From eae6ba99e2a276c5ff61a95539c20dd9d6626512 Mon Sep 17 00:00:00 2001 From: zhenyus Date: Thu, 31 Jul 2025 23:21:24 +0800 Subject: [PATCH] refactor(devsvc): restructure reconciler Helm chart and remove deprecated files - Deleted Jenkinsfile as CI/CD configuration is now handled differently. - Updated Chart.yaml to reflect new service name and versioning. - Enhanced values.yaml and values.alpha.yaml with comprehensive operator configuration and environment settings. - Removed obsolete templates for deployment, service, ingress, and monitoring. - Streamlined configuration for RabbitMQ, Jenkins, and ArgoCD integration. Signed-off-by: zhenyus --- .../Jenkinsfile | 0 .../helm-pkg/reconciler/Chart.yaml | 25 +- .../helm-pkg/reconciler/templates/NOTES.txt | 49 +++ .../reconciler/templates/_helpers.tpl | 275 ++++++++++++++ .../templates/crds/argosettings.yaml | 119 ++++++ .../templates/crds/containerregistries.yaml | 125 +++++++ .../templates/crds/deploymentrecords.yaml | 139 +++++++ .../templates/crds/devopsprojects.yaml | 145 ++++++++ .../templates/crds/gitcredentials.yaml | 97 +++++ .../templates/crds/ingressresources.yaml | 162 ++++++++ .../templates/crds/jenkinssettings.yaml | 136 +++++++ .../reconciler/templates/deployment.yaml | 93 +++++ .../reconciler/templates/ingress.yaml | 59 +++ .../helm-pkg/reconciler/templates/rbac.yaml | 84 +++++ .../templates/reconciler/certificate.yaml | 27 -- .../templates/reconciler/deployment.yaml | 131 ------- .../templates/reconciler/ingress.yaml | 36 -- .../reconciler/reconciler-config.yaml | 72 ---- .../templates/reconciler/service.yaml | 26 -- .../templates/reconciler/servicemonitor.yaml | 40 -- .../reconciler/templates/reconciler/vpa.yaml | 32 -- .../helm-pkg/reconciler/templates/secret.yaml | 48 +++ .../reconciler/templates/service.yaml | 18 + .../reconciler/templates/serviceaccount.yaml | 13 + .../helm-pkg/reconciler/values.alpha.yaml | 340 +++++++++++------ .../helm-pkg/reconciler/values.yaml | 352 +++++++++++------- 26 files changed, 2033 insertions(+), 610 deletions(-) rename freeleaps-devops-reconciler/alpha/ci/{ => freeleaps-devops-reconciler}/Jenkinsfile (100%) create mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/NOTES.txt create mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/_helpers.tpl create mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/argosettings.yaml create mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/containerregistries.yaml create mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/deploymentrecords.yaml create mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/devopsprojects.yaml create mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/gitcredentials.yaml create mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/ingressresources.yaml create mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/jenkinssettings.yaml create mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/deployment.yaml create mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/ingress.yaml create mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/rbac.yaml delete mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/certificate.yaml delete mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/deployment.yaml delete mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/ingress.yaml delete mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/reconciler-config.yaml delete mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/service.yaml delete mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/servicemonitor.yaml delete mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/vpa.yaml create mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/secret.yaml create mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/service.yaml create mode 100644 freeleaps-devops-reconciler/helm-pkg/reconciler/templates/serviceaccount.yaml diff --git a/freeleaps-devops-reconciler/alpha/ci/Jenkinsfile b/freeleaps-devops-reconciler/alpha/ci/freeleaps-devops-reconciler/Jenkinsfile similarity index 100% rename from freeleaps-devops-reconciler/alpha/ci/Jenkinsfile rename to freeleaps-devops-reconciler/alpha/ci/freeleaps-devops-reconciler/Jenkinsfile diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/Chart.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/Chart.yaml index 5a6e4a28..30f1f32c 100644 --- a/freeleaps-devops-reconciler/helm-pkg/reconciler/Chart.yaml +++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/Chart.yaml @@ -1,6 +1,23 @@ apiVersion: v2 -name: reconciler -description: A Helm Chart of reconciler service, which part of Freeleaps Platform, powered by Freeleaps. +name: freeleaps-devops-reconciler +description: A Kubernetes operator that automates and orchestrates DevOps workflows type: application -version: 0.0.1 -appVersion: "0.0.1" +version: 0.1.0 +appVersion: "0.1.0" +home: https://freeleaps.com +sources: + - https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-devops-reconciler +maintainers: + - name: Freeleaps DevOps Team + email: devops@freeleaps.com +keywords: + - kubernetes + - operator + - devops + - jenkins + - argocd + - gitops + - ci-cd +annotations: + category: DevOps + licenses: Apache-2.0 \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/NOTES.txt b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/NOTES.txt new file mode 100644 index 00000000..078291d2 --- /dev/null +++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/NOTES.txt @@ -0,0 +1,49 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "freeleaps-devops-reconciler.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "freeleaps-devops-reconciler.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "freeleaps-devops-reconciler.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "{{ include "freeleaps-devops-reconciler.selectorLabels" . }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} + +2. Check the status of the FreeleapsDevOps Reconciler: + kubectl get pods -n {{ .Release.Namespace }} + kubectl logs -n {{ .Release.Namespace }} deployment/{{ include "freeleaps-devops-reconciler.fullname" . }} + +3. Verify CRDs are installed: + kubectl get crds | grep freeleaps.com + +4. View available Custom Resources: + kubectl get devopsprojects -A + kubectl get argosettings -A + kubectl get jenkinssettings -A + kubectl get deploymentrecords -A + +{{- if .Values.crds.install }} +5. The following CRDs have been installed: + - devopsprojects.freeleaps.com + - argosettings.freeleaps.com + - jenkinssettings.freeleaps.com + - containerregistries.freeleaps.com + - gitcredentials.freeleaps.com + - deploymentrecords.freeleaps.com + - ingressresources.freeleaps.com +{{- end }} + +For more information and examples, visit: +https://gitea.freeleaps.mathmast.com/freeleaps/freeleaps-devops-reconciler \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/_helpers.tpl b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/_helpers.tpl new file mode 100644 index 00000000..f6578140 --- /dev/null +++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/_helpers.tpl @@ -0,0 +1,275 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "freeleaps-devops-reconciler.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "freeleaps-devops-reconciler.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "freeleaps-devops-reconciler.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "freeleaps-devops-reconciler.labels" -}} +helm.sh/chart: {{ include "freeleaps-devops-reconciler.chart" . }} +{{ include "freeleaps-devops-reconciler.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "freeleaps-devops-reconciler.selectorLabels" -}} +app.kubernetes.io/name: {{ include "freeleaps-devops-reconciler.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "freeleaps-devops-reconciler.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "freeleaps-devops-reconciler.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Create the image reference +*/}} +{{- define "freeleaps-devops-reconciler.image" -}} +{{- $tag := .Values.image.tag | default .Chart.AppVersion }} +{{- printf "%s:%s" .Values.image.repository $tag }} +{{- end }} + +{{/* +Environment variables template +*/}} +{{- define "freeleaps-devops-reconciler.env" -}} +- name: RECONCILER_DEBUG + value: {{ .Values.env.reconcilerDebug | quote }} +- name: DEFAULT_HTTP_TIMEOUT + value: {{ .Values.env.defaultHttpTimeout | quote }} +- name: K8S_CLUSTER_DOMAIN + value: {{ .Values.env.k8sClusterDomain | quote }} +- name: KUBERNETES_API_TIMEOUT + value: {{ .Values.env.kubernetesApiTimeout | quote }} +- name: AUTO_DISCOVER_K8S_CLUSTER_DOMAIN_MAX_RETRIES + value: {{ .Values.env.autoDiscoverK8sClusterDomainMaxRetries | quote }} +- name: LOG_LEVEL + value: {{ .Values.env.logLevel | quote }} +- name: LOG_FORMAT + value: {{ .Values.env.logFormat | quote }} +- name: OPERATOR_NAMESPACE + value: {{ .Values.env.operatorNamespace | quote }} +- name: RECONCILE_INTERVAL + value: {{ .Values.env.reconcileInterval | quote }} +- name: RABBITMQ_HOST + value: {{ .Values.env.rabbitmq.host | quote }} +- name: RABBITMQ_PORT + value: {{ .Values.env.rabbitmq.port | quote }} +- name: RABBITMQ_VHOST + value: {{ .Values.env.rabbitmq.vhost | quote }} +- name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: rabbitmq-username +- name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: rabbitmq-password +- name: RABBITMQ_INPUT_QUEUE + value: {{ .Values.env.rabbitmq.inputQueue | quote }} +- name: RABBITMQ_OUTPUT_QUEUE + value: {{ .Values.env.rabbitmq.outputQueue | quote }} +- name: RABBITMQ_ENABLE_EXCHANGE_BINDING + value: {{ .Values.env.rabbitmq.enableExchangeBinding | quote }} +- name: RABBITMQ_INPUT_EXCHANGE + value: {{ .Values.env.rabbitmq.inputExchange | quote }} +- name: RABBITMQ_INPUT_EXCHANGE_TYPE + value: {{ .Values.env.rabbitmq.inputExchangeType | quote }} +- name: RABBITMQ_INPUT_ROUTING_KEY + value: {{ .Values.env.rabbitmq.inputRoutingKey | quote }} +- name: RABBITMQ_OUTPUT_EXCHANGE + value: {{ .Values.env.rabbitmq.outputExchange | quote }} +- name: RABBITMQ_OUTPUT_ROUTING_KEY + value: {{ .Values.env.rabbitmq.outputRoutingKey | quote }} +- name: JENKINS_ENDPOINT + value: {{ .Values.env.jenkins.endpoint | quote }} +- name: JENKINS_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: jenkins-username +- name: JENKINS_TOKEN + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: jenkins-token +- name: JENKINS_API_TIMEOUT + value: {{ .Values.env.jenkins.apiTimeout | quote }} +- name: JENKINS_FOLDER_CREATION_RETRY_COUNT + value: {{ .Values.env.jenkins.folderCreationRetryCount | quote }} +- name: ARGOCD_ENDPOINT + value: {{ .Values.env.argocd.endpoint | quote }} +- name: ARGOCD_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: argocd-username +- name: ARGOCD_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: argocd-password +- name: ARGOCD_API_TIMEOUT + value: {{ .Values.env.argocd.apiTimeout | quote }} +- name: ARGOCD_RESOURCE_CREATION_TIMEOUT + value: {{ .Values.env.argocd.resourceCreationTimeout | quote }} +- name: DEFAULT_GIT_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: default-git-username +- name: DEFAULT_GIT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: default-git-password +- name: DEFAULT_DOCKER_REGISTRY_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: default-docker-registry-username +- name: DEFAULT_DOCKER_REGISTRY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: default-docker-registry-password +- name: DOCKER_REGISTRY_PAT_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: docker-registry-pat-username +- name: DOCKER_REGISTRY_PAT + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: docker-registry-pat +- name: ALLOW_HTTP_GIT_URLS + value: {{ .Values.env.allowHttpGitUrls | quote }} +- name: DOMAIN_TEMPLATE + value: {{ .Values.env.networkResources.domainTemplate | quote }} +- name: INGRESS_CLASS_NAME + value: {{ .Values.env.networkResources.ingressClassName | quote }} +- name: CERT_MANAGER_CLUSTER_ISSUER + value: {{ .Values.env.networkResources.certManagerClusterIssuer | quote }} +- name: INGRESS_CONTROLLER_IP + value: {{ .Values.env.networkResources.ingressControllerIp | quote }} +- name: DNS_CREATION_TIMEOUT + value: {{ .Values.env.networkResources.dnsCreationTimeout | quote }} +- name: CERTIFICATE_ISSUANCE_TIMEOUT + value: {{ .Values.env.networkResources.certificateIssuanceTimeout | quote }} +- name: INGRESS_READY_TIMEOUT + value: {{ .Values.env.networkResources.ingressReadyTimeout | quote }} +- name: NETWORK_RESOURCE_CLEANUP_TIMEOUT + value: {{ .Values.env.networkResources.networkResourceCleanupTimeout | quote }} +- name: NETWORK_RESOURCE_RETRY_COUNT + value: {{ .Values.env.networkResources.networkResourceRetryCount | quote }} +- name: NETWORK_RESOURCE_RETRY_DELAY + value: {{ .Values.env.networkResources.networkResourceRetryDelay | quote }} +- name: AZURE_KEY_VAULT_ENDPOINT + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: azure-key-vault-endpoint +- name: AZURE_KEY_VAULT_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: azure-key-vault-client-id +- name: AZURE_KEY_VAULT_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: azure-key-vault-client-secret +- name: AZURE_KEY_VAULT_TENANT_ID + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: azure-key-vault-tenant-id +- name: AZURE_KEY_VAULT_RESOURCE_GROUP + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: azure-key-vault-resource-group +- name: AZURE_KEY_VAULT_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: azure-key-vault-subscription-id +- name: AZURE_KEY_VAULT_NAME + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: azure-key-vault-name +- name: AZURE_DNS_SUBSCRIPTION_ID + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: azure-dns-subscription-id +- name: AZURE_DNS_TENANT_ID + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: azure-dns-tenant-id +- name: AZURE_DNS_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: azure-dns-client-id +- name: AZURE_DNS_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: azure-dns-client-secret +- name: AZURE_DNS_RESOURCE_GROUP + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: azure-dns-resource-group +- name: AZURE_DNS_ZONE_NAME + valueFrom: + secretKeyRef: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + key: azure-dns-zone-name +{{- end }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/argosettings.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/argosettings.yaml new file mode 100644 index 00000000..bc51e4ec --- /dev/null +++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/argosettings.yaml @@ -0,0 +1,119 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: argosettings.freeleaps.com + labels: + {{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-5" + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} +spec: + group: freeleaps.com + scope: Namespaced + names: + kind: ArgoSetting + listKind: ArgoSettingList + singular: argosetting + plural: argosettings + shortNames: + - argo + - argos + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: ['spec'] + properties: + spec: + type: object + required: + - projectId + - environments + properties: + projectId: + type: string + description: "Reference to DevOpsProject ID" + environments: + type: array + items: + type: object + required: + - name + - namespace + - repoUrl + properties: + name: + type: string + enum: ["dev", "staging", "prod"] + namespace: + type: string + description: "Target Kubernetes namespace" + repoUrl: + type: string + description: "Helm chart repository URL" + path: + type: string + description: "Path to chart in repository" + default: "." + targetRevision: + type: string + description: "Git branch or tag" + default: "HEAD" + syncPolicy: + type: object + properties: + automated: + type: object + properties: + prune: + type: boolean + default: false + selfHeal: + type: boolean + default: false + syncOptions: + type: array + items: + type: string + status: + type: object + properties: + argoSettings: + type: object + properties: + status: + type: string + enum: ["invalid", "valid", "synced"] + synced: + type: boolean + ready: + type: boolean + lastProbeTime: + type: string + format: date-time + subresources: + status: {} + additionalPrinterColumns: + - name: Project ID + type: string + jsonPath: .spec.projectId + - name: Environments + type: string + jsonPath: .spec.environments[*].name + - name: Status + type: string + jsonPath: .status.argoSettings.status + - name: Ready + type: boolean + jsonPath: .status.argoSettings.ready + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +{{- end }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/containerregistries.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/containerregistries.yaml new file mode 100644 index 00000000..44b7ea33 --- /dev/null +++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/containerregistries.yaml @@ -0,0 +1,125 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: containerregistries.freeleaps.com + labels: + {{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-5" + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} +spec: + group: freeleaps.com + scope: Namespaced + names: + kind: ContainerRegistry + listKind: ContainerRegistryList + singular: containerregistry + plural: containerregistries + shortNames: + - registry + - reg + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: ['spec'] + properties: + spec: + type: object + required: + - projectId + - registryUrl + - project + properties: + projectId: + type: string + description: "Reference to DevOpsProject ID" + registryUrl: + type: string + description: "Container registry URL" + project: + type: string + description: "Registry project/namespace" + credentialsRef: + type: object + required: + - name + properties: + name: + type: string + description: "Secret name containing registry credentials" + namespace: + type: string + description: "Secret namespace" + repositories: + type: array + items: + type: object + required: + - name + properties: + name: + type: string + description: "Repository name" + description: + type: string + description: "Repository description" + public: + type: boolean + default: false + status: + type: object + properties: + containerRegistry: + type: object + properties: + status: + type: string + enum: ["invalid", "valid", "synced"] + synced: + type: boolean + ready: + type: boolean + lastProbeTime: + type: string + format: date-time + repositories: + type: array + items: + type: object + properties: + name: + type: string + url: + type: string + created: + type: boolean + subresources: + status: {} + additionalPrinterColumns: + - name: Project ID + type: string + jsonPath: .spec.projectId + - name: Registry URL + type: string + jsonPath: .spec.registryUrl + - name: Project + type: string + jsonPath: .spec.project + - name: Status + type: string + jsonPath: .status.containerRegistry.status + - name: Ready + type: boolean + jsonPath: .status.containerRegistry.ready + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +{{- end }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/deploymentrecords.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/deploymentrecords.yaml new file mode 100644 index 00000000..251f0beb --- /dev/null +++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/deploymentrecords.yaml @@ -0,0 +1,139 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: deploymentrecords.freeleaps.com + labels: + {{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-5" + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} +spec: + group: freeleaps.com + scope: Namespaced + names: + kind: DeploymentRecord + listKind: DeploymentRecordList + singular: deploymentrecord + plural: deploymentrecords + shortNames: + - deploy + - dr + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: ['spec'] + properties: + spec: + type: object + required: + - projectId + - version + - environment + properties: + projectId: + type: string + description: "Reference to DevOpsProject ID" + version: + type: string + description: "Application version to deploy" + environment: + type: string + enum: ["dev", "staging", "prod"] + description: "Target environment" + gitCommitHash: + type: string + description: "Git commit hash for this deployment" + buildTrigger: + type: string + enum: ["manual", "webhook", "schedule", "api"] + default: "manual" + description: "What triggered this deployment" + operation: + type: string + enum: ["start", "terminate", "restart"] + default: "start" + description: "Deployment operation to perform" + ttlSeconds: + type: integer + minimum: 0 + description: "TTL for this deployment in seconds" + parameters: + type: object + additionalProperties: + type: string + description: "Additional deployment parameters" + status: + type: object + properties: + deploymentRecord: + type: object + properties: + status: + type: string + enum: ["running", "success", "failed", "terminated"] + phase: + type: string + enum: ["initializing", "commit-message-linting", "execute-mode-detection", "code-changes-detection", "build-agent-setup", "dependencies-resolving", "semantic-releasing", "compilation-packaging", "image-builder-setup", "image-building", "app-version-updating", "deployment-triggering", "deployment-syncing", "deployment-verification", "resource-cleanup", "finished"] + startTime: + type: string + format: date-time + completionTime: + type: string + format: date-time + lastProbeTime: + type: string + format: date-time + jenkinsBuildNumber: + type: integer + description: "Jenkins build number" + jenkinsBuildUrl: + type: string + description: "Jenkins build URL" + argoSyncStatus: + type: string + description: "Argo CD sync status" + message: + type: string + description: "Status message" + networkResources: + type: object + properties: + domain: + type: string + certificate: + type: string + ingress: + type: string + subresources: + status: {} + additionalPrinterColumns: + - name: Project ID + type: string + jsonPath: .spec.projectId + - name: Version + type: string + jsonPath: .spec.version + - name: Environment + type: string + jsonPath: .spec.environment + - name: Status + type: string + jsonPath: .status.deploymentRecord.status + - name: Phase + type: string + jsonPath: .status.deploymentRecord.phase + - name: Build + type: integer + jsonPath: .status.deploymentRecord.jenkinsBuildNumber + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +{{- end }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/devopsprojects.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/devopsprojects.yaml new file mode 100644 index 00000000..6588558c --- /dev/null +++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/devopsprojects.yaml @@ -0,0 +1,145 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: devopsprojects.freeleaps.com + labels: + {{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-5" + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} +spec: + group: freeleaps.com + scope: Namespaced + names: + kind: DevOpsProject + listKind: DevOpsProjectList + singular: devopsproject + plural: devopsprojects + shortNames: + - dop + - dops + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: ['spec'] + properties: + metadata: + type: object + properties: + name: + type: string + maxLength: 63 + spec: + type: object + required: + - projectName + - projectId + - git + - registry + - environments + properties: + projectName: + type: string + description: "Human readable project name" + projectId: + type: string + description: "Unique project identifier" + pattern: "^[a-z0-9]([a-z0-9-]*[a-z0-9])?$" + git: + type: object + required: + - url + - branch + properties: + url: + type: string + description: "Git repository URL" + branch: + type: string + description: "Default git branch" + default: "main" + credentialsRef: + type: object + properties: + name: + type: string + namespace: + type: string + registry: + type: object + required: + - url + - project + properties: + url: + type: string + description: "Container registry URL" + project: + type: string + description: "Registry project/namespace" + credentialsRef: + type: object + properties: + name: + type: string + namespace: + type: string + environments: + type: array + items: + type: object + required: + - name + - branch + properties: + name: + type: string + enum: ["dev", "staging", "prod"] + branch: + type: string + autoSync: + type: boolean + default: false + status: + type: object + properties: + devopsProject: + type: object + properties: + status: + type: string + enum: ["invalid", "valid", "synced"] + synced: + type: boolean + ready: + type: boolean + lastProbeTime: + type: string + format: date-time + subresources: + status: {} + additionalPrinterColumns: + - name: Project ID + type: string + jsonPath: .spec.projectId + - name: Git URL + type: string + jsonPath: .spec.git.url + - name: Status + type: string + jsonPath: .status.devopsProject.status + - name: Ready + type: boolean + jsonPath: .status.devopsProject.ready + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +{{- end }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/gitcredentials.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/gitcredentials.yaml new file mode 100644 index 00000000..0f757de9 --- /dev/null +++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/gitcredentials.yaml @@ -0,0 +1,97 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: gitcredentials.freeleaps.com + labels: + {{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-5" + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} +spec: + group: freeleaps.com + scope: Namespaced + names: + kind: GitCredentials + listKind: GitCredentialsList + singular: gitcredentials + plural: gitcredentials + shortNames: + - gitcred + - gc + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: ['spec'] + properties: + spec: + type: object + required: + - gitUrl + - credentialsRef + properties: + gitUrl: + type: string + description: "Git repository URL or domain" + credentialsRef: + type: object + required: + - name + properties: + name: + type: string + description: "Secret name containing git credentials" + namespace: + type: string + description: "Secret namespace" + credentialsId: + type: string + description: "Jenkins credentials ID to create/update" + description: + type: string + description: "Description for the credentials" + status: + type: object + properties: + gitCredentials: + type: object + properties: + status: + type: string + enum: ["invalid", "valid", "synced"] + synced: + type: boolean + ready: + type: boolean + lastProbeTime: + type: string + format: date-time + jenkinsCredentialsId: + type: string + description: "Created Jenkins credentials ID" + subresources: + status: {} + additionalPrinterColumns: + - name: Git URL + type: string + jsonPath: .spec.gitUrl + - name: Credentials ID + type: string + jsonPath: .status.gitCredentials.jenkinsCredentialsId + - name: Status + type: string + jsonPath: .status.gitCredentials.status + - name: Ready + type: boolean + jsonPath: .status.gitCredentials.ready + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +{{- end }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/ingressresources.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/ingressresources.yaml new file mode 100644 index 00000000..57c30133 --- /dev/null +++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/ingressresources.yaml @@ -0,0 +1,162 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ingressresources.freeleaps.com + labels: + {{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-5" + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} +spec: + group: freeleaps.com + scope: Namespaced + names: + kind: IngressResources + listKind: IngressResourcesList + singular: ingressresources + plural: ingressresources + shortNames: + - ingress + - ir + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: ['spec'] + properties: + spec: + type: object + required: + - projectId + - environment + - domain + properties: + projectId: + type: string + description: "Reference to DevOpsProject ID" + environment: + type: string + enum: ["dev", "staging", "prod"] + description: "Target environment" + domain: + type: string + description: "Domain name for the ingress" + serviceName: + type: string + description: "Backend service name" + servicePort: + type: integer + description: "Backend service port" + default: 80 + tlsEnabled: + type: boolean + description: "Enable TLS/SSL" + default: true + certificateIssuer: + type: string + description: "cert-manager ClusterIssuer name" + default: "letsencrypt-prod" + ingressClassName: + type: string + description: "Ingress class name" + default: "nginx" + annotations: + type: object + additionalProperties: + type: string + description: "Additional ingress annotations" + paths: + type: array + items: + type: object + required: + - path + properties: + path: + type: string + description: "Path pattern" + pathType: + type: string + enum: ["Exact", "Prefix", "ImplementationSpecific"] + default: "Prefix" + serviceName: + type: string + description: "Override service name for this path" + servicePort: + type: integer + description: "Override service port for this path" + status: + type: object + properties: + ingressResources: + type: object + properties: + status: + type: string + enum: ["invalid", "creating", "ready", "failed"] + ready: + type: boolean + lastProbeTime: + type: string + format: date-time + domain: + type: object + properties: + name: + type: string + created: + type: boolean + dnsReady: + type: boolean + certificate: + type: object + properties: + name: + type: string + issued: + type: boolean + ready: + type: boolean + ingress: + type: object + properties: + name: + type: string + created: + type: boolean + ready: + type: boolean + loadBalancerIP: + type: string + subresources: + status: {} + additionalPrinterColumns: + - name: Project ID + type: string + jsonPath: .spec.projectId + - name: Environment + type: string + jsonPath: .spec.environment + - name: Domain + type: string + jsonPath: .spec.domain + - name: TLS + type: boolean + jsonPath: .spec.tlsEnabled + - name: Status + type: string + jsonPath: .status.ingressResources.status + - name: Ready + type: boolean + jsonPath: .status.ingressResources.ready + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +{{- end }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/jenkinssettings.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/jenkinssettings.yaml new file mode 100644 index 00000000..9e8d2c2a --- /dev/null +++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/crds/jenkinssettings.yaml @@ -0,0 +1,136 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: jenkinssettings.freeleaps.com + labels: + {{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-5" + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} +spec: + group: freeleaps.com + scope: Namespaced + names: + kind: JenkinsSetting + listKind: JenkinsSettingList + singular: jenkinssetting + plural: jenkinssettings + shortNames: + - jenkins + - jen + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: ['spec'] + properties: + spec: + type: object + required: + - projectId + - gitUrl + - environments + properties: + projectId: + type: string + description: "Reference to DevOpsProject ID" + gitUrl: + type: string + description: "Git repository URL for Jenkins pipelines" + gitCredentialsId: + type: string + description: "Jenkins credentials ID for Git access" + environments: + type: array + items: + type: object + required: + - name + - branch + properties: + name: + type: string + enum: ["dev", "staging", "prod"] + branch: + type: string + description: "Git branch for this environment" + pipelineScript: + type: string + description: "Custom Jenkinsfile content" + buildTriggers: + type: object + properties: + webhook: + type: boolean + default: true + schedule: + type: string + description: "Cron schedule for builds" + folder: + type: object + properties: + name: + type: string + description: "Jenkins folder name" + description: + type: string + description: "Jenkins folder description" + status: + type: object + properties: + jenkinsSettings: + type: object + properties: + status: + type: string + enum: ["invalid", "valid", "synced"] + synced: + type: boolean + ready: + type: boolean + lastProbeTime: + type: string + format: date-time + folderUrl: + type: string + description: "Jenkins folder URL" + jobs: + type: array + items: + type: object + properties: + name: + type: string + environment: + type: string + url: + type: string + subresources: + status: {} + additionalPrinterColumns: + - name: Project ID + type: string + jsonPath: .spec.projectId + - name: Git URL + type: string + jsonPath: .spec.gitUrl + - name: Environments + type: string + jsonPath: .spec.environments[*].name + - name: Status + type: string + jsonPath: .status.jenkinsSettings.status + - name: Ready + type: boolean + jsonPath: .status.jenkinsSettings.ready + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +{{- end }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/deployment.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/deployment.yaml new file mode 100644 index 00000000..2c7be2fb --- /dev/null +++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/deployment.yaml @@ -0,0 +1,93 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "freeleaps-devops-reconciler.fullname" . }} + labels: + {{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + strategy: + {{- toYaml .Values.strategy | nindent 4 }} + selector: + matchLabels: + {{- include "freeleaps-devops-reconciler.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + # Force pod restart on secret changes + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + labels: + {{- include "freeleaps-devops-reconciler.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "freeleaps-devops-reconciler.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: {{ include "freeleaps-devops-reconciler.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.targetPort }} + protocol: TCP + env: + {{- include "freeleaps-devops-reconciler.env" . | nindent 12 }} + {{- if .Values.healthcheck.livenessProbe.enabled }} + livenessProbe: + {{- with .Values.healthcheck.livenessProbe.httpGet }} + httpGet: + {{- toYaml . | nindent 14 }} + {{- end }} + initialDelaySeconds: {{ .Values.healthcheck.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.healthcheck.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.healthcheck.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.healthcheck.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.healthcheck.readinessProbe.enabled }} + readinessProbe: + {{- with .Values.healthcheck.readinessProbe.httpGet }} + httpGet: + {{- toYaml . | nindent 14 }} + {{- end }} + initialDelaySeconds: {{ .Values.healthcheck.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.healthcheck.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.healthcheck.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.healthcheck.readinessProbe.failureThreshold }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + {{- if .Values.securityContext.readOnlyRootFilesystem }} + - name: tmp + mountPath: /tmp + - name: logs + mountPath: /app/logs + {{- end }} + volumes: + {{- if .Values.securityContext.readOnlyRootFilesystem }} + - name: tmp + emptyDir: {} + - name: logs + emptyDir: {} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/ingress.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/ingress.yaml new file mode 100644 index 00000000..2250c503 --- /dev/null +++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/ingress.yaml @@ -0,0 +1,59 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "freeleaps-devops-reconciler.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class")) }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/rbac.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/rbac.yaml new file mode 100644 index 00000000..e38055fd --- /dev/null +++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/rbac.yaml @@ -0,0 +1,84 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "freeleaps-devops-reconciler.fullname" . }} + labels: + {{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }} +rules: + # Core Kubernetes resources + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] + - apiGroups: [""] + resources: ["secrets", "configmaps"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + + # Apps resources + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + + # Networking resources + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["networking.k8s.io"] + resources: ["networkpolicies"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + + # cert-manager resources + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + + # Argo CD resources + - apiGroups: ["argoproj.io"] + resources: ["applications", "appprojects"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + + # Custom resources - FreeleapsDevOps + - apiGroups: ["freeleaps.com"] + resources: ["devopsprojects", "argosettings", "jenkinssettings", "containerregistries", "gitcredentials", "deploymentrecords", "ingressresources"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["freeleaps.com"] + resources: ["devopsprojects/status", "argosettings/status", "jenkinssettings/status", "containerregistries/status", "gitcredentials/status", "deploymentrecords/status", "ingressresources/status"] + verbs: ["get", "update", "patch"] + - apiGroups: ["freeleaps.com"] + resources: ["devopsprojects/finalizers", "argosettings/finalizers", "jenkinssettings/finalizers", "containerregistries/finalizers", "gitcredentials/finalizers", "deploymentrecords/finalizers", "ingressresources/finalizers"] + verbs: ["update"] + + # Kopf framework requirements + - apiGroups: ["zalando.org"] + resources: ["kopfpeerings"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + + # Additional rules from values + {{- with .Values.rbac.additionalRules }} + {{- toYaml . | nindent 2 }} + {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "freeleaps-devops-reconciler.fullname" . }} + labels: + {{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "freeleaps-devops-reconciler.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "freeleaps-devops-reconciler.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/certificate.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/certificate.yaml deleted file mode 100644 index 393734a7..00000000 --- a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/certificate.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ $namespace := .Release.Namespace }} -{{ $appVersion := .Chart.AppVersion | quote }} -{{ $releaseCertificate := .Release.Service }} -{{ $releaseName := .Release.Name }} -{{- range $ingress := .Values.reconciler.ingresses }} -{{- if not $ingress.tls.exists }} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ $ingress.name }} - namespace: {{ $namespace }} - labels: - app.kubernetes.io/version: {{ $appVersion }} - app.kubernetes.io/name: {{ $ingress.name | quote }} - app.kubernetes.io/managed-by: {{ $releaseCertificate }} - app.kubernetes.io/instance: {{ $releaseName }} -spec: - commonName: {{ $ingress.host }} - dnsNames: - - {{ $ingress.host }} - issuerRef: - name: {{ $ingress.tls.issuerRef.name }} - kind: {{ $ingress.tls.issuerRef.kind }} - secretName: {{ $ingress.tls.name }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/deployment.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/deployment.yaml deleted file mode 100644 index 385e7e09..00000000 --- a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/deployment.yaml +++ /dev/null @@ -1,131 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/name: "reconciler" - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{/* logIngest related code commented out -{{- if .Values.logIngest.enabled }} - annotations: - opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/reconciler/opentelemetry.yaml") . | sha256sum }} -{{- end }} -*/}} - name: "reconciler" - namespace: {{ .Release.Namespace | quote }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: "reconciler" - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - replicas: {{ .Values.reconciler.replicas }} - template: - metadata: - labels: - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - app.kubernetes.io/name: "reconciler" - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - annotations: - app.kubernetes.io/config-checksum: {{ include (print $.Template.BasePath "/reconciler/reconciler-config.yaml") . | sha256sum }} -{{/* logIngest related code commented out -{{- if .Values.logIngest.enabled }} - opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/reconciler/opentelemetry.yaml") . | sha256sum }} - sidecar.opentelemetry.io/inject: "{{ .Release.Namespace}}/{{ .Release.Name }}-opentelemetry-collector" -{{- end }} -*/}} - spec: -{{/* logIngest related code commented out -{{- if .Values.logIngest.enabled }} - serviceAccountName: "{{ .Release.Name }}-otel-collector" -{{- end }} -*/}} - containers: - - name: "reconciler" - image: "{{ coalesce .Values.reconciler.image.registry .Values.global.registry "docker.io"}}/{{ coalesce .Values.reconciler.image.repository .Values.global.repository }}/{{ .Values.reconciler.image.name }}:{{ .Values.reconciler.image.tag | default "latest" }}" - imagePullPolicy: {{ .Values.reconciler.image.imagePullPolicy | default "IfNotPresent" }} - ports: - {{- range $port := .Values.reconciler.ports }} - - containerPort: {{ $port.containerPort }} - name: {{ $port.name }} - protocol: {{ $port.protocol }} - {{- end }} - {{- if .Values.reconciler.resources }} - resources: - {{- toYaml .Values.reconciler.resources | nindent 12 }} - {{- end }} - {{- if .Values.reconciler.probes }} - {{- if and (.Values.reconciler.probes.liveness) (eq .Values.reconciler.probes.liveness.type "httpGet") }} - livenessProbe: - httpGet: - path: {{ .Values.reconciler.probes.liveness.config.path }} - port: {{ .Values.reconciler.probes.liveness.config.port }} - {{- if .Values.reconciler.probes.liveness.config.initialDelaySeconds }} - initialDelaySeconds: {{ .Values.reconciler.probes.liveness.config.initialDelaySeconds }} - {{- end }} - {{- if .Values.reconciler.probes.liveness.config.periodSeconds }} - periodSeconds: {{ .Values.reconciler.probes.liveness.config.periodSeconds }} - {{- end }} - {{- if .Values.reconciler.probes.liveness.config.timeoutSeconds }} - timeoutSeconds: {{ .Values.reconciler.probes.liveness.config.timeoutSeconds }} - {{- end }} - {{- if .Values.reconciler.probes.liveness.config.successThreshold }} - successThreshold: {{ .Values.reconciler.probes.liveness.config.successThreshold }} - {{- end }} - {{- if .Values.reconciler.probes.liveness.config.failureThreshold }} - failureThreshold: {{ .Values.reconciler.probes.liveness.config.failureThreshold }} - {{- end }} - {{- if .Values.reconciler.probes.liveness.config.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.reconciler.probes.liveness.config.terminationGracePeriodSeconds }} - {{- end }} - {{- end }} - {{- if and (.Values.reconciler.probes.readiness) (eq .Values.reconciler.probes.readiness.type "httpGet") }} - readinessProbe: - httpGet: - path: {{ .Values.reconciler.probes.readiness.config.path }} - port: {{ .Values.reconciler.probes.readiness.config.port }} - {{- if .Values.reconciler.probes.readiness.config.initialDelaySeconds }} - initialDelaySeconds: {{ .Values.reconciler.probes.readiness.config.initialDelaySeconds }} - {{- end }} - {{- if .Values.reconciler.probes.readiness.config.periodSeconds }} - periodSeconds: {{ .Values.reconciler.probes.readiness.config.periodSeconds }} - {{- end }} - {{- if .Values.reconciler.probes.readiness.config.timeoutSeconds }} - timeoutSeconds: {{ .Values.reconciler.probes.readiness.config.timeoutSeconds }} - {{- end }} - {{- if .Values.reconciler.probes.readiness.config.successThreshold }} - successThreshold: {{ .Values.reconciler.probes.readiness.config.successThreshold }} - {{- end }} - {{- if .Values.reconciler.probes.readiness.config.failureThreshold }} - failureThreshold: {{ .Values.reconciler.probes.readiness.config.failureThreshold }} - {{- end }} - {{- if .Values.reconciler.probes.readiness.config.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.reconciler.probes.readiness.config.terminationGracePeriodSeconds }} - {{- end }} - {{- end }} - {{- end}} - env: - {{- range $key, $value := .Values.reconciler.configs }} - - name: {{ $key | snakecase | upper }} - valueFrom: - secretKeyRef: - name: reconciler-config - key: {{ $key | snakecase | upper }} - {{- end }} -{{/* logIngest related code commented out -{{- if .Values.logIngest.enabled }} - volumeMounts: - - name: app-logs - mountPath: {{ .Values.logIngest.logPath }} -{{- end }} -*/}} -{{/* logIngest related code commented out -{{- if .Values.logIngest.enabled }} - volumes: - - name: app-logs - emptyDir: {} -{{- end }} -*/}} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/ingress.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/ingress.yaml deleted file mode 100644 index 3c022c5d..00000000 --- a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/ingress.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{ $namespace := .Release.Namespace }} -{{ $appVersion := .Chart.AppVersion | quote }} -{{ $releaseIngress := .Release.Service }} -{{ $releaseName := .Release.Name }} -{{- range $ingress := .Values.reconciler.ingresses }} ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ $ingress.name }} - namespace: {{ $namespace }} - labels: - app.kubernetes.io/version: {{ $appVersion }} - app.kubernetes.io/name: {{ $ingress.name | quote }} - app.kubernetes.io/managed-by: {{ $releaseIngress }} - app.kubernetes.io/instance: {{ $releaseName }} -spec: -{{- if $ingress.class }} - ingressClassName: {{ $ingress.class }} -{{- end }} -{{- if $ingress.tls }} - tls: - - hosts: - - {{ $ingress.host }} -{{- if $ingress.tls.exists }} - secretName: {{ $ingress.tls.secretRef.name }} -{{- else }} - secretName: {{ $ingress.tls.name }} -{{- end }} -{{- end }} - rules: - - host: {{ $ingress.host }} - http: - paths: -{{- toYaml $ingress.rules | nindent 10 }} -{{- end }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/reconciler-config.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/reconciler-config.yaml deleted file mode 100644 index da905c8c..00000000 --- a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/reconciler-config.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: reconciler-config - namespace: {{ .Release.Namespace }} -type: Opaque -data: - DEBUG: {{ .Values.reconciler.configs.debug | b64enc | quote }} - K8S_CLUSTER_DOMAIN: {{ .Values.reconciler.configs.k8sClusterDomain | b64enc | quote }} - K_8S_CLUSTER_DOMAIN: {{ .Values.reconciler.configs.k8sClusterDomain | b64enc | quote }} - AUTO_DISCOVER_K8S_CLUSTER_DOMAIN_MAX_RETRIES: {{ .Values.reconciler.configs.autoDiscoverK8sClusterDomainMaxRetries | toString | b64enc | quote }} - AUTO_DISCOVER_K_8S_CLUSTER_DOMAIN_MAX_RETRIES: {{ .Values.reconciler.configs.autoDiscoverK8sClusterDomainMaxRetries | toString | b64enc | quote }} - RABBITMQ_HOST: {{ .Values.reconciler.configs.rabbitmqHost | b64enc | quote }} - RABBITMQ_PORT: {{ .Values.reconciler.configs.rabbitmqPort | toString | b64enc | quote }} - RABBITMQ_USERNAME: {{ .Values.reconciler.configs.rabbitmqUsername | b64enc | quote }} - RABBITMQ_PASSWORD: {{ .Values.reconciler.configs.rabbitmqPassword | b64enc | quote }} - RABBITMQ_VHOST: {{ .Values.reconciler.configs.rabbitmqVhost | b64enc | quote }} - RABBITMQ_INPUT_QUEUE: {{ .Values.reconciler.configs.rabbitmqInputQueue | b64enc | quote }} - RABBITMQ_OUTPUT_QUEUE: {{ .Values.reconciler.configs.rabbitmqOutputQueue | b64enc | quote }} - RABBITMQ_ENABLE_EXCHANGE_BINDING: {{ .Values.reconciler.configs.rabbitmqEnableExchangeBinding | b64enc | quote }} - RABBITMQ_INPUT_EXCHANGE: {{ .Values.reconciler.configs.rabbitmqInputExchange | b64enc | quote }} - RABBITMQ_INPUT_EXCHANGE_TYPE: {{ .Values.reconciler.configs.rabbitmqInputExchangeType | b64enc | quote }} - RABBITMQ_INPUT_ROUTING_KEY: {{ .Values.reconciler.configs.rabbitmqInputRoutingKey | b64enc | quote }} - RABBITMQ_OUTPUT_EXCHANGE: {{ .Values.reconciler.configs.rabbitmqOutputExchange | b64enc | quote }} - RABBITMQ_OUTPUT_ROUTING_KEY: {{ .Values.reconciler.configs.rabbitmqOutputRoutingKey | b64enc | quote }} - JENKINS_ENDPOINT: {{ .Values.reconciler.configs.jenkinsEndpoint | b64enc | quote }} - JENKINS_USERNAME: {{ .Values.reconciler.configs.jenkinsUsername | b64enc | quote }} - JENKINS_TOKEN: {{ .Values.reconciler.configs.jenkinsToken | b64enc | quote }} - JENKINS_API_TIMEOUT: {{ .Values.reconciler.configs.jenkinsApiTimeout | toString | b64enc | quote }} - JENKINS_FOLDER_CREATION_RETRY_COUNT: {{ .Values.reconciler.configs.jenkinsFolderCreationRetryCount | toString | b64enc | quote }} - ARGOCD_ENDPOINT: {{ .Values.reconciler.configs.argocdEndpoint | b64enc | quote }} - ARGOCD_USERNAME: {{ .Values.reconciler.configs.argocdUsername | b64enc | quote }} - ARGOCD_PASSWORD: {{ .Values.reconciler.configs.argocdPassword | b64enc | quote }} - ARGOCD_API_TIMEOUT: {{ .Values.reconciler.configs.argocdApiTimeout | toString | b64enc | quote }} - ARGOCD_RESOURCE_CREATION_TIMEOUT: {{ .Values.reconciler.configs.argocdResourceCreationTimeout | toString | b64enc | quote }} - DEFAULT_GIT_USERNAME: {{ .Values.reconciler.configs.defaultGitUsername | b64enc | quote }} - DEFAULT_GIT_PASSWORD: {{ .Values.reconciler.configs.defaultGitPassword | b64enc | quote }} - DEFAULT_REGISTRY_USERNAME: {{ .Values.reconciler.configs.defaultRegistryUsername | b64enc | quote }} - DEFAULT_REGISTRY_PASSWORD: {{ .Values.reconciler.configs.defaultRegistryPassword | b64enc | quote }} - KUBERNETES_API_TIMEOUT: {{ .Values.reconciler.configs.kubernetesApiTimeout | toString | b64enc | quote }} - DEFAULT_HTTP_TIMEOUT: {{ .Values.reconciler.configs.defaultHttpTimeout | toString | b64enc | quote }} - ALLOW_HTTP_GIT_URLS: {{ .Values.reconciler.configs.allowHttpGitUrls | b64enc | quote }} - LOG_LEVEL: {{ .Values.reconciler.configs.logLevel | b64enc | quote }} - LOG_FORMAT: {{ .Values.reconciler.configs.logFormat | b64enc | quote }} - OPERATOR_NAMESPACE: {{ .Values.reconciler.configs.operatorNamespace | b64enc | quote }} - RECONCILE_INTERVAL: {{ .Values.reconciler.configs.reconcileInterval | toString | b64enc | quote }} - ENABLE_MOCK_SERVICE: {{ .Values.reconciler.configs.enableMockService | b64enc | quote }} - MOCK_SERVICE_PORT: {{ .Values.reconciler.configs.mockServicePort | toString | b64enc | quote }} - DEV_MODE: {{ .Values.reconciler.configs.devMode | b64enc | quote }} - GODADDY_API_KEY: {{ .Values.reconciler.configs.godaddyApiKey | b64enc | quote }} - GODADDY_API_SECRET: {{ .Values.reconciler.configs.godaddyApiSecret | b64enc | quote }} - GODADDY_BASE_DOMAIN: {{ .Values.reconciler.configs.godaddyBaseDomain | b64enc | quote }} - DOMAIN_TEMPLATE: {{ .Values.reconciler.configs.domainTemplate | b64enc | quote }} - INGRESS_CLASS_NAME: {{ .Values.reconciler.configs.ingressClassName | b64enc | quote }} - CERT_MANAGER_CLUSTER_ISSUER: {{ .Values.reconciler.configs.certManagerClusterIssuer | b64enc | quote }} - DNS_CREATION_TIMEOUT: {{ .Values.reconciler.configs.dnsCreationTimeout | toString | b64enc | quote }} - CERTIFICATE_ISSUANCE_TIMEOUT: {{ .Values.reconciler.configs.certificateIssuanceTimeout | toString | b64enc | quote }} - INGRESS_READY_TIMEOUT: {{ .Values.reconciler.configs.ingressReadyTimeout | toString | b64enc | quote }} - NETWORK_RESOURCE_CLEANUP_TIMEOUT: {{ .Values.reconciler.configs.networkResourceCleanupTimeout | toString | b64enc | quote }} - NETWORK_RESOURCE_RETRY_COUNT: {{ .Values.reconciler.configs.networkResourceRetryCount | toString | b64enc | quote }} - NETWORK_RESOURCE_RETRY_DELAY: {{ .Values.reconciler.configs.networkResourceRetryDelay | toString | b64enc | quote }} - SERVICE_API_ACCESS_HOST: {{ .Values.reconciler.configs.serviceApiAccessHost | b64enc | quote }} - SERVICE_API_ACCESS_PORT: {{ .Values.reconciler.configs.serviceApiAccessPort | toString | b64enc | quote }} - MONGODB_NAME: {{ .Values.reconciler.configs.mongodbName | b64enc | quote }} - MONGODB_URI: {{ .Values.reconciler.configs.mongodbUri | b64enc | quote }} - MONGODB_PORT: {{ .Values.reconciler.configs.mongodbPort | toString | b64enc | quote }} - REDIS_URL: {{ .Values.reconciler.configs.redisUrl | b64enc | quote }} - REDIS_IS_CLUSTER: {{ .Values.reconciler.configs.redisIsCluster | b64enc | quote }} - JWT_SECRET_KEY: {{ .Values.reconciler.configs.jwtSecretKey | b64enc | quote }} - JWT_ALGORITHM: {{ .Values.reconciler.configs.jwtAlgorithm | b64enc | quote }} - METRICS_ENABLED: {{ .Values.reconciler.configs.metricsEnabled | b64enc | quote }} - PROBES_ENABLED: {{ .Values.reconciler.configs.probesEnabled | b64enc | quote }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/service.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/service.yaml deleted file mode 100644 index 5f0803ff..00000000 --- a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ $namespace := .Release.Namespace }} -{{ $appVersion := .Chart.AppVersion | quote }} -{{ $releaseService := .Release.Service }} -{{ $releaseName := .Release.Name }} -{{- range $service := .Values.reconciler.services }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ $service.name }} - namespace: {{ $namespace }} - labels: - app.kubernetes.io/version: {{ $appVersion }} - app.kubernetes.io/name: {{ $service.name | quote }} - app.kubernetes.io/managed-by: {{ $releaseService }} - app.kubernetes.io/instance: {{ $releaseName }} -spec: - ports: - - port: {{ $service.port }} - targetPort: {{ $service.targetPort }} - selector: - app.kubernetes.io/version: {{ $appVersion }} - app.kubernetes.io/name: "reconciler" - app.kubernetes.io/managed-by: {{ $releaseService }} - app.kubernetes.io/instance: {{ $releaseName }} -{{- end }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/servicemonitor.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/servicemonitor.yaml deleted file mode 100644 index 7deb8c5c..00000000 --- a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/servicemonitor.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{ $namespace := .Release.Namespace }} -{{ $appVersion := .Chart.AppVersion | quote }} -{{ $releaseService := .Release.Service }} -{{ $releaseName := .Release.Name }} - -{{- range $service := .Values.reconciler.services }} -{{- if $service.serviceMonitor.enabled }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ $service.name }}-monitor - namespace: {{ $service.serviceMonitor.namespace }} - labels: - app.kubernetes.io/version: {{ $appVersion }} - app.kubernetes.io/name: {{ $service.name }}-monitor - app.kubernetes.io/managed-by: {{ $releaseService }} - app.kubernetes.io/instance: {{ $releaseName }} - {{- if $service.serviceMonitor.labels }} - {{- toYaml $service.serviceMonitor.labels | nindent 4 }} - {{- end }} -spec: - endpoints: - - path: /api/_/metrics - targetPort: {{ $service.targetPort }} - {{- if $service.serviceMonitor.interval }} - interval: {{ $service.serviceMonitor.interval }} - {{- end }} - {{- if $service.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ $service.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ $namespace | quote }} - selector: - matchLabels: - app.kubernetes.io/name: {{ $service.name }} - app.kubernetes.io/instance: {{ $releaseName }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/vpa.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/vpa.yaml deleted file mode 100644 index acbdd880..00000000 --- a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/vpa.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.reconciler.vpa }} ---- -apiVersion: autoscaling.k8s.io/v1 -kind: VerticalPodAutoscaler -metadata: - name: {{ .Release.Name }}-reconciler-vpa - namespace: {{ .Release.Namespace }} -spec: - targetRef: - apiVersion: apps/v1 - kind: Deployment - name: reconciler - resourcePolicy: - containerPolicies: - - containerName: '*' - {{- if .Values.reconciler.vpa.minAllowed.enabled }} - minAllowed: - cpu: {{ .Values.reconciler.vpa.minAllowed.cpu }} - memory: {{ .Values.reconciler.vpa.minAllowed.memory }} - {{- end }} - {{- if .Values.reconciler.vpa.maxAllowed.enabled }} - maxAllowed: - cpu: {{ .Values.reconciler.vpa.maxAllowed.cpu }} - memory: {{ .Values.reconciler.vpa.maxAllowed.memory }} - {{- end }} - {{- if .Values.reconciler.vpa.controlledResources }} - controlledResources: - {{- range .Values.reconciler.vpa.controlledResources }} - - {{ . }} - {{- end }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/secret.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/secret.yaml new file mode 100644 index 00000000..d3bdbaaf --- /dev/null +++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/secret.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "freeleaps-devops-reconciler.fullname" . }}-secrets + labels: + {{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }} +type: Opaque +data: + # RabbitMQ credentials + rabbitmq-username: {{ .Values.secrets.rabbitmqCredentials.username | b64enc }} + rabbitmq-password: {{ .Values.secrets.rabbitmqCredentials.password | b64enc }} + + # Jenkins credentials + jenkins-username: {{ .Values.secrets.jenkinsCredentials.username | b64enc }} + jenkins-token: {{ .Values.secrets.jenkinsCredentials.token | b64enc }} + + # ArgoCD credentials + argocd-username: {{ .Values.secrets.argocdCredentials.username | b64enc }} + argocd-password: {{ .Values.secrets.argocdCredentials.password | b64enc }} + + # Default Git credentials + default-git-username: {{ .Values.secrets.defaultGitCredentials.username | b64enc }} + default-git-password: {{ .Values.secrets.defaultGitCredentials.password | b64enc }} + + # Default Docker Registry credentials + default-docker-registry-username: {{ .Values.secrets.defaultDockerRegistryCredentials.username | b64enc }} + default-docker-registry-password: {{ .Values.secrets.defaultDockerRegistryCredentials.password | b64enc }} + + # Docker Registry PAT credentials + docker-registry-pat-username: {{ .Values.secrets.dockerRegistryPat.username | b64enc }} + docker-registry-pat: {{ .Values.secrets.dockerRegistryPat.token | b64enc }} + + # Azure Key Vault credentials + azure-key-vault-endpoint: {{ .Values.secrets.azureKeyVault.endpoint | b64enc }} + azure-key-vault-client-id: {{ .Values.secrets.azureKeyVault.clientId | b64enc }} + azure-key-vault-client-secret: {{ .Values.secrets.azureKeyVault.clientSecret | b64enc }} + azure-key-vault-tenant-id: {{ .Values.secrets.azureKeyVault.tenantId | b64enc }} + azure-key-vault-resource-group: {{ .Values.secrets.azureKeyVault.resourceGroup | b64enc }} + azure-key-vault-subscription-id: {{ .Values.secrets.azureKeyVault.subscriptionId | b64enc }} + azure-key-vault-name: {{ .Values.secrets.azureKeyVault.name | b64enc }} + + # Azure DNS credentials + azure-dns-subscription-id: {{ .Values.secrets.azureDns.subscriptionId | b64enc }} + azure-dns-tenant-id: {{ .Values.secrets.azureDns.tenantId | b64enc }} + azure-dns-client-id: {{ .Values.secrets.azureDns.clientId | b64enc }} + azure-dns-client-secret: {{ .Values.secrets.azureDns.clientSecret | b64enc }} + azure-dns-resource-group: {{ .Values.secrets.azureDns.resourceGroup | b64enc }} + azure-dns-zone-name: {{ .Values.secrets.azureDns.zoneName | b64enc }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/service.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/service.yaml new file mode 100644 index 00000000..98b0fec7 --- /dev/null +++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "freeleaps-devops-reconciler.fullname" . }} + labels: + {{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} + protocol: TCP + name: http + {{- with .Values.service.additionalPorts }} + {{- toYaml . | nindent 4 }} + {{- end }} + selector: + {{- include "freeleaps-devops-reconciler.selectorLabels" . | nindent 4 }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/serviceaccount.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/serviceaccount.yaml new file mode 100644 index 00000000..244a8638 --- /dev/null +++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "freeleaps-devops-reconciler.serviceAccountName" . }} + labels: + {{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: true +{{- end }} \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/values.alpha.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/values.alpha.yaml index 361fd8c2..c9075b7f 100644 --- a/freeleaps-devops-reconciler/helm-pkg/reconciler/values.alpha.yaml +++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/values.alpha.yaml @@ -1,115 +1,227 @@ -global: - registry: docker.io - repository: freeleaps - nodeSelector: {} -logIngest: +# Default values for freeleaps-devops-reconciler +replicaCount: 1 + +image: + repository: freeleaps/reconciler + pullPolicy: IfNotPresent + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +# Operator Configuration +operator: + clusterwide: false + priority: 100 + peeringName: "freeleaps-devops-reconciler" + namespaces: + - "freeleaps-devops-system" + debug: false + +serviceAccount: + create: true + annotations: {} + name: "" + +rbac: + create: true + additionalRules: [] + +podAnnotations: {} + +podSecurityContext: + fsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + targetPort: 8080 + +ingress: enabled: false -reconciler: - replicas: 1 - image: - registry: docker.io - repository: null - name: reconciler - tag: snapshot-2a5bb92 - imagePullPolicy: IfNotPresent - ports: - - name: http - containerPort: 8080 - protocol: TCP - resources: - requests: - cpu: '0.1' - memory: 64Mi - limits: - cpu: '0.2' - memory: 128Mi - probes: {} - services: - - name: reconciler-service - type: ClusterIP - port: 8080 - targetPort: 8080 - serviceMonitor: - enabled: false - labels: - release: kube-prometheus-stack - namespace: freeleaps-monitoring-system - interval: 30s - scrapeTimeout: '' - ingresses: {} - configs: - debug: 'false' - k8sClusterDomain: kubernetes.default.svc.cluster.local - autoDiscoverK8sClusterDomainMaxRetries: 5 - rabbitmqHost: localhost - rabbitmqPort: 5672 - rabbitmqUsername: admin - rabbitmqPassword: admin - rabbitmqVhost: / - rabbitmqInputQueue: freeleaps.devops.reconciler.input - rabbitmqOutputQueue: freeleaps.devops.reconciler.output - rabbitmqEnableExchangeBinding: 'true' - rabbitmqInputExchange: freeleaps.notification.exchange - rabbitmqInputExchangeType: direct - rabbitmqInputRoutingKey: freeleaps.devops.reconciler.input - rabbitmqOutputExchange: freeleaps.notification.exchange - rabbitmqOutputRoutingKey: freeleaps.devops.reconciler.output - jenkinsEndpoint: http://localhost:8080 - jenkinsUsername: admin - jenkinsToken: admin - jenkinsApiTimeout: 30 - jenkinsFolderCreationRetryCount: 3 - argocdEndpoint: http://localhost:8080 - argocdUsername: admin - argocdPassword: admin - argocdApiTimeout: 30 - argocdResourceCreationTimeout: 30 - defaultGitUsername: admin - defaultGitPassword: admin - defaultRegistryUsername: admin - defaultRegistryPassword: admin - kubernetesApiTimeout: 30 - defaultHttpTimeout: 30 - allowHttpGitUrls: 'false' - logLevel: INFO - logFormat: text - operatorNamespace: freeleaps-devops-system - reconcileInterval: 30 - enableMockService: 'false' - mockServicePort: 5000 - devMode: 'false' - godaddyApiKey: '' - godaddyApiSecret: '' - godaddyBaseDomain: mathmast.com - domainTemplate: '{env}.{project_id}.mathmast.com' - ingressClassName: nginx - certManagerClusterIssuer: letsencrypt-prod - dnsCreationTimeout: 300 - certificateIssuanceTimeout: 600 - ingressReadyTimeout: 300 - networkResourceCleanupTimeout: 300 - networkResourceRetryCount: 3 - networkResourceRetryDelay: 30 - serviceApiAccessHost: 0.0.0.0 - serviceApiAccessPort: '8080' - mongodbName: '' - mongodbUri: '' - mongodbPort: '' - redisUrl: '' - redisIsCluster: 'false' - jwtSecretKey: '' - jwtAlgorithm: '' - metricsEnabled: 'false' - probesEnabled: 'false' - vpa: - minAllowed: - enabled: false - cpu: 100m - memory: 64Mi - maxAllowed: - enabled: true - cpu: 100m - memory: 256Mi - controlledResources: - - cpu - - memory + className: "" + annotations: {} + hosts: + - host: devops-reconciler.local + paths: + - path: / + pathType: Prefix + tls: [] + +resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + +nodeSelector: {} +tolerations: [] +affinity: {} + +# Environment Configuration +env: + # General Configuration + reconcilerDebug: "false" + defaultHttpTimeout: "30s" + k8sClusterDomain: "kubernetes.default.svc.freeleaps.cluster" + kubernetesApiTimeout: "30s" + autoDiscoverK8sClusterDomainMaxRetries: "5" + logLevel: "INFO" + logFormat: "text" + operatorNamespace: "freeleaps-devops-system" + reconcileInterval: "30s" + allowHttpGitUrls: "false" + + # RabbitMQ Configuration + rabbitmq: + host: "freeleaps-alpha-rabbitmq-cluster.freeleaps-alpha.svc.freeleaps.cluster" + port: "5672" + vhost: "/" + inputQueue: "freeleaps.devops.reconciler.input" + outputQueue: "freeleaps.devops.reconciler.output" + enableExchangeBinding: "true" + inputExchange: "freeleaps.notification.exchange" + inputExchangeType: "direct" + inputRoutingKey: "freeleaps.devops.reconciler.input" + outputExchange: "freeleaps.notification.exchange" + outputRoutingKey: "freeleaps.devops.reconciler.output" + + # Jenkins Configuration + jenkins: + endpoint: "http://jenkins.freeleaps-devops-system.svc.freeleaps.cluster:8080" + apiTimeout: "30" + folderCreationRetryCount: "3" + + # ArgoCD Configuration + argocd: + endpoint: "http://argocd-server.freeleaps-devops-system.svc.freeleaps.cluster:80" + apiTimeout: "30" + resourceCreationTimeout: "300" + + # Network Resource Management + networkResources: + domainTemplate: "{env}.{project_id}.internalmathmast.com" + ingressClassName: "nginx" + certManagerClusterIssuer: "internal-mathmast-com" + ingressControllerIp: "4.155.160.32" + dnsCreationTimeout: "300" + certificateIssuanceTimeout: "600" + ingressReadyTimeout: "300" + networkResourceCleanupTimeout: "300" + networkResourceRetryCount: "3" + networkResourceRetryDelay: "30" + +# Secret data +secrets: + # RabbitMQ credentials + rabbitmqCredentials: + username: "user" + password: "4O80YlxnlhHrjzaM" + + # Jenkins credentials + jenkinsCredentials: + username: "admin" + token: "119fe346a7d5e1fc7f9ed4d98eac3e73ee" + + # ArgoCD credentials + argocdCredentials: + username: "admin" + password: "ELvjjaHupgWomLj9" + + # Default Git credentials + defaultGitCredentials: + username: "freeleaps" + password: "r8sA8CPHD9!bt6d" + + # Default Docker Registry credentials + defaultDockerRegistryCredentials: + username: "freeleapsdevops" + password: "dckr_pat_y-KsBOwcEGTdCQDsAb-NBz9_beg" + + # Docker Registry PAT credentials + dockerRegistryPat: + username: "freeleapsdevops" + token: "dckr_pat_UHFbzDZk-gZSM2UhRgnmTCMis9g" + + # Azure Key Vault configuration + azureKeyVault: + endpoint: "https://freeleaps-secrets.vault.azure.net/" + clientId: "b6be5b92-25a8-482d-8dcd-7321bf2f83d9" + clientSecret: "4Nx8Q~fYFM~V~3otsN7YB4GPRQ0R8CHJ7XtpLcVA" + tenantId: "cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24" + subscriptionId: "0a280068-dec4-4bf0-9f04-65b64f412b50" + resourceGroup: "k8s" + name: "freeleaps-secrets" + + # Azure DNS configuration + azureDns: + subscriptionId: "0a280068-dec4-4bf0-9f04-65b64f412b50" + tenantId: "cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24" + clientId: "b6be5b92-25a8-482d-8dcd-7321bf2f83d9" + clientSecret: "4Nx8Q~fYFM~V~3otsN7YB4GPRQ0R8CHJ7XtpLcVA" + resourceGroup: "k8s" + zoneName: "internalmathmast.com" + +# Monitoring +monitoring: + serviceMonitor: + enabled: false + interval: 30s + scrapeTimeout: 10s + labels: {} + grafanaDashboard: + enabled: false + labels: {} + +# Health checks +healthcheck: + livenessProbe: + enabled: true + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + enabled: true + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 3 + +# Deployment strategy +strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + maxSurge: 1 + +# Network Policy +networkPolicy: + enabled: false + ingress: [] + egress: [] + +# CRDs Management +crds: + install: true + keep: true \ No newline at end of file diff --git a/freeleaps-devops-reconciler/helm-pkg/reconciler/values.yaml b/freeleaps-devops-reconciler/helm-pkg/reconciler/values.yaml index 8c1410c9..77111c46 100644 --- a/freeleaps-devops-reconciler/helm-pkg/reconciler/values.yaml +++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/values.yaml @@ -1,131 +1,227 @@ -global: - registry: docker.io - repository: freeleaps - nodeSelector: {} -logIngest: +# Default values for freeleaps-devops-reconciler +replicaCount: 1 + +image: + repository: freeleaps/reconciler + pullPolicy: IfNotPresent + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +# Operator Configuration +operator: + clusterwide: false + priority: 100 + peeringName: "freeleaps-devops-reconciler" + namespaces: + - "freeleaps-devops-system" + debug: false + +serviceAccount: + create: true + annotations: {} + name: "" + +rbac: + create: true + additionalRules: [] + +podAnnotations: {} + +podSecurityContext: + fsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + targetPort: 8080 + +ingress: enabled: false -reconciler: - replicas: 1 - image: - registry: - repository: freeleaps - name: reconciler - tag: 1.0.0 - imagePullPolicy: IfNotPresent - ports: - - name: http - containerPort: 8080 - protocol: TCP - resources: - requests: - cpu: "0.1" - memory: "64Mi" - limits: - cpu: "0.2" - memory: "128Mi" - # FIXME: Wait until the developers implements the probes APIs - probes: {} - services: - - name: reconciler-service - type: ClusterIP - port: 8080 - targetPort: 8080 - serviceMonitor: - enabled: false - labels: - release: kube-prometheus-stack - namespace: freeleaps-monitoring-system - interval: 30s - scrapeTimeout: "" - # Defaults to {}, which means doesn't have any ingress - ingresses: {} - configs: - # General - debug: "false" - k8sClusterDomain: "kubernetes.default.svc.cluster.local" - autoDiscoverK8sClusterDomainMaxRetries: 5 - # RabbitMQ - rabbitmqHost: "localhost" - rabbitmqPort: 5672 - rabbitmqUsername: "admin" - rabbitmqPassword: "admin" - rabbitmqVhost: "/" - rabbitmqInputQueue: "freeleaps.devops.reconciler.input" - rabbitmqOutputQueue: "freeleaps.devops.reconciler.output" - rabbitmqEnableExchangeBinding: "true" - rabbitmqInputExchange: "freeleaps.notification.exchange" - rabbitmqInputExchangeType: "direct" - rabbitmqInputRoutingKey: "freeleaps.devops.reconciler.input" - rabbitmqOutputExchange: "freeleaps.notification.exchange" - rabbitmqOutputRoutingKey: "freeleaps.devops.reconciler.output" - # Jenkins - jenkinsEndpoint: "http://localhost:8080" - jenkinsUsername: "admin" - jenkinsToken: "admin" - jenkinsApiTimeout: 30 - jenkinsFolderCreationRetryCount: 3 - # ArgoCD - argocdEndpoint: "http://localhost:8080" - argocdUsername: "admin" - argocdPassword: "admin" - argocdApiTimeout: 30 - argocdResourceCreationTimeout: 30 - # Default Credentials - defaultGitUsername: "admin" - defaultGitPassword: "admin" - defaultRegistryUsername: "admin" - defaultRegistryPassword: "admin" - # API Timeouts - kubernetesApiTimeout: 30 - defaultHttpTimeout: 30 - # Git - allowHttpGitUrls: "false" - # Advanced - logLevel: "INFO" - logFormat: "text" - operatorNamespace: "freeleaps-devops-system" - reconcileInterval: 30 - # Development - enableMockService: "false" - mockServicePort: 5000 - devMode: "false" - # Network Resource Management - godaddyApiKey: "" - godaddyApiSecret: "" - godaddyBaseDomain: "mathmast.com" - domainTemplate: "{env}.{project_id}.mathmast.com" + className: "" + annotations: {} + hosts: + - host: devops-reconciler.local + paths: + - path: / + pathType: Prefix + tls: [] + +resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + +nodeSelector: {} +tolerations: [] +affinity: {} + +# Environment Configuration +env: + # General Configuration + reconcilerDebug: "false" + defaultHttpTimeout: "30s" + k8sClusterDomain: "cluster.local" + kubernetesApiTimeout: "30s" + autoDiscoverK8sClusterDomainMaxRetries: "5" + logLevel: "INFO" + logFormat: "text" + operatorNamespace: "freeleaps-devops-system" + reconcileInterval: "30s" + allowHttpGitUrls: "false" + + # RabbitMQ Configuration + rabbitmq: + host: "localhost" + port: "5672" + vhost: "/" + inputQueue: "freeleaps.devops.reconciler.input" + outputQueue: "freeleaps.devops.reconciler.output" + enableExchangeBinding: "true" + inputExchange: "freeleaps.notification.exchange" + inputExchangeType: "direct" + inputRoutingKey: "freeleaps.devops.reconciler.input" + outputExchange: "freeleaps.notification.exchange" + outputRoutingKey: "freeleaps.devops.reconciler.output" + + # Jenkins Configuration + jenkins: + endpoint: "http://localhost:8080" + apiTimeout: "30s" + folderCreationRetryCount: "3" + + # ArgoCD Configuration + argocd: + endpoint: "http://localhost:8080" + apiTimeout: "30s" + resourceCreationTimeout: "300s" + + # Network Resource Management + networkResources: + domainTemplate: "{env}.{project_id}.example.com" ingressClassName: "nginx" certManagerClusterIssuer: "letsencrypt-prod" - dnsCreationTimeout: 300 - certificateIssuanceTimeout: 600 - ingressReadyTimeout: 300 - networkResourceCleanupTimeout: 300 - networkResourceRetryCount: 3 - networkResourceRetryDelay: 30 - # Service - serviceApiAccessHost: "0.0.0.0" - serviceApiAccessPort: "8080" - # MongoDB/Redis (add if needed) - mongodbName: "" - mongodbUri: "" - mongodbPort: "" - redisUrl: "" - redisIsCluster: "false" - # JWT - jwtSecretKey: "" - jwtAlgorithm: "" - # Metrics/Probes - metricsEnabled: "false" - probesEnabled: "false" - vpa: - minAllowed: - enabled: false - cpu: "0.1" - memory: "64Mi" - maxAllowed: - enabled: true - cpu: "0.2" - memory: "128Mi" - controlledResources: - - cpu - - memory \ No newline at end of file + ingressControllerIp: "127.0.0.1" + dnsCreationTimeout: "300s" + certificateIssuanceTimeout: "600s" + ingressReadyTimeout: "300s" + networkResourceCleanupTimeout: "300s" + networkResourceRetryCount: "3" + networkResourceRetryDelay: "30s" + +# Secret data +secrets: + # RabbitMQ credentials + rabbitmqCredentials: + username: "admin" + password: "changeme" + + # Jenkins credentials + jenkinsCredentials: + username: "admin" + token: "changeme" + + # ArgoCD credentials + argocdCredentials: + username: "admin" + password: "changeme" + + # Default Git credentials + defaultGitCredentials: + username: "git-user" + password: "changeme" + + # Default Docker Registry credentials + defaultDockerRegistryCredentials: + username: "registry-user" + password: "changeme" + + # Docker Registry PAT credentials + dockerRegistryPat: + username: "pat-user" + token: "changeme" + + # Azure Key Vault configuration + azureKeyVault: + endpoint: "https://your-keyvault.vault.azure.net/" + clientId: "your-client-id" + clientSecret: "changeme" + tenantId: "your-tenant-id" + subscriptionId: "your-subscription-id" + resourceGroup: "your-resource-group" + name: "your-keyvault-name" + + # Azure DNS configuration + azureDns: + subscriptionId: "your-subscription-id" + tenantId: "your-tenant-id" + clientId: "your-client-id" + clientSecret: "changeme" + resourceGroup: "your-resource-group" + zoneName: "your-zone.com" + +# Monitoring +monitoring: + serviceMonitor: + enabled: false + interval: 30s + scrapeTimeout: 10s + labels: {} + grafanaDashboard: + enabled: false + labels: {} + +# Health checks +healthcheck: + livenessProbe: + enabled: true + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + enabled: true + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 3 + +# Deployment strategy +strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + maxSurge: 1 + +# Network Policy +networkPolicy: + enabled: false + ingress: [] + egress: [] + +# CRDs Management +crds: + install: true + keep: true \ No newline at end of file