refactor(devsvc): restructure reconciler Helm chart and remove deprecated files
- Deleted Jenkinsfile as CI/CD configuration is now handled differently. - Updated Chart.yaml to reflect new service name and versioning. - Enhanced values.yaml and values.alpha.yaml with comprehensive operator configuration and environment settings. - Removed obsolete templates for deployment, service, ingress, and monitoring. - Streamlined configuration for RabbitMQ, Jenkins, and ArgoCD integration. Signed-off-by: zhenyus <zhenyus@mathmast.com>
This commit is contained in:
zhenyus
parent
54420c53bf
commit
eae6ba99e2
@ -1,6 +1,23 @@
|
||||
apiVersion: v2
|
||||
name: reconciler
|
||||
description: A Helm Chart of reconciler service, which part of Freeleaps Platform, powered by Freeleaps.
|
||||
name: freeleaps-devops-reconciler
|
||||
description: A Kubernetes operator that automates and orchestrates DevOps workflows
|
||||
type: application
|
||||
version: 0.0.1
|
||||
appVersion: "0.0.1"
|
||||
version: 0.1.0
|
||||
appVersion: "0.1.0"
|
||||
home: https://freeleaps.com
|
||||
sources:
|
||||
- https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-devops-reconciler
|
||||
maintainers:
|
||||
- name: Freeleaps DevOps Team
|
||||
email: devops@freeleaps.com
|
||||
keywords:
|
||||
- kubernetes
|
||||
- operator
|
||||
- devops
|
||||
- jenkins
|
||||
- argocd
|
||||
- gitops
|
||||
- ci-cd
|
||||
annotations:
|
||||
category: DevOps
|
||||
licenses: Apache-2.0
|
||||
@ -0,0 +1,49 @@
|
||||
1. Get the application URL by running these commands:
|
||||
{{- if .Values.ingress.enabled }}
|
||||
{{- range $host := .Values.ingress.hosts }}
|
||||
{{- range .paths }}
|
||||
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else if contains "NodePort" .Values.service.type }}
|
||||
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "freeleaps-devops-reconciler.fullname" . }})
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo http://$NODE_IP:$NODE_PORT
|
||||
{{- else if contains "LoadBalancer" .Values.service.type }}
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "freeleaps-devops-reconciler.fullname" . }}'
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "freeleaps-devops-reconciler.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
|
||||
echo http://$SERVICE_IP:{{ .Values.service.port }}
|
||||
{{- else if contains "ClusterIP" .Values.service.type }}
|
||||
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "{{ include "freeleaps-devops-reconciler.selectorLabels" . }}" -o jsonpath="{.items[0].metadata.name}")
|
||||
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
|
||||
echo "Visit http://127.0.0.1:8080 to use your application"
|
||||
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
|
||||
{{- end }}
|
||||
|
||||
2. Check the status of the FreeleapsDevOps Reconciler:
|
||||
kubectl get pods -n {{ .Release.Namespace }}
|
||||
kubectl logs -n {{ .Release.Namespace }} deployment/{{ include "freeleaps-devops-reconciler.fullname" . }}
|
||||
|
||||
3. Verify CRDs are installed:
|
||||
kubectl get crds | grep freeleaps.com
|
||||
|
||||
4. View available Custom Resources:
|
||||
kubectl get devopsprojects -A
|
||||
kubectl get argosettings -A
|
||||
kubectl get jenkinssettings -A
|
||||
kubectl get deploymentrecords -A
|
||||
|
||||
{{- if .Values.crds.install }}
|
||||
5. The following CRDs have been installed:
|
||||
- devopsprojects.freeleaps.com
|
||||
- argosettings.freeleaps.com
|
||||
- jenkinssettings.freeleaps.com
|
||||
- containerregistries.freeleaps.com
|
||||
- gitcredentials.freeleaps.com
|
||||
- deploymentrecords.freeleaps.com
|
||||
- ingressresources.freeleaps.com
|
||||
{{- end }}
|
||||
|
||||
For more information and examples, visit:
|
||||
https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-devops-reconciler
|
||||
@ -0,0 +1,275 @@
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "freeleaps-devops-reconciler.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "freeleaps-devops-reconciler.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "freeleaps-devops-reconciler.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "freeleaps-devops-reconciler.labels" -}}
|
||||
helm.sh/chart: {{ include "freeleaps-devops-reconciler.chart" . }}
|
||||
{{ include "freeleaps-devops-reconciler.selectorLabels" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "freeleaps-devops-reconciler.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "freeleaps-devops-reconciler.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "freeleaps-devops-reconciler.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "freeleaps-devops-reconciler.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the image reference
|
||||
*/}}
|
||||
{{- define "freeleaps-devops-reconciler.image" -}}
|
||||
{{- $tag := .Values.image.tag | default .Chart.AppVersion }}
|
||||
{{- printf "%s:%s" .Values.image.repository $tag }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Environment variables template
|
||||
*/}}
|
||||
{{- define "freeleaps-devops-reconciler.env" -}}
|
||||
- name: RECONCILER_DEBUG
|
||||
value: {{ .Values.env.reconcilerDebug | quote }}
|
||||
- name: DEFAULT_HTTP_TIMEOUT
|
||||
value: {{ .Values.env.defaultHttpTimeout | quote }}
|
||||
- name: K8S_CLUSTER_DOMAIN
|
||||
value: {{ .Values.env.k8sClusterDomain | quote }}
|
||||
- name: KUBERNETES_API_TIMEOUT
|
||||
value: {{ .Values.env.kubernetesApiTimeout | quote }}
|
||||
- name: AUTO_DISCOVER_K8S_CLUSTER_DOMAIN_MAX_RETRIES
|
||||
value: {{ .Values.env.autoDiscoverK8sClusterDomainMaxRetries | quote }}
|
||||
- name: LOG_LEVEL
|
||||
value: {{ .Values.env.logLevel | quote }}
|
||||
- name: LOG_FORMAT
|
||||
value: {{ .Values.env.logFormat | quote }}
|
||||
- name: OPERATOR_NAMESPACE
|
||||
value: {{ .Values.env.operatorNamespace | quote }}
|
||||
- name: RECONCILE_INTERVAL
|
||||
value: {{ .Values.env.reconcileInterval | quote }}
|
||||
- name: RABBITMQ_HOST
|
||||
value: {{ .Values.env.rabbitmq.host | quote }}
|
||||
- name: RABBITMQ_PORT
|
||||
value: {{ .Values.env.rabbitmq.port | quote }}
|
||||
- name: RABBITMQ_VHOST
|
||||
value: {{ .Values.env.rabbitmq.vhost | quote }}
|
||||
- name: RABBITMQ_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: rabbitmq-username
|
||||
- name: RABBITMQ_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: rabbitmq-password
|
||||
- name: RABBITMQ_INPUT_QUEUE
|
||||
value: {{ .Values.env.rabbitmq.inputQueue | quote }}
|
||||
- name: RABBITMQ_OUTPUT_QUEUE
|
||||
value: {{ .Values.env.rabbitmq.outputQueue | quote }}
|
||||
- name: RABBITMQ_ENABLE_EXCHANGE_BINDING
|
||||
value: {{ .Values.env.rabbitmq.enableExchangeBinding | quote }}
|
||||
- name: RABBITMQ_INPUT_EXCHANGE
|
||||
value: {{ .Values.env.rabbitmq.inputExchange | quote }}
|
||||
- name: RABBITMQ_INPUT_EXCHANGE_TYPE
|
||||
value: {{ .Values.env.rabbitmq.inputExchangeType | quote }}
|
||||
- name: RABBITMQ_INPUT_ROUTING_KEY
|
||||
value: {{ .Values.env.rabbitmq.inputRoutingKey | quote }}
|
||||
- name: RABBITMQ_OUTPUT_EXCHANGE
|
||||
value: {{ .Values.env.rabbitmq.outputExchange | quote }}
|
||||
- name: RABBITMQ_OUTPUT_ROUTING_KEY
|
||||
value: {{ .Values.env.rabbitmq.outputRoutingKey | quote }}
|
||||
- name: JENKINS_ENDPOINT
|
||||
value: {{ .Values.env.jenkins.endpoint | quote }}
|
||||
- name: JENKINS_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: jenkins-username
|
||||
- name: JENKINS_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: jenkins-token
|
||||
- name: JENKINS_API_TIMEOUT
|
||||
value: {{ .Values.env.jenkins.apiTimeout | quote }}
|
||||
- name: JENKINS_FOLDER_CREATION_RETRY_COUNT
|
||||
value: {{ .Values.env.jenkins.folderCreationRetryCount | quote }}
|
||||
- name: ARGOCD_ENDPOINT
|
||||
value: {{ .Values.env.argocd.endpoint | quote }}
|
||||
- name: ARGOCD_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: argocd-username
|
||||
- name: ARGOCD_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: argocd-password
|
||||
- name: ARGOCD_API_TIMEOUT
|
||||
value: {{ .Values.env.argocd.apiTimeout | quote }}
|
||||
- name: ARGOCD_RESOURCE_CREATION_TIMEOUT
|
||||
value: {{ .Values.env.argocd.resourceCreationTimeout | quote }}
|
||||
- name: DEFAULT_GIT_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: default-git-username
|
||||
- name: DEFAULT_GIT_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: default-git-password
|
||||
- name: DEFAULT_DOCKER_REGISTRY_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: default-docker-registry-username
|
||||
- name: DEFAULT_DOCKER_REGISTRY_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: default-docker-registry-password
|
||||
- name: DOCKER_REGISTRY_PAT_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: docker-registry-pat-username
|
||||
- name: DOCKER_REGISTRY_PAT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: docker-registry-pat
|
||||
- name: ALLOW_HTTP_GIT_URLS
|
||||
value: {{ .Values.env.allowHttpGitUrls | quote }}
|
||||
- name: DOMAIN_TEMPLATE
|
||||
value: {{ .Values.env.networkResources.domainTemplate | quote }}
|
||||
- name: INGRESS_CLASS_NAME
|
||||
value: {{ .Values.env.networkResources.ingressClassName | quote }}
|
||||
- name: CERT_MANAGER_CLUSTER_ISSUER
|
||||
value: {{ .Values.env.networkResources.certManagerClusterIssuer | quote }}
|
||||
- name: INGRESS_CONTROLLER_IP
|
||||
value: {{ .Values.env.networkResources.ingressControllerIp | quote }}
|
||||
- name: DNS_CREATION_TIMEOUT
|
||||
value: {{ .Values.env.networkResources.dnsCreationTimeout | quote }}
|
||||
- name: CERTIFICATE_ISSUANCE_TIMEOUT
|
||||
value: {{ .Values.env.networkResources.certificateIssuanceTimeout | quote }}
|
||||
- name: INGRESS_READY_TIMEOUT
|
||||
value: {{ .Values.env.networkResources.ingressReadyTimeout | quote }}
|
||||
- name: NETWORK_RESOURCE_CLEANUP_TIMEOUT
|
||||
value: {{ .Values.env.networkResources.networkResourceCleanupTimeout | quote }}
|
||||
- name: NETWORK_RESOURCE_RETRY_COUNT
|
||||
value: {{ .Values.env.networkResources.networkResourceRetryCount | quote }}
|
||||
- name: NETWORK_RESOURCE_RETRY_DELAY
|
||||
value: {{ .Values.env.networkResources.networkResourceRetryDelay | quote }}
|
||||
- name: AZURE_KEY_VAULT_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: azure-key-vault-endpoint
|
||||
- name: AZURE_KEY_VAULT_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: azure-key-vault-client-id
|
||||
- name: AZURE_KEY_VAULT_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: azure-key-vault-client-secret
|
||||
- name: AZURE_KEY_VAULT_TENANT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: azure-key-vault-tenant-id
|
||||
- name: AZURE_KEY_VAULT_RESOURCE_GROUP
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: azure-key-vault-resource-group
|
||||
- name: AZURE_KEY_VAULT_SUBSCRIPTION_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: azure-key-vault-subscription-id
|
||||
- name: AZURE_KEY_VAULT_NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: azure-key-vault-name
|
||||
- name: AZURE_DNS_SUBSCRIPTION_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: azure-dns-subscription-id
|
||||
- name: AZURE_DNS_TENANT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: azure-dns-tenant-id
|
||||
- name: AZURE_DNS_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: azure-dns-client-id
|
||||
- name: AZURE_DNS_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: azure-dns-client-secret
|
||||
- name: AZURE_DNS_RESOURCE_GROUP
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: azure-dns-resource-group
|
||||
- name: AZURE_DNS_ZONE_NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
key: azure-dns-zone-name
|
||||
{{- end }}
|
||||
@ -0,0 +1,119 @@
|
||||
{{- if .Values.crds.install }}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: argosettings.freeleaps.com
|
||||
labels:
|
||||
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-weight": "-5"
|
||||
{{- if .Values.crds.keep }}
|
||||
"helm.sh/resource-policy": keep
|
||||
{{- end }}
|
||||
spec:
|
||||
group: freeleaps.com
|
||||
scope: Namespaced
|
||||
names:
|
||||
kind: ArgoSetting
|
||||
listKind: ArgoSettingList
|
||||
singular: argosetting
|
||||
plural: argosettings
|
||||
shortNames:
|
||||
- argo
|
||||
- argos
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
required: ['spec']
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
required:
|
||||
- projectId
|
||||
- environments
|
||||
properties:
|
||||
projectId:
|
||||
type: string
|
||||
description: "Reference to DevOpsProject ID"
|
||||
environments:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
- namespace
|
||||
- repoUrl
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
enum: ["dev", "staging", "prod"]
|
||||
namespace:
|
||||
type: string
|
||||
description: "Target Kubernetes namespace"
|
||||
repoUrl:
|
||||
type: string
|
||||
description: "Helm chart repository URL"
|
||||
path:
|
||||
type: string
|
||||
description: "Path to chart in repository"
|
||||
default: "."
|
||||
targetRevision:
|
||||
type: string
|
||||
description: "Git branch or tag"
|
||||
default: "HEAD"
|
||||
syncPolicy:
|
||||
type: object
|
||||
properties:
|
||||
automated:
|
||||
type: object
|
||||
properties:
|
||||
prune:
|
||||
type: boolean
|
||||
default: false
|
||||
selfHeal:
|
||||
type: boolean
|
||||
default: false
|
||||
syncOptions:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
status:
|
||||
type: object
|
||||
properties:
|
||||
argoSettings:
|
||||
type: object
|
||||
properties:
|
||||
status:
|
||||
type: string
|
||||
enum: ["invalid", "valid", "synced"]
|
||||
synced:
|
||||
type: boolean
|
||||
ready:
|
||||
type: boolean
|
||||
lastProbeTime:
|
||||
type: string
|
||||
format: date-time
|
||||
subresources:
|
||||
status: {}
|
||||
additionalPrinterColumns:
|
||||
- name: Project ID
|
||||
type: string
|
||||
jsonPath: .spec.projectId
|
||||
- name: Environments
|
||||
type: string
|
||||
jsonPath: .spec.environments[*].name
|
||||
- name: Status
|
||||
type: string
|
||||
jsonPath: .status.argoSettings.status
|
||||
- name: Ready
|
||||
type: boolean
|
||||
jsonPath: .status.argoSettings.ready
|
||||
- name: Age
|
||||
type: date
|
||||
jsonPath: .metadata.creationTimestamp
|
||||
{{- end }}
|
||||
@ -0,0 +1,125 @@
|
||||
{{- if .Values.crds.install }}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: containerregistries.freeleaps.com
|
||||
labels:
|
||||
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-weight": "-5"
|
||||
{{- if .Values.crds.keep }}
|
||||
"helm.sh/resource-policy": keep
|
||||
{{- end }}
|
||||
spec:
|
||||
group: freeleaps.com
|
||||
scope: Namespaced
|
||||
names:
|
||||
kind: ContainerRegistry
|
||||
listKind: ContainerRegistryList
|
||||
singular: containerregistry
|
||||
plural: containerregistries
|
||||
shortNames:
|
||||
- registry
|
||||
- reg
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
required: ['spec']
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
required:
|
||||
- projectId
|
||||
- registryUrl
|
||||
- project
|
||||
properties:
|
||||
projectId:
|
||||
type: string
|
||||
description: "Reference to DevOpsProject ID"
|
||||
registryUrl:
|
||||
type: string
|
||||
description: "Container registry URL"
|
||||
project:
|
||||
type: string
|
||||
description: "Registry project/namespace"
|
||||
credentialsRef:
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: "Secret name containing registry credentials"
|
||||
namespace:
|
||||
type: string
|
||||
description: "Secret namespace"
|
||||
repositories:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: "Repository name"
|
||||
description:
|
||||
type: string
|
||||
description: "Repository description"
|
||||
public:
|
||||
type: boolean
|
||||
default: false
|
||||
status:
|
||||
type: object
|
||||
properties:
|
||||
containerRegistry:
|
||||
type: object
|
||||
properties:
|
||||
status:
|
||||
type: string
|
||||
enum: ["invalid", "valid", "synced"]
|
||||
synced:
|
||||
type: boolean
|
||||
ready:
|
||||
type: boolean
|
||||
lastProbeTime:
|
||||
type: string
|
||||
format: date-time
|
||||
repositories:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
url:
|
||||
type: string
|
||||
created:
|
||||
type: boolean
|
||||
subresources:
|
||||
status: {}
|
||||
additionalPrinterColumns:
|
||||
- name: Project ID
|
||||
type: string
|
||||
jsonPath: .spec.projectId
|
||||
- name: Registry URL
|
||||
type: string
|
||||
jsonPath: .spec.registryUrl
|
||||
- name: Project
|
||||
type: string
|
||||
jsonPath: .spec.project
|
||||
- name: Status
|
||||
type: string
|
||||
jsonPath: .status.containerRegistry.status
|
||||
- name: Ready
|
||||
type: boolean
|
||||
jsonPath: .status.containerRegistry.ready
|
||||
- name: Age
|
||||
type: date
|
||||
jsonPath: .metadata.creationTimestamp
|
||||
{{- end }}
|
||||
@ -0,0 +1,139 @@
|
||||
{{- if .Values.crds.install }}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: deploymentrecords.freeleaps.com
|
||||
labels:
|
||||
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-weight": "-5"
|
||||
{{- if .Values.crds.keep }}
|
||||
"helm.sh/resource-policy": keep
|
||||
{{- end }}
|
||||
spec:
|
||||
group: freeleaps.com
|
||||
scope: Namespaced
|
||||
names:
|
||||
kind: DeploymentRecord
|
||||
listKind: DeploymentRecordList
|
||||
singular: deploymentrecord
|
||||
plural: deploymentrecords
|
||||
shortNames:
|
||||
- deploy
|
||||
- dr
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
required: ['spec']
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
required:
|
||||
- projectId
|
||||
- version
|
||||
- environment
|
||||
properties:
|
||||
projectId:
|
||||
type: string
|
||||
description: "Reference to DevOpsProject ID"
|
||||
version:
|
||||
type: string
|
||||
description: "Application version to deploy"
|
||||
environment:
|
||||
type: string
|
||||
enum: ["dev", "staging", "prod"]
|
||||
description: "Target environment"
|
||||
gitCommitHash:
|
||||
type: string
|
||||
description: "Git commit hash for this deployment"
|
||||
buildTrigger:
|
||||
type: string
|
||||
enum: ["manual", "webhook", "schedule", "api"]
|
||||
default: "manual"
|
||||
description: "What triggered this deployment"
|
||||
operation:
|
||||
type: string
|
||||
enum: ["start", "terminate", "restart"]
|
||||
default: "start"
|
||||
description: "Deployment operation to perform"
|
||||
ttlSeconds:
|
||||
type: integer
|
||||
minimum: 0
|
||||
description: "TTL for this deployment in seconds"
|
||||
parameters:
|
||||
type: object
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: "Additional deployment parameters"
|
||||
status:
|
||||
type: object
|
||||
properties:
|
||||
deploymentRecord:
|
||||
type: object
|
||||
properties:
|
||||
status:
|
||||
type: string
|
||||
enum: ["running", "success", "failed", "terminated"]
|
||||
phase:
|
||||
type: string
|
||||
enum: ["initializing", "commit-message-linting", "execute-mode-detection", "code-changes-detection", "build-agent-setup", "dependencies-resolving", "semantic-releasing", "compilation-packaging", "image-builder-setup", "image-building", "app-version-updating", "deployment-triggering", "deployment-syncing", "deployment-verification", "resource-cleanup", "finished"]
|
||||
startTime:
|
||||
type: string
|
||||
format: date-time
|
||||
completionTime:
|
||||
type: string
|
||||
format: date-time
|
||||
lastProbeTime:
|
||||
type: string
|
||||
format: date-time
|
||||
jenkinsBuildNumber:
|
||||
type: integer
|
||||
description: "Jenkins build number"
|
||||
jenkinsBuildUrl:
|
||||
type: string
|
||||
description: "Jenkins build URL"
|
||||
argoSyncStatus:
|
||||
type: string
|
||||
description: "Argo CD sync status"
|
||||
message:
|
||||
type: string
|
||||
description: "Status message"
|
||||
networkResources:
|
||||
type: object
|
||||
properties:
|
||||
domain:
|
||||
type: string
|
||||
certificate:
|
||||
type: string
|
||||
ingress:
|
||||
type: string
|
||||
subresources:
|
||||
status: {}
|
||||
additionalPrinterColumns:
|
||||
- name: Project ID
|
||||
type: string
|
||||
jsonPath: .spec.projectId
|
||||
- name: Version
|
||||
type: string
|
||||
jsonPath: .spec.version
|
||||
- name: Environment
|
||||
type: string
|
||||
jsonPath: .spec.environment
|
||||
- name: Status
|
||||
type: string
|
||||
jsonPath: .status.deploymentRecord.status
|
||||
- name: Phase
|
||||
type: string
|
||||
jsonPath: .status.deploymentRecord.phase
|
||||
- name: Build
|
||||
type: integer
|
||||
jsonPath: .status.deploymentRecord.jenkinsBuildNumber
|
||||
- name: Age
|
||||
type: date
|
||||
jsonPath: .metadata.creationTimestamp
|
||||
{{- end }}
|
||||
@ -0,0 +1,145 @@
|
||||
{{- if .Values.crds.install }}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: devopsprojects.freeleaps.com
|
||||
labels:
|
||||
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-weight": "-5"
|
||||
{{- if .Values.crds.keep }}
|
||||
"helm.sh/resource-policy": keep
|
||||
{{- end }}
|
||||
spec:
|
||||
group: freeleaps.com
|
||||
scope: Namespaced
|
||||
names:
|
||||
kind: DevOpsProject
|
||||
listKind: DevOpsProjectList
|
||||
singular: devopsproject
|
||||
plural: devopsprojects
|
||||
shortNames:
|
||||
- dop
|
||||
- dops
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
required: ['spec']
|
||||
properties:
|
||||
metadata:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
maxLength: 63
|
||||
spec:
|
||||
type: object
|
||||
required:
|
||||
- projectName
|
||||
- projectId
|
||||
- git
|
||||
- registry
|
||||
- environments
|
||||
properties:
|
||||
projectName:
|
||||
type: string
|
||||
description: "Human readable project name"
|
||||
projectId:
|
||||
type: string
|
||||
description: "Unique project identifier"
|
||||
pattern: "^[a-z0-9]([a-z0-9-]*[a-z0-9])?$"
|
||||
git:
|
||||
type: object
|
||||
required:
|
||||
- url
|
||||
- branch
|
||||
properties:
|
||||
url:
|
||||
type: string
|
||||
description: "Git repository URL"
|
||||
branch:
|
||||
type: string
|
||||
description: "Default git branch"
|
||||
default: "main"
|
||||
credentialsRef:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
registry:
|
||||
type: object
|
||||
required:
|
||||
- url
|
||||
- project
|
||||
properties:
|
||||
url:
|
||||
type: string
|
||||
description: "Container registry URL"
|
||||
project:
|
||||
type: string
|
||||
description: "Registry project/namespace"
|
||||
credentialsRef:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
environments:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
- branch
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
enum: ["dev", "staging", "prod"]
|
||||
branch:
|
||||
type: string
|
||||
autoSync:
|
||||
type: boolean
|
||||
default: false
|
||||
status:
|
||||
type: object
|
||||
properties:
|
||||
devopsProject:
|
||||
type: object
|
||||
properties:
|
||||
status:
|
||||
type: string
|
||||
enum: ["invalid", "valid", "synced"]
|
||||
synced:
|
||||
type: boolean
|
||||
ready:
|
||||
type: boolean
|
||||
lastProbeTime:
|
||||
type: string
|
||||
format: date-time
|
||||
subresources:
|
||||
status: {}
|
||||
additionalPrinterColumns:
|
||||
- name: Project ID
|
||||
type: string
|
||||
jsonPath: .spec.projectId
|
||||
- name: Git URL
|
||||
type: string
|
||||
jsonPath: .spec.git.url
|
||||
- name: Status
|
||||
type: string
|
||||
jsonPath: .status.devopsProject.status
|
||||
- name: Ready
|
||||
type: boolean
|
||||
jsonPath: .status.devopsProject.ready
|
||||
- name: Age
|
||||
type: date
|
||||
jsonPath: .metadata.creationTimestamp
|
||||
{{- end }}
|
||||
@ -0,0 +1,97 @@
|
||||
{{- if .Values.crds.install }}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: gitcredentials.freeleaps.com
|
||||
labels:
|
||||
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-weight": "-5"
|
||||
{{- if .Values.crds.keep }}
|
||||
"helm.sh/resource-policy": keep
|
||||
{{- end }}
|
||||
spec:
|
||||
group: freeleaps.com
|
||||
scope: Namespaced
|
||||
names:
|
||||
kind: GitCredentials
|
||||
listKind: GitCredentialsList
|
||||
singular: gitcredentials
|
||||
plural: gitcredentials
|
||||
shortNames:
|
||||
- gitcred
|
||||
- gc
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
required: ['spec']
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
required:
|
||||
- gitUrl
|
||||
- credentialsRef
|
||||
properties:
|
||||
gitUrl:
|
||||
type: string
|
||||
description: "Git repository URL or domain"
|
||||
credentialsRef:
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: "Secret name containing git credentials"
|
||||
namespace:
|
||||
type: string
|
||||
description: "Secret namespace"
|
||||
credentialsId:
|
||||
type: string
|
||||
description: "Jenkins credentials ID to create/update"
|
||||
description:
|
||||
type: string
|
||||
description: "Description for the credentials"
|
||||
status:
|
||||
type: object
|
||||
properties:
|
||||
gitCredentials:
|
||||
type: object
|
||||
properties:
|
||||
status:
|
||||
type: string
|
||||
enum: ["invalid", "valid", "synced"]
|
||||
synced:
|
||||
type: boolean
|
||||
ready:
|
||||
type: boolean
|
||||
lastProbeTime:
|
||||
type: string
|
||||
format: date-time
|
||||
jenkinsCredentialsId:
|
||||
type: string
|
||||
description: "Created Jenkins credentials ID"
|
||||
subresources:
|
||||
status: {}
|
||||
additionalPrinterColumns:
|
||||
- name: Git URL
|
||||
type: string
|
||||
jsonPath: .spec.gitUrl
|
||||
- name: Credentials ID
|
||||
type: string
|
||||
jsonPath: .status.gitCredentials.jenkinsCredentialsId
|
||||
- name: Status
|
||||
type: string
|
||||
jsonPath: .status.gitCredentials.status
|
||||
- name: Ready
|
||||
type: boolean
|
||||
jsonPath: .status.gitCredentials.ready
|
||||
- name: Age
|
||||
type: date
|
||||
jsonPath: .metadata.creationTimestamp
|
||||
{{- end }}
|
||||
@ -0,0 +1,162 @@
|
||||
{{- if .Values.crds.install }}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: ingressresources.freeleaps.com
|
||||
labels:
|
||||
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-weight": "-5"
|
||||
{{- if .Values.crds.keep }}
|
||||
"helm.sh/resource-policy": keep
|
||||
{{- end }}
|
||||
spec:
|
||||
group: freeleaps.com
|
||||
scope: Namespaced
|
||||
names:
|
||||
kind: IngressResources
|
||||
listKind: IngressResourcesList
|
||||
singular: ingressresources
|
||||
plural: ingressresources
|
||||
shortNames:
|
||||
- ingress
|
||||
- ir
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
required: ['spec']
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
required:
|
||||
- projectId
|
||||
- environment
|
||||
- domain
|
||||
properties:
|
||||
projectId:
|
||||
type: string
|
||||
description: "Reference to DevOpsProject ID"
|
||||
environment:
|
||||
type: string
|
||||
enum: ["dev", "staging", "prod"]
|
||||
description: "Target environment"
|
||||
domain:
|
||||
type: string
|
||||
description: "Domain name for the ingress"
|
||||
serviceName:
|
||||
type: string
|
||||
description: "Backend service name"
|
||||
servicePort:
|
||||
type: integer
|
||||
description: "Backend service port"
|
||||
default: 80
|
||||
tlsEnabled:
|
||||
type: boolean
|
||||
description: "Enable TLS/SSL"
|
||||
default: true
|
||||
certificateIssuer:
|
||||
type: string
|
||||
description: "cert-manager ClusterIssuer name"
|
||||
default: "letsencrypt-prod"
|
||||
ingressClassName:
|
||||
type: string
|
||||
description: "Ingress class name"
|
||||
default: "nginx"
|
||||
annotations:
|
||||
type: object
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: "Additional ingress annotations"
|
||||
paths:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
required:
|
||||
- path
|
||||
properties:
|
||||
path:
|
||||
type: string
|
||||
description: "Path pattern"
|
||||
pathType:
|
||||
type: string
|
||||
enum: ["Exact", "Prefix", "ImplementationSpecific"]
|
||||
default: "Prefix"
|
||||
serviceName:
|
||||
type: string
|
||||
description: "Override service name for this path"
|
||||
servicePort:
|
||||
type: integer
|
||||
description: "Override service port for this path"
|
||||
status:
|
||||
type: object
|
||||
properties:
|
||||
ingressResources:
|
||||
type: object
|
||||
properties:
|
||||
status:
|
||||
type: string
|
||||
enum: ["invalid", "creating", "ready", "failed"]
|
||||
ready:
|
||||
type: boolean
|
||||
lastProbeTime:
|
||||
type: string
|
||||
format: date-time
|
||||
domain:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
created:
|
||||
type: boolean
|
||||
dnsReady:
|
||||
type: boolean
|
||||
certificate:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
issued:
|
||||
type: boolean
|
||||
ready:
|
||||
type: boolean
|
||||
ingress:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
created:
|
||||
type: boolean
|
||||
ready:
|
||||
type: boolean
|
||||
loadBalancerIP:
|
||||
type: string
|
||||
subresources:
|
||||
status: {}
|
||||
additionalPrinterColumns:
|
||||
- name: Project ID
|
||||
type: string
|
||||
jsonPath: .spec.projectId
|
||||
- name: Environment
|
||||
type: string
|
||||
jsonPath: .spec.environment
|
||||
- name: Domain
|
||||
type: string
|
||||
jsonPath: .spec.domain
|
||||
- name: TLS
|
||||
type: boolean
|
||||
jsonPath: .spec.tlsEnabled
|
||||
- name: Status
|
||||
type: string
|
||||
jsonPath: .status.ingressResources.status
|
||||
- name: Ready
|
||||
type: boolean
|
||||
jsonPath: .status.ingressResources.ready
|
||||
- name: Age
|
||||
type: date
|
||||
jsonPath: .metadata.creationTimestamp
|
||||
{{- end }}
|
||||
@ -0,0 +1,136 @@
|
||||
{{- if .Values.crds.install }}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: jenkinssettings.freeleaps.com
|
||||
labels:
|
||||
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-weight": "-5"
|
||||
{{- if .Values.crds.keep }}
|
||||
"helm.sh/resource-policy": keep
|
||||
{{- end }}
|
||||
spec:
|
||||
group: freeleaps.com
|
||||
scope: Namespaced
|
||||
names:
|
||||
kind: JenkinsSetting
|
||||
listKind: JenkinsSettingList
|
||||
singular: jenkinssetting
|
||||
plural: jenkinssettings
|
||||
shortNames:
|
||||
- jenkins
|
||||
- jen
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
required: ['spec']
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
required:
|
||||
- projectId
|
||||
- gitUrl
|
||||
- environments
|
||||
properties:
|
||||
projectId:
|
||||
type: string
|
||||
description: "Reference to DevOpsProject ID"
|
||||
gitUrl:
|
||||
type: string
|
||||
description: "Git repository URL for Jenkins pipelines"
|
||||
gitCredentialsId:
|
||||
type: string
|
||||
description: "Jenkins credentials ID for Git access"
|
||||
environments:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
- branch
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
enum: ["dev", "staging", "prod"]
|
||||
branch:
|
||||
type: string
|
||||
description: "Git branch for this environment"
|
||||
pipelineScript:
|
||||
type: string
|
||||
description: "Custom Jenkinsfile content"
|
||||
buildTriggers:
|
||||
type: object
|
||||
properties:
|
||||
webhook:
|
||||
type: boolean
|
||||
default: true
|
||||
schedule:
|
||||
type: string
|
||||
description: "Cron schedule for builds"
|
||||
folder:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
description: "Jenkins folder name"
|
||||
description:
|
||||
type: string
|
||||
description: "Jenkins folder description"
|
||||
status:
|
||||
type: object
|
||||
properties:
|
||||
jenkinsSettings:
|
||||
type: object
|
||||
properties:
|
||||
status:
|
||||
type: string
|
||||
enum: ["invalid", "valid", "synced"]
|
||||
synced:
|
||||
type: boolean
|
||||
ready:
|
||||
type: boolean
|
||||
lastProbeTime:
|
||||
type: string
|
||||
format: date-time
|
||||
folderUrl:
|
||||
type: string
|
||||
description: "Jenkins folder URL"
|
||||
jobs:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
environment:
|
||||
type: string
|
||||
url:
|
||||
type: string
|
||||
subresources:
|
||||
status: {}
|
||||
additionalPrinterColumns:
|
||||
- name: Project ID
|
||||
type: string
|
||||
jsonPath: .spec.projectId
|
||||
- name: Git URL
|
||||
type: string
|
||||
jsonPath: .spec.gitUrl
|
||||
- name: Environments
|
||||
type: string
|
||||
jsonPath: .spec.environments[*].name
|
||||
- name: Status
|
||||
type: string
|
||||
jsonPath: .status.jenkinsSettings.status
|
||||
- name: Ready
|
||||
type: boolean
|
||||
jsonPath: .status.jenkinsSettings.ready
|
||||
- name: Age
|
||||
type: date
|
||||
jsonPath: .metadata.creationTimestamp
|
||||
{{- end }}
|
||||
@ -0,0 +1,93 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}
|
||||
labels:
|
||||
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
strategy:
|
||||
{{- toYaml .Values.strategy | nindent 4 }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "freeleaps-devops-reconciler.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
{{- with .Values.podAnnotations }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
# Force pod restart on secret changes
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||
labels:
|
||||
{{- include "freeleaps-devops-reconciler.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "freeleaps-devops-reconciler.serviceAccountName" . }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||
image: {{ include "freeleaps-devops-reconciler.image" . }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: {{ .Values.service.targetPort }}
|
||||
protocol: TCP
|
||||
env:
|
||||
{{- include "freeleaps-devops-reconciler.env" . | nindent 12 }}
|
||||
{{- if .Values.healthcheck.livenessProbe.enabled }}
|
||||
livenessProbe:
|
||||
{{- with .Values.healthcheck.livenessProbe.httpGet }}
|
||||
httpGet:
|
||||
{{- toYaml . | nindent 14 }}
|
||||
{{- end }}
|
||||
initialDelaySeconds: {{ .Values.healthcheck.livenessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.healthcheck.livenessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.healthcheck.livenessProbe.timeoutSeconds }}
|
||||
failureThreshold: {{ .Values.healthcheck.livenessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
{{- if .Values.healthcheck.readinessProbe.enabled }}
|
||||
readinessProbe:
|
||||
{{- with .Values.healthcheck.readinessProbe.httpGet }}
|
||||
httpGet:
|
||||
{{- toYaml . | nindent 14 }}
|
||||
{{- end }}
|
||||
initialDelaySeconds: {{ .Values.healthcheck.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.healthcheck.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.healthcheck.readinessProbe.timeoutSeconds }}
|
||||
failureThreshold: {{ .Values.healthcheck.readinessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
{{- if .Values.securityContext.readOnlyRootFilesystem }}
|
||||
- name: tmp
|
||||
mountPath: /tmp
|
||||
- name: logs
|
||||
mountPath: /app/logs
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- if .Values.securityContext.readOnlyRootFilesystem }}
|
||||
- name: tmp
|
||||
emptyDir: {}
|
||||
- name: logs
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
@ -0,0 +1,59 @@
|
||||
{{- if .Values.ingress.enabled -}}
|
||||
{{- $fullName := include "freeleaps-devops-reconciler.fullname" . -}}
|
||||
{{- $svcPort := .Values.service.port -}}
|
||||
{{- if and .Values.ingress.className (not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class")) }}
|
||||
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
|
||||
{{- end }}
|
||||
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
{{- else -}}
|
||||
apiVersion: extensions/v1beta1
|
||||
{{- end }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $fullName }}
|
||||
labels:
|
||||
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
|
||||
{{- with .Values.ingress.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
|
||||
ingressClassName: {{ .Values.ingress.className }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.tls }}
|
||||
tls:
|
||||
{{- range .Values.ingress.tls }}
|
||||
- hosts:
|
||||
{{- range .hosts }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
secretName: {{ .secretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range .Values.ingress.hosts }}
|
||||
- host: {{ .host | quote }}
|
||||
http:
|
||||
paths:
|
||||
{{- range .paths }}
|
||||
- path: {{ .path }}
|
||||
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
|
||||
pathType: {{ .pathType }}
|
||||
{{- end }}
|
||||
backend:
|
||||
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
|
||||
service:
|
||||
name: {{ $fullName }}
|
||||
port:
|
||||
number: {{ $svcPort }}
|
||||
{{- else }}
|
||||
serviceName: {{ $fullName }}
|
||||
servicePort: {{ $svcPort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@ -0,0 +1,84 @@
|
||||
{{- if .Values.rbac.create -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}
|
||||
labels:
|
||||
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
|
||||
rules:
|
||||
# Core Kubernetes resources
|
||||
- apiGroups: [""]
|
||||
resources: ["events"]
|
||||
verbs: ["create", "patch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets", "configmaps"]
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||
- apiGroups: [""]
|
||||
resources: ["namespaces"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["services"]
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||
|
||||
# Apps resources
|
||||
- apiGroups: ["apps"]
|
||||
resources: ["deployments", "replicasets"]
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||
|
||||
# Networking resources
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["ingresses"]
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["networkpolicies"]
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||
|
||||
# cert-manager resources
|
||||
- apiGroups: ["cert-manager.io"]
|
||||
resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"]
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||
|
||||
# Argo CD resources
|
||||
- apiGroups: ["argoproj.io"]
|
||||
resources: ["applications", "appprojects"]
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||
|
||||
# Custom resources - FreeleapsDevOps
|
||||
- apiGroups: ["freeleaps.com"]
|
||||
resources: ["devopsprojects", "argosettings", "jenkinssettings", "containerregistries", "gitcredentials", "deploymentrecords", "ingressresources"]
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||
- apiGroups: ["freeleaps.com"]
|
||||
resources: ["devopsprojects/status", "argosettings/status", "jenkinssettings/status", "containerregistries/status", "gitcredentials/status", "deploymentrecords/status", "ingressresources/status"]
|
||||
verbs: ["get", "update", "patch"]
|
||||
- apiGroups: ["freeleaps.com"]
|
||||
resources: ["devopsprojects/finalizers", "argosettings/finalizers", "jenkinssettings/finalizers", "containerregistries/finalizers", "gitcredentials/finalizers", "deploymentrecords/finalizers", "ingressresources/finalizers"]
|
||||
verbs: ["update"]
|
||||
|
||||
# Kopf framework requirements
|
||||
- apiGroups: ["zalando.org"]
|
||||
resources: ["kopfpeerings"]
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||
- apiGroups: ["apiextensions.k8s.io"]
|
||||
resources: ["customresourcedefinitions"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
|
||||
# Additional rules from values
|
||||
{{- with .Values.rbac.additionalRules }}
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}
|
||||
labels:
|
||||
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "freeleaps-devops-reconciler.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
@ -1,27 +0,0 @@
|
||||
{{ $namespace := .Release.Namespace }}
|
||||
{{ $appVersion := .Chart.AppVersion | quote }}
|
||||
{{ $releaseCertificate := .Release.Service }}
|
||||
{{ $releaseName := .Release.Name }}
|
||||
{{- range $ingress := .Values.reconciler.ingresses }}
|
||||
{{- if not $ingress.tls.exists }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ $ingress.name }}
|
||||
namespace: {{ $namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/version: {{ $appVersion }}
|
||||
app.kubernetes.io/name: {{ $ingress.name | quote }}
|
||||
app.kubernetes.io/managed-by: {{ $releaseCertificate }}
|
||||
app.kubernetes.io/instance: {{ $releaseName }}
|
||||
spec:
|
||||
commonName: {{ $ingress.host }}
|
||||
dnsNames:
|
||||
- {{ $ingress.host }}
|
||||
issuerRef:
|
||||
name: {{ $ingress.tls.issuerRef.name }}
|
||||
kind: {{ $ingress.tls.issuerRef.kind }}
|
||||
secretName: {{ $ingress.tls.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@ -1,131 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
app.kubernetes.io/name: "reconciler"
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{/* logIngest related code commented out
|
||||
{{- if .Values.logIngest.enabled }}
|
||||
annotations:
|
||||
opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/reconciler/opentelemetry.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
*/}}
|
||||
name: "reconciler"
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: "reconciler"
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
replicas: {{ .Values.reconciler.replicas }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
app.kubernetes.io/name: "reconciler"
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
annotations:
|
||||
app.kubernetes.io/config-checksum: {{ include (print $.Template.BasePath "/reconciler/reconciler-config.yaml") . | sha256sum }}
|
||||
{{/* logIngest related code commented out
|
||||
{{- if .Values.logIngest.enabled }}
|
||||
opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/reconciler/opentelemetry.yaml") . | sha256sum }}
|
||||
sidecar.opentelemetry.io/inject: "{{ .Release.Namespace}}/{{ .Release.Name }}-opentelemetry-collector"
|
||||
{{- end }}
|
||||
*/}}
|
||||
spec:
|
||||
{{/* logIngest related code commented out
|
||||
{{- if .Values.logIngest.enabled }}
|
||||
serviceAccountName: "{{ .Release.Name }}-otel-collector"
|
||||
{{- end }}
|
||||
*/}}
|
||||
containers:
|
||||
- name: "reconciler"
|
||||
image: "{{ coalesce .Values.reconciler.image.registry .Values.global.registry "docker.io"}}/{{ coalesce .Values.reconciler.image.repository .Values.global.repository }}/{{ .Values.reconciler.image.name }}:{{ .Values.reconciler.image.tag | default "latest" }}"
|
||||
imagePullPolicy: {{ .Values.reconciler.image.imagePullPolicy | default "IfNotPresent" }}
|
||||
ports:
|
||||
{{- range $port := .Values.reconciler.ports }}
|
||||
- containerPort: {{ $port.containerPort }}
|
||||
name: {{ $port.name }}
|
||||
protocol: {{ $port.protocol }}
|
||||
{{- end }}
|
||||
{{- if .Values.reconciler.resources }}
|
||||
resources:
|
||||
{{- toYaml .Values.reconciler.resources | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.reconciler.probes }}
|
||||
{{- if and (.Values.reconciler.probes.liveness) (eq .Values.reconciler.probes.liveness.type "httpGet") }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: {{ .Values.reconciler.probes.liveness.config.path }}
|
||||
port: {{ .Values.reconciler.probes.liveness.config.port }}
|
||||
{{- if .Values.reconciler.probes.liveness.config.initialDelaySeconds }}
|
||||
initialDelaySeconds: {{ .Values.reconciler.probes.liveness.config.initialDelaySeconds }}
|
||||
{{- end }}
|
||||
{{- if .Values.reconciler.probes.liveness.config.periodSeconds }}
|
||||
periodSeconds: {{ .Values.reconciler.probes.liveness.config.periodSeconds }}
|
||||
{{- end }}
|
||||
{{- if .Values.reconciler.probes.liveness.config.timeoutSeconds }}
|
||||
timeoutSeconds: {{ .Values.reconciler.probes.liveness.config.timeoutSeconds }}
|
||||
{{- end }}
|
||||
{{- if .Values.reconciler.probes.liveness.config.successThreshold }}
|
||||
successThreshold: {{ .Values.reconciler.probes.liveness.config.successThreshold }}
|
||||
{{- end }}
|
||||
{{- if .Values.reconciler.probes.liveness.config.failureThreshold }}
|
||||
failureThreshold: {{ .Values.reconciler.probes.liveness.config.failureThreshold }}
|
||||
{{- end }}
|
||||
{{- if .Values.reconciler.probes.liveness.config.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ .Values.reconciler.probes.liveness.config.terminationGracePeriodSeconds }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and (.Values.reconciler.probes.readiness) (eq .Values.reconciler.probes.readiness.type "httpGet") }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: {{ .Values.reconciler.probes.readiness.config.path }}
|
||||
port: {{ .Values.reconciler.probes.readiness.config.port }}
|
||||
{{- if .Values.reconciler.probes.readiness.config.initialDelaySeconds }}
|
||||
initialDelaySeconds: {{ .Values.reconciler.probes.readiness.config.initialDelaySeconds }}
|
||||
{{- end }}
|
||||
{{- if .Values.reconciler.probes.readiness.config.periodSeconds }}
|
||||
periodSeconds: {{ .Values.reconciler.probes.readiness.config.periodSeconds }}
|
||||
{{- end }}
|
||||
{{- if .Values.reconciler.probes.readiness.config.timeoutSeconds }}
|
||||
timeoutSeconds: {{ .Values.reconciler.probes.readiness.config.timeoutSeconds }}
|
||||
{{- end }}
|
||||
{{- if .Values.reconciler.probes.readiness.config.successThreshold }}
|
||||
successThreshold: {{ .Values.reconciler.probes.readiness.config.successThreshold }}
|
||||
{{- end }}
|
||||
{{- if .Values.reconciler.probes.readiness.config.failureThreshold }}
|
||||
failureThreshold: {{ .Values.reconciler.probes.readiness.config.failureThreshold }}
|
||||
{{- end }}
|
||||
{{- if .Values.reconciler.probes.readiness.config.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ .Values.reconciler.probes.readiness.config.terminationGracePeriodSeconds }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end}}
|
||||
env:
|
||||
{{- range $key, $value := .Values.reconciler.configs }}
|
||||
- name: {{ $key | snakecase | upper }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: reconciler-config
|
||||
key: {{ $key | snakecase | upper }}
|
||||
{{- end }}
|
||||
{{/* logIngest related code commented out
|
||||
{{- if .Values.logIngest.enabled }}
|
||||
volumeMounts:
|
||||
- name: app-logs
|
||||
mountPath: {{ .Values.logIngest.logPath }}
|
||||
{{- end }}
|
||||
*/}}
|
||||
{{/* logIngest related code commented out
|
||||
{{- if .Values.logIngest.enabled }}
|
||||
volumes:
|
||||
- name: app-logs
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
*/}}
|
||||
@ -1,36 +0,0 @@
|
||||
{{ $namespace := .Release.Namespace }}
|
||||
{{ $appVersion := .Chart.AppVersion | quote }}
|
||||
{{ $releaseIngress := .Release.Service }}
|
||||
{{ $releaseName := .Release.Name }}
|
||||
{{- range $ingress := .Values.reconciler.ingresses }}
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $ingress.name }}
|
||||
namespace: {{ $namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/version: {{ $appVersion }}
|
||||
app.kubernetes.io/name: {{ $ingress.name | quote }}
|
||||
app.kubernetes.io/managed-by: {{ $releaseIngress }}
|
||||
app.kubernetes.io/instance: {{ $releaseName }}
|
||||
spec:
|
||||
{{- if $ingress.class }}
|
||||
ingressClassName: {{ $ingress.class }}
|
||||
{{- end }}
|
||||
{{- if $ingress.tls }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ $ingress.host }}
|
||||
{{- if $ingress.tls.exists }}
|
||||
secretName: {{ $ingress.tls.secretRef.name }}
|
||||
{{- else }}
|
||||
secretName: {{ $ingress.tls.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
- host: {{ $ingress.host }}
|
||||
http:
|
||||
paths:
|
||||
{{- toYaml $ingress.rules | nindent 10 }}
|
||||
{{- end }}
|
||||
@ -1,72 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: reconciler-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
type: Opaque
|
||||
data:
|
||||
DEBUG: {{ .Values.reconciler.configs.debug | b64enc | quote }}
|
||||
K8S_CLUSTER_DOMAIN: {{ .Values.reconciler.configs.k8sClusterDomain | b64enc | quote }}
|
||||
K_8S_CLUSTER_DOMAIN: {{ .Values.reconciler.configs.k8sClusterDomain | b64enc | quote }}
|
||||
AUTO_DISCOVER_K8S_CLUSTER_DOMAIN_MAX_RETRIES: {{ .Values.reconciler.configs.autoDiscoverK8sClusterDomainMaxRetries | toString | b64enc | quote }}
|
||||
AUTO_DISCOVER_K_8S_CLUSTER_DOMAIN_MAX_RETRIES: {{ .Values.reconciler.configs.autoDiscoverK8sClusterDomainMaxRetries | toString | b64enc | quote }}
|
||||
RABBITMQ_HOST: {{ .Values.reconciler.configs.rabbitmqHost | b64enc | quote }}
|
||||
RABBITMQ_PORT: {{ .Values.reconciler.configs.rabbitmqPort | toString | b64enc | quote }}
|
||||
RABBITMQ_USERNAME: {{ .Values.reconciler.configs.rabbitmqUsername | b64enc | quote }}
|
||||
RABBITMQ_PASSWORD: {{ .Values.reconciler.configs.rabbitmqPassword | b64enc | quote }}
|
||||
RABBITMQ_VHOST: {{ .Values.reconciler.configs.rabbitmqVhost | b64enc | quote }}
|
||||
RABBITMQ_INPUT_QUEUE: {{ .Values.reconciler.configs.rabbitmqInputQueue | b64enc | quote }}
|
||||
RABBITMQ_OUTPUT_QUEUE: {{ .Values.reconciler.configs.rabbitmqOutputQueue | b64enc | quote }}
|
||||
RABBITMQ_ENABLE_EXCHANGE_BINDING: {{ .Values.reconciler.configs.rabbitmqEnableExchangeBinding | b64enc | quote }}
|
||||
RABBITMQ_INPUT_EXCHANGE: {{ .Values.reconciler.configs.rabbitmqInputExchange | b64enc | quote }}
|
||||
RABBITMQ_INPUT_EXCHANGE_TYPE: {{ .Values.reconciler.configs.rabbitmqInputExchangeType | b64enc | quote }}
|
||||
RABBITMQ_INPUT_ROUTING_KEY: {{ .Values.reconciler.configs.rabbitmqInputRoutingKey | b64enc | quote }}
|
||||
RABBITMQ_OUTPUT_EXCHANGE: {{ .Values.reconciler.configs.rabbitmqOutputExchange | b64enc | quote }}
|
||||
RABBITMQ_OUTPUT_ROUTING_KEY: {{ .Values.reconciler.configs.rabbitmqOutputRoutingKey | b64enc | quote }}
|
||||
JENKINS_ENDPOINT: {{ .Values.reconciler.configs.jenkinsEndpoint | b64enc | quote }}
|
||||
JENKINS_USERNAME: {{ .Values.reconciler.configs.jenkinsUsername | b64enc | quote }}
|
||||
JENKINS_TOKEN: {{ .Values.reconciler.configs.jenkinsToken | b64enc | quote }}
|
||||
JENKINS_API_TIMEOUT: {{ .Values.reconciler.configs.jenkinsApiTimeout | toString | b64enc | quote }}
|
||||
JENKINS_FOLDER_CREATION_RETRY_COUNT: {{ .Values.reconciler.configs.jenkinsFolderCreationRetryCount | toString | b64enc | quote }}
|
||||
ARGOCD_ENDPOINT: {{ .Values.reconciler.configs.argocdEndpoint | b64enc | quote }}
|
||||
ARGOCD_USERNAME: {{ .Values.reconciler.configs.argocdUsername | b64enc | quote }}
|
||||
ARGOCD_PASSWORD: {{ .Values.reconciler.configs.argocdPassword | b64enc | quote }}
|
||||
ARGOCD_API_TIMEOUT: {{ .Values.reconciler.configs.argocdApiTimeout | toString | b64enc | quote }}
|
||||
ARGOCD_RESOURCE_CREATION_TIMEOUT: {{ .Values.reconciler.configs.argocdResourceCreationTimeout | toString | b64enc | quote }}
|
||||
DEFAULT_GIT_USERNAME: {{ .Values.reconciler.configs.defaultGitUsername | b64enc | quote }}
|
||||
DEFAULT_GIT_PASSWORD: {{ .Values.reconciler.configs.defaultGitPassword | b64enc | quote }}
|
||||
DEFAULT_REGISTRY_USERNAME: {{ .Values.reconciler.configs.defaultRegistryUsername | b64enc | quote }}
|
||||
DEFAULT_REGISTRY_PASSWORD: {{ .Values.reconciler.configs.defaultRegistryPassword | b64enc | quote }}
|
||||
KUBERNETES_API_TIMEOUT: {{ .Values.reconciler.configs.kubernetesApiTimeout | toString | b64enc | quote }}
|
||||
DEFAULT_HTTP_TIMEOUT: {{ .Values.reconciler.configs.defaultHttpTimeout | toString | b64enc | quote }}
|
||||
ALLOW_HTTP_GIT_URLS: {{ .Values.reconciler.configs.allowHttpGitUrls | b64enc | quote }}
|
||||
LOG_LEVEL: {{ .Values.reconciler.configs.logLevel | b64enc | quote }}
|
||||
LOG_FORMAT: {{ .Values.reconciler.configs.logFormat | b64enc | quote }}
|
||||
OPERATOR_NAMESPACE: {{ .Values.reconciler.configs.operatorNamespace | b64enc | quote }}
|
||||
RECONCILE_INTERVAL: {{ .Values.reconciler.configs.reconcileInterval | toString | b64enc | quote }}
|
||||
ENABLE_MOCK_SERVICE: {{ .Values.reconciler.configs.enableMockService | b64enc | quote }}
|
||||
MOCK_SERVICE_PORT: {{ .Values.reconciler.configs.mockServicePort | toString | b64enc | quote }}
|
||||
DEV_MODE: {{ .Values.reconciler.configs.devMode | b64enc | quote }}
|
||||
GODADDY_API_KEY: {{ .Values.reconciler.configs.godaddyApiKey | b64enc | quote }}
|
||||
GODADDY_API_SECRET: {{ .Values.reconciler.configs.godaddyApiSecret | b64enc | quote }}
|
||||
GODADDY_BASE_DOMAIN: {{ .Values.reconciler.configs.godaddyBaseDomain | b64enc | quote }}
|
||||
DOMAIN_TEMPLATE: {{ .Values.reconciler.configs.domainTemplate | b64enc | quote }}
|
||||
INGRESS_CLASS_NAME: {{ .Values.reconciler.configs.ingressClassName | b64enc | quote }}
|
||||
CERT_MANAGER_CLUSTER_ISSUER: {{ .Values.reconciler.configs.certManagerClusterIssuer | b64enc | quote }}
|
||||
DNS_CREATION_TIMEOUT: {{ .Values.reconciler.configs.dnsCreationTimeout | toString | b64enc | quote }}
|
||||
CERTIFICATE_ISSUANCE_TIMEOUT: {{ .Values.reconciler.configs.certificateIssuanceTimeout | toString | b64enc | quote }}
|
||||
INGRESS_READY_TIMEOUT: {{ .Values.reconciler.configs.ingressReadyTimeout | toString | b64enc | quote }}
|
||||
NETWORK_RESOURCE_CLEANUP_TIMEOUT: {{ .Values.reconciler.configs.networkResourceCleanupTimeout | toString | b64enc | quote }}
|
||||
NETWORK_RESOURCE_RETRY_COUNT: {{ .Values.reconciler.configs.networkResourceRetryCount | toString | b64enc | quote }}
|
||||
NETWORK_RESOURCE_RETRY_DELAY: {{ .Values.reconciler.configs.networkResourceRetryDelay | toString | b64enc | quote }}
|
||||
SERVICE_API_ACCESS_HOST: {{ .Values.reconciler.configs.serviceApiAccessHost | b64enc | quote }}
|
||||
SERVICE_API_ACCESS_PORT: {{ .Values.reconciler.configs.serviceApiAccessPort | toString | b64enc | quote }}
|
||||
MONGODB_NAME: {{ .Values.reconciler.configs.mongodbName | b64enc | quote }}
|
||||
MONGODB_URI: {{ .Values.reconciler.configs.mongodbUri | b64enc | quote }}
|
||||
MONGODB_PORT: {{ .Values.reconciler.configs.mongodbPort | toString | b64enc | quote }}
|
||||
REDIS_URL: {{ .Values.reconciler.configs.redisUrl | b64enc | quote }}
|
||||
REDIS_IS_CLUSTER: {{ .Values.reconciler.configs.redisIsCluster | b64enc | quote }}
|
||||
JWT_SECRET_KEY: {{ .Values.reconciler.configs.jwtSecretKey | b64enc | quote }}
|
||||
JWT_ALGORITHM: {{ .Values.reconciler.configs.jwtAlgorithm | b64enc | quote }}
|
||||
METRICS_ENABLED: {{ .Values.reconciler.configs.metricsEnabled | b64enc | quote }}
|
||||
PROBES_ENABLED: {{ .Values.reconciler.configs.probesEnabled | b64enc | quote }}
|
||||
@ -1,26 +0,0 @@
|
||||
{{ $namespace := .Release.Namespace }}
|
||||
{{ $appVersion := .Chart.AppVersion | quote }}
|
||||
{{ $releaseService := .Release.Service }}
|
||||
{{ $releaseName := .Release.Name }}
|
||||
{{- range $service := .Values.reconciler.services }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ $service.name }}
|
||||
namespace: {{ $namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/version: {{ $appVersion }}
|
||||
app.kubernetes.io/name: {{ $service.name | quote }}
|
||||
app.kubernetes.io/managed-by: {{ $releaseService }}
|
||||
app.kubernetes.io/instance: {{ $releaseName }}
|
||||
spec:
|
||||
ports:
|
||||
- port: {{ $service.port }}
|
||||
targetPort: {{ $service.targetPort }}
|
||||
selector:
|
||||
app.kubernetes.io/version: {{ $appVersion }}
|
||||
app.kubernetes.io/name: "reconciler"
|
||||
app.kubernetes.io/managed-by: {{ $releaseService }}
|
||||
app.kubernetes.io/instance: {{ $releaseName }}
|
||||
{{- end }}
|
||||
@ -1,40 +0,0 @@
|
||||
{{ $namespace := .Release.Namespace }}
|
||||
{{ $appVersion := .Chart.AppVersion | quote }}
|
||||
{{ $releaseService := .Release.Service }}
|
||||
{{ $releaseName := .Release.Name }}
|
||||
|
||||
{{- range $service := .Values.reconciler.services }}
|
||||
{{- if $service.serviceMonitor.enabled }}
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ $service.name }}-monitor
|
||||
namespace: {{ $service.serviceMonitor.namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/version: {{ $appVersion }}
|
||||
app.kubernetes.io/name: {{ $service.name }}-monitor
|
||||
app.kubernetes.io/managed-by: {{ $releaseService }}
|
||||
app.kubernetes.io/instance: {{ $releaseName }}
|
||||
{{- if $service.serviceMonitor.labels }}
|
||||
{{- toYaml $service.serviceMonitor.labels | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
endpoints:
|
||||
- path: /api/_/metrics
|
||||
targetPort: {{ $service.targetPort }}
|
||||
{{- if $service.serviceMonitor.interval }}
|
||||
interval: {{ $service.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if $service.serviceMonitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ $service.serviceMonitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ $namespace | quote }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ $service.name }}
|
||||
app.kubernetes.io/instance: {{ $releaseName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@ -1,32 +0,0 @@
|
||||
{{- if .Values.reconciler.vpa }}
|
||||
---
|
||||
apiVersion: autoscaling.k8s.io/v1
|
||||
kind: VerticalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-reconciler-vpa
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
targetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: reconciler
|
||||
resourcePolicy:
|
||||
containerPolicies:
|
||||
- containerName: '*'
|
||||
{{- if .Values.reconciler.vpa.minAllowed.enabled }}
|
||||
minAllowed:
|
||||
cpu: {{ .Values.reconciler.vpa.minAllowed.cpu }}
|
||||
memory: {{ .Values.reconciler.vpa.minAllowed.memory }}
|
||||
{{- end }}
|
||||
{{- if .Values.reconciler.vpa.maxAllowed.enabled }}
|
||||
maxAllowed:
|
||||
cpu: {{ .Values.reconciler.vpa.maxAllowed.cpu }}
|
||||
memory: {{ .Values.reconciler.vpa.maxAllowed.memory }}
|
||||
{{- end }}
|
||||
{{- if .Values.reconciler.vpa.controlledResources }}
|
||||
controlledResources:
|
||||
{{- range .Values.reconciler.vpa.controlledResources }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@ -0,0 +1,48 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets
|
||||
labels:
|
||||
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
|
||||
type: Opaque
|
||||
data:
|
||||
# RabbitMQ credentials
|
||||
rabbitmq-username: {{ .Values.secrets.rabbitmqCredentials.username | b64enc }}
|
||||
rabbitmq-password: {{ .Values.secrets.rabbitmqCredentials.password | b64enc }}
|
||||
|
||||
# Jenkins credentials
|
||||
jenkins-username: {{ .Values.secrets.jenkinsCredentials.username | b64enc }}
|
||||
jenkins-token: {{ .Values.secrets.jenkinsCredentials.token | b64enc }}
|
||||
|
||||
# ArgoCD credentials
|
||||
argocd-username: {{ .Values.secrets.argocdCredentials.username | b64enc }}
|
||||
argocd-password: {{ .Values.secrets.argocdCredentials.password | b64enc }}
|
||||
|
||||
# Default Git credentials
|
||||
default-git-username: {{ .Values.secrets.defaultGitCredentials.username | b64enc }}
|
||||
default-git-password: {{ .Values.secrets.defaultGitCredentials.password | b64enc }}
|
||||
|
||||
# Default Docker Registry credentials
|
||||
default-docker-registry-username: {{ .Values.secrets.defaultDockerRegistryCredentials.username | b64enc }}
|
||||
default-docker-registry-password: {{ .Values.secrets.defaultDockerRegistryCredentials.password | b64enc }}
|
||||
|
||||
# Docker Registry PAT credentials
|
||||
docker-registry-pat-username: {{ .Values.secrets.dockerRegistryPat.username | b64enc }}
|
||||
docker-registry-pat: {{ .Values.secrets.dockerRegistryPat.token | b64enc }}
|
||||
|
||||
# Azure Key Vault credentials
|
||||
azure-key-vault-endpoint: {{ .Values.secrets.azureKeyVault.endpoint | b64enc }}
|
||||
azure-key-vault-client-id: {{ .Values.secrets.azureKeyVault.clientId | b64enc }}
|
||||
azure-key-vault-client-secret: {{ .Values.secrets.azureKeyVault.clientSecret | b64enc }}
|
||||
azure-key-vault-tenant-id: {{ .Values.secrets.azureKeyVault.tenantId | b64enc }}
|
||||
azure-key-vault-resource-group: {{ .Values.secrets.azureKeyVault.resourceGroup | b64enc }}
|
||||
azure-key-vault-subscription-id: {{ .Values.secrets.azureKeyVault.subscriptionId | b64enc }}
|
||||
azure-key-vault-name: {{ .Values.secrets.azureKeyVault.name | b64enc }}
|
||||
|
||||
# Azure DNS credentials
|
||||
azure-dns-subscription-id: {{ .Values.secrets.azureDns.subscriptionId | b64enc }}
|
||||
azure-dns-tenant-id: {{ .Values.secrets.azureDns.tenantId | b64enc }}
|
||||
azure-dns-client-id: {{ .Values.secrets.azureDns.clientId | b64enc }}
|
||||
azure-dns-client-secret: {{ .Values.secrets.azureDns.clientSecret | b64enc }}
|
||||
azure-dns-resource-group: {{ .Values.secrets.azureDns.resourceGroup | b64enc }}
|
||||
azure-dns-zone-name: {{ .Values.secrets.azureDns.zoneName | b64enc }}
|
||||
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "freeleaps-devops-reconciler.fullname" . }}
|
||||
labels:
|
||||
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
|
||||
spec:
|
||||
type: {{ .Values.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.service.port }}
|
||||
targetPort: {{ .Values.service.targetPort }}
|
||||
protocol: TCP
|
||||
name: http
|
||||
{{- with .Values.service.additionalPorts }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
selector:
|
||||
{{- include "freeleaps-devops-reconciler.selectorLabels" . | nindent 4 }}
|
||||
@ -0,0 +1,13 @@
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "freeleaps-devops-reconciler.serviceAccountName" . }}
|
||||
labels:
|
||||
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: true
|
||||
{{- end }}
|
||||
@ -1,115 +1,227 @@
|
||||
global:
|
||||
registry: docker.io
|
||||
repository: freeleaps
|
||||
nodeSelector: {}
|
||||
logIngest:
|
||||
enabled: false
|
||||
reconciler:
|
||||
replicas: 1
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: null
|
||||
name: reconciler
|
||||
tag: snapshot-2a5bb92
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
protocol: TCP
|
||||
resources:
|
||||
requests:
|
||||
cpu: '0.1'
|
||||
memory: 64Mi
|
||||
limits:
|
||||
cpu: '0.2'
|
||||
memory: 128Mi
|
||||
probes: {}
|
||||
services:
|
||||
- name: reconciler-service
|
||||
# Default values for freeleaps-devops-reconciler
|
||||
replicaCount: 1
|
||||
|
||||
image:
|
||||
repository: freeleaps/reconciler
|
||||
pullPolicy: IfNotPresent
|
||||
tag: ""
|
||||
|
||||
imagePullSecrets: []
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
|
||||
# Operator Configuration
|
||||
operator:
|
||||
clusterwide: false
|
||||
priority: 100
|
||||
peeringName: "freeleaps-devops-reconciler"
|
||||
namespaces:
|
||||
- "freeleaps-devops-system"
|
||||
debug: false
|
||||
|
||||
serviceAccount:
|
||||
create: true
|
||||
annotations: {}
|
||||
name: ""
|
||||
|
||||
rbac:
|
||||
create: true
|
||||
additionalRules: []
|
||||
|
||||
podAnnotations: {}
|
||||
|
||||
podSecurityContext:
|
||||
fsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 8080
|
||||
targetPort: 8080
|
||||
|
||||
ingress:
|
||||
enabled: false
|
||||
className: ""
|
||||
annotations: {}
|
||||
hosts:
|
||||
- host: devops-reconciler.local
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls: []
|
||||
|
||||
resources:
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
|
||||
# Environment Configuration
|
||||
env:
|
||||
# General Configuration
|
||||
reconcilerDebug: "false"
|
||||
defaultHttpTimeout: "30s"
|
||||
k8sClusterDomain: "kubernetes.default.svc.freeleaps.cluster"
|
||||
kubernetesApiTimeout: "30s"
|
||||
autoDiscoverK8sClusterDomainMaxRetries: "5"
|
||||
logLevel: "INFO"
|
||||
logFormat: "text"
|
||||
operatorNamespace: "freeleaps-devops-system"
|
||||
reconcileInterval: "30s"
|
||||
allowHttpGitUrls: "false"
|
||||
|
||||
# RabbitMQ Configuration
|
||||
rabbitmq:
|
||||
host: "freeleaps-alpha-rabbitmq-cluster.freeleaps-alpha.svc.freeleaps.cluster"
|
||||
port: "5672"
|
||||
vhost: "/"
|
||||
inputQueue: "freeleaps.devops.reconciler.input"
|
||||
outputQueue: "freeleaps.devops.reconciler.output"
|
||||
enableExchangeBinding: "true"
|
||||
inputExchange: "freeleaps.notification.exchange"
|
||||
inputExchangeType: "direct"
|
||||
inputRoutingKey: "freeleaps.devops.reconciler.input"
|
||||
outputExchange: "freeleaps.notification.exchange"
|
||||
outputRoutingKey: "freeleaps.devops.reconciler.output"
|
||||
|
||||
# Jenkins Configuration
|
||||
jenkins:
|
||||
endpoint: "http://jenkins.freeleaps-devops-system.svc.freeleaps.cluster:8080"
|
||||
apiTimeout: "30"
|
||||
folderCreationRetryCount: "3"
|
||||
|
||||
# ArgoCD Configuration
|
||||
argocd:
|
||||
endpoint: "http://argocd-server.freeleaps-devops-system.svc.freeleaps.cluster:80"
|
||||
apiTimeout: "30"
|
||||
resourceCreationTimeout: "300"
|
||||
|
||||
# Network Resource Management
|
||||
networkResources:
|
||||
domainTemplate: "{env}.{project_id}.internalmathmast.com"
|
||||
ingressClassName: "nginx"
|
||||
certManagerClusterIssuer: "internal-mathmast-com"
|
||||
ingressControllerIp: "4.155.160.32"
|
||||
dnsCreationTimeout: "300"
|
||||
certificateIssuanceTimeout: "600"
|
||||
ingressReadyTimeout: "300"
|
||||
networkResourceCleanupTimeout: "300"
|
||||
networkResourceRetryCount: "3"
|
||||
networkResourceRetryDelay: "30"
|
||||
|
||||
# Secret data
|
||||
secrets:
|
||||
# RabbitMQ credentials
|
||||
rabbitmqCredentials:
|
||||
username: "user"
|
||||
password: "4O80YlxnlhHrjzaM"
|
||||
|
||||
# Jenkins credentials
|
||||
jenkinsCredentials:
|
||||
username: "admin"
|
||||
token: "119fe346a7d5e1fc7f9ed4d98eac3e73ee"
|
||||
|
||||
# ArgoCD credentials
|
||||
argocdCredentials:
|
||||
username: "admin"
|
||||
password: "ELvjjaHupgWomLj9"
|
||||
|
||||
# Default Git credentials
|
||||
defaultGitCredentials:
|
||||
username: "freeleaps"
|
||||
password: "r8sA8CPHD9!bt6d"
|
||||
|
||||
# Default Docker Registry credentials
|
||||
defaultDockerRegistryCredentials:
|
||||
username: "freeleapsdevops"
|
||||
password: "dckr_pat_y-KsBOwcEGTdCQDsAb-NBz9_beg"
|
||||
|
||||
# Docker Registry PAT credentials
|
||||
dockerRegistryPat:
|
||||
username: "freeleapsdevops"
|
||||
token: "dckr_pat_UHFbzDZk-gZSM2UhRgnmTCMis9g"
|
||||
|
||||
# Azure Key Vault configuration
|
||||
azureKeyVault:
|
||||
endpoint: "https://freeleaps-secrets.vault.azure.net/"
|
||||
clientId: "b6be5b92-25a8-482d-8dcd-7321bf2f83d9"
|
||||
clientSecret: "4Nx8Q~fYFM~V~3otsN7YB4GPRQ0R8CHJ7XtpLcVA"
|
||||
tenantId: "cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24"
|
||||
subscriptionId: "0a280068-dec4-4bf0-9f04-65b64f412b50"
|
||||
resourceGroup: "k8s"
|
||||
name: "freeleaps-secrets"
|
||||
|
||||
# Azure DNS configuration
|
||||
azureDns:
|
||||
subscriptionId: "0a280068-dec4-4bf0-9f04-65b64f412b50"
|
||||
tenantId: "cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24"
|
||||
clientId: "b6be5b92-25a8-482d-8dcd-7321bf2f83d9"
|
||||
clientSecret: "4Nx8Q~fYFM~V~3otsN7YB4GPRQ0R8CHJ7XtpLcVA"
|
||||
resourceGroup: "k8s"
|
||||
zoneName: "internalmathmast.com"
|
||||
|
||||
# Monitoring
|
||||
monitoring:
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
labels:
|
||||
release: kube-prometheus-stack
|
||||
namespace: freeleaps-monitoring-system
|
||||
interval: 30s
|
||||
scrapeTimeout: ''
|
||||
ingresses: {}
|
||||
configs:
|
||||
debug: 'false'
|
||||
k8sClusterDomain: kubernetes.default.svc.cluster.local
|
||||
autoDiscoverK8sClusterDomainMaxRetries: 5
|
||||
rabbitmqHost: localhost
|
||||
rabbitmqPort: 5672
|
||||
rabbitmqUsername: admin
|
||||
rabbitmqPassword: admin
|
||||
rabbitmqVhost: /
|
||||
rabbitmqInputQueue: freeleaps.devops.reconciler.input
|
||||
rabbitmqOutputQueue: freeleaps.devops.reconciler.output
|
||||
rabbitmqEnableExchangeBinding: 'true'
|
||||
rabbitmqInputExchange: freeleaps.notification.exchange
|
||||
rabbitmqInputExchangeType: direct
|
||||
rabbitmqInputRoutingKey: freeleaps.devops.reconciler.input
|
||||
rabbitmqOutputExchange: freeleaps.notification.exchange
|
||||
rabbitmqOutputRoutingKey: freeleaps.devops.reconciler.output
|
||||
jenkinsEndpoint: http://localhost:8080
|
||||
jenkinsUsername: admin
|
||||
jenkinsToken: admin
|
||||
jenkinsApiTimeout: 30
|
||||
jenkinsFolderCreationRetryCount: 3
|
||||
argocdEndpoint: http://localhost:8080
|
||||
argocdUsername: admin
|
||||
argocdPassword: admin
|
||||
argocdApiTimeout: 30
|
||||
argocdResourceCreationTimeout: 30
|
||||
defaultGitUsername: admin
|
||||
defaultGitPassword: admin
|
||||
defaultRegistryUsername: admin
|
||||
defaultRegistryPassword: admin
|
||||
kubernetesApiTimeout: 30
|
||||
defaultHttpTimeout: 30
|
||||
allowHttpGitUrls: 'false'
|
||||
logLevel: INFO
|
||||
logFormat: text
|
||||
operatorNamespace: freeleaps-devops-system
|
||||
reconcileInterval: 30
|
||||
enableMockService: 'false'
|
||||
mockServicePort: 5000
|
||||
devMode: 'false'
|
||||
godaddyApiKey: ''
|
||||
godaddyApiSecret: ''
|
||||
godaddyBaseDomain: mathmast.com
|
||||
domainTemplate: '{env}.{project_id}.mathmast.com'
|
||||
ingressClassName: nginx
|
||||
certManagerClusterIssuer: letsencrypt-prod
|
||||
dnsCreationTimeout: 300
|
||||
certificateIssuanceTimeout: 600
|
||||
ingressReadyTimeout: 300
|
||||
networkResourceCleanupTimeout: 300
|
||||
networkResourceRetryCount: 3
|
||||
networkResourceRetryDelay: 30
|
||||
serviceApiAccessHost: 0.0.0.0
|
||||
serviceApiAccessPort: '8080'
|
||||
mongodbName: ''
|
||||
mongodbUri: ''
|
||||
mongodbPort: ''
|
||||
redisUrl: ''
|
||||
redisIsCluster: 'false'
|
||||
jwtSecretKey: ''
|
||||
jwtAlgorithm: ''
|
||||
metricsEnabled: 'false'
|
||||
probesEnabled: 'false'
|
||||
vpa:
|
||||
minAllowed:
|
||||
scrapeTimeout: 10s
|
||||
labels: {}
|
||||
grafanaDashboard:
|
||||
enabled: false
|
||||
cpu: 100m
|
||||
memory: 64Mi
|
||||
maxAllowed:
|
||||
labels: {}
|
||||
|
||||
# Health checks
|
||||
healthcheck:
|
||||
livenessProbe:
|
||||
enabled: true
|
||||
cpu: 100m
|
||||
memory: 256Mi
|
||||
controlledResources:
|
||||
- cpu
|
||||
- memory
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 8080
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
enabled: true
|
||||
httpGet:
|
||||
path: /ready
|
||||
port: 8080
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 3
|
||||
failureThreshold: 3
|
||||
|
||||
# Deployment strategy
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
maxSurge: 1
|
||||
|
||||
# Network Policy
|
||||
networkPolicy:
|
||||
enabled: false
|
||||
ingress: []
|
||||
egress: []
|
||||
|
||||
# CRDs Management
|
||||
crds:
|
||||
install: true
|
||||
keep: true
|
||||
@ -1,131 +1,227 @@
|
||||
global:
|
||||
registry: docker.io
|
||||
repository: freeleaps
|
||||
nodeSelector: {}
|
||||
logIngest:
|
||||
enabled: false
|
||||
reconciler:
|
||||
replicas: 1
|
||||
image:
|
||||
registry:
|
||||
repository: freeleaps
|
||||
name: reconciler
|
||||
tag: 1.0.0
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
protocol: TCP
|
||||
resources:
|
||||
requests:
|
||||
cpu: "0.1"
|
||||
memory: "64Mi"
|
||||
limits:
|
||||
cpu: "0.2"
|
||||
memory: "128Mi"
|
||||
# FIXME: Wait until the developers implements the probes APIs
|
||||
probes: {}
|
||||
services:
|
||||
- name: reconciler-service
|
||||
# Default values for freeleaps-devops-reconciler
|
||||
replicaCount: 1
|
||||
|
||||
image:
|
||||
repository: freeleaps/reconciler
|
||||
pullPolicy: IfNotPresent
|
||||
tag: ""
|
||||
|
||||
imagePullSecrets: []
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
|
||||
# Operator Configuration
|
||||
operator:
|
||||
clusterwide: false
|
||||
priority: 100
|
||||
peeringName: "freeleaps-devops-reconciler"
|
||||
namespaces:
|
||||
- "freeleaps-devops-system"
|
||||
debug: false
|
||||
|
||||
serviceAccount:
|
||||
create: true
|
||||
annotations: {}
|
||||
name: ""
|
||||
|
||||
rbac:
|
||||
create: true
|
||||
additionalRules: []
|
||||
|
||||
podAnnotations: {}
|
||||
|
||||
podSecurityContext:
|
||||
fsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 8080
|
||||
targetPort: 8080
|
||||
serviceMonitor:
|
||||
|
||||
ingress:
|
||||
enabled: false
|
||||
labels:
|
||||
release: kube-prometheus-stack
|
||||
namespace: freeleaps-monitoring-system
|
||||
interval: 30s
|
||||
scrapeTimeout: ""
|
||||
# Defaults to {}, which means doesn't have any ingress
|
||||
ingresses: {}
|
||||
configs:
|
||||
# General
|
||||
debug: "false"
|
||||
k8sClusterDomain: "kubernetes.default.svc.cluster.local"
|
||||
autoDiscoverK8sClusterDomainMaxRetries: 5
|
||||
# RabbitMQ
|
||||
rabbitmqHost: "localhost"
|
||||
rabbitmqPort: 5672
|
||||
rabbitmqUsername: "admin"
|
||||
rabbitmqPassword: "admin"
|
||||
rabbitmqVhost: "/"
|
||||
rabbitmqInputQueue: "freeleaps.devops.reconciler.input"
|
||||
rabbitmqOutputQueue: "freeleaps.devops.reconciler.output"
|
||||
rabbitmqEnableExchangeBinding: "true"
|
||||
rabbitmqInputExchange: "freeleaps.notification.exchange"
|
||||
rabbitmqInputExchangeType: "direct"
|
||||
rabbitmqInputRoutingKey: "freeleaps.devops.reconciler.input"
|
||||
rabbitmqOutputExchange: "freeleaps.notification.exchange"
|
||||
rabbitmqOutputRoutingKey: "freeleaps.devops.reconciler.output"
|
||||
# Jenkins
|
||||
jenkinsEndpoint: "http://localhost:8080"
|
||||
jenkinsUsername: "admin"
|
||||
jenkinsToken: "admin"
|
||||
jenkinsApiTimeout: 30
|
||||
jenkinsFolderCreationRetryCount: 3
|
||||
# ArgoCD
|
||||
argocdEndpoint: "http://localhost:8080"
|
||||
argocdUsername: "admin"
|
||||
argocdPassword: "admin"
|
||||
argocdApiTimeout: 30
|
||||
argocdResourceCreationTimeout: 30
|
||||
# Default Credentials
|
||||
defaultGitUsername: "admin"
|
||||
defaultGitPassword: "admin"
|
||||
defaultRegistryUsername: "admin"
|
||||
defaultRegistryPassword: "admin"
|
||||
# API Timeouts
|
||||
kubernetesApiTimeout: 30
|
||||
defaultHttpTimeout: 30
|
||||
# Git
|
||||
allowHttpGitUrls: "false"
|
||||
# Advanced
|
||||
className: ""
|
||||
annotations: {}
|
||||
hosts:
|
||||
- host: devops-reconciler.local
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls: []
|
||||
|
||||
resources:
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
|
||||
# Environment Configuration
|
||||
env:
|
||||
# General Configuration
|
||||
reconcilerDebug: "false"
|
||||
defaultHttpTimeout: "30s"
|
||||
k8sClusterDomain: "cluster.local"
|
||||
kubernetesApiTimeout: "30s"
|
||||
autoDiscoverK8sClusterDomainMaxRetries: "5"
|
||||
logLevel: "INFO"
|
||||
logFormat: "text"
|
||||
operatorNamespace: "freeleaps-devops-system"
|
||||
reconcileInterval: 30
|
||||
# Development
|
||||
enableMockService: "false"
|
||||
mockServicePort: 5000
|
||||
devMode: "false"
|
||||
reconcileInterval: "30s"
|
||||
allowHttpGitUrls: "false"
|
||||
|
||||
# RabbitMQ Configuration
|
||||
rabbitmq:
|
||||
host: "localhost"
|
||||
port: "5672"
|
||||
vhost: "/"
|
||||
inputQueue: "freeleaps.devops.reconciler.input"
|
||||
outputQueue: "freeleaps.devops.reconciler.output"
|
||||
enableExchangeBinding: "true"
|
||||
inputExchange: "freeleaps.notification.exchange"
|
||||
inputExchangeType: "direct"
|
||||
inputRoutingKey: "freeleaps.devops.reconciler.input"
|
||||
outputExchange: "freeleaps.notification.exchange"
|
||||
outputRoutingKey: "freeleaps.devops.reconciler.output"
|
||||
|
||||
# Jenkins Configuration
|
||||
jenkins:
|
||||
endpoint: "http://localhost:8080"
|
||||
apiTimeout: "30s"
|
||||
folderCreationRetryCount: "3"
|
||||
|
||||
# ArgoCD Configuration
|
||||
argocd:
|
||||
endpoint: "http://localhost:8080"
|
||||
apiTimeout: "30s"
|
||||
resourceCreationTimeout: "300s"
|
||||
|
||||
# Network Resource Management
|
||||
godaddyApiKey: ""
|
||||
godaddyApiSecret: ""
|
||||
godaddyBaseDomain: "mathmast.com"
|
||||
domainTemplate: "{env}.{project_id}.mathmast.com"
|
||||
networkResources:
|
||||
domainTemplate: "{env}.{project_id}.example.com"
|
||||
ingressClassName: "nginx"
|
||||
certManagerClusterIssuer: "letsencrypt-prod"
|
||||
dnsCreationTimeout: 300
|
||||
certificateIssuanceTimeout: 600
|
||||
ingressReadyTimeout: 300
|
||||
networkResourceCleanupTimeout: 300
|
||||
networkResourceRetryCount: 3
|
||||
networkResourceRetryDelay: 30
|
||||
# Service
|
||||
serviceApiAccessHost: "0.0.0.0"
|
||||
serviceApiAccessPort: "8080"
|
||||
# MongoDB/Redis (add if needed)
|
||||
mongodbName: ""
|
||||
mongodbUri: ""
|
||||
mongodbPort: ""
|
||||
redisUrl: ""
|
||||
redisIsCluster: "false"
|
||||
# JWT
|
||||
jwtSecretKey: ""
|
||||
jwtAlgorithm: ""
|
||||
# Metrics/Probes
|
||||
metricsEnabled: "false"
|
||||
probesEnabled: "false"
|
||||
vpa:
|
||||
minAllowed:
|
||||
ingressControllerIp: "127.0.0.1"
|
||||
dnsCreationTimeout: "300s"
|
||||
certificateIssuanceTimeout: "600s"
|
||||
ingressReadyTimeout: "300s"
|
||||
networkResourceCleanupTimeout: "300s"
|
||||
networkResourceRetryCount: "3"
|
||||
networkResourceRetryDelay: "30s"
|
||||
|
||||
# Secret data
|
||||
secrets:
|
||||
# RabbitMQ credentials
|
||||
rabbitmqCredentials:
|
||||
username: "admin"
|
||||
password: "changeme"
|
||||
|
||||
# Jenkins credentials
|
||||
jenkinsCredentials:
|
||||
username: "admin"
|
||||
token: "changeme"
|
||||
|
||||
# ArgoCD credentials
|
||||
argocdCredentials:
|
||||
username: "admin"
|
||||
password: "changeme"
|
||||
|
||||
# Default Git credentials
|
||||
defaultGitCredentials:
|
||||
username: "git-user"
|
||||
password: "changeme"
|
||||
|
||||
# Default Docker Registry credentials
|
||||
defaultDockerRegistryCredentials:
|
||||
username: "registry-user"
|
||||
password: "changeme"
|
||||
|
||||
# Docker Registry PAT credentials
|
||||
dockerRegistryPat:
|
||||
username: "pat-user"
|
||||
token: "changeme"
|
||||
|
||||
# Azure Key Vault configuration
|
||||
azureKeyVault:
|
||||
endpoint: "https://your-keyvault.vault.azure.net/"
|
||||
clientId: "your-client-id"
|
||||
clientSecret: "changeme"
|
||||
tenantId: "your-tenant-id"
|
||||
subscriptionId: "your-subscription-id"
|
||||
resourceGroup: "your-resource-group"
|
||||
name: "your-keyvault-name"
|
||||
|
||||
# Azure DNS configuration
|
||||
azureDns:
|
||||
subscriptionId: "your-subscription-id"
|
||||
tenantId: "your-tenant-id"
|
||||
clientId: "your-client-id"
|
||||
clientSecret: "changeme"
|
||||
resourceGroup: "your-resource-group"
|
||||
zoneName: "your-zone.com"
|
||||
|
||||
# Monitoring
|
||||
monitoring:
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
cpu: "0.1"
|
||||
memory: "64Mi"
|
||||
maxAllowed:
|
||||
interval: 30s
|
||||
scrapeTimeout: 10s
|
||||
labels: {}
|
||||
grafanaDashboard:
|
||||
enabled: false
|
||||
labels: {}
|
||||
|
||||
# Health checks
|
||||
healthcheck:
|
||||
livenessProbe:
|
||||
enabled: true
|
||||
cpu: "0.2"
|
||||
memory: "128Mi"
|
||||
controlledResources:
|
||||
- cpu
|
||||
- memory
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 8080
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
enabled: true
|
||||
httpGet:
|
||||
path: /ready
|
||||
port: 8080
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 3
|
||||
failureThreshold: 3
|
||||
|
||||
# Deployment strategy
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
maxSurge: 1
|
||||
|
||||
# Network Policy
|
||||
networkPolicy:
|
||||
enabled: false
|
||||
ingress: []
|
||||
egress: []
|
||||
|
||||
# CRDs Management
|
||||
crds:
|
||||
install: true
|
||||
keep: true
|
||||
Loading…
Reference in New Issue
Block a user