feat(web-probe): add multi-sentinel registry
This commit is contained in:
@@ -0,0 +1,49 @@
|
||||
version: 1
|
||||
kind: HwlabWebProbeSentinelCicd
|
||||
metadata:
|
||||
id: d601-v03-web-probe-sentinel-auth-session-switch-cicd
|
||||
owner: UniDesk
|
||||
specRef: PJ2026-01060508
|
||||
sentinel:
|
||||
cicd:
|
||||
controlPlaneConfigRef: config/hwlab-node-control-plane.yaml#targets[0]
|
||||
source:
|
||||
repository: pikasTech/unidesk
|
||||
branch: master
|
||||
gitSshUrl: ssh://git@ssh.github.com:443/pikasTech/unidesk.git
|
||||
gitMirrorReadUrl: http://git-mirror-http.devops-infra.svc.cluster.local:8080/pikasTech/unidesk.git
|
||||
buildContext: .
|
||||
entrypoint: scripts/web-probe-sentinel-service.ts
|
||||
checkoutPaths:
|
||||
- scripts
|
||||
- config
|
||||
- package.json
|
||||
- bun.lock
|
||||
- bun.lockb
|
||||
builder:
|
||||
namespace: devops-infra
|
||||
sourceMode: sparse-git-checkout
|
||||
jobPrefix: web-probe-sentinel-auth-switch-publish
|
||||
gitSshSecretName: git-mirror-github-ssh
|
||||
dockerSocketPath: /var/run/docker.sock
|
||||
activeDeadlineSeconds: 900
|
||||
ttlSecondsAfterFinished: 3600
|
||||
gitopsPath: deploy/gitops/node/d601/web-probe-sentinel-auth-switch
|
||||
argo:
|
||||
namespace: argocd
|
||||
projectName: hwlab-d601
|
||||
applicationName: hwlab-web-probe-sentinel-auth-switch
|
||||
repoURL: http://git-mirror-http.devops-infra.svc.cluster.local:8080/pikasTech/HWLAB.git
|
||||
targetRevision: v0.3-gitops
|
||||
image:
|
||||
repository: 127.0.0.1:5000/hwlab/web-probe-sentinel-auth-switch
|
||||
tagSource: source-commit
|
||||
baseImageRef: config/hwlab-node-control-plane.yaml#targets[0].tekton.toolsImage.output
|
||||
envRecipeRef: config/hwlab-web-probe-sentinel/runtime.auth-session-switch.d601-v03.yaml#sentinel.runtime
|
||||
maintenance:
|
||||
startCommand: sentinel maintenance start
|
||||
stopCommand: sentinel maintenance stop
|
||||
targetValidation:
|
||||
scenarioId: workbench-auth-session-switch-2users
|
||||
maxSeconds: 300
|
||||
serviceUnavailablePolicy: structured-failure
|
||||
@@ -0,0 +1,15 @@
|
||||
version: 1
|
||||
kind: HwlabWebProbeSentinelPromptSet
|
||||
metadata:
|
||||
id: d601-v03-web-probe-sentinel-auth-session-switch-prompt-set
|
||||
owner: UniDesk
|
||||
specRef: PJ2026-01060508
|
||||
sentinel:
|
||||
promptSet:
|
||||
id: auth-session-switch-no-prompt
|
||||
providerProfile: session-switch-sentinel
|
||||
providerProfileMode: exact
|
||||
promptSourceRef: hwlab/web-probe-sentinel-auth-switch.env
|
||||
promptSourceKey: AUTH_SWITCH_UNUSED_PROMPTS_JSON
|
||||
promptCount: 0
|
||||
redaction: hash-and-byte-count
|
||||
@@ -0,0 +1,37 @@
|
||||
version: 1
|
||||
kind: HwlabWebProbeSentinelPublicExposure
|
||||
metadata:
|
||||
id: d601-v03-web-probe-sentinel-auth-session-switch-public-exposure
|
||||
owner: UniDesk
|
||||
specRef: PJ2026-01060508
|
||||
sentinel:
|
||||
publicExposure:
|
||||
enabled: true
|
||||
mode: pk01-caddy-frp-path
|
||||
publicBaseUrl: https://monitor.pikapython.com/sentinels/workbench-auth-session-switch-2users
|
||||
hostname: monitor.pikapython.com
|
||||
routePrefix: /sentinels/workbench-auth-session-switch-2users
|
||||
expectedA: 82.156.23.220
|
||||
frpc:
|
||||
deploymentName: hwlab-web-probe-sentinel-auth-switch-frpc
|
||||
image: 127.0.0.1:5000/hwlab/frpc:v0.68.1
|
||||
serverAddr: 82.156.23.220
|
||||
serverPort: 22000
|
||||
tokenSourceRef: platform-infra/pk01-frp.env
|
||||
tokenSourceKey: FRP_TOKEN
|
||||
secretName: hwlab-web-probe-sentinel-auth-switch-frpc
|
||||
secretKey: frpc.toml
|
||||
tokenKey: token
|
||||
httpProxy:
|
||||
name: hwlab-d601-v03-web-probe-sentinel-auth-switch
|
||||
remotePort: 22091
|
||||
localIP: hwlab-web-probe-sentinel-auth-switch.hwlab-v03.svc.cluster.local
|
||||
localPort: 8080
|
||||
caddy:
|
||||
route: PK01
|
||||
configPath: /etc/caddy/Caddyfile
|
||||
serviceName: caddy
|
||||
email: ops@pikapython.com
|
||||
tls: auto
|
||||
responseHeaderTimeoutSeconds: 600
|
||||
managedBlockOwner: hwlab-web-probe-sentinel-auth-switch-d601-v03
|
||||
@@ -10,6 +10,7 @@ sentinel:
|
||||
mode: pk01-caddy-frp
|
||||
publicBaseUrl: https://monitor.pikapython.com
|
||||
hostname: monitor.pikapython.com
|
||||
routePrefix: /
|
||||
expectedA: 82.156.23.220
|
||||
frpc:
|
||||
deploymentName: hwlab-web-probe-sentinel-frpc
|
||||
|
||||
@@ -0,0 +1,22 @@
|
||||
version: 1
|
||||
kind: HwlabWebProbeSentinelReportViews
|
||||
metadata:
|
||||
id: d601-v03-web-probe-sentinel-auth-session-switch-report-views
|
||||
owner: UniDesk
|
||||
specRef: PJ2026-01060508
|
||||
sentinel:
|
||||
reportViews:
|
||||
defaultView: auth-session-switch-summary
|
||||
views:
|
||||
- summary
|
||||
- auth-session-switch-summary
|
||||
- findings
|
||||
- trace-frame
|
||||
pageSize: 20
|
||||
maxPageSize: 100
|
||||
rawAccess: explicit-only
|
||||
redaction:
|
||||
prompt: hash-and-byte-count
|
||||
assistantFinal: summary-and-hash
|
||||
providerPayload: denied
|
||||
secrets: denied
|
||||
@@ -0,0 +1,33 @@
|
||||
version: 1
|
||||
kind: HwlabWebProbeSentinelRuntime
|
||||
metadata:
|
||||
id: d601-v03-web-probe-sentinel-auth-session-switch-runtime
|
||||
owner: UniDesk
|
||||
specRef: PJ2026-01060508
|
||||
sentinel:
|
||||
runtime:
|
||||
target:
|
||||
node: D601
|
||||
lane: v03
|
||||
publicOriginRef: config/hwlab-node-lanes.yaml#lanes.v03.targets.D601.public.webUrl
|
||||
observeWrapperRef: config/hwlab-node-lanes.yaml#lanes.v03.targets.D601.observability.webProbe.sentinels[1]
|
||||
namespace: hwlab-v03
|
||||
serviceAccountName: hwlab-web-probe-sentinel-auth-switch
|
||||
deploymentName: hwlab-web-probe-sentinel-auth-switch
|
||||
serviceName: hwlab-web-probe-sentinel-auth-switch
|
||||
listenHost: 0.0.0.0
|
||||
servicePort: 8080
|
||||
pvcName: hwlab-web-probe-sentinel-auth-switch-state
|
||||
pvcStorage: 10Gi
|
||||
stateRoot: /var/lib/web-probe-sentinel-auth-switch
|
||||
imageRef: 127.0.0.1:5000/hwlab/web-probe-sentinel-auth-switch:source-commit
|
||||
replicas: 1
|
||||
healthPath: /api/health
|
||||
metricsPath: /metrics
|
||||
scheduler:
|
||||
intervalMs: 600000
|
||||
heartbeatStaleSeconds: 900
|
||||
maxConcurrentRuns: 1
|
||||
sqlite:
|
||||
path: /var/lib/web-probe-sentinel-auth-switch/index.sqlite
|
||||
busyTimeoutMs: 2000
|
||||
@@ -10,7 +10,7 @@ sentinel:
|
||||
node: D601
|
||||
lane: v03
|
||||
publicOriginRef: config/hwlab-node-lanes.yaml#lanes.v03.targets.D601.public.webUrl
|
||||
observeWrapperRef: config/hwlab-node-lanes.yaml#lanes.v03.targets.D601.observability.webProbe.sentinel
|
||||
observeWrapperRef: config/hwlab-node-lanes.yaml#lanes.v03.targets.D601.observability.webProbe.sentinels[0]
|
||||
namespace: hwlab-v03
|
||||
serviceAccountName: hwlab-web-probe-sentinel
|
||||
deploymentName: hwlab-web-probe-sentinel
|
||||
@@ -25,8 +25,8 @@ sentinel:
|
||||
healthPath: /api/health
|
||||
metricsPath: /metrics
|
||||
scheduler:
|
||||
intervalMs: 30000
|
||||
heartbeatStaleSeconds: 120
|
||||
intervalMs: 600000
|
||||
heartbeatStaleSeconds: 900
|
||||
maxConcurrentRuns: 1
|
||||
sqlite:
|
||||
path: /var/lib/web-probe-sentinel/index.sqlite
|
||||
|
||||
@@ -0,0 +1,47 @@
|
||||
version: 1
|
||||
kind: HwlabWebProbeSentinelSecrets
|
||||
metadata:
|
||||
id: d601-v03-web-probe-sentinel-auth-session-switch-secrets
|
||||
owner: UniDesk
|
||||
specRef: PJ2026-01060508
|
||||
sentinel:
|
||||
secrets:
|
||||
sources:
|
||||
- purpose: bootstrap-admin
|
||||
sourceRef: hwlab/d601-v03-bootstrap-admin.env
|
||||
sourceKey: HWLAB_BOOTSTRAP_ADMIN_PASSWORD
|
||||
- purpose: account-a
|
||||
sourceRef: hwlab/web-probe-sentinel-auth-switch-account-a.env
|
||||
sourceKey: ACCOUNT_A_JSON
|
||||
- purpose: account-b
|
||||
sourceRef: hwlab/web-probe-sentinel-auth-switch-account-b.env
|
||||
sourceKey: ACCOUNT_B_JSON
|
||||
- purpose: prompt-set
|
||||
sourceRef: hwlab/web-probe-sentinel-auth-switch.env
|
||||
sourceKey: AUTH_SWITCH_UNUSED_PROMPTS_JSON
|
||||
- purpose: frp-token
|
||||
sourceRef: platform-infra/pk01-frp.env
|
||||
sourceKey: FRP_TOKEN
|
||||
runtimeSecrets:
|
||||
- name: hwlab-web-probe-sentinel-auth-switch-bootstrap
|
||||
namespace: hwlab-v03
|
||||
data:
|
||||
- sourcePurpose: bootstrap-admin
|
||||
targetKey: bootstrap-admin-password
|
||||
- name: hwlab-web-probe-sentinel-auth-switch-accounts
|
||||
namespace: hwlab-v03
|
||||
data:
|
||||
- sourcePurpose: account-a
|
||||
targetKey: account-a.json
|
||||
- sourcePurpose: account-b
|
||||
targetKey: account-b.json
|
||||
- name: hwlab-web-probe-sentinel-auth-switch-prompt-set
|
||||
namespace: hwlab-v03
|
||||
data:
|
||||
- sourcePurpose: prompt-set
|
||||
targetKey: prompts.json
|
||||
- name: hwlab-web-probe-sentinel-auth-switch-frpc
|
||||
namespace: hwlab-v03
|
||||
data:
|
||||
- sourcePurpose: frp-token
|
||||
targetKey: token
|
||||
@@ -0,0 +1,41 @@
|
||||
version: 1
|
||||
kind: HwlabWebProbeSentinelWorkflow
|
||||
metadata:
|
||||
id: d601-v03-web-probe-sentinel-auth-session-switch-workflow
|
||||
owner: UniDesk
|
||||
specRef: PJ2026-01060508
|
||||
sentinel:
|
||||
workflow:
|
||||
id: workbench-auth-session-switch-2users
|
||||
enabled: true
|
||||
cadence: 10m
|
||||
observeTargetPath: /workbench
|
||||
sampleIntervalMs: 1000
|
||||
screenshotIntervalMs: 60000
|
||||
maxRunSeconds: 900
|
||||
providerProfile: session-switch-sentinel
|
||||
providerProfileMode: exact
|
||||
promptSetRef: config/hwlab-web-probe-sentinel/prompt-set.auth-session-switch.yaml#sentinel.promptSet
|
||||
reportViewRef: config/hwlab-web-probe-sentinel/report-views.auth-session-switch.yaml#sentinel.reportViews
|
||||
accounts:
|
||||
- id: account-a
|
||||
sourcePurpose: account-a
|
||||
usernameKey: username
|
||||
passwordKey: password
|
||||
- id: account-b
|
||||
sourcePurpose: account-b
|
||||
usernameKey: username
|
||||
passwordKey: password
|
||||
commandSequence:
|
||||
- type: loginAccount
|
||||
accountId: account-a
|
||||
- type: listSessions
|
||||
- type: logout
|
||||
- type: loginAccount
|
||||
accountId: account-b
|
||||
- type: listSessions
|
||||
- type: switchSessions
|
||||
fromAccountId: account-b
|
||||
toAccountId: account-a
|
||||
- type: listSessions
|
||||
- type: logout
|
||||
Reference in New Issue
Block a user