323 lines
12 KiB
YAML
323 lines
12 KiB
YAML
version: 1
|
|
kind: HwlabWebProbeSentinelProfiles
|
|
metadata:
|
|
id: hwlab-web-probe-sentinel-profiles
|
|
owner: UniDesk
|
|
specRef: PJ2026-01060508
|
|
composition:
|
|
mode: yaml-anchors-and-merge
|
|
intent: node overlays inherit common web-probe sentinel baselines and render node/lane identity from variables.
|
|
|
|
baselines:
|
|
sentinel: &sentinel-base
|
|
enabled: true
|
|
mode: web-probe-observe-wrapper
|
|
|
|
runtime:
|
|
common: &runtime-common
|
|
namespace: hwlab-${lane}
|
|
listenHost: 0.0.0.0
|
|
servicePort: 8080
|
|
pvcStorage: 10Gi
|
|
replicas: 1
|
|
healthPath: /api/health
|
|
metricsPath: /metrics
|
|
scheduler: &scheduler-10m
|
|
intervalMs: 600000
|
|
heartbeatStaleSeconds: 900
|
|
maxConcurrentRuns: 1
|
|
freshnessWarningMultiple: 2
|
|
observability:
|
|
otel:
|
|
enabled: true
|
|
serviceName: hwlab-web-probe-sentinel-${nodeLower}
|
|
tracesEndpoint: http://otel-collector.platform-infra.svc.cluster.local:4318/v1/traces
|
|
sampler: parentbased_traceidratio
|
|
samplerArg: "1"
|
|
kubernetesApi:
|
|
endpoint:
|
|
host: 172.16.0.5
|
|
port: 6443
|
|
egress:
|
|
enabled: true
|
|
rules:
|
|
- cidr: 10.43.0.1/32
|
|
port: 443
|
|
- cidr: 172.16.0.5/32
|
|
port: 6443
|
|
scheduler15m: &scheduler-15m
|
|
intervalMs: 900000
|
|
heartbeatStaleSeconds: 900
|
|
maxConcurrentRuns: 1
|
|
sqlite: &sqlite-common
|
|
busyTimeoutMs: 2000
|
|
|
|
cicd:
|
|
source: &cicd-source
|
|
repository: pikasTech/unidesk
|
|
branch: master
|
|
gitSshUrl: ssh://git@ssh.github.com:443/pikasTech/unidesk.git
|
|
gitMirrorReadUrl: http://git-mirror-http.devops-infra.svc.cluster.local:8080/pikasTech/unidesk.git
|
|
buildContext: .
|
|
entrypoint: scripts/web-probe-sentinel-service.ts
|
|
checkoutPaths:
|
|
- scripts
|
|
- config
|
|
- config.json
|
|
- src
|
|
- package.json
|
|
- bun.lock
|
|
- bun.lockb
|
|
sourceAuthority: &cicd-source-authority
|
|
mode: gitMirrorSnapshot
|
|
resolver: k8s-git-mirror
|
|
allowHostGit: false
|
|
allowGithubDirectInPipeline: false
|
|
sourceSnapshot: &cicd-source-snapshot
|
|
stageRefPrefix: refs/unidesk/snapshots/web-probe-sentinel/{branch}
|
|
missingObjectPolicy: fail-fast
|
|
refreshPolicy: sync-before-snapshot
|
|
cacheRef: source.gitMirrorReadUrl
|
|
builder: &cicd-builder
|
|
namespace: devops-infra
|
|
sourceMode: sparse-git-checkout
|
|
gitSshSecretName: git-mirror-github-ssh
|
|
activeDeadlineSeconds: 900
|
|
ttlSecondsAfterFinished: 3600
|
|
monitorWeb: &monitor-web
|
|
frontendStack: vue3-vendored-browser-build
|
|
runtimeMode: runner-served-bridge
|
|
assetRoot: scripts/assets/web-probe-sentinel-monitor-web
|
|
envReuse:
|
|
mode: k8s-buildkit-and-ci-node-deps
|
|
nodeDepsPath: /opt/hwlab-ci-node-deps/node_modules
|
|
imageBuild:
|
|
packageMode: copy-only-containerfile
|
|
networkMode: host
|
|
proxySource: node.networkProfile.imageBuildProxy
|
|
contextIgnore: generated
|
|
verifyPhase: pre-image-build
|
|
buildkitState:
|
|
mode: hostPath
|
|
path: /var/lib/unidesk/web-probe-sentinel/buildkit-${nodeLower}
|
|
type: DirectoryOrCreate
|
|
gitMirror:
|
|
source: source.gitMirrorReadUrl
|
|
preSync: required
|
|
postFlush: required
|
|
ciBudget:
|
|
maxSeconds: 120
|
|
maintenance: &maintenance
|
|
startCommand: sentinel maintenance start
|
|
stopCommand: sentinel maintenance stop
|
|
confirmWait: &confirm-wait
|
|
maxSeconds: 120
|
|
publishCurrent: &publish-current
|
|
endToEndBudget:
|
|
maxSeconds: 120
|
|
stageBudgets:
|
|
sourceSyncSeconds: 20
|
|
sourceFetchSeconds: 20
|
|
monitorWebVerifySeconds: 15
|
|
imageBuildSeconds: 45
|
|
gitopsSeconds: 15
|
|
argoRuntimeSeconds: 30
|
|
dashboardVerifySeconds: 30
|
|
dashboard:
|
|
enabled: true
|
|
required: true
|
|
viewport: 1440x900
|
|
timeoutMs: 30000
|
|
waitTimeoutMs: 60000
|
|
commandTimeoutSeconds: 90
|
|
fullPage: false
|
|
|
|
publicExposure:
|
|
common: &public-exposure-common
|
|
enabled: true
|
|
mode: pk01-caddy-frp-path
|
|
hostname: monitor.pikapython.com
|
|
expectedA: 82.156.23.220
|
|
frpc: &frpc-common
|
|
image: 127.0.0.1:5000/hwlab/frpc:v0.68.1
|
|
serverAddr: 82.156.23.220
|
|
serverPort: 22000
|
|
tokenSourceRef: platform-infra/pk01-frp.env
|
|
tokenSourceKey: FRP_TOKEN
|
|
secretKey: frpc.toml
|
|
tokenKey: token
|
|
caddy: &caddy-common
|
|
route: PK01
|
|
configPath: /etc/caddy/Caddyfile
|
|
serviceName: caddy
|
|
email: ops@pikapython.com
|
|
tls: auto
|
|
responseHeaderTimeoutSeconds: 600
|
|
|
|
secrets:
|
|
jd01BootstrapSource: &jd01-bootstrap-source
|
|
purpose: bootstrap-admin
|
|
sourceRef: .env/HWLAB_admin.txt
|
|
sourceKey: HWLAB_ADMIN_PASSWORD
|
|
sourceLine: 2
|
|
dsflashPromptSource: &dsflash-prompt-source
|
|
purpose: prompt-set
|
|
sourceRef: hwlab/web-probe-sentinel-dsflash-go.env
|
|
sourceKey: DSFLASH_GO_TOOL_CALL_10X_PROMPTS_JSON
|
|
frpTokenSource: &frp-token-source
|
|
purpose: frp-token
|
|
sourceRef: platform-infra/pk01-frp.env
|
|
sourceKey: FRP_TOKEN
|
|
|
|
nodes:
|
|
JD01:
|
|
target: &jd01-target
|
|
node: ${NODE}
|
|
lane: ${LANE}
|
|
publicOriginRef: config/hwlab-node-lanes.yaml#lanes.${LANE}.targets.${NODE}.public.webUrl
|
|
|
|
cicdCommon: &jd01-cicd-common
|
|
controlPlaneConfigRef: config/hwlab-node-control-plane.yaml#targets[1]
|
|
source:
|
|
<<: *cicd-source
|
|
gitMirrorReadUrl: http://gitea-http.devops-infra.svc.cluster.local:3000/mirrors/pikasTech-unidesk.git
|
|
sourceAuthority:
|
|
<<: *cicd-source-authority
|
|
mode: giteaSnapshot
|
|
resolver: gitea-mirror
|
|
sourceSnapshot:
|
|
<<: *cicd-source-snapshot
|
|
stageRefPrefix: refs/unidesk/snapshots/gitea-actions/unidesk-master
|
|
refreshPolicy: gitea-controlled-snapshot
|
|
argo: &jd01-argo
|
|
namespace: argocd
|
|
projectName: hwlab-jd01
|
|
repoURL: http://git-mirror-http.devops-infra.svc.cluster.local:8080/pikasTech/HWLAB.git
|
|
targetRevision: v0.3-gitops
|
|
maintenance:
|
|
<<: *maintenance
|
|
monitorWeb:
|
|
<<: *monitor-web
|
|
gitMirror:
|
|
source: source.gitMirrorReadUrl
|
|
preSync: not-required
|
|
postFlush: not-required
|
|
confirmWait:
|
|
<<: *confirm-wait
|
|
publishCurrent:
|
|
<<: *publish-current
|
|
|
|
sentinels:
|
|
jd01-web-probe-sentinel:
|
|
sentinel:
|
|
<<: *sentinel-base
|
|
id: jd01-web-probe-sentinel
|
|
configRefs:
|
|
runtime: config/hwlab-web-probe-sentinel/profiles.yaml#nodes.${NODE}.sentinels.${nodeLower}-web-probe-sentinel.runtime
|
|
scenarios: config/hwlab-web-probe-sentinel/scenarios.multi-sentinel.yaml#sentinel.scenarios
|
|
promptSet: config/hwlab-web-probe-sentinel/prompt-set.dsflash-go.yaml#sentinel.promptSet
|
|
reportViews: config/hwlab-web-probe-sentinel/report-views.multi-sentinel.yaml#sentinel.reportViews
|
|
publicExposure: config/hwlab-web-probe-sentinel/profiles.yaml#nodes.${NODE}.sentinels.${nodeLower}-web-probe-sentinel.publicExposure
|
|
cicd: config/hwlab-web-probe-sentinel/profiles.yaml#nodes.${NODE}.sentinels.${nodeLower}-web-probe-sentinel.cicd
|
|
secrets: config/hwlab-web-probe-sentinel/profiles.yaml#nodes.${NODE}.sentinels.${nodeLower}-web-probe-sentinel.secrets
|
|
runtime:
|
|
<<: *runtime-common
|
|
target:
|
|
<<: *jd01-target
|
|
observeWrapperRef: config/hwlab-node-lanes.yaml#lanes.${LANE}.targets.${NODE}.observability.webProbe.sentinels[0]
|
|
serviceAccountName: hwlab-web-probe-sentinel-${nodeLower}
|
|
deploymentName: hwlab-web-probe-sentinel-${nodeLower}
|
|
serviceName: hwlab-web-probe-sentinel-${nodeLower}
|
|
pvcName: hwlab-web-probe-sentinel-${nodeLower}-state
|
|
stateRoot: /var/lib/web-probe-sentinel-${nodeLower}
|
|
imageRef: 127.0.0.1:5000/hwlab/web-probe-sentinel-${nodeLower}:source-commit
|
|
scheduler:
|
|
<<: *scheduler-10m
|
|
sqlite:
|
|
<<: *sqlite-common
|
|
path: /var/lib/web-probe-sentinel-${nodeLower}/index.sqlite
|
|
publicExposure:
|
|
<<: *public-exposure-common
|
|
publicBaseUrl: https://monitor.pikapython.com/sentinels/${nodeLower}-web-probe-sentinel
|
|
routePrefix: /sentinels/${nodeLower}-web-probe-sentinel
|
|
frpc:
|
|
<<: *frpc-common
|
|
deploymentName: hwlab-web-probe-sentinel-${nodeLower}-frpc
|
|
secretName: hwlab-web-probe-sentinel-${nodeLower}-frpc
|
|
httpProxy:
|
|
name: hwlab-${nodeLower}-${lane}-web-probe-sentinel
|
|
remotePort: 22098
|
|
localIP: hwlab-web-probe-sentinel-${nodeLower}.hwlab-${lane}.svc.cluster.local
|
|
localPort: 8080
|
|
caddy:
|
|
<<: *caddy-common
|
|
managedBlockOwner: hwlab-web-probe-sentinel-${nodeLower}-${lane}
|
|
cicd:
|
|
<<: *jd01-cicd-common
|
|
builder:
|
|
<<: *cicd-builder
|
|
jobPrefix: web-probe-sentinel-${nodeLower}-publish
|
|
gitopsPath: deploy/gitops/node/${nodeLower}/web-probe-sentinel
|
|
argo:
|
|
<<: *jd01-argo
|
|
applicationName: hwlab-web-probe-sentinel-${nodeLower}
|
|
image:
|
|
repository: 127.0.0.1:5000/hwlab/web-probe-sentinel-${nodeLower}
|
|
tagSource: source-commit
|
|
baseImageRef: config/hwlab-node-control-plane.yaml#targets[1].tekton.toolsImage.output
|
|
envRecipeRef: config/hwlab-web-probe-sentinel/profiles.yaml#nodes.${NODE}.sentinels.${nodeLower}-web-probe-sentinel.runtime
|
|
targetValidation:
|
|
scenarioId: workbench-dsflash-go-hwpod-two-turn-freeze-repro
|
|
maxSeconds: 600
|
|
serviceUnavailablePolicy: structured-failure
|
|
cadenceScheduler:
|
|
enabled: true
|
|
reason: k8s-native-periodic-quick-verify
|
|
concurrencyPolicy: Forbid
|
|
startingDeadlineSeconds: 600
|
|
successfulJobsHistoryLimit: 3
|
|
failedJobsHistoryLimit: 5
|
|
activeDeadlineSlackSeconds: 60
|
|
ttlSecondsAfterFinished: 86400
|
|
backoffLimit: 0
|
|
secrets:
|
|
sources:
|
|
- <<: *jd01-bootstrap-source
|
|
- <<: *dsflash-prompt-source
|
|
- purpose: account-a
|
|
sourceRef: .env/HWLAB_admin.txt
|
|
sourceKey: HWLAB_BOOTSTRAP_ADMIN_PASSWORD
|
|
sourceLine: 2
|
|
format: web-account-json
|
|
usernameSourceRef: .env/HWLAB_admin.txt
|
|
usernameSourceLine: 1
|
|
- purpose: account-b
|
|
sourceRef: hwlab/${nodeLower}-${lane}-preset-users.env
|
|
sourceKey: ${NODE}_SECOND_USER_PASSWORD
|
|
format: web-account-json
|
|
username: ${nodeLower}-sentinel@hwlab.local
|
|
- <<: *frp-token-source
|
|
runtimeSecrets:
|
|
- name: hwlab-web-probe-sentinel-${nodeLower}-bootstrap
|
|
namespace: hwlab-${lane}
|
|
data:
|
|
- sourcePurpose: bootstrap-admin
|
|
targetKey: bootstrap-admin-password
|
|
- name: hwlab-web-probe-sentinel-${nodeLower}-prompt-set
|
|
namespace: hwlab-${lane}
|
|
data:
|
|
- sourcePurpose: prompt-set
|
|
targetKey: prompts.json
|
|
- name: hwlab-web-probe-sentinel-${nodeLower}-accounts
|
|
namespace: hwlab-${lane}
|
|
data:
|
|
- sourcePurpose: account-a
|
|
targetKey: account-a.json
|
|
- sourcePurpose: account-b
|
|
targetKey: account-b.json
|
|
- name: hwlab-web-probe-sentinel-${nodeLower}-frpc
|
|
namespace: hwlab-${lane}
|
|
data:
|
|
- sourcePurpose: frp-token
|
|
targetKey: token
|