Files
pikasTech-unidesk/config/hwlab-web-probe-sentinel/profiles.yaml
T
2026-06-29 08:13:34 +00:00

241 lines
9.0 KiB
YAML

version: 1
kind: HwlabWebProbeSentinelProfiles
metadata:
id: hwlab-web-probe-sentinel-profiles
owner: UniDesk
specRef: PJ2026-01060508
composition:
mode: yaml-anchors-and-merge
intent: node overlays inherit common web-probe sentinel baselines and render node/lane identity from variables.
baselines:
sentinel: &sentinel-base
enabled: true
mode: web-probe-observe-wrapper
runtime:
common: &runtime-common
namespace: hwlab-${lane}
listenHost: 0.0.0.0
servicePort: 8080
pvcStorage: 10Gi
replicas: 1
healthPath: /api/health
metricsPath: /metrics
scheduler: &scheduler-10m
intervalMs: 600000
heartbeatStaleSeconds: 900
maxConcurrentRuns: 1
scheduler15m: &scheduler-15m
intervalMs: 900000
heartbeatStaleSeconds: 900
maxConcurrentRuns: 1
sqlite: &sqlite-common
busyTimeoutMs: 2000
cicd:
source: &cicd-source
repository: pikasTech/unidesk
branch: master
gitSshUrl: ssh://git@ssh.github.com:443/pikasTech/unidesk.git
gitMirrorReadUrl: http://git-mirror-http.devops-infra.svc.cluster.local:8080/pikasTech/unidesk.git
buildContext: .
entrypoint: scripts/web-probe-sentinel-service.ts
checkoutPaths:
- scripts
- config
- config.json
- src
- package.json
- bun.lock
- bun.lockb
builder: &cicd-builder
namespace: devops-infra
sourceMode: sparse-git-checkout
gitSshSecretName: git-mirror-github-ssh
dockerSocketPath: /var/run/docker.sock
activeDeadlineSeconds: 900
ttlSecondsAfterFinished: 3600
monitorWeb: &monitor-web
frontendStack: vue3-vendored-browser-build
runtimeMode: runner-served-bridge
assetRoot: scripts/assets/web-probe-sentinel-monitor-web
envReuse:
mode: docker-layer-and-ci-node-deps
nodeDepsPath: /opt/hwlab-ci-node-deps/node_modules
gitMirror:
source: source.gitMirrorReadUrl
preSync: required
postFlush: required
ciBudget:
maxSeconds: 120
maintenance: &maintenance
startCommand: sentinel maintenance start
stopCommand: sentinel maintenance stop
confirmWait: &confirm-wait
maxSeconds: 120
publicExposure:
common: &public-exposure-common
enabled: true
mode: pk01-caddy-frp-path
hostname: monitor.pikapython.com
expectedA: 82.156.23.220
frpc: &frpc-common
image: 127.0.0.1:5000/hwlab/frpc:v0.68.1
serverAddr: 82.156.23.220
serverPort: 22000
tokenSourceRef: platform-infra/pk01-frp.env
tokenSourceKey: FRP_TOKEN
secretKey: frpc.toml
tokenKey: token
caddy: &caddy-common
route: PK01
configPath: /etc/caddy/Caddyfile
serviceName: caddy
email: ops@pikapython.com
tls: auto
responseHeaderTimeoutSeconds: 600
secrets:
jd01BootstrapSource: &jd01-bootstrap-source
purpose: bootstrap-admin
sourceRef: .env/HWLAB_admin.txt
sourceKey: HWLAB_BOOTSTRAP_ADMIN_PASSWORD
sourceLine: 2
dsflashPromptSource: &dsflash-prompt-source
purpose: prompt-set
sourceRef: hwlab/web-probe-sentinel-dsflash-go.env
sourceKey: DSFLASH_GO_TOOL_CALL_10X_PROMPTS_JSON
frpTokenSource: &frp-token-source
purpose: frp-token
sourceRef: platform-infra/pk01-frp.env
sourceKey: FRP_TOKEN
nodes:
JD01:
target: &jd01-target
node: ${NODE}
lane: ${LANE}
publicOriginRef: config/hwlab-node-lanes.yaml#lanes.${LANE}.targets.${NODE}.public.webUrl
cicdCommon: &jd01-cicd-common
controlPlaneConfigRef: config/hwlab-node-control-plane.yaml#targets[1]
source:
<<: *cicd-source
argo: &jd01-argo
namespace: argocd
projectName: hwlab-jd01
repoURL: http://git-mirror-http.devops-infra.svc.cluster.local:8080/pikasTech/HWLAB.git
targetRevision: v0.3-gitops
maintenance:
<<: *maintenance
monitorWeb:
<<: *monitor-web
confirmWait:
<<: *confirm-wait
sentinels:
jd01-web-probe-sentinel:
sentinel:
<<: *sentinel-base
id: jd01-web-probe-sentinel
configRefs:
runtime: config/hwlab-web-probe-sentinel/profiles.yaml#nodes.${NODE}.sentinels.${nodeLower}-web-probe-sentinel.runtime
scenarios: config/hwlab-web-probe-sentinel/scenarios.multi-sentinel.yaml#sentinel.scenarios
promptSet: config/hwlab-web-probe-sentinel/prompt-set.dsflash-go.yaml#sentinel.promptSet
reportViews: config/hwlab-web-probe-sentinel/report-views.multi-sentinel.yaml#sentinel.reportViews
publicExposure: config/hwlab-web-probe-sentinel/profiles.yaml#nodes.${NODE}.sentinels.${nodeLower}-web-probe-sentinel.publicExposure
cicd: config/hwlab-web-probe-sentinel/profiles.yaml#nodes.${NODE}.sentinels.${nodeLower}-web-probe-sentinel.cicd
secrets: config/hwlab-web-probe-sentinel/profiles.yaml#nodes.${NODE}.sentinels.${nodeLower}-web-probe-sentinel.secrets
runtime:
<<: *runtime-common
target:
<<: *jd01-target
observeWrapperRef: config/hwlab-node-lanes.yaml#lanes.${LANE}.targets.${NODE}.observability.webProbe.sentinels[0]
serviceAccountName: hwlab-web-probe-sentinel-${nodeLower}
deploymentName: hwlab-web-probe-sentinel-${nodeLower}
serviceName: hwlab-web-probe-sentinel-${nodeLower}
pvcName: hwlab-web-probe-sentinel-${nodeLower}-state
stateRoot: /var/lib/web-probe-sentinel-${nodeLower}
imageRef: 127.0.0.1:5000/hwlab/web-probe-sentinel-${nodeLower}:source-commit
scheduler:
<<: *scheduler-10m
sqlite:
<<: *sqlite-common
path: /var/lib/web-probe-sentinel-${nodeLower}/index.sqlite
publicExposure:
<<: *public-exposure-common
publicBaseUrl: https://monitor.pikapython.com/sentinels/${nodeLower}-web-probe-sentinel
routePrefix: /sentinels/${nodeLower}-web-probe-sentinel
frpc:
<<: *frpc-common
deploymentName: hwlab-web-probe-sentinel-${nodeLower}-frpc
secretName: hwlab-web-probe-sentinel-${nodeLower}-frpc
httpProxy:
name: hwlab-${nodeLower}-${lane}-web-probe-sentinel
remotePort: 22094
localIP: hwlab-web-probe-sentinel-${nodeLower}.hwlab-${lane}.svc.cluster.local
localPort: 8080
caddy:
<<: *caddy-common
managedBlockOwner: hwlab-web-probe-sentinel-${nodeLower}-${lane}
cicd:
<<: *jd01-cicd-common
builder:
<<: *cicd-builder
jobPrefix: web-probe-sentinel-${nodeLower}-publish
gitopsPath: deploy/gitops/node/${nodeLower}/web-probe-sentinel
argo:
<<: *jd01-argo
applicationName: hwlab-web-probe-sentinel-${nodeLower}
image:
repository: 127.0.0.1:5000/hwlab/web-probe-sentinel-${nodeLower}
tagSource: source-commit
baseImageRef: config/hwlab-node-control-plane.yaml#targets[1].tekton.toolsImage.output
envRecipeRef: config/hwlab-web-probe-sentinel/profiles.yaml#nodes.${NODE}.sentinels.${nodeLower}-web-probe-sentinel.runtime
targetValidation:
scenarioId: workbench-dsflash-go-tool-call-10x
maxSeconds: 300
serviceUnavailablePolicy: structured-failure
secrets:
sources:
- <<: *jd01-bootstrap-source
- <<: *dsflash-prompt-source
- purpose: account-a
sourceRef: .env/HWLAB_admin.txt
sourceKey: HWLAB_BOOTSTRAP_ADMIN_PASSWORD
sourceLine: 2
format: web-account-json
usernameSourceRef: .env/HWLAB_admin.txt
usernameSourceLine: 1
- purpose: account-b
sourceRef: hwlab/${nodeLower}-${lane}-preset-users.env
sourceKey: ${NODE}_SECOND_USER_PASSWORD
format: web-account-json
username: ${nodeLower}-sentinel@hwlab.local
- <<: *frp-token-source
runtimeSecrets:
- name: hwlab-web-probe-sentinel-${nodeLower}-bootstrap
namespace: hwlab-${lane}
data:
- sourcePurpose: bootstrap-admin
targetKey: bootstrap-admin-password
- name: hwlab-web-probe-sentinel-${nodeLower}-prompt-set
namespace: hwlab-${lane}
data:
- sourcePurpose: prompt-set
targetKey: prompts.json
- name: hwlab-web-probe-sentinel-${nodeLower}-accounts
namespace: hwlab-${lane}
data:
- sourcePurpose: account-a
targetKey: account-a.json
- sourcePurpose: account-b
targetKey: account-b.json
- name: hwlab-web-probe-sentinel-${nodeLower}-frpc
namespace: hwlab-${lane}
data:
- sourcePurpose: frp-token
targetKey: token