icecheng/freeleaps-ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(k8s): add Jenkins certificate and Azure Blob Storage configuration

Browse Source 
Signed-off-by: 孙振宇 <>
This commit is contained in:
孙振宇 2025-01-16 17:00:31 +08:00
parent 481b9ccf95
commit b91d2192ba
8 changed files with 1721 additions and 535 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

551
cluster/manifests/freeleaps-devops-system/argo-cd/values.yaml
View File

@ -606,10 +606,10 @@ server:
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
certificate:
# -- Deploy a Certificate resource (requires cert-manager)
enabled: false
enabled: true
# -- Certificate primary domain (commonName)
# @default -- `""` (defaults to global.domain)
domain: ""
domain: "argo.mathmast.com"
# -- Certificate Subject Alternate Names (SANs)
additionalHosts: []
# -- The requested 'duration' (i.e. lifetime) of the certificate.
@ -624,11 +624,11 @@ server:
## Ref: https://cert-manager.io/docs/concepts/issuer
issuer:
# -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
group: ""
group: "cert-manager.io"
# -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
kind: ""
kind: "ClusterIssuer"
# -- Certificate issuer name. Eg. `letsencrypt`
name: ""
name: "mathmast-dot-com"
# Private key of the certificate
privateKey:
# -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always`
@ -703,7 +703,7 @@ server:
## Server metrics service configuration
metrics:
# -- Deploy metrics service
enabled: false
enabled: true
service:
# -- Metrics service type
type: ClusterIP
@ -719,7 +719,7 @@ server:
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: false
enabled: true
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
@ -739,7 +739,7 @@ server:
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {}
# -- Prometheus ServiceMonitor namespace
namespace: "" # monitoring
namespace: "freeleaps-monitoring-system" # monitoring
# -- Prometheus ServiceMonitor labels
additionalLabels: {}
# -- Prometheus ServiceMonitor annotations
@ -763,7 +763,7 @@ server:
# Argo CD server ingress configuration
ingress:
# -- Enable an ingress resource for the Argo CD server
enabled: false
enabled: true
# -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke`
## Additional configuration might be required in related configuration sections
controller: generic
@ -776,11 +776,11 @@ server:
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# -- Defines which ingress controller will implement the resource
ingressClassName: ""
ingressClassName: "nginx"
# -- Argo CD server hostname
# @default -- `""` (defaults to global.domain)
hostname: ""
hostname: "argo.mathmast.com"
# -- The path to Argo CD server
path: /
@ -791,7 +791,7 @@ server:
# -- Enable TLS configuration for the hostname defined at `server.ingress.hostname`
## TLS certificate will be retrieved from a TLS secret `argocd-server-tls`
## You can create this secret via `certificate` or `certificateSecret` option
tls: false
tls: true
# -- The list of additional hostnames to be covered by ingress record
# @default -- `[]` (See [values.yaml])
@ -1280,7 +1280,7 @@ repoServer:
## Repo server metrics service configuration
metrics:
# -- Deploy metrics service
enabled: false
enabled: true
service:
# -- Metrics service type
type: ClusterIP
@ -1296,7 +1296,7 @@ repoServer:
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: false
enabled: true
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
@ -1316,7 +1316,7 @@ repoServer:
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {}
# -- Prometheus ServiceMonitor namespace
namespace: "" # "monitoring"
namespace: "freeleaps-monitoring-system" # "monitoring"
# -- Prometheus ServiceMonitor labels
additionalLabels: {}
# -- Prometheus ServiceMonitor annotations
@ -1443,7 +1443,7 @@ applicationSet:
## Metrics service configuration
metrics:
# -- Deploy metrics service
enabled: false
enabled: true
service:
# -- Metrics service type
type: ClusterIP
@ -1459,7 +1459,7 @@ applicationSet:
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: false
enabled: true
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
@ -1479,7 +1479,7 @@ applicationSet:
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {}
# -- Prometheus ServiceMonitor namespace
namespace: "" # monitoring
namespace: "freeleaps-monitoring-system" # monitoring
# -- Prometheus ServiceMonitor labels
additionalLabels: {}
# -- Prometheus ServiceMonitor annotations
@ -1561,7 +1561,7 @@ applicationSet:
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for ApplicationSet controller
enabled: false
enabled: true
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
@ -1575,7 +1575,7 @@ applicationSet:
livenessProbe:
# -- Enable Kubernetes liveness probe for ApplicationSet controller
enabled: false
enabled: true
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
@ -1849,7 +1849,7 @@ notifications:
metrics:
# -- Enables prometheus metrics server
enabled: false
enabled: true
# -- Metrics port
port: 9001
service:
@ -1865,7 +1865,7 @@ notifications:
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: false
enabled: true
# -- Prometheus ServiceMonitor selector
selector: {}
# prometheus: kube-prometheus
@ -1873,7 +1873,7 @@ notifications:
additionalLabels: {}
# -- Prometheus ServiceMonitor annotations
annotations: {}
# namespace: monitoring
namespace: freeleaps-monitoring-system
# interval: 30s
# scrapeTimeout: 10s
# -- Prometheus ServiceMonitor scheme
@ -1890,7 +1890,10 @@ notifications:
# -- Configures notification services such as slack, email or custom webhook
# @default -- See [values.yaml]
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
notifiers: {}
notifiers:
service.teams: |
recipientUrls:
freeleaps-teams: https://netorgft10898514.webhook.office.com/webhookb2/302556e5-c211-4f38-b482-2062d104c679@cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24/IncomingWebhook/4257b37399044f0d8b1ad41653b0c415/f821920b-1659-40c2-a4b4-4730089b7134
# service.slack: |
# token: $slack-token
@ -1938,7 +1941,7 @@ notifications:
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for notifications controller Pods
enabled: false
enabled: true
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
@ -1952,7 +1955,7 @@ notifications:
livenessProbe:
# -- Enable Kubernetes liveness probe for notifications controller Pods
enabled: false
enabled: true
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
@ -2039,256 +2042,256 @@ notifications:
# -- The notification template is used to generate the notification content
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/
templates: {}
# template.app-deployed: |
# email:
# subject: New version of an application {{.app.metadata.name}} is up and running.
# message: |
# {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests.
# slack:
# attachments: |
# [{
# "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#18be52",
# "fields": [
# {
# "title": "Sync Status",
# "value": "{{.app.status.sync.status}}",
# "short": true
# },
# {
# "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}",
# "short": true
# },
# {
# "title": "Revision",
# "value": "{{.app.status.sync.revision}}",
# "short": true
# }
# {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}}
# {{if $index}},{{end}}
# {
# "title": "{{$c.type}}",
# "value": "{{$c.message}}",
# "short": true
# }
# {{end}}
# ]
# }]
# template.app-health-degraded: |
# email:
# subject: Application {{.app.metadata.name}} has degraded.
# message: |
# {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded.
# Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
# slack:
# attachments: |-
# [{
# "title": "{{ .app.metadata.name}}",
# "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#f4c030",
# "fields": [
# {
# "title": "Sync Status",
# "value": "{{.app.status.sync.status}}",
# "short": true
# },
# {
# "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}",
# "short": true
# }
# {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}}
# {{if $index}},{{end}}
# {
# "title": "{{$c.type}}",
# "value": "{{$c.message}}",
# "short": true
# }
# {{end}}
# ]
# }]
# template.app-sync-failed: |
# email:
# subject: Failed to sync application {{.app.metadata.name}}.
# message: |
# {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}}
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
# slack:
# attachments: |-
# [{
# "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#E96D76",
# "fields": [
# {
# "title": "Sync Status",
# "value": "{{.app.status.sync.status}}",
# "short": true
# },
# {
# "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}",
# "short": true
# }
# {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}}
# {{if $index}},{{end}}
# {
# "title": "{{$c.type}}",
# "value": "{{$c.message}}",
# "short": true
# }
# {{end}}
# ]
# }]
# template.app-sync-running: |
# email:
# subject: Start syncing application {{.app.metadata.name}}.
# message: |
# The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}.
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
# slack:
# attachments: |-
# [{
# "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#0DADEA",
# "fields": [
# {
# "title": "Sync Status",
# "value": "{{.app.status.sync.status}}",
# "short": true
# },
# {
# "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}",
# "short": true
# }
# {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}}
# {{if $index}},{{end}}
# {
# "title": "{{$c.type}}",
# "value": "{{$c.message}}",
# "short": true
# }
# {{end}}
# ]
# }]
# template.app-sync-status-unknown: |
# email:
# subject: Application {{.app.metadata.name}} sync status is 'Unknown'
# message: |
# {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'.
# Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
# {{if ne .serviceType "slack"}}
# {{range $c := .app.status.conditions}}
# * {{$c.message}}
# {{end}}
# {{end}}
# slack:
# attachments: |-
# [{
# "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#E96D76",
# "fields": [
# {
# "title": "Sync Status",
# "value": "{{.app.status.sync.status}}",
# "short": true
# },
# {
# "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}",
# "short": true
# }
# {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}}
# {{if $index}},{{end}}
# {
# "title": "{{$c.type}}",
# "value": "{{$c.message}}",
# "short": true
# }
# {{end}}
# ]
# }]
# template.app-sync-succeeded: |
# email:
# subject: Application {{.app.metadata.name}} has been successfully synced.
# message: |
# {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}.
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
# slack:
# attachments: |-
# [{
# "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#18be52",
# "fields": [
# {
# "title": "Sync Status",
# "value": "{{.app.status.sync.status}}",
# "short": true
# },
# {
# "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}",
# "short": true
# }
# {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}}
# {{if $index}},{{end}}
# {
# "title": "{{$c.type}}",
# "value": "{{$c.message}}",
# "short": true
# }
# {{end}}
# ]
# }]
templates:
template.app-deployed: |
email:
subject: New version of an application {{.app.metadata.name}} is up and running.
message: |
{{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests.
slack:
attachments: |
[{
"title": "{{ .app.metadata.name}}",
"title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
"color": "#18be52",
"fields": [
{
"title": "Sync Status",
"value": "{{.app.status.sync.status}}",
"short": true
},
{
"title": "Repository",
"value": "{{.app.spec.source.repoURL}}",
"short": true
},
{
"title": "Revision",
"value": "{{.app.status.sync.revision}}",
"short": true
}
{{range $index, $c := .app.status.conditions}}
{{if not $index}},{{end}}
{{if $index}},{{end}}
{
"title": "{{$c.type}}",
"value": "{{$c.message}}",
"short": true
}
{{end}}
]
}]
template.app-health-degraded: |
email:
subject: Application {{.app.metadata.name}} has degraded.
message: |
{{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded.
Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
slack:
attachments: |-
[{
"title": "{{ .app.metadata.name}}",
"title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
"color": "#f4c030",
"fields": [
{
"title": "Sync Status",
"value": "{{.app.status.sync.status}}",
"short": true
},
{
"title": "Repository",
"value": "{{.app.spec.source.repoURL}}",
"short": true
}
{{range $index, $c := .app.status.conditions}}
{{if not $index}},{{end}}
{{if $index}},{{end}}
{
"title": "{{$c.type}}",
"value": "{{$c.message}}",
"short": true
}
{{end}}
]
}]
template.app-sync-failed: |
email:
subject: Failed to sync application {{.app.metadata.name}}.
message: |
{{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}}
Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
slack:
attachments: |-
[{
"title": "{{ .app.metadata.name}}",
"title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
"color": "#E96D76",
"fields": [
{
"title": "Sync Status",
"value": "{{.app.status.sync.status}}",
"short": true
},
{
"title": "Repository",
"value": "{{.app.spec.source.repoURL}}",
"short": true
}
{{range $index, $c := .app.status.conditions}}
{{if not $index}},{{end}}
{{if $index}},{{end}}
{
"title": "{{$c.type}}",
"value": "{{$c.message}}",
"short": true
}
{{end}}
]
}]
template.app-sync-running: |
email:
subject: Start syncing application {{.app.metadata.name}}.
message: |
The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}.
Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
slack:
attachments: |-
[{
"title": "{{ .app.metadata.name}}",
"title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
"color": "#0DADEA",
"fields": [
{
"title": "Sync Status",
"value": "{{.app.status.sync.status}}",
"short": true
},
{
"title": "Repository",
"value": "{{.app.spec.source.repoURL}}",
"short": true
}
{{range $index, $c := .app.status.conditions}}
{{if not $index}},{{end}}
{{if $index}},{{end}}
{
"title": "{{$c.type}}",
"value": "{{$c.message}}",
"short": true
}
{{end}}
]
}]
template.app-sync-status-unknown: |
email:
subject: Application {{.app.metadata.name}} sync status is 'Unknown'
message: |
{{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'.
Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
{{if ne .serviceType "slack"}}
{{range $c := .app.status.conditions}}
* {{$c.message}}
{{end}}
{{end}}
slack:
attachments: |-
[{
"title": "{{ .app.metadata.name}}",
"title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
"color": "#E96D76",
"fields": [
{
"title": "Sync Status",
"value": "{{.app.status.sync.status}}",
"short": true
},
{
"title": "Repository",
"value": "{{.app.spec.source.repoURL}}",
"short": true
}
{{range $index, $c := .app.status.conditions}}
{{if not $index}},{{end}}
{{if $index}},{{end}}
{
"title": "{{$c.type}}",
"value": "{{$c.message}}",
"short": true
}
{{end}}
]
}]
template.app-sync-succeeded: |
email:
subject: Application {{.app.metadata.name}} has been successfully synced.
message: |
{{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}.
Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
slack:
attachments: |-
[{
"title": "{{ .app.metadata.name}}",
"title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
"color": "#18be52",
"fields": [
{
"title": "Sync Status",
"value": "{{.app.status.sync.status}}",
"short": true
},
{
"title": "Repository",
"value": "{{.app.spec.source.repoURL}}",
"short": true
}
{{range $index, $c := .app.status.conditions}}
{{if not $index}},{{end}}
{{if $index}},{{end}}
{
"title": "{{$c.type}}",
"value": "{{$c.message}}",
"short": true
}
{{end}}
]
}]
# -- The trigger defines the condition when the notification should be sent
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/
triggers: {}
# trigger.on-deployed: |
# - description: Application is synced and healthy. Triggered once per commit.
# oncePer: app.status.sync.revision
# send:
# - app-deployed
# when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
# trigger.on-health-degraded: |
# - description: Application has degraded
# send:
# - app-health-degraded
# when: app.status.health.status == 'Degraded'
# trigger.on-sync-failed: |
# - description: Application syncing has failed
# send:
# - app-sync-failed
# when: app.status.operationState.phase in ['Error', 'Failed']
# trigger.on-sync-running: |
# - description: Application is being synced
# send:
# - app-sync-running
# when: app.status.operationState.phase in ['Running']
# trigger.on-sync-status-unknown: |
# - description: Application status is 'Unknown'
# send:
# - app-sync-status-unknown
# when: app.status.sync.status == 'Unknown'
# trigger.on-sync-succeeded: |
# - description: Application syncing has succeeded
# send:
# - app-sync-succeeded
# when: app.status.operationState.phase in ['Succeeded']
triggers:
trigger.on-deployed: |
- description: Application is synced and healthy. Triggered once per commit.
oncePer: app.status.sync.revision
send:
- app-deployed
when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
trigger.on-health-degraded: |
- description: Application has degraded
send:
- app-health-degraded
when: app.status.health.status == 'Degraded'
trigger.on-sync-failed: |
- description: Application syncing has failed
send:
- app-sync-failed
when: app.status.operationState.phase in ['Error', 'Failed']
trigger.on-sync-running: |
- description: Application is being synced
send:
- app-sync-running
when: app.status.operationState.phase in ['Running']
trigger.on-sync-status-unknown: |
- description: Application status is 'Unknown'
send:
- app-sync-status-unknown
when: app.status.sync.status == 'Unknown'
trigger.on-sync-succeeded: |
- description: Application syncing has succeeded
send:
- app-sync-succeeded
when: app.status.operationState.phase in ['Succeeded']
#
# For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers
# defaultTriggers: |
# - on-sync-status-unknown
defaultTriggers: |
- on-sync-status-unknown

0
cluster/manifests/freeleaps-devops-system/jenkins/.gitkeep
View File

13
cluster/manifests/freeleaps-devops-system/jenkins/certificate.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: jenkins-dot-mathmast-dot-com
namespace: freeleaps-devops-system
spec:
commonName: jenkins.mathmast.com
dnsNames:
- jenkins.mathmast.com
issuerRef:
kind: ClusterIssuer
name: mathmast-dot-com
secretName: jenkins-dot-mathmast-dot-com-tls

14
cluster/manifests/freeleaps-devops-system/jenkins/pv.yaml
View File

@ -1,14 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: jenkins-pv
namespace: freeleaps-devops-system
spec:
storageClassName: freeleaps-node-local
accessModes:
- ReadWriteOnce
capacity:
storage: 20Gi
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /mnt/data/jenkins

1374
cluster/manifests/freeleaps-devops-system/jenkins/values.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

262
cluster/manifests/freeleaps-storage-system/azure-blob-storage-csi/storage-classes.yaml
View File

@ -1,3 +1,12 @@
apiVersion: v1
kind: Secret
metadata:
name: freeleaps-azure-blob-storage-secret
namespace: freeleaps-storage-system
type: Opaque
data:
azurestorageaccountname: ZnJlZWxlYXBz
azurestorageaccountkey: bWE3dmxQdktySmtFVS9vRENFRjNDYkNJWkQzMUlOb0R5a214Y0NoYnpoR25oMWxhVGpsRkxUclVhdG5odXdveS9Dc3g5L1Vwa0VjZStBU3Rab08rL0E9PQ==
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
@ -5,254 +14,13 @@ metadata:
name: azure-blob-fuse-2-std-lrs
provisioner: blob.csi.azure.com
parameters:
skuName: Standard_LRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
skuName: Standard_LRS
protocol: fuse2
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-fuse-2-premium-lrs
provisioner: blob.csi.azure.com
parameters:
skuName: Premium_LRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
protocol: fuse2
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-fuse-2-standard-grs
provisioner: blob.csi.azure.com
parameters:
skuName: Standard_GRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
protocol: fuse2
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-fuse-2-standard-ragrs
provisioner: blob.csi.azure.com
parameters:
skuName: Standard_RAGRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
protocol: fuse2
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-fuse-2-standard-zrs
provisioner: blob.csi.azure.com
parameters:
skuName: Standard_ZRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
protocol: fuse2
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-fuse-2-premium-zrs
provisioner: blob.csi.azure.com
parameters:
skuName: Premium_ZRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
protocol: fuse2
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-nfs
provisioner: blob.csi.azure.com
parameters:
protocol: nfs
volumeBindingMode: Immediate
allowVolumeExpansion: true
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-std-lrs
provisioner: blob.csi.azure.com
parameters:
skuName: Premium_LRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-premium-lrs
provisioner: blob.csi.azure.com
parameters:
skuName: Premium_LRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-standard-grs
provisioner: blob.csi.azure.com
parameters:
skuName: Standard_GRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-standard-ragrs
provisioner: blob.csi.azure.com
parameters:
skuName: Standard_RAGRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-standard-zrs
provisioner: blob.csi.azure.com
parameters:
skuName: Standard_ZRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
mountOptions:
- -o allow_other
- --file-cache-timeout-in-seconds=120
- --use-attr-cache=true
- --cancel-list-on-mount-seconds=10 # prevent billing charges on mounting
- -o attr_timeout=120
- -o entry_timeout=120
- -o negative_timeout=120
- --log-level=LOG_WARNING # LOG_WARNING, LOG_INFO, LOG_DEBUG
- --cache-size-mb=1000 # Default will be 80% of available memory, eviction will happen beyond that.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azure-blob-premium-zrs
provisioner: blob.csi.azure.com
parameters:
skuName: Premium_ZRS # available values: Standard_LRS, Premium_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_ZRS
location: westus2
resourceGroup: k8s
containerNamePrefix: fs-storage-sys-
secretName: freeleaps-azure-blob-storage-secret
secretNamespace: freeleaps-storage-system
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true

42
cluster/manifests/freeleaps-storage-system/azure-blob-storage-csi/tests/test-statefulsets.yaml Normal file
View File

@ -0,0 +1,42 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: statefulset-blob
labels:
app: nginx
spec:
serviceName: statefulset-blob
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
nodeSelector:
"kubernetes.io/os": linux
containers:
- name: statefulset-blob
image: mcr.microsoft.com/mirror/docker/library/nginx:1.23
command:
- "/bin/bash"
- "-c"
- set -euo pipefail; while true; do echo $(date) >> /mnt/blob/outfile; sleep 1; done
volumeMounts:
- name: persistent-storage
mountPath: /mnt/blob
readOnly: false
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: nginx
volumeClaimTemplates:
- metadata:
name: persistent-storage
spec:
storageClassName: azure-blob-fuse-2-std-lrs
accessModes: ["ReadWriteMany"]
resources:
requests:
storage: 1Gi

0
first-class-pipeline/.gitkeep
View File