icecheng/freeleaps-ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

devops support AKV

Browse Source
This commit is contained in:
Nicolas 2025-08-18 18:06:26 +08:00
parent 0d7dc1a81a
commit ca97023409
6 changed files with 87 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
freeleaps/helm-pkg/devops/templates/devops/deployment.yaml
View File

@ -100,12 +100,25 @@ spec:
{{- end}} {{- end}}
env: env:
{{- range $key, $value := .Values.devops.configs }} {{- range $key, $value := .Values.devops.configs }}
{{- if not (or (eq $key "appMongodbUri") (eq $key "rabbitmqPassword")) }}
- name: {{ $key | snakecase | upper }} - name: {{ $key | snakecase | upper }}
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: devops-config name: devops-config
key: {{ $key | snakecase | upper }} key: {{ $key | snakecase | upper }}
{{- end }} {{- end }}
{{- end }}
# Inject secrets from FreeleapsSecret object
{{- if .Values.devops.secrets }}
{{ $targetSecretName := .Values.devops.secrets.target.name }}
{{- range .Values.devops.secrets.data }}
- name: {{ .key | snakecase | upper }}
valueFrom:
secretKeyRef:
name: {{ $targetSecretName }}
key: {{ .key }}
{{- end }}
{{- end }}
# {{- if .Values.logIngest.enabled }} # {{- if .Values.logIngest.enabled }}
# volumeMounts: # volumeMounts:
# - name: app-logs # - name: app-logs

2
freeleaps/helm-pkg/devops/templates/devops/devops-config.yaml
View File

@ -13,7 +13,6 @@ data:
REFRESH_TOKEN_EXPIRE_DAYS: {{ .Values.devops.configs.refreshTokenExpireDays | toString | b64enc | quote }} REFRESH_TOKEN_EXPIRE_DAYS: {{ .Values.devops.configs.refreshTokenExpireDays | toString | b64enc | quote }}
APP_MONGODB_NAME: {{ .Values.devops.configs.appMongodbName | b64enc | quote }} APP_MONGODB_NAME: {{ .Values.devops.configs.appMongodbName | b64enc | quote }}
APP_MONGODB_PORT: {{ .Values.devops.configs.appMongodbPort | toString | b64enc | quote }} APP_MONGODB_PORT: {{ .Values.devops.configs.appMongodbPort | toString | b64enc | quote }}
APP_MONGODB_URI: {{ .Values.devops.configs.appMongodbUri | b64enc | quote }}
METRICS_ENABLED: {{ .Values.devops.configs.metricsEnabled | toString | b64enc | quote }} METRICS_ENABLED: {{ .Values.devops.configs.metricsEnabled | toString | b64enc | quote }}
PROBES_ENABLED: {{ .Values.devops.configs.probesEnabled | toString | b64enc | quote }} PROBES_ENABLED: {{ .Values.devops.configs.probesEnabled | toString | b64enc | quote }}
BASE_GITEA_URL: {{ .Values.devops.configs.baseGiteaUrl | b64enc | quote }} BASE_GITEA_URL: {{ .Values.devops.configs.baseGiteaUrl | b64enc | quote }}
@ -29,7 +28,6 @@ data:
RABBITMQ_HOST: {{ .Values.devops.configs.rabbitmqHost | b64enc | quote }} RABBITMQ_HOST: {{ .Values.devops.configs.rabbitmqHost | b64enc | quote }}
RABBITMQ_PORT: {{ .Values.devops.configs.rabbitmqPort | toString | b64enc | quote }} RABBITMQ_PORT: {{ .Values.devops.configs.rabbitmqPort | toString | b64enc | quote }}
RABBITMQ_USERNAME: {{ .Values.devops.configs.rabbitmqUsername | b64enc | quote }} RABBITMQ_USERNAME: {{ .Values.devops.configs.rabbitmqUsername | b64enc | quote }}
RABBITMQ_PASSWORD: {{ .Values.devops.configs.rabbitmqPassword | b64enc | quote }}
RABBITMQ_VIRTUAL_HOST: {{ .Values.devops.configs.rabbitmqVirtualHost | b64enc | quote }} RABBITMQ_VIRTUAL_HOST: {{ .Values.devops.configs.rabbitmqVirtualHost | b64enc | quote }}
RABBITMQ_OUTPUT_QUEUE_NAME: {{ .Values.devops.configs.rabbitmqOutputQueueName | b64enc | quote }} RABBITMQ_OUTPUT_QUEUE_NAME: {{ .Values.devops.configs.rabbitmqOutputQueueName | b64enc | quote }}
RABBITMQ_INPUT_QUEUE_NAME: {{ .Values.devops.configs.rabbitmqInputQueueName | b64enc | quote }} RABBITMQ_INPUT_QUEUE_NAME: {{ .Values.devops.configs.rabbitmqInputQueueName | b64enc | quote }}

20
freeleaps/helm-pkg/devops/templates/devops/freeleapssecret.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: freeleaps.com/v1alpha1
kind: FreeleapsSecret
metadata:
name: {{ .Values.devops.secrets.target.name }}
namespace: {{ .Release.Namespace }}
spec:
secretStoreRef:
kind: {{ .Values.devops.secrets.secretStoreRef.kind }}
name: {{ .Values.devops.secrets.secretStoreRef.name }}
target:
name: {{ .Values.devops.secrets.target.name }}
creationPolicy: {{ .Values.devops.secrets.target.creationPolicy }}
refreshInterval: {{ .Values.devops.secrets.refreshInterval }}
data:
{{- range .Values.devops.secrets.data }}
- secretKey: {{ .key }}
remoteRef:
key: {{ .remoteRef.key }}
type: {{ .remoteRef.type }}
{{- end }}

20
freeleaps/helm-pkg/devops/values.alpha.yaml
View File

@ -46,7 +46,6 @@ devops:
refreshTokenExpireDays: '1' refreshTokenExpireDays: '1'
appMongodbName: freeleaps2 appMongodbName: freeleaps2
appMongodbPort: '27017' appMongodbPort: '27017'
appMongodbUri: mongodb+srv://jetli:8IHKx6dZK8BfugGp@freeleaps2.hanbj.mongodb.net/
metricsEnabled: 'false' metricsEnabled: 'false'
probesEnabled: 'true' probesEnabled: 'true'
baseGiteaUrl: https://alpha.gitea.freeleaps.mathmast.com baseGiteaUrl: https://alpha.gitea.freeleaps.mathmast.com
@ -62,10 +61,27 @@ devops:
rabbitmqHost: freeleaps-alpha-rabbitmq.freeleaps-alpha.svc.freeleaps.cluster rabbitmqHost: freeleaps-alpha-rabbitmq.freeleaps-alpha.svc.freeleaps.cluster
rabbitmqPort: 5672 rabbitmqPort: 5672
rabbitmqUsername: user rabbitmqUsername: user
rabbitmqPassword: NjlhHFvnDuC7K0ir
rabbitmqVirtualHost: / rabbitmqVirtualHost: /
rabbitmqOutputQueueName: freeleaps.devops.reconciler.output rabbitmqOutputQueueName: freeleaps.devops.reconciler.output
rabbitmqInputQueueName: freeleaps.devops.reconciler.input rabbitmqInputQueueName: freeleaps.devops.reconciler.input
secrets:
secretStoreRef:
kind: FreeleapsSecretStore
name: freeleaps-main-secret-store
target:
name: "freeleaps-devops-alpha-secrets"
creationPolicy: "Owner"
refreshInterval: 30s
data:
- key: appMongodbUri
remoteRef:
key: "freeleaps-alpha-mongodb-uri"
type: Secret
- key: rabbitmqPassword
remoteRef:
key: "freeleaps-alpha-rabbitmq-password"
type: Secret
vpa: vpa:
minAllowed: minAllowed:
enabled: false enabled: false

20
freeleaps/helm-pkg/devops/values.prod.yaml
View File

@ -46,7 +46,6 @@ devops:
refreshTokenExpireDays: '1' refreshTokenExpireDays: '1'
appMongodbName: freeleaps2 appMongodbName: freeleaps2
appMongodbPort: '27017' appMongodbPort: '27017'
appMongodbUri: mongodb+srv://jetli:8IHKx6dZK8BfugGp@freeleaps2.hanbj.mongodb.net/
metricsEnabled: 'false' metricsEnabled: 'false'
probesEnabled: 'true' probesEnabled: 'true'
baseGiteaUrl: https://alpha.gitea.freeleaps.mathmast.com baseGiteaUrl: https://alpha.gitea.freeleaps.mathmast.com
@ -62,10 +61,27 @@ devops:
rabbitmqHost: freeleaps-alpha-rabbitmq.freeleaps-alpha.svc.freeleaps.cluster rabbitmqHost: freeleaps-alpha-rabbitmq.freeleaps-alpha.svc.freeleaps.cluster
rabbitmqPort: 5672 rabbitmqPort: 5672
rabbitmqUsername: user rabbitmqUsername: user
rabbitmqPassword: NjlhHFvnDuC7K0ir
rabbitmqVirtualHost: / rabbitmqVirtualHost: /
rabbitmqOutputQueueName: freeleaps.devops.reconciler.output rabbitmqOutputQueueName: freeleaps.devops.reconciler.output
rabbitmqInputQueueName: freeleaps.devops.reconciler.input rabbitmqInputQueueName: freeleaps.devops.reconciler.input
# AKV secrets configuration
secrets:
secretStoreRef:
kind: FreeleapsSecretStore
name: freeleaps-main-secret-store
target:
name: "freeleaps-devops-prod-secrets"
creationPolicy: "Owner"
refreshInterval: 30s
data:
- key: appMongodbUri
remoteRef:
key: "freeleaps-prod-mongodb-uri"
type: Secret
- key: rabbitmqPassword
remoteRef:
key: "freeleaps-prod-rabbitmq-password"
type: Secret
vpa: vpa:
minAllowed: minAllowed:
enabled: false enabled: false

18
freeleaps/helm-pkg/devops/values.yaml
View File

@ -72,6 +72,24 @@ devops:
# Mock mode configuration # Mock mode configuration
mockMode: "false" mockMode: "false"
mockResponseDelay: "1000" mockResponseDelay: "1000"
# AKV secrets configuration
secrets:
secretStoreRef:
kind: FreeleapsSecretStore
name: freeleaps-main-secret-store
target:
name: "freeleaps-devops-secrets"
creationPolicy: "Owner"
refreshInterval: 30s
data:
- key: appMongodbUri
remoteRef:
key: "freeleaps-mongodb-uri"
type: Secret
- key: rabbitmqPassword
remoteRef:
key: "freeleaps-rabbitmq-password"
type: Secret
vpa: vpa:
minAllowed: minAllowed:
enabled: false enabled: false