icecheng/freeleaps-ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(k8s): add Jenkins certificate and Azure Blob Storage configuration

Browse Source 
Signed-off-by: 孙振宇 <>
This commit is contained in:
孙振宇 2025-01-16 17:00:31 +08:00
parent 481b9ccf95
commit b91d2192ba
8 changed files with 1721 additions and 535 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

551
cluster/manifests/freeleaps-devops-system/argo-cd/values.yaml
View File

@ -606,10 +606,10 @@ server:
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
certificate: certificate:
# -- Deploy a Certificate resource (requires cert-manager) # -- Deploy a Certificate resource (requires cert-manager)
enabled: false enabled: true
# -- Certificate primary domain (commonName) # -- Certificate primary domain (commonName)
# @default -- `""` (defaults to global.domain) # @default -- `""` (defaults to global.domain)
domain: "" domain: "argo.mathmast.com"
# -- Certificate Subject Alternate Names (SANs) # -- Certificate Subject Alternate Names (SANs)
additionalHosts: [] additionalHosts: []
# -- The requested 'duration' (i.e. lifetime) of the certificate. # -- The requested 'duration' (i.e. lifetime) of the certificate.
@ -624,11 +624,11 @@ server:
## Ref: https://cert-manager.io/docs/concepts/issuer ## Ref: https://cert-manager.io/docs/concepts/issuer
issuer: issuer:
# -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` # -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
group: "" group: "cert-manager.io"
# -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer` # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
kind: "" kind: "ClusterIssuer"
# -- Certificate issuer name. Eg. `letsencrypt` # -- Certificate issuer name. Eg. `letsencrypt`
name: "" name: "mathmast-dot-com"
# Private key of the certificate # Private key of the certificate
privateKey: privateKey:
# -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` # -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always`
@ -703,7 +703,7 @@ server:
## Server metrics service configuration ## Server metrics service configuration
metrics: metrics:
# -- Deploy metrics service # -- Deploy metrics service
enabled: false enabled: true
service: service:
# -- Metrics service type # -- Metrics service type
type: ClusterIP type: ClusterIP
@ -719,7 +719,7 @@ server:
portName: http-metrics portName: http-metrics
serviceMonitor: serviceMonitor:
# -- Enable a prometheus ServiceMonitor # -- Enable a prometheus ServiceMonitor
enabled: false enabled: true
# -- Prometheus ServiceMonitor interval # -- Prometheus ServiceMonitor interval
interval: 30s interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
@ -739,7 +739,7 @@ server:
# -- Prometheus ServiceMonitor tlsConfig # -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {} tlsConfig: {}
# -- Prometheus ServiceMonitor namespace # -- Prometheus ServiceMonitor namespace
namespace: "" # monitoring namespace: "freeleaps-monitoring-system" # monitoring
# -- Prometheus ServiceMonitor labels # -- Prometheus ServiceMonitor labels
additionalLabels: {} additionalLabels: {}
# -- Prometheus ServiceMonitor annotations # -- Prometheus ServiceMonitor annotations
@ -763,7 +763,7 @@ server:
# Argo CD server ingress configuration # Argo CD server ingress configuration
ingress: ingress:
# -- Enable an ingress resource for the Argo CD server # -- Enable an ingress resource for the Argo CD server
enabled: false enabled: true
# -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke` # -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke`
## Additional configuration might be required in related configuration sections ## Additional configuration might be required in related configuration sections
controller: generic controller: generic
@ -776,11 +776,11 @@ server:
# nginx.ingress.kubernetes.io/ssl-passthrough: "true" # nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# -- Defines which ingress controller will implement the resource # -- Defines which ingress controller will implement the resource
ingressClassName: "" ingressClassName: "nginx"
# -- Argo CD server hostname # -- Argo CD server hostname
# @default -- `""` (defaults to global.domain) # @default -- `""` (defaults to global.domain)
hostname: "" hostname: "argo.mathmast.com"
# -- The path to Argo CD server # -- The path to Argo CD server
path: / path: /
@ -791,7 +791,7 @@ server:
# -- Enable TLS configuration for the hostname defined at `server.ingress.hostname` # -- Enable TLS configuration for the hostname defined at `server.ingress.hostname`
## TLS certificate will be retrieved from a TLS secret `argocd-server-tls` ## TLS certificate will be retrieved from a TLS secret `argocd-server-tls`
## You can create this secret via `certificate` or `certificateSecret` option ## You can create this secret via `certificate` or `certificateSecret` option
tls: false tls: true
# -- The list of additional hostnames to be covered by ingress record # -- The list of additional hostnames to be covered by ingress record
# @default -- `[]` (See [values.yaml]) # @default -- `[]` (See [values.yaml])
@ -1280,7 +1280,7 @@ repoServer:
## Repo server metrics service configuration ## Repo server metrics service configuration
metrics: metrics:
# -- Deploy metrics service # -- Deploy metrics service
enabled: false enabled: true
service: service:
# -- Metrics service type # -- Metrics service type
type: ClusterIP type: ClusterIP
@ -1296,7 +1296,7 @@ repoServer:
portName: http-metrics portName: http-metrics
serviceMonitor: serviceMonitor:
# -- Enable a prometheus ServiceMonitor # -- Enable a prometheus ServiceMonitor
enabled: false enabled: true
# -- Prometheus ServiceMonitor interval # -- Prometheus ServiceMonitor interval
interval: 30s interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
@ -1316,7 +1316,7 @@ repoServer:
# -- Prometheus ServiceMonitor tlsConfig # -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {} tlsConfig: {}
# -- Prometheus ServiceMonitor namespace # -- Prometheus ServiceMonitor namespace
namespace: "" # "monitoring" namespace: "freeleaps-monitoring-system" # "monitoring"
# -- Prometheus ServiceMonitor labels # -- Prometheus ServiceMonitor labels
additionalLabels: {} additionalLabels: {}
# -- Prometheus ServiceMonitor annotations # -- Prometheus ServiceMonitor annotations
@ -1443,7 +1443,7 @@ applicationSet:
## Metrics service configuration ## Metrics service configuration
metrics: metrics:
# -- Deploy metrics service # -- Deploy metrics service
enabled: false enabled: true
service: service:
# -- Metrics service type # -- Metrics service type
type: ClusterIP type: ClusterIP
@ -1459,7 +1459,7 @@ applicationSet:
portName: http-metrics portName: http-metrics
serviceMonitor: serviceMonitor:
# -- Enable a prometheus ServiceMonitor # -- Enable a prometheus ServiceMonitor
enabled: false enabled: true
# -- Prometheus ServiceMonitor interval # -- Prometheus ServiceMonitor interval
interval: 30s interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
@ -1479,7 +1479,7 @@ applicationSet:
# -- Prometheus ServiceMonitor tlsConfig # -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {} tlsConfig: {}
# -- Prometheus ServiceMonitor namespace # -- Prometheus ServiceMonitor namespace
namespace: "" # monitoring namespace: "freeleaps-monitoring-system" # monitoring
# -- Prometheus ServiceMonitor labels # -- Prometheus ServiceMonitor labels
additionalLabels: {} additionalLabels: {}
# -- Prometheus ServiceMonitor annotations # -- Prometheus ServiceMonitor annotations
@ -1561,7 +1561,7 @@ applicationSet:
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
readinessProbe: readinessProbe:
# -- Enable Kubernetes liveness probe for ApplicationSet controller # -- Enable Kubernetes liveness probe for ApplicationSet controller
enabled: false enabled: true
# -- Number of seconds after the container has started before [probe] is initiated # -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10 initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe] # -- How often (in seconds) to perform the [probe]
@ -1575,7 +1575,7 @@ applicationSet:
livenessProbe: livenessProbe:
# -- Enable Kubernetes liveness probe for ApplicationSet controller # -- Enable Kubernetes liveness probe for ApplicationSet controller
enabled: false enabled: true
# -- Number of seconds after the container has started before [probe] is initiated # -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10 initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe] # -- How often (in seconds) to perform the [probe]
@ -1849,7 +1849,7 @@ notifications:
metrics: metrics:
# -- Enables prometheus metrics server # -- Enables prometheus metrics server
enabled: false enabled: true
# -- Metrics port # -- Metrics port
port: 9001 port: 9001
service: service:
@ -1865,7 +1865,7 @@ notifications:
portName: http-metrics portName: http-metrics
serviceMonitor: serviceMonitor:
# -- Enable a prometheus ServiceMonitor # -- Enable a prometheus ServiceMonitor
enabled: false enabled: true
# -- Prometheus ServiceMonitor selector # -- Prometheus ServiceMonitor selector
selector: {} selector: {}
# prometheus: kube-prometheus # prometheus: kube-prometheus
@ -1873,7 +1873,7 @@ notifications:
additionalLabels: {} additionalLabels: {}
# -- Prometheus ServiceMonitor annotations # -- Prometheus ServiceMonitor annotations
annotations: {} annotations: {}
# namespace: monitoring namespace: freeleaps-monitoring-system
# interval: 30s # interval: 30s
# scrapeTimeout: 10s # scrapeTimeout: 10s
# -- Prometheus ServiceMonitor scheme # -- Prometheus ServiceMonitor scheme
@ -1890,7 +1890,10 @@ notifications:
# -- Configures notification services such as slack, email or custom webhook # -- Configures notification services such as slack, email or custom webhook
# @default -- See [values.yaml] # @default -- See [values.yaml]
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/ ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
notifiers: {} notifiers:
service.teams: |
recipientUrls:
freeleaps-teams: https://netorgft10898514.webhook.office.com/webhookb2/302556e5-c211-4f38-b482-2062d104c679@cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24/IncomingWebhook/4257b37399044f0d8b1ad41653b0c415/f821920b-1659-40c2-a4b4-4730089b7134
# service.slack: | # service.slack: |
# token: $slack-token # token: $slack-token
@ -1938,7 +1941,7 @@ notifications:
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
readinessProbe: readinessProbe:
# -- Enable Kubernetes liveness probe for notifications controller Pods # -- Enable Kubernetes liveness probe for notifications controller Pods
enabled: false enabled: true
# -- Number of seconds after the container has started before [probe] is initiated # -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10 initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe] # -- How often (in seconds) to perform the [probe]
@ -1952,7 +1955,7 @@ notifications:
livenessProbe: livenessProbe:
# -- Enable Kubernetes liveness probe for notifications controller Pods # -- Enable Kubernetes liveness probe for notifications controller Pods
enabled: false enabled: true
# -- Number of seconds after the container has started before [probe] is initiated # -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10 initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe] # -- How often (in seconds) to perform the [probe]
@ -2039,256 +2042,256 @@ notifications:
# -- The notification template is used to generate the notification content # -- The notification template is used to generate the notification content
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/ ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/
templates: {} templates:
# template.app-deployed: | template.app-deployed: |
# email: email:
# subject: New version of an application {{.app.metadata.name}} is up and running. subject: New version of an application {{.app.metadata.name}} is up and running.
# message: | message: |
# {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests. {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests.
# slack: slack:
# attachments: | attachments: |
# [{ [{
# "title": "{{ .app.metadata.name}}", "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#18be52", "color": "#18be52",
# "fields": [ "fields": [
# { {
# "title": "Sync Status", "title": "Sync Status",
# "value": "{{.app.status.sync.status}}", "value": "{{.app.status.sync.status}}",
# "short": true "short": true
# }, },
# { {
# "title": "Repository", "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}", "value": "{{.app.spec.source.repoURL}}",
# "short": true "short": true
# }, },
# { {
# "title": "Revision", "title": "Revision",
# "value": "{{.app.status.sync.revision}}", "value": "{{.app.status.sync.revision}}",
# "short": true "short": true
# } }
# {{range $index, $c := .app.status.conditions}} {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}} {{if not $index}},{{end}}
# {{if $index}},{{end}} {{if $index}},{{end}}
# { {
# "title": "{{$c.type}}", "title": "{{$c.type}}",
# "value": "{{$c.message}}", "value": "{{$c.message}}",
# "short": true "short": true
# } }
# {{end}} {{end}}
# ] ]
# }] }]
# template.app-health-degraded: | template.app-health-degraded: |
# email: email:
# subject: Application {{.app.metadata.name}} has degraded. subject: Application {{.app.metadata.name}} has degraded.
# message: | message: |
# {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded. {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded.
# Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
# slack: slack:
# attachments: |- attachments: |-
# [{ [{
# "title": "{{ .app.metadata.name}}", "title": "{{ .app.metadata.name}}",
# "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#f4c030", "color": "#f4c030",
# "fields": [ "fields": [
# { {
# "title": "Sync Status", "title": "Sync Status",
# "value": "{{.app.status.sync.status}}", "value": "{{.app.status.sync.status}}",
# "short": true "short": true
# }, },
# { {
# "title": "Repository", "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}", "value": "{{.app.spec.source.repoURL}}",
# "short": true "short": true
# } }
# {{range $index, $c := .app.status.conditions}} {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}} {{if not $index}},{{end}}
# {{if $index}},{{end}} {{if $index}},{{end}}
# { {
# "title": "{{$c.type}}", "title": "{{$c.type}}",
# "value": "{{$c.message}}", "value": "{{$c.message}}",
# "short": true "short": true
# } }
# {{end}} {{end}}
# ] ]
# }] }]
# template.app-sync-failed: | template.app-sync-failed: |
# email: email:
# subject: Failed to sync application {{.app.metadata.name}}. subject: Failed to sync application {{.app.metadata.name}}.
# message: | message: |
# {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}} {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}}
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
# slack: slack:
# attachments: |- attachments: |-
# [{ [{
# "title": "{{ .app.metadata.name}}", "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#E96D76", "color": "#E96D76",
# "fields": [ "fields": [
# { {
# "title": "Sync Status", "title": "Sync Status",
# "value": "{{.app.status.sync.status}}", "value": "{{.app.status.sync.status}}",
# "short": true "short": true
# }, },
# { {
# "title": "Repository", "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}", "value": "{{.app.spec.source.repoURL}}",
# "short": true "short": true
# } }
# {{range $index, $c := .app.status.conditions}} {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}} {{if not $index}},{{end}}
# {{if $index}},{{end}} {{if $index}},{{end}}
# { {
# "title": "{{$c.type}}", "title": "{{$c.type}}",
# "value": "{{$c.message}}", "value": "{{$c.message}}",
# "short": true "short": true
# } }
# {{end}} {{end}}
# ] ]
# }] }]
# template.app-sync-running: | template.app-sync-running: |
# email: email:
# subject: Start syncing application {{.app.metadata.name}}. subject: Start syncing application {{.app.metadata.name}}.
# message: | message: |
# The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}. The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}.
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
# slack: slack:
# attachments: |- attachments: |-
# [{ [{
# "title": "{{ .app.metadata.name}}", "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#0DADEA", "color": "#0DADEA",
# "fields": [ "fields": [
# { {
# "title": "Sync Status", "title": "Sync Status",
# "value": "{{.app.status.sync.status}}", "value": "{{.app.status.sync.status}}",
# "short": true "short": true
# }, },
# { {
# "title": "Repository", "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}", "value": "{{.app.spec.source.repoURL}}",
# "short": true "short": true
# } }
# {{range $index, $c := .app.status.conditions}} {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}} {{if not $index}},{{end}}
# {{if $index}},{{end}} {{if $index}},{{end}}
# { {
# "title": "{{$c.type}}", "title": "{{$c.type}}",
# "value": "{{$c.message}}", "value": "{{$c.message}}",
# "short": true "short": true
# } }
# {{end}} {{end}}
# ] ]
# }] }]
# template.app-sync-status-unknown: | template.app-sync-status-unknown: |
# email: email:
# subject: Application {{.app.metadata.name}} sync status is 'Unknown' subject: Application {{.app.metadata.name}} sync status is 'Unknown'
# message: | message: |
# {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'. {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'.
# Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
# {{if ne .serviceType "slack"}} {{if ne .serviceType "slack"}}
# {{range $c := .app.status.conditions}} {{range $c := .app.status.conditions}}
# * {{$c.message}} * {{$c.message}}
# {{end}} {{end}}
# {{end}} {{end}}
# slack: slack:
# attachments: |- attachments: |-
# [{ [{
# "title": "{{ .app.metadata.name}}", "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#E96D76", "color": "#E96D76",
# "fields": [ "fields": [
# { {
# "title": "Sync Status", "title": "Sync Status",
# "value": "{{.app.status.sync.status}}", "value": "{{.app.status.sync.status}}",
# "short": true "short": true
# }, },
# { {
# "title": "Repository", "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}", "value": "{{.app.spec.source.repoURL}}",
# "short": true "short": true
# } }
# {{range $index, $c := .app.status.conditions}} {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}} {{if not $index}},{{end}}
# {{if $index}},{{end}} {{if $index}},{{end}}
# { {
# "title": "{{$c.type}}", "title": "{{$c.type}}",
# "value": "{{$c.message}}", "value": "{{$c.message}}",
# "short": true "short": true
# } }
# {{end}} {{end}}
# ] ]
# }] }]
# template.app-sync-succeeded: | template.app-sync-succeeded: |
# email: email:
# subject: Application {{.app.metadata.name}} has been successfully synced. subject: Application {{.app.metadata.name}} has been successfully synced.
# message: | message: |
# {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}. {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}.
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
# slack: slack:
# attachments: |- attachments: |-
# [{ [{
# "title": "{{ .app.metadata.name}}", "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#18be52", "color": "#18be52",
# "fields": [ "fields": [
# { {
# "title": "Sync Status", "title": "Sync Status",
# "value": "{{.app.status.sync.status}}", "value": "{{.app.status.sync.status}}",
# "short": true "short": true
# }, },
# { {
# "title": "Repository", "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}", "value": "{{.app.spec.source.repoURL}}",
# "short": true "short": true
# } }
# {{range $index, $c := .app.status.conditions}} {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}} {{if not $index}},{{end}}
# {{if $index}},{{end}} {{if $index}},{{end}}
# { {
# "title": "{{$c.type}}", "title": "{{$c.type}}",
# "value": "{{$c.message}}", "value": "{{$c.message}}",
# "short": true "short": true
# } }
# {{end}} {{end}}
# ] ]
# }] }]
# -- The trigger defines the condition when the notification should be sent # -- The trigger defines the condition when the notification should be sent
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/ ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/
triggers: {} triggers:
# trigger.on-deployed: | trigger.on-deployed: |
# - description: Application is synced and healthy. Triggered once per commit. - description: Application is synced and healthy. Triggered once per commit.
# oncePer: app.status.sync.revision oncePer: app.status.sync.revision
# send: send:
# - app-deployed - app-deployed
# when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy' when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
# trigger.on-health-degraded: | trigger.on-health-degraded: |
# - description: Application has degraded - description: Application has degraded
# send: send:
# - app-health-degraded - app-health-degraded
# when: app.status.health.status == 'Degraded' when: app.status.health.status == 'Degraded'
# trigger.on-sync-failed: | trigger.on-sync-failed: |
# - description: Application syncing has failed - description: Application syncing has failed
# send: send:
# - app-sync-failed - app-sync-failed
# when: app.status.operationState.phase in ['Error', 'Failed'] when: app.status.operationState.phase in ['Error', 'Failed']
# trigger.on-sync-running: | trigger.on-sync-running: |
# - description: Application is being synced - description: Application is being synced
# send: send:
# - app-sync-running - app-sync-running
# when: app.status.operationState.phase in ['Running'] when: app.status.operationState.phase in ['Running']
# trigger.on-sync-status-unknown: | trigger.on-sync-status-unknown: |
# - description: Application status is 'Unknown' - description: Application status is 'Unknown'
# send: send:
# - app-sync-status-unknown - app-sync-status-unknown
# when: app.status.sync.status == 'Unknown' when: app.status.sync.status == 'Unknown'
# trigger.on-sync-succeeded: | trigger.on-sync-succeeded: |
# - description: Application syncing has succeeded - description: Application syncing has succeeded
# send: send:
# - app-sync-succeeded - app-sync-succeeded
# when: app.status.operationState.phase in ['Succeeded'] when: app.status.operationState.phase in ['Succeeded']
# #
# For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers
# defaultTriggers: | defaultTriggers: |
# - on-sync-status-unknown - on-sync-status-unknown

0
cluster/manifests/freeleaps-devops-system/jenkins/.gitkeep
View File

13
cluster/manifests/freeleaps-devops-system/jenkins/certificate.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: jenkins-dot-mathmast-dot-com
namespace: freeleaps-devops-system
spec:
commonName: jenkins.mathmast.com
dnsNames:
- jenkins.mathmast.com
issuerRef:
kind: ClusterIssuer
name: mathmast-dot-com
secretName: jenkins-dot-mathmast-dot-com-tls

14
cluster/manifests/freeleaps-devops-system/jenkins/pv.yaml
View File

@ -1,14 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: jenkins-pv
namespace: freeleaps-devops-system
spec:
storageClassName: freeleaps-node-local
accessModes:
- ReadWriteOnce
capacity:
storage: 20Gi
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /mnt/data/jenkins

1374
cluster/manifests/freeleaps-devops-system/jenkins/values.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

262
cluster/manifests/freeleaps-storage-system/azure-blob-storage-csi/storage-classes.yaml
View File

@ -1,3 +1,12 @@
apiVersion: v1
kind: Secret
metadata:
name: freeleaps-azure-blob-storage-secret
namespace: freeleaps-storage-system
type: Opaque
data:
azurestorageaccountname: ZnJlZWxlYXBz
azurestorageaccountkey: bWE3dmxQdktySmtFVS9vRENFRjNDYkNJWkQzMUlOb0R5a214Y0NoYnpoR25oMWxhVGpsRkxUclVhdG5odXdveS9Dc3g5L1Vwa0VjZStBU3Rab08rL0E9PQ==
--- ---
apiVersion: storage.k8s.io/v1 apiVersion: storage.k8s.io/v1
kind: StorageClass kind: StorageClass
@ -5,254 +14,13 @@ metadata:
name: azure-blob-fuse-2-std-lrs name: azure-blob-fuse-2-std-lrs
provisioner: blob.csi.azure.com provisioner: blob.csi.azure.com
parameters: parameters:
skuName: Standard_LRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS skuName: Standard_LRS
protocol: fuse2 protocol: fuse2
reclaimPolicy: Delete location: westus2
volumeBindingMode: Immediate resourceGroup: k8s
allowVolumeExpansion: true containerNamePrefix: fs-storage-sys-
mountOptions: secretName: freeleaps-azure-blob-storage-secret
- -o allow_other secretNamespace: freeleaps-storage-system
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-fuse-2-premium-lrs
provisioner: blob.csi.azure.com
parameters:
skuName: Premium_LRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
protocol: fuse2
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-fuse-2-standard-grs
provisioner: blob.csi.azure.com
parameters:
skuName: Standard_GRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
protocol: fuse2
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-fuse-2-standard-ragrs
provisioner: blob.csi.azure.com
parameters:
skuName: Standard_RAGRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
protocol: fuse2
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-fuse-2-standard-zrs
provisioner: blob.csi.azure.com
parameters:
skuName: Standard_ZRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
protocol: fuse2
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-fuse-2-premium-zrs
provisioner: blob.csi.azure.com
parameters:
skuName: Premium_ZRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
protocol: fuse2
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-nfs
provisioner: blob.csi.azure.com
parameters:
protocol: nfs
volumeBindingMode: Immediate
allowVolumeExpansion: true
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-std-lrs
provisioner: blob.csi.azure.com
parameters:
skuName: Premium_LRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-premium-lrs
provisioner: blob.csi.azure.com
parameters:
skuName: Premium_LRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-standard-grs
provisioner: blob.csi.azure.com
parameters:
skuName: Standard_GRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-standard-ragrs
provisioner: blob.csi.azure.com
parameters:
skuName: Standard_RAGRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-standard-zrs
provisioner: blob.csi.azure.com
parameters:
skuName: Standard_ZRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-premium-zrs
provisioner: blob.csi.azure.com
parameters:
skuName: Premium_ZRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
reclaimPolicy: Delete reclaimPolicy: Delete
volumeBindingMode: Immediate volumeBindingMode: Immediate
allowVolumeExpansion: true allowVolumeExpansion: true

42
cluster/manifests/freeleaps-storage-system/azure-blob-storage-csi/tests/test-statefulsets.yaml Normal file
View File

@ -0,0 +1,42 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: statefulset-blob
labels:
app: nginx
spec:
serviceName: statefulset-blob
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
nodeSelector:
"kubernetes.io/os": linux
containers:
- name: statefulset-blob
image: mcr.microsoft.com/mirror/docker/library/nginx:1.23
command:
- "/bin/bash"
- "-c"
- set -euo pipefail; while true; do echo $(date) >> /mnt/blob/outfile; sleep 1; done
volumeMounts:
- name: persistent-storage
mountPath: /mnt/blob
readOnly: false
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: nginx
volumeClaimTemplates:
- metadata:
name: persistent-storage
spec:
storageClassName: azure-blob-fuse-2-std-lrs
accessModes: ["ReadWriteMany"]
resources:
requests:
storage: 1Gi

0
first-class-pipeline/.gitkeep
View File