icecheng/freeleaps-ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Deploy the reconciler in the production environment

Browse Source
This commit is contained in:
Nicolas 2025-08-19 17:28:27 +08:00
parent 3d4c21c0ea
commit c6cc341401
3 changed files with 237 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

202
freeleaps-devops-reconciler/helm-pkg/reconciler/values.prod.yaml Normal file
View File

@ -0,0 +1,202 @@
# Production values for freeleaps-devops-reconciler
replicaCount: 2
reconciler:
image:
repository: freeleaps/reconciler
pullPolicy: IfNotPresent
tag: ""
registry: docker.io
name: reconciler
imagePullSecrets: []
nameOverride: ''
fullnameOverride: ''
# Operator Configuration
operator:
clusterwide: false
priority: 100
peeringName: freeleaps-devops-reconciler
namespaces:
- freeleaps-devops-system
debug: false
serviceAccount:
create: true
annotations: {}
name: ''
rbac:
create: true
additionalRules: []
podAnnotations: {}
podSecurityContext:
fsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
service:
type: ClusterIP
port: 5000
targetPort: 5000
ingress:
enabled: false
className: ''
annotations: {}
hosts:
- host: devops-reconciler.local
paths:
- path: /
pathType: Prefix
tls: []
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
env:
reconcilerDebug: 'false'
defaultHttpTimeout: '30'
k8sClusterDomain: kubernetes.default.svc.freeleaps.cluster
kubernetesApiTimeout: '30'
autoDiscoverK8sClusterDomainMaxRetries: '5'
logLevel: INFO
logFormat: text
operatorNamespace: freeleaps-devops-system
reconcileInterval: '30'
allowHttpGitUrls: 'false'
rabbitmq:
host: freeleaps-prod-rabbitmq-headless.freeleaps-prod.svc.freeleaps.cluster
port: '5672'
vhost: /
inputQueue: freeleaps.devops.reconciler.input
outputQueue: freeleaps.devops.reconciler.output
enableExchangeBinding: 'true'
inputExchange: freeleaps.notification.exchange
inputExchangeType: direct
inputRoutingKey: freeleaps.devops.reconciler.input
outputExchange: freeleaps.notification.exchange
outputRoutingKey: freeleaps.devops.reconciler.output
jenkins:
endpoint: http://jenkins.freeleaps-devops-system.svc.freeleaps.cluster:8080
apiTimeout: '30'
folderCreationRetryCount: '3'
argocd:
endpoint: http://argocd-server.freeleaps-devops-system.svc.freeleaps.cluster:80
apiTimeout: '30'
resourceCreationTimeout: '300'
networkResources:
domainTemplate: '{env}.{project_id}.internalmathmast.com'
ingressClassName: nginx
certManagerClusterIssuer: internal-mathmast-com
ingressControllerIp: 4.155.160.32
dnsCreationTimeout: '300'
certificateIssuanceTimeout: '600'
ingressReadyTimeout: '300'
networkResourceCleanupTimeout: '300'
networkResourceRetryCount: '3'
networkResourceRetryDelay: '30'
secrets:
rabbitmqCredentials:
username: user
password: D3b0HKz71T0OcYF8
jenkinsCredentials:
username: admin
token: 119fe346a7d5e1fc7f9ed4d98eac3e73ee
argocdCredentials:
username: admin
password: ELvjjaHupgWomLj9
defaultGitCredentials:
username: freeleaps
password: r8sA8CPHD9!bt6d
defaultDockerRegistryCredentials:
username: freeleapsdevops
password: dckr_pat_y-KsBOwcEGTdCQDsAb-NBz9_beg
dockerRegistryPat:
username: freeleapsdevops
token: dckr_pat_UHFbzDZk-gZSM2UhRgnmTCMis9g
azureKeyVault:
endpoint: https://freeleaps-secrets.vault.azure.net/
clientId: b6be5b92-25a8-482d-8dcd-7321bf2f83d9
clientSecret: 4Nx8Q~fYFM~V~3otsN7YB4GPRQ0R8CHJ7XtpLcVA
tenantId: cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24
subscriptionId: 0a280068-dec4-4bf0-9f04-65b64f412b50
resourceGroup: k8s
name: freeleaps-secrets
azureDns:
subscriptionId: 0a280068-dec4-4bf0-9f04-65b64f412b50
tenantId: cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24
clientId: b6be5b92-25a8-482d-8dcd-7321bf2f83d9
clientSecret: 4Nx8Q~fYFM~V~3otsN7YB4GPRQ0R8CHJ7XtpLcVA
resourceGroup: k8s
zoneName: mathmast.com
monitoring:
serviceMonitor:
enabled: false
interval: 30s
scrapeTimeout: 10s
labels: {}
grafanaDashboard:
enabled: false
labels: {}
healthcheck:
livenessProbe:
enabled: false
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
enabled: false
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
networkPolicy:
enabled: false
ingress: []
egress: []
crds:
install: false
keep: true

1
freeleaps-devops-reconciler/prod/.gitkeep
View File

@ -1 +0,0 @@

35
freeleaps-devops-reconciler/prod/Jenkinsfile vendored Normal file
View File

@ -0,0 +1,35 @@
@Library('first-class-pipeline') _
executeFreeleapsPipeline {
serviceName = 'freeleaps-devops-reconciler'
environmentSlug = 'prod'
serviceGitBranch = 'dev'
serviceGitRepo = "https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-devops-reconciler.git"
serviceGitRepoType = 'monorepo'
serviceGitCredentialsId = 'freeleaps-ops-git-credentials'
executeMode = 'fully'
commitMessageLintEnabled = false
components = [
[
name: 'reconciler',
root: 'reconciler',
language: 'python',
dependenciesManager: 'pip',
requirementsFile: 'requirements.txt',
buildCacheEnabled: true,
buildAgentImage: 'python:3.12-slim',
buildArtifacts: ['.'],
lintEnabled: false,
sastEnabled: false,
imageRegistry: 'docker.io',
imageRepository: 'freeleaps',
imageName: 'reconciler',
imageBuilder: 'dind',
dockerfilePath: '../Dockerfile',
imageBuildRoot: '..',
imageReleaseArchitectures: ['linux/amd64', 'linux/arm64/v8'],
registryCredentialsId: 'freeleaps-devops-docker-hub-credentials',
semanticReleaseEnabled: true
]
]
}