From c6cc34140131ad5c700726bd62ff424348539b85 Mon Sep 17 00:00:00 2001
From: Nicolas <nicolas@mathmast.com>
Date: Tue, 19 Aug 2025 17:28:27 +0800
Subject: [PATCH] Deploy the reconciler in the production environment

---
 .../helm-pkg/reconciler/values.prod.yaml      | 202 ++++++++++++++++++
 freeleaps-devops-reconciler/prod/.gitkeep     |   1 -
 freeleaps-devops-reconciler/prod/Jenkinsfile  |  35 +++
 3 files changed, 237 insertions(+), 1 deletion(-)
 create mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/values.prod.yaml
 delete mode 100644 freeleaps-devops-reconciler/prod/.gitkeep
 create mode 100644 freeleaps-devops-reconciler/prod/Jenkinsfile

diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/values.prod.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/values.prod.yaml
new file mode 100644
index 00000000..318d6766
--- /dev/null
+++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/values.prod.yaml
@@ -0,0 +1,202 @@
+# Production values for freeleaps-devops-reconciler
+replicaCount: 2
+reconciler:
+  image:
+    repository: freeleaps/reconciler
+    pullPolicy: IfNotPresent
+    tag: ""
+    registry: docker.io
+    name: reconciler
+
+imagePullSecrets: []
+nameOverride: ''
+fullnameOverride: ''
+
+# Operator Configuration
+operator:
+  clusterwide: false
+  priority: 100
+  peeringName: freeleaps-devops-reconciler
+  namespaces:
+  - freeleaps-devops-system
+  debug: false
+
+serviceAccount:
+  create: true
+  annotations: {}
+  name: ''
+
+rbac:
+  create: true
+  additionalRules: []
+
+podAnnotations: {}
+
+podSecurityContext:
+  fsGroup: 1000
+  runAsNonRoot: true
+  runAsUser: 1000
+
+securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1000
+
+service:
+  type: ClusterIP
+  port: 5000
+  targetPort: 5000
+
+ingress:
+  enabled: false
+  className: ''
+  annotations: {}
+  hosts:
+  - host: devops-reconciler.local
+    paths:
+    - path: /
+      pathType: Prefix
+  tls: []
+
+resources:
+  limits:
+    cpu: 500m
+    memory: 512Mi
+  requests:
+    cpu: 100m
+    memory: 128Mi
+
+nodeSelector: {}
+tolerations: []
+affinity: {}
+
+env:
+  reconcilerDebug: 'false'
+  defaultHttpTimeout: '30'
+  k8sClusterDomain: kubernetes.default.svc.freeleaps.cluster
+  kubernetesApiTimeout: '30'
+  autoDiscoverK8sClusterDomainMaxRetries: '5'
+  logLevel: INFO
+  logFormat: text
+  operatorNamespace: freeleaps-devops-system
+  reconcileInterval: '30'
+  allowHttpGitUrls: 'false'
+  
+  rabbitmq:
+    host: freeleaps-prod-rabbitmq-headless.freeleaps-prod.svc.freeleaps.cluster
+    port: '5672'
+    vhost: /
+    inputQueue: freeleaps.devops.reconciler.input
+    outputQueue: freeleaps.devops.reconciler.output
+    enableExchangeBinding: 'true'
+    inputExchange: freeleaps.notification.exchange
+    inputExchangeType: direct
+    inputRoutingKey: freeleaps.devops.reconciler.input
+    outputExchange: freeleaps.notification.exchange
+    outputRoutingKey: freeleaps.devops.reconciler.output
+  
+  jenkins:
+    endpoint: http://jenkins.freeleaps-devops-system.svc.freeleaps.cluster:8080
+    apiTimeout: '30'
+    folderCreationRetryCount: '3'
+  
+  argocd:
+    endpoint: http://argocd-server.freeleaps-devops-system.svc.freeleaps.cluster:80
+    apiTimeout: '30'
+    resourceCreationTimeout: '300'
+  
+  networkResources:
+    domainTemplate: '{env}.{project_id}.internalmathmast.com'
+    ingressClassName: nginx
+    certManagerClusterIssuer: internal-mathmast-com
+    ingressControllerIp: 4.155.160.32
+    dnsCreationTimeout: '300'
+    certificateIssuanceTimeout: '600'
+    ingressReadyTimeout: '300'
+    networkResourceCleanupTimeout: '300'
+    networkResourceRetryCount: '3'
+    networkResourceRetryDelay: '30'
+
+secrets:
+  rabbitmqCredentials:
+    username: user
+    password: D3b0HKz71T0OcYF8
+  jenkinsCredentials:
+    username: admin
+    token: 119fe346a7d5e1fc7f9ed4d98eac3e73ee
+  argocdCredentials:
+    username: admin
+    password: ELvjjaHupgWomLj9
+  defaultGitCredentials:
+    username: freeleaps
+    password: r8sA8CPHD9!bt6d
+  defaultDockerRegistryCredentials:
+    username: freeleapsdevops
+    password: dckr_pat_y-KsBOwcEGTdCQDsAb-NBz9_beg
+  dockerRegistryPat:
+    username: freeleapsdevops
+    token: dckr_pat_UHFbzDZk-gZSM2UhRgnmTCMis9g
+  azureKeyVault:
+    endpoint: https://freeleaps-secrets.vault.azure.net/
+    clientId: b6be5b92-25a8-482d-8dcd-7321bf2f83d9
+    clientSecret: 4Nx8Q~fYFM~V~3otsN7YB4GPRQ0R8CHJ7XtpLcVA
+    tenantId: cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24
+    subscriptionId: 0a280068-dec4-4bf0-9f04-65b64f412b50
+    resourceGroup: k8s
+    name: freeleaps-secrets
+  azureDns:
+    subscriptionId: 0a280068-dec4-4bf0-9f04-65b64f412b50
+    tenantId: cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24
+    clientId: b6be5b92-25a8-482d-8dcd-7321bf2f83d9
+    clientSecret: 4Nx8Q~fYFM~V~3otsN7YB4GPRQ0R8CHJ7XtpLcVA
+    resourceGroup: k8s
+    zoneName: mathmast.com
+
+monitoring:
+  serviceMonitor:
+    enabled: false
+    interval: 30s
+    scrapeTimeout: 10s
+    labels: {}
+  grafanaDashboard:
+    enabled: false
+    labels: {}
+
+healthcheck:
+  livenessProbe:
+    enabled: false
+    httpGet:
+      path: /healthz
+      port: 8080
+    initialDelaySeconds: 30
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 3
+  readinessProbe:
+    enabled: false
+    httpGet:
+      path: /ready
+      port: 8080
+    initialDelaySeconds: 5
+    periodSeconds: 5
+    timeoutSeconds: 3
+    failureThreshold: 3
+
+strategy:
+  type: RollingUpdate
+  rollingUpdate:
+    maxUnavailable: 1
+    maxSurge: 1
+
+networkPolicy:
+  enabled: false
+  ingress: []
+  egress: []
+
+crds:
+  install: false 
+  keep: true
diff --git a/freeleaps-devops-reconciler/prod/.gitkeep b/freeleaps-devops-reconciler/prod/.gitkeep
deleted file mode 100644
index 0519ecba..00000000
--- a/freeleaps-devops-reconciler/prod/.gitkeep
+++ /dev/null
@@ -1 +0,0 @@
- 
\ No newline at end of file
diff --git a/freeleaps-devops-reconciler/prod/Jenkinsfile b/freeleaps-devops-reconciler/prod/Jenkinsfile
new file mode 100644
index 00000000..19ce0f49
--- /dev/null
+++ b/freeleaps-devops-reconciler/prod/Jenkinsfile
@@ -0,0 +1,35 @@
+@Library('first-class-pipeline') _
+
+executeFreeleapsPipeline {
+  serviceName = 'freeleaps-devops-reconciler'
+  environmentSlug = 'prod'
+  serviceGitBranch = 'dev'
+  serviceGitRepo = "https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-devops-reconciler.git"
+  serviceGitRepoType = 'monorepo'
+  serviceGitCredentialsId = 'freeleaps-ops-git-credentials'
+  executeMode = 'fully'
+  commitMessageLintEnabled = false
+  components = [
+    [
+      name: 'reconciler',
+      root: 'reconciler',
+      language: 'python',
+      dependenciesManager: 'pip',
+      requirementsFile: 'requirements.txt',
+      buildCacheEnabled: true,
+      buildAgentImage: 'python:3.12-slim',
+      buildArtifacts: ['.'],
+      lintEnabled: false,
+      sastEnabled: false,
+      imageRegistry: 'docker.io',
+      imageRepository: 'freeleaps',
+      imageName: 'reconciler',
+      imageBuilder: 'dind',
+      dockerfilePath: '../Dockerfile',
+      imageBuildRoot: '..',
+      imageReleaseArchitectures: ['linux/amd64', 'linux/arm64/v8'],
+      registryCredentialsId: 'freeleaps-devops-docker-hub-credentials',
+      semanticReleaseEnabled: true
+    ]
+  ]
+} 
\ No newline at end of file