: "reconciler"
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
annotations:
app.kubernetes.io/config-checksum: {{ include (print $.Template.BasePath "/reconciler/reconciler-config.yaml") . | sha256sum }}
{{/* logIngest related code commented out
{{- if .Values.logIngest.enabled }}
opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/reconciler/opentelemetry.yaml") . | sha256sum }}
sidecar.opentelemetry.io/inject: "{{ .Release.Namespace}}/{{ .Release.Name }}-opentelemetry-collector"
{{- end }}
*/}}
spec:
{{/* logIngest related code commented out
{{- if .Values.logIngest.enabled }}
serviceAccountName: "{{ .Release.Name }}-otel-collector"
{{- end }}
*/}}
containers:
- name: "reconciler"
image: "{{ coalesce .Values.reconciler.image.registry .Values.global.registry "docker.io"}}/{{ coalesce .Values.reconciler.image.repository .Values.global.repository }}/{{ .Values.reconciler.image.name }}:{{ .Values.reconciler.image.tag | default "latest" }}"
imagePullPolicy: {{ .Values.reconciler.image.imagePullPolicy | default "IfNotPresent" }}
ports:
{{- range $port := .Values.reconciler.ports }}
- containerPort: {{ $port.containerPort }}
name: {{ $port.name }}
protocol: {{ $port.protocol }}
{{- end }}
{{- if .Values.reconciler.resources }}
resources:
{{- toYaml .Values.reconciler.resources | nindent 12 }}
{{- end }}
{{- if .Values.reconciler.probes }}
{{- if and (.Values.reconciler.probes.liveness) (eq .Values.reconciler.probes.liveness.type "httpGet") }}
livenessProbe:
httpGet:
path: {{ .Values.reconciler.probes.liveness.config.path }}
port: {{ .Values.reconciler.probes.liveness.config.port }}
{{- if .Values.reconciler.probes.liveness.config.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.reconciler.probes.liveness.config.initialDelaySeconds }}
{{- end }}
{{- if .Values.reconciler.probes.liveness.config.periodSeconds }}
periodSeconds: {{ .Values.reconciler.probes.liveness.config.periodSeconds }}
{{- end }}
{{- if .Values.reconciler.probes.liveness.config.timeoutSeconds }}
timeoutSeconds: {{ .Values.reconciler.probes.liveness.config.timeoutSeconds }}
{{- end }}
{{- if .Values.reconciler.probes.liveness.config.successThreshold }}
successThreshold: {{ .Values.reconciler.probes.liveness.config.successThreshold }}
{{- end }}
{{- if .Values.reconciler.probes.liveness.config.failureThreshold }}
failureThreshold: {{ .Values.reconciler.probes.liveness.config.failureThreshold }}
{{- end }}
{{- if .Values.reconciler.probes.liveness.config.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.reconciler.probes.liveness.config.terminationGracePeriodSeconds }}
{{- end }}
{{- end }}
{{- if and (.Values.reconciler.probes.readiness) (eq .Values.reconciler.probes.readiness.type "httpGet") }}
readinessProbe:
httpGet:
path: {{ .Values.reconciler.probes.readiness.config.path }}
port: {{ .Values.reconciler.probes.readiness.config.port }}
{{- if .Values.reconciler.probes.readiness.config.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.reconciler.probes.readiness.config.initialDelaySeconds }}
{{- end }}
{{- if .Values.reconciler.probes.readiness.config.periodSeconds }}
periodSeconds: {{ .Values.reconciler.probes.readiness.config.periodSeconds }}
{{- end }}
{{- if .Values.reconciler.probes.readiness.config.timeoutSeconds }}
timeoutSeconds: {{ .Values.reconciler.probes.readiness.config.timeoutSeconds }}
{{- end }}
{{- if .Values.reconciler.probes.readiness.config.successThreshold }}
successThreshold: {{ .Values.reconciler.probes.readiness.config.successThreshold }}
{{- end }}
{{- if .Values.reconciler.probes.readiness.config.failureThreshold }}
failureThreshold: {{ .Values.reconciler.probes.readiness.config.failureThreshold }}
{{- end }}
{{- if .Values.reconciler.probes.readiness.config.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.reconciler.probes.readiness.config.terminationGracePeriodSeconds }}
{{- end }}
{{- end }}
{{- end}}
env:
{{- range $key, $value := .Values.reconciler.configs }}
- name: {{ $key | snakecase | upper }}
valueFrom:
secretKeyRef:
name: reconciler-config
key: {{ $key | snakecase | upper }}
{{- end }}
{{/* logIngest related code commented out
{{- if .Values.logIngest.enabled }}
volumeMounts:
- name: app-logs
mountPath: {{ .Values.logIngest.logPath }}
{{- end }}
*/}}
{{/* logIngest related code commented out
{{- if .Values.logIngest.enabled }}
volumes:
- name: app-logs
emptyDir: {}
{{- end }}
*/}}

36
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/ingress.yaml
View File

@ -1,36 +0,0 @@
{{ $namespace := .Release.Namespace }}
{{ $appVersion := .Chart.AppVersion | quote }}
{{ $releaseIngress := .Release.Service }}
{{ $releaseName := .Release.Name }}
{{- range $ingress := .Values.reconciler.ingresses }}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $ingress.name }}
namespace: {{ $namespace }}
labels:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: {{ $ingress.name | quote }}
app.kubernetes.io/managed-by: {{ $releaseIngress }}
app.kubernetes.io/instance: {{ $releaseName }}
spec:
{{- if $ingress.class }}
ingressClassName: {{ $ingress.class }}
{{- end }}
{{- if $ingress.tls }}
tls:
- hosts:
- {{ $ingress.host }}
{{- if $ingress.tls.exists }}
secretName: {{ $ingress.tls.secretRef.name }}
{{- else }}
secretName: {{ $ingress.tls.name }}
{{- end }}
{{- end }}
rules:
- host: {{ $ingress.host }}
http:
paths:
{{- toYaml $ingress.rules | nindent 10 }}
{{- end }}

72
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/reconciler-config.yaml
View File

@ -1,72 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: reconciler-config
namespace: {{ .Release.Namespace }}
type: Opaque
data:
DEBUG: {{ .Values.reconciler.configs.debug | b64enc | quote }}
K8S_CLUSTER_DOMAIN: {{ .Values.reconciler.configs.k8sClusterDomain | b64enc | quote }}
K_8S_CLUSTER_DOMAIN: {{ .Values.reconciler.configs.k8sClusterDomain | b64enc | quote }}
AUTO_DISCOVER_K8S_CLUSTER_DOMAIN_MAX_RETRIES: {{ .Values.reconciler.configs.autoDiscoverK8sClusterDomainMaxRetries | toString | b64enc | quote }}
AUTO_DISCOVER_K_8S_CLUSTER_DOMAIN_MAX_RETRIES: {{ .Values.reconciler.configs.autoDiscoverK8sClusterDomainMaxRetries | toString | b64enc | quote }}
RABBITMQ_HOST: {{ .Values.reconciler.configs.rabbitmqHost | b64enc | quote }}
RABBITMQ_PORT: {{ .Values.reconciler.configs.rabbitmqPort | toString | b64enc | quote }}
RABBITMQ_USERNAME: {{ .Values.reconciler.configs.rabbitmqUsername | b64enc | quote }}
RABBITMQ_PASSWORD: {{ .Values.reconciler.configs.rabbitmqPassword | b64enc | quote }}
RABBITMQ_VHOST: {{ .Values.reconciler.configs.rabbitmqVhost | b64enc | quote }}
RABBITMQ_INPUT_QUEUE: {{ .Values.reconciler.configs.rabbitmqInputQueue | b64enc | quote }}
RABBITMQ_OUTPUT_QUEUE: {{ .Values.reconciler.configs.rabbitmqOutputQueue | b64enc | quote }}
RABBITMQ_ENABLE_EXCHANGE_BINDING: {{ .Values.reconciler.configs.rabbitmqEnableExchangeBinding | b64enc | quote }}
RABBITMQ_INPUT_EXCHANGE: {{ .Values.reconciler.configs.rabbitmqInputExchange | b64enc | quote }}
RABBITMQ_INPUT_EXCHANGE_TYPE: {{ .Values.reconciler.configs.rabbitmqInputExchangeType | b64enc | quote }}
RABBITMQ_INPUT_ROUTING_KEY: {{ .Values.reconciler.configs.rabbitmqInputRoutingKey | b64enc | quote }}
RABBITMQ_OUTPUT_EXCHANGE: {{ .Values.reconciler.configs.rabbitmqOutputExchange | b64enc | quote }}
RABBITMQ_OUTPUT_ROUTING_KEY: {{ .Values.reconciler.configs.rabbitmqOutputRoutingKey | b64enc | quote }}
JENKINS_ENDPOINT: {{ .Values.reconciler.configs.jenkinsEndpoint | b64enc | quote }}
JENKINS_USERNAME: {{ .Values.reconciler.configs.jenkinsUsername | b64enc | quote }}
JENKINS_TOKEN: {{ .Values.reconciler.configs.jenkinsToken | b64enc | quote }}
JENKINS_API_TIMEOUT: {{ .Values.reconciler.configs.jenkinsApiTimeout | toString | b64enc | quote }}
JENKINS_FOLDER_CREATION_RETRY_COUNT: {{ .Values.reconciler.configs.jenkinsFolderCreationRetryCount | toString | b64enc | quote }}
ARGOCD_ENDPOINT: {{ .Values.reconciler.configs.argocdEndpoint | b64enc | quote }}
ARGOCD_USERNAME: {{ .Values.reconciler.configs.argocdUsername | b64enc | quote }}
ARGOCD_PASSWORD: {{ .Values.reconciler.configs.argocdPassword | b64enc | quote }}
ARGOCD_API_TIMEOUT: {{ .Values.reconciler.configs.argocdApiTimeout | toString | b64enc | quote }}
ARGOCD_RESOURCE_CREATION_TIMEOUT: {{ .Values.reconciler.configs.argocdResourceCreationTimeout | toString | b64enc | quote }}
DEFAULT_GIT_USERNAME: {{ .Values.reconciler.configs.defaultGitUsername | b64enc | quote }}
DEFAULT_GIT_PASSWORD: {{ .Values.reconciler.configs.defaultGitPassword | b64enc | quote }}
DEFAULT_REGISTRY_USERNAME: {{ .Values.reconciler.configs.defaultRegistryUsername | b64enc | quote }}
DEFAULT_REGISTRY_PASSWORD: {{ .Values.reconciler.configs.defaultRegistryPassword | b64enc | quote }}
KUBERNETES_API_TIMEOUT: {{ .Values.reconciler.configs.kubernetesApiTimeout | toString | b64enc | quote }}
DEFAULT_HTTP_TIMEOUT: {{ .Values.reconciler.configs.defaultHttpTimeout | toString | b64enc | quote }}
ALLOW_HTTP_GIT_URLS: {{ .Values.reconciler.configs.allowHttpGitUrls | b64enc | quote }}
LOG_LEVEL: {{ .Values.reconciler.configs.logLevel | b64enc | quote }}
LOG_FORMAT: {{ .Values.reconciler.configs.logFormat | b64enc | quote }}
OPERATOR_NAMESPACE: {{ .Values.reconciler.configs.operatorNamespace | b64enc | quote }}
RECONCILE_INTERVAL: {{ .Values.reconciler.configs.reconcileInterval | toString | b64enc | quote }}
ENABLE_MOCK_SERVICE: {{ .Values.reconciler.configs.enableMockService | b64enc | quote }}
MOCK_SERVICE_PORT: {{ .Values.reconciler.configs.mockServicePort | toString | b64enc | quote }}
DEV_MODE: {{ .Values.reconciler.configs.devMode | b64enc | quote }}
GODADDY_API_KEY: {{ .Values.reconciler.configs.godaddyApiKey | b64enc | quote }}
GODADDY_API_SECRET: {{ .Values.reconciler.configs.godaddyApiSecret | b64enc | quote }}
GODADDY_BASE_DOMAIN: {{ .Values.reconciler.configs.godaddyBaseDomain | b64enc | quote }}
DOMAIN_TEMPLATE: {{ .Values.reconciler.configs.domainTemplate | b64enc | quote }}
INGRESS_CLASS_NAME: {{ .Values.reconciler.configs.ingressClassName | b64enc | quote }}
CERT_MANAGER_CLUSTER_ISSUER: {{ .Values.reconciler.configs.certManagerClusterIssuer | b64enc | quote }}
DNS_CREATION_TIMEOUT: {{ .Values.reconciler.configs.dnsCreationTimeout | toString | b64enc | quote }}
CERTIFICATE_ISSUANCE_TIMEOUT: {{ .Values.reconciler.configs.certificateIssuanceTimeout | toString | b64enc | quote }}
INGRESS_READY_TIMEOUT: {{ .Values.reconciler.configs.ingressReadyTimeout | toString | b64enc | quote }}
NETWORK_RESOURCE_CLEANUP_TIMEOUT: {{ .Values.reconciler.configs.networkResourceCleanupTimeout | toString | b64enc | quote }}
NETWORK_RESOURCE_RETRY_COUNT: {{ .Values.reconciler.configs.networkResourceRetryCount | toString | b64enc | quote }}
NETWORK_RESOURCE_RETRY_DELAY: {{ .Values.reconciler.configs.networkResourceRetryDelay | toString | b64enc | quote }}
SERVICE_API_ACCESS_HOST: {{ .Values.reconciler.configs.serviceApiAccessHost | b64enc | quote }}
SERVICE_API_ACCESS_PORT: {{ .Values.reconciler.configs.serviceApiAccessPort | toString | b64enc | quote }}
MONGODB_NAME: {{ .Values.reconciler.configs.mongodbName | b64enc | quote }}
MONGODB_URI: {{ .Values.reconciler.configs.mongodbUri | b64enc | quote }}
MONGODB_PORT: {{ .Values.reconciler.configs.mongodbPort | toString | b64enc | quote }}
REDIS_URL: {{ .Values.reconciler.configs.redisUrl | b64enc | quote }}
REDIS_IS_CLUSTER: {{ .Values.reconciler.configs.redisIsCluster | b64enc | quote }}
JWT_SECRET_KEY: {{ .Values.reconciler.configs.jwtSecretKey | b64enc | quote }}
JWT_ALGORITHM: {{ .Values.reconciler.configs.jwtAlgorithm | b64enc | quote }}
METRICS_ENABLED: {{ .Values.reconciler.configs.metricsEnabled | b64enc | quote }}
PROBES_ENABLED: {{ .Values.reconciler.configs.probesEnabled | b64enc | quote }}

26
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/service.yaml
View File

@ -1,26 +0,0 @@
{{ $namespace := .Release.Namespace }}
{{ $appVersion := .Chart.AppVersion | quote }}
{{ $releaseService := .Release.Service }}
{{ $releaseName := .Release.Name }}
{{- range $service := .Values.reconciler.services }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $service.name }}
namespace: {{ $namespace }}
labels:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: {{ $service.name | quote }}
app.kubernetes.io/managed-by: {{ $releaseService }}
app.kubernetes.io/instance: {{ $releaseName }}
spec:
ports:
- port: {{ $service.port }}
targetPort: {{ $service.targetPort }}
selector:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: "reconciler"
app.kubernetes.io/managed-by: {{ $releaseService }}
app.kubernetes.io/instance: {{ $releaseName }}
{{- end }}

40
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/servicemonitor.yaml
View File

@ -1,40 +0,0 @@
{{ $namespace := .Release.Namespace }}
{{ $appVersion := .Chart.AppVersion | quote }}
{{ $releaseService := .Release.Service }}
{{ $releaseName := .Release.Name }}
{{- range $service := .Values.reconciler.services }}
{{- if $service.serviceMonitor.enabled }}
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ $service.name }}-monitor
namespace: {{ $service.serviceMonitor.namespace }}
labels:
app.kubernetes.io/version: {{ $appVersion }}
app.kubernetes.io/name: {{ $service.name }}-monitor
app.kubernetes.io/managed-by: {{ $releaseService }}
app.kubernetes.io/instance: {{ $releaseName }}
{{- if $service.serviceMonitor.labels }}
{{- toYaml $service.serviceMonitor.labels | nindent 4 }}
{{- end }}
spec:
endpoints:
- path: /api/_/metrics
targetPort: {{ $service.targetPort }}
{{- if $service.serviceMonitor.interval }}
interval: {{ $service.serviceMonitor.interval }}
{{- end }}
{{- if $service.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ $service.serviceMonitor.scrapeTimeout }}
{{- end }}
namespaceSelector:
matchNames:
- {{ $namespace | quote }}
selector:
matchLabels:
app.kubernetes.io/name: {{ $service.name }}
app.kubernetes.io/instance: {{ $releaseName }}
{{- end }}
{{- end }}

32
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/vpa.yaml
View File

@ -1,32 +0,0 @@
{{- if .Values.reconciler.vpa }}
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: {{ .Release.Name }}-reconciler-vpa
namespace: {{ .Release.Namespace }}
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: reconciler
resourcePolicy:
containerPolicies:
- containerName: '*'
{{- if .Values.reconciler.vpa.minAllowed.enabled }}
minAllowed:
cpu: {{ .Values.reconciler.vpa.minAllowed.cpu }}
memory: {{ .Values.reconciler.vpa.minAllowed.memory }}
{{- end }}
{{- if .Values.reconciler.vpa.maxAllowed.enabled }}
maxAllowed:
cpu: {{ .Values.reconciler.vpa.maxAllowed.cpu }}
memory: {{ .Values.reconciler.vpa.maxAllowed.memory }}
{{- end }}
{{- if .Values.reconciler.vpa.controlledResources }}
controlledResources:
{{- range .Values.reconciler.vpa.controlledResources }}
- {{ . }}
{{- end }}
{{- end }}
{{- end }}

48
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/secret.yaml Normal file
View File

@ -0,0 +1,48 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
labels:
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
type: Opaque
data:
# RabbitMQ credentials
rabbitmq-username: {{ .Values.secrets.rabbitmqCredentials.username | b64enc }}
rabbitmq-password: {{ .Values.secrets.rabbitmqCredentials.password | b64enc }}
# Jenkins credentials
jenkins-username: {{ .Values.secrets.jenkinsCredentials.username | b64enc }}
jenkins-token: {{ .Values.secrets.jenkinsCredentials.token | b64enc }}
# ArgoCD credentials
argocd-username: {{ .Values.secrets.argocdCredentials.username | b64enc }}
argocd-password: {{ .Values.secrets.argocdCredentials.password | b64enc }}
# Default Git credentials
default-git-username: {{ .Values.secrets.defaultGitCredentials.username | b64enc }}
default-git-password: {{ .Values.secrets.defaultGitCredentials.password | b64enc }}
# Default Docker Registry credentials
default-docker-registry-username: {{ .Values.secrets.defaultDockerRegistryCredentials.username | b64enc }}
default-docker-registry-password: {{ .Values.secrets.defaultDockerRegistryCredentials.password | b64enc }}
# Docker Registry PAT credentials
docker-registry-pat-username: {{ .Values.secrets.dockerRegistryPat.username | b64enc }}
docker-registry-pat: {{ .Values.secrets.dockerRegistryPat.token | b64enc }}
# Azure Key Vault credentials
azure-key-vault-endpoint: {{ .Values.secrets.azureKeyVault.endpoint | b64enc }}
azure-key-vault-client-id: {{ .Values.secrets.azureKeyVault.clientId | b64enc }}
azure-key-vault-client-secret: {{ .Values.secrets.azureKeyVault.clientSecret | b64enc }}
azure-key-vault-tenant-id: {{ .Values.secrets.azureKeyVault.tenantId | b64enc }}
azure-key-vault-resource-group: {{ .Values.secrets.azureKeyVault.resourceGroup | b64enc }}
azure-key-vault-subscription-id: {{ .Values.secrets.azureKeyVault.subscriptionId | b64enc }}
azure-key-vault-name: {{ .Values.secrets.azureKeyVault.name | b64enc }}
# Azure DNS credentials
azure-dns-subscription-id: {{ .Values.secrets.azureDns.subscriptionId | b64enc }}
azure-dns-tenant-id: {{ .Values.secrets.azureDns.tenantId | b64enc }}
azure-dns-client-id: {{ .Values.secrets.azureDns.clientId | b64enc }}
azure-dns-client-secret: {{ .Values.secrets.azureDns.clientSecret | b64enc }}
azure-dns-resource-group: {{ .Values.secrets.azureDns.resourceGroup | b64enc }}
azure-dns-zone-name: {{ .Values.secrets.azureDns.zoneName | b64enc }}

18
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/service.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "freeleaps-devops-reconciler.fullname" . }}
labels:
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: {{ .Values.service.targetPort }}
protocol: TCP
name: http
{{- with .Values.service.additionalPorts }}
{{- toYaml . | nindent 4 }}
{{- end }}
selector:
{{- include "freeleaps-devops-reconciler.selectorLabels" . | nindent 4 }}

13
freeleaps-devops-reconciler/helm-pkg/reconciler/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,13 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "freeleaps-devops-reconciler.serviceAccountName" . }}
labels:
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: true
{{- end }}

326
freeleaps-devops-reconciler/helm-pkg/reconciler/values.alpha.yaml
View File

@ -1,115 +1,227 @@
global: # Default values for freeleaps-devops-reconciler
registry: docker.io replicaCount: 1
repository: freeleaps
nodeSelector: {} image:
logIngest: repository: freeleaps/reconciler
enabled: false pullPolicy: IfNotPresent
reconciler: tag: ""
replicas: 1
image: imagePullSecrets: []
registry: docker.io nameOverride: ""
repository: null fullnameOverride: ""
name: reconciler
tag: snapshot-2a5bb92 # Operator Configuration
imagePullPolicy: IfNotPresent operator:
ports: clusterwide: false
- name: http priority: 100
containerPort: 8080 peeringName: "freeleaps-devops-reconciler"
protocol: TCP namespaces:
resources: - "freeleaps-devops-system"
requests: debug: false
cpu: '0.1'
memory: 64Mi serviceAccount:
limits: create: true
cpu: '0.2' annotations: {}
memory: 128Mi name: ""
probes: {}
services: rbac:
- name: reconciler-service create: true
additionalRules: []
podAnnotations: {}
podSecurityContext:
fsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
service:
type: ClusterIP type: ClusterIP
port: 8080 port: 8080
targetPort: 8080 targetPort: 8080
ingress:
enabled: false
className: ""
annotations: {}
hosts:
- host: devops-reconciler.local
paths:
- path: /
pathType: Prefix
tls: []
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
# Environment Configuration
env:
# General Configuration
reconcilerDebug: "false"
defaultHttpTimeout: "30s"
k8sClusterDomain: "kubernetes.default.svc.freeleaps.cluster"
kubernetesApiTimeout: "30s"
autoDiscoverK8sClusterDomainMaxRetries: "5"
logLevel: "INFO"
logFormat: "text"
operatorNamespace: "freeleaps-devops-system"
reconcileInterval: "30s"
allowHttpGitUrls: "false"
# RabbitMQ Configuration
rabbitmq:
host: "freeleaps-alpha-rabbitmq-cluster.freeleaps-alpha.svc.freeleaps.cluster"
port: "5672"
vhost: "/"
inputQueue: "freeleaps.devops.reconciler.input"
outputQueue: "freeleaps.devops.reconciler.output"
enableExchangeBinding: "true"
inputExchange: "freeleaps.notification.exchange"
inputExchangeType: "direct"
inputRoutingKey: "freeleaps.devops.reconciler.input"
outputExchange: "freeleaps.notification.exchange"
outputRoutingKey: "freeleaps.devops.reconciler.output"
# Jenkins Configuration
jenkins:
endpoint: "http://jenkins.freeleaps-devops-system.svc.freeleaps.cluster:8080"
apiTimeout: "30"
folderCreationRetryCount: "3"
# ArgoCD Configuration
argocd:
endpoint: "http://argocd-server.freeleaps-devops-system.svc.freeleaps.cluster:80"
apiTimeout: "30"
resourceCreationTimeout: "300"
# Network Resource Management
networkResources:
domainTemplate: "{env}.{project_id}.internalmathmast.com"
ingressClassName: "nginx"
certManagerClusterIssuer: "internal-mathmast-com"
ingressControllerIp: "4.155.160.32"
dnsCreationTimeout: "300"
certificateIssuanceTimeout: "600"
ingressReadyTimeout: "300"
networkResourceCleanupTimeout: "300"
networkResourceRetryCount: "3"
networkResourceRetryDelay: "30"
# Secret data
secrets:
# RabbitMQ credentials
rabbitmqCredentials:
username: "user"
password: "4O80YlxnlhHrjzaM"
# Jenkins credentials
jenkinsCredentials:
username: "admin"
token: "119fe346a7d5e1fc7f9ed4d98eac3e73ee"
# ArgoCD credentials
argocdCredentials:
username: "admin"
password: "ELvjjaHupgWomLj9"
# Default Git credentials
defaultGitCredentials:
username: "freeleaps"
password: "r8sA8CPHD9!bt6d"
# Default Docker Registry credentials
defaultDockerRegistryCredentials:
username: "freeleapsdevops"
password: "dckr_pat_y-KsBOwcEGTdCQDsAb-NBz9_beg"
# Docker Registry PAT credentials
dockerRegistryPat:
username: "freeleapsdevops"
token: "dckr_pat_UHFbzDZk-gZSM2UhRgnmTCMis9g"
# Azure Key Vault configuration
azureKeyVault:
endpoint: "https://freeleaps-secrets.vault.azure.net/"
clientId: "b6be5b92-25a8-482d-8dcd-7321bf2f83d9"
clientSecret: "4Nx8Q~fYFM~V~3otsN7YB4GPRQ0R8CHJ7XtpLcVA"
tenantId: "cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24"
subscriptionId: "0a280068-dec4-4bf0-9f04-65b64f412b50"
resourceGroup: "k8s"
name: "freeleaps-secrets"
# Azure DNS configuration
azureDns:
subscriptionId: "0a280068-dec4-4bf0-9f04-65b64f412b50"
tenantId: "cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24"
clientId: "b6be5b92-25a8-482d-8dcd-7321bf2f83d9"
clientSecret: "4Nx8Q~fYFM~V~3otsN7YB4GPRQ0R8CHJ7XtpLcVA"
resourceGroup: "k8s"
zoneName: "internalmathmast.com"
# Monitoring
monitoring:
serviceMonitor: serviceMonitor:
enabled: false enabled: false
labels:
release: kube-prometheus-stack
namespace: freeleaps-monitoring-system
interval: 30s interval: 30s
scrapeTimeout: '' scrapeTimeout: 10s
ingresses: {} labels: {}
configs: grafanaDashboard:
debug: 'false'
k8sClusterDomain: kubernetes.default.svc.cluster.local
autoDiscoverK8sClusterDomainMaxRetries: 5
rabbitmqHost: localhost
rabbitmqPort: 5672
rabbitmqUsername: admin
rabbitmqPassword: admin
rabbitmqVhost: /
rabbitmqInputQueue: freeleaps.devops.reconciler.input
rabbitmqOutputQueue: freeleaps.devops.reconciler.output
rabbitmqEnableExchangeBinding: 'true'
rabbitmqInputExchange: freeleaps.notification.exchange
rabbitmqInputExchangeType: direct
rabbitmqInputRoutingKey: freeleaps.devops.reconciler.input
rabbitmqOutputExchange: freeleaps.notification.exchange
rabbitmqOutputRoutingKey: freeleaps.devops.reconciler.output
jenkinsEndpoint: http://localhost:8080
jenkinsUsername: admin
jenkinsToken: admin
jenkinsApiTimeout: 30
jenkinsFolderCreationRetryCount: 3
argocdEndpoint: http://localhost:8080
argocdUsername: admin
argocdPassword: admin
argocdApiTimeout: 30
argocdResourceCreationTimeout: 30
defaultGitUsername: admin
defaultGitPassword: admin
defaultRegistryUsername: admin
defaultRegistryPassword: admin
kubernetesApiTimeout: 30
defaultHttpTimeout: 30
allowHttpGitUrls: 'false'
logLevel: INFO
logFormat: text
operatorNamespace: freeleaps-devops-system
reconcileInterval: 30
enableMockService: 'false'
mockServicePort: 5000
devMode: 'false'
godaddyApiKey: ''
godaddyApiSecret: ''
godaddyBaseDomain: mathmast.com
domainTemplate: '{env}.{project_id}.mathmast.com'
ingressClassName: nginx
certManagerClusterIssuer: letsencrypt-prod
dnsCreationTimeout: 300
certificateIssuanceTimeout: 600
ingressReadyTimeout: 300
networkResourceCleanupTimeout: 300
networkResourceRetryCount: 3
networkResourceRetryDelay: 30
serviceApiAccessHost: 0.0.0.0
serviceApiAccessPort: '8080'
mongodbName: ''
mongodbUri: ''
mongodbPort: ''
redisUrl: ''
redisIsCluster: 'false'
jwtSecretKey: ''
jwtAlgorithm: ''
metricsEnabled: 'false'
probesEnabled: 'false'
vpa:
minAllowed:
enabled: false enabled: false
cpu: 100m labels: {}
memory: 64Mi
maxAllowed: # Health checks
healthcheck:
livenessProbe:
enabled: true enabled: true
cpu: 100m httpGet:
memory: 256Mi path: /healthz
controlledResources: port: 8080
- cpu initialDelaySeconds: 30
- memory periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
enabled: true
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
# Deployment strategy
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
# Network Policy
networkPolicy:
enabled: false
ingress: []
egress: []
# CRDs Management
crds:
install: true
keep: true

334
freeleaps-devops-reconciler/helm-pkg/reconciler/values.yaml
View File

@ -1,131 +1,227 @@
global: # Default values for freeleaps-devops-reconciler
registry: docker.io replicaCount: 1
repository: freeleaps
nodeSelector: {} image:
logIngest: repository: freeleaps/reconciler
enabled: false pullPolicy: IfNotPresent
reconciler: tag: ""
replicas: 1
image: imagePullSecrets: []
registry: nameOverride: ""
repository: freeleaps fullnameOverride: ""
name: reconciler
tag: 1.0.0 # Operator Configuration
imagePullPolicy: IfNotPresent operator:
ports: clusterwide: false
- name: http priority: 100
containerPort: 8080 peeringName: "freeleaps-devops-reconciler"
protocol: TCP namespaces:
resources: - "freeleaps-devops-system"
requests: debug: false
cpu: "0.1"
memory: "64Mi" serviceAccount:
limits: create: true
cpu: "0.2" annotations: {}
memory: "128Mi" name: ""
# FIXME: Wait until the developers implements the probes APIs
probes: {} rbac:
services: create: true
- name: reconciler-service additionalRules: []
podAnnotations: {}
podSecurityContext:
fsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
service:
type: ClusterIP type: ClusterIP
port: 8080 port: 8080
targetPort: 8080 targetPort: 8080
serviceMonitor:
ingress:
enabled: false enabled: false
labels: className: ""
release: kube-prometheus-stack annotations: {}
namespace: freeleaps-monitoring-system hosts:
interval: 30s - host: devops-reconciler.local
scrapeTimeout: "" paths:
# Defaults to {}, which means doesn't have any ingress - path: /
ingresses: {} pathType: Prefix
configs: tls: []
# General
debug: "false" resources:
k8sClusterDomain: "kubernetes.default.svc.cluster.local" limits:
autoDiscoverK8sClusterDomainMaxRetries: 5 cpu: 500m
# RabbitMQ memory: 512Mi
rabbitmqHost: "localhost" requests:
rabbitmqPort: 5672 cpu: 100m
rabbitmqUsername: "admin" memory: 128Mi
rabbitmqPassword: "admin"
rabbitmqVhost: "/" nodeSelector: {}
rabbitmqInputQueue: "freeleaps.devops.reconciler.input" tolerations: []
rabbitmqOutputQueue: "freeleaps.devops.reconciler.output" affinity: {}
rabbitmqEnableExchangeBinding: "true"
rabbitmqInputExchange: "freeleaps.notification.exchange" # Environment Configuration
rabbitmqInputExchangeType: "direct" env:
rabbitmqInputRoutingKey: "freeleaps.devops.reconciler.input" # General Configuration
rabbitmqOutputExchange: "freeleaps.notification.exchange" reconcilerDebug: "false"
rabbitmqOutputRoutingKey: "freeleaps.devops.reconciler.output" defaultHttpTimeout: "30s"
# Jenkins k8sClusterDomain: "cluster.local"
jenkinsEndpoint: "http://localhost:8080" kubernetesApiTimeout: "30s"
jenkinsUsername: "admin" autoDiscoverK8sClusterDomainMaxRetries: "5"
jenkinsToken: "admin"
jenkinsApiTimeout: 30
jenkinsFolderCreationRetryCount: 3
# ArgoCD
argocdEndpoint: "http://localhost:8080"
argocdUsername: "admin"
argocdPassword: "admin"
argocdApiTimeout: 30
argocdResourceCreationTimeout: 30
# Default Credentials
defaultGitUsername: "admin"
defaultGitPassword: "admin"
defaultRegistryUsername: "admin"
defaultRegistryPassword: "admin"
# API Timeouts
kubernetesApiTimeout: 30
defaultHttpTimeout: 30
# Git
allowHttpGitUrls: "false"
# Advanced
logLevel: "INFO" logLevel: "INFO"
logFormat: "text" logFormat: "text"
operatorNamespace: "freeleaps-devops-system" operatorNamespace: "freeleaps-devops-system"
reconcileInterval: 30 reconcileInterval: "30s"
# Development allowHttpGitUrls: "false"
enableMockService: "false"
mockServicePort: 5000 # RabbitMQ Configuration
devMode: "false" rabbitmq:
host: "localhost"
port: "5672"
vhost: "/"
inputQueue: "freeleaps.devops.reconciler.input"
outputQueue: "freeleaps.devops.reconciler.output"
enableExchangeBinding: "true"
inputExchange: "freeleaps.notification.exchange"
inputExchangeType: "direct"
inputRoutingKey: "freeleaps.devops.reconciler.input"
outputExchange: "freeleaps.notification.exchange"
outputRoutingKey: "freeleaps.devops.reconciler.output"
# Jenkins Configuration
jenkins:
endpoint: "http://localhost:8080"
apiTimeout: "30s"
folderCreationRetryCount: "3"
# ArgoCD Configuration
argocd:
endpoint: "http://localhost:8080"
apiTimeout: "30s"
resourceCreationTimeout: "300s"
# Network Resource Management # Network Resource Management
godaddyApiKey: "" networkResources:
godaddyApiSecret: "" domainTemplate: "{env}.{project_id}.example.com"
godaddyBaseDomain: "mathmast.com"
domainTemplate: "{env}.{project_id}.mathmast.com"
ingressClassName: "nginx" ingressClassName: "nginx"
certManagerClusterIssuer: "letsencrypt-prod" certManagerClusterIssuer: "letsencrypt-prod"
dnsCreationTimeout: 300 ingressControllerIp: "127.0.0.1"
certificateIssuanceTimeout: 600 dnsCreationTimeout: "300s"
ingressReadyTimeout: 300 certificateIssuanceTimeout: "600s"
networkResourceCleanupTimeout: 300 ingressReadyTimeout: "300s"
networkResourceRetryCount: 3 networkResourceCleanupTimeout: "300s"
networkResourceRetryDelay: 30 networkResourceRetryCount: "3"
# Service networkResourceRetryDelay: "30s"
serviceApiAccessHost: "0.0.0.0"
serviceApiAccessPort: "8080" # Secret data
# MongoDB/Redis (add if needed) secrets:
mongodbName: "" # RabbitMQ credentials
mongodbUri: "" rabbitmqCredentials:
mongodbPort: "" username: "admin"
redisUrl: "" password: "changeme"
redisIsCluster: "false"
# JWT # Jenkins credentials
jwtSecretKey: "" jenkinsCredentials:
jwtAlgorithm: "" username: "admin"
# Metrics/Probes token: "changeme"
metricsEnabled: "false"
probesEnabled: "false" # ArgoCD credentials
vpa: argocdCredentials:
minAllowed: username: "admin"
password: "changeme"
# Default Git credentials
defaultGitCredentials:
username: "git-user"
password: "changeme"
# Default Docker Registry credentials
defaultDockerRegistryCredentials:
username: "registry-user"
password: "changeme"
# Docker Registry PAT credentials
dockerRegistryPat:
username: "pat-user"
token: "changeme"
# Azure Key Vault configuration
azureKeyVault:
endpoint: "https://your-keyvault.vault.azure.net/"
clientId: "your-client-id"
clientSecret: "changeme"
tenantId: "your-tenant-id"
subscriptionId: "your-subscription-id"
resourceGroup: "your-resource-group"
name: "your-keyvault-name"
# Azure DNS configuration
azureDns:
subscriptionId: "your-subscription-id"
tenantId: "your-tenant-id"
clientId: "your-client-id"
clientSecret: "changeme"
resourceGroup: "your-resource-group"
zoneName: "your-zone.com"
# Monitoring
monitoring:
serviceMonitor:
enabled: false enabled: false
cpu: "0.1" interval: 30s
memory: "64Mi" scrapeTimeout: 10s
maxAllowed: labels: {}
grafanaDashboard:
enabled: false
labels: {}
# Health checks
healthcheck:
livenessProbe:
enabled: true enabled: true
cpu: "0.2" httpGet:
memory: "128Mi" path: /healthz
controlledResources: port: 8080
- cpu initialDelaySeconds: 30
- memory periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
enabled: true
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
# Deployment strategy
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
# Network Policy
networkPolicy:
enabled: false
ingress: []
egress: []
# CRDs Management
crds:
install: true
keep: true