Files
pikasTech-unidesk/config/hwlab-node-control-plane.yaml
T
2026-06-27 15:40:25 +00:00

495 lines
20 KiB
YAML

version: 1
kind: hwlab-node-control-plane
metadata:
owner: unidesk
relatedIssues:
- 290
- 491
- 1010
- 1119
- 1148
imagePolicy:
requireReproducibleBuildSource: true
forbidPrivateOrNodeLocalImagesAsInputs: true
allowNodeLocalRegistryAsBuildOutput: true
requiredSourceKinds:
- dockerfile
- docker-compose
nodes:
D601:
route: D601
kubeRoute: D601:k3s
k3s:
serviceName: k3s
dropInPath: /etc/systemd/system/k3s.service.d/20-unidesk-node-config.conf
nodeStatusName: d601
execStartPre:
- - -/usr/bin/umount
- /Docker/host
serverArgs:
- server
- --disable
- traefik
- --disable
- servicelb
- --disable
- metrics-server
- --node-name
- D601
- --node-label
- unidesk.ai/node-id=D601
- --node-label
- unidesk.ai/provider-id=D601
- --tls-san
- 127.0.0.1
- --tls-san
- host.docker.internal
- --write-kubeconfig-mode
- "644"
- --kubelet-arg
- image-gc-high-threshold=95
- --kubelet-arg
- image-gc-low-threshold=90
- --kubelet-arg
- max-pods=500
kubelet:
maxPods: 500
registry:
endpoint: 127.0.0.1:5000
egressProxy:
mode: k8s-service-cluster-ip
clientName: d601-global-proxy
namespace: platform-infra
serviceName: sub2api-egress-proxy
port: 10808
sourceConfigRef: config/platform-infra/egress-proxy-sources.yaml#sources.master-shadowsocks
noProxy:
- localhost
- 127.0.0.1
- ::1
- 127.0.0.1:5000
- localhost:5000
- .svc
- .svc.cluster.local
- .cluster.local
- kubernetes
- kubernetes.default
- kubernetes.default.svc
- 10.0.0.0/8
- 10.42.0.0/16
- 10.43.0.0/16
- 172.16.0.0/12
- 192.168.0.0/16
- 82.156.23.220
- 74.48.78.17
- hyueapi.com
- .hyueapi.com
D518:
route: D518
kubeRoute: D518:k3s
k3s:
serviceName: k3s
dropInPath: /etc/systemd/system/k3s.service.d/20-unidesk-node-config.conf
nodeStatusName: d518
execStartPre:
- - -/usr/bin/umount
- /Docker/host
serverArgs:
- server
- --disable
- traefik
- --disable
- servicelb
- --disable
- metrics-server
- --node-name
- D518
- --node-label
- unidesk.ai/node-id=D518
- --node-label
- unidesk.ai/provider-id=D518
- --tls-san
- 127.0.0.1
- --tls-san
- host.docker.internal
- --write-kubeconfig-mode
- "644"
- --kubelet-arg
- image-gc-high-threshold=95
- --kubelet-arg
- image-gc-low-threshold=90
- --kubelet-arg
- max-pods=500
kubelet:
maxPods: 500
registry:
endpoint: 127.0.0.1:5000
egressProxy:
mode: k8s-service-cluster-ip
clientName: d518-global-proxy
namespace: platform-infra
serviceName: sub2api-egress-proxy
port: 10808
sourceConfigRef: config/platform-infra/egress-proxy-sources.yaml#sources.master-shadowsocks
noProxy:
- localhost
- 127.0.0.1
- ::1
- 127.0.0.1:5000
- localhost:5000
- .svc
- .svc.cluster.local
- .cluster.local
- kubernetes
- kubernetes.default
- kubernetes.default.svc
- 10.0.0.0/8
- 10.42.0.0/16
- 10.43.0.0/16
- 172.16.0.0/12
- 192.168.0.0/16
- 82.156.23.220
- 74.48.78.17
- hyueapi.com
- .hyueapi.com
targets:
- id: d601-v03
node: D601
lane: v03
enabled: true
ciNamespace: hwlab-ci
runtimeNamespace: hwlab-v03
source:
repository: pikasTech/HWLAB
branch: v0.3
gitops:
branch: v0.3-gitops
path: deploy/gitops/node/d601/runtime-v03
gitMirror:
namespace: devops-infra
serviceReadName: git-mirror-http
serviceWriteName: git-mirror-write
cachePvcName: hwlab-git-mirror-cache
cachePvcStorage: 20Gi
cacheHostPath: /var/lib/rancher/k3s/storage/hwlab-d601-v03-git-mirror-cache
servicePort: 8080
deploymentReplicas: 1
secretName: git-mirror-github-ssh
syncConfigMapName: git-mirror-sync-script
syncJobPrefix: git-mirror-hwlab-d601-v03-sync-manual
flushJobPrefix: git-mirror-hwlab-d601-v03-flush-manual
readUrl: http://git-mirror-http.devops-infra.svc.cluster.local/pikasTech/HWLAB.git
writeUrl: http://git-mirror-write.devops-infra.svc.cluster.local/pikasTech/HWLAB.git
egressProxy:
mode: node-global
required: true
githubTransport:
mode: ssh
privateKeySecretKey: ssh-privatekey
privateKeySourceRef: github/hwlab-git-mirror-ssh.env
privateKeySourceKey: GITHUB_SSH_PRIVATE_KEY_B64
privateKeySourceEncoding: base64
knownHostsSecretKey: known_hosts
knownHostsSourceRef: github/hwlab-git-mirror-ssh.env
knownHostsSourceKey: GITHUB_KNOWN_HOSTS_B64
knownHostsSourceEncoding: base64
tekton:
pipelineName: hwlab-d601-v03-ci-image-publish
serviceAccountName: hwlab-d601-v03-tekton-runner
pipelineRunPrefix: hwlab-d601-v03-ci-poll
gitWorkspaceSecret:
name: hwlab-git-ssh
namespace: hwlab-ci
sourceRefFrom: gitMirror.githubTransport
privateKeySecretKey: ssh-privatekey
knownHostsSecretKey: known_hosts
runtimeObserverRbac:
namespace: hwlab-v03
roleName: hwlab-d601-v03-runtime-observer
roleBindingName: hwlab-d601-v03-runtime-observer
argoObserverRbac:
namespace: argocd
roleName: hwlab-d601-v03-argo-observer
roleBindingName: hwlab-d601-v03-argo-observer
toolsImage:
output: 127.0.0.1:5000/hwlab/hwlab-ci-node-tools:node22-alpine-bun-v1
imagePullPolicy: Always
sourceKind: dockerfile
context: .
dockerfileInline:
filename: hwlab-ci-node-tools.public.Dockerfile
lines:
- FROM docker.io/library/golang:1.24-bookworm AS golang-toolchain
- FROM 127.0.0.1:5000/hwlab/hwlab-ci-node-tools:node22-alpine-bun-v1
- ARG HTTP_PROXY
- ARG HTTPS_PROXY
- ARG ALL_PROXY
- ARG NO_PROXY
- ARG http_proxy
- ARG https_proxy
- ARG all_proxy
- ARG no_proxy
- COPY --from=golang-toolchain /usr/local/go /usr/local/go
- ENV PATH=/usr/local/go/bin:$PATH
- RUN ln -sf /usr/local/bin/bun /usr/local/bin/bunx
- ENV HWLAB_CI_NODE_DEPS=/opt/hwlab-ci-node-deps/node_modules
- RUN set -eu; export HTTP_PROXY="${HTTP_PROXY:-${http_proxy:-}}"; export HTTPS_PROXY="${HTTPS_PROXY:-${https_proxy:-$HTTP_PROXY}}"; export ALL_PROXY="${ALL_PROXY:-${all_proxy:-}}"; export NO_PROXY="${NO_PROXY:-${no_proxy:-}}"; export http_proxy="$HTTP_PROXY"; export https_proxy="$HTTPS_PROXY"; export all_proxy="$ALL_PROXY"; export no_proxy="$NO_PROXY"; export npm_config_registry="https://registry.npmmirror.com/"; export BUN_CONFIG_REGISTRY="https://registry.npmmirror.com/"; export npm_config_noproxy="$NO_PROXY"; if [ -n "$HTTP_PROXY" ]; then export npm_config_proxy="$HTTP_PROXY"; fi; if [ -n "$HTTPS_PROXY" ]; then export npm_config_https_proxy="$HTTPS_PROXY"; fi; export npm_config_fetch_retries=2; export npm_config_fetch_retry_mintimeout=2000; export npm_config_fetch_retry_maxtimeout=16000; export npm_config_fetch_timeout=120000; proxy_label="${HTTP_PROXY:+HTTP_PROXY}"; proxy_label="${proxy_label:-none}"; mkdir -p /opt/hwlab-ci-node-deps; cd /opt/hwlab-ci-node-deps; printf '{"private":true,"dependencies":{}}\n' > package.json; ok=0; delay=2; for attempt in 1 2 3 4 5; do echo "{\"event\":\"tools-yaml-node-npm-install\",\"attempt\":\"$attempt/5\",\"registry\":\"$npm_config_registry\",\"proxy\":\"$proxy_label\"}" >&2; if timeout 180s npm install --package-lock=false --no-save --ignore-scripts --no-audit --no-fund --omit=dev yaml@2.8.3; then ok=1; break; fi; if [ "$attempt" = 5 ]; then break; fi; echo "{\"event\":\"tools-yaml-node-npm-install\",\"status\":\"retrying\",\"attempt\":\"$attempt/5\",\"sleepSeconds\":$delay}" >&2; sleep "$delay"; delay=$((delay * 2)); done; test "$ok" = 1; node --input-type=module -e 'import("/opt/hwlab-ci-node-deps/node_modules/yaml/browser/dist/index.js").then((yaml)=>console.log("yaml-ok", typeof yaml.parse))'
- RUN node --version && npm --version && bun --version && git --version && python3 --version && docker --version && ssh -V && go version
buildArgs: {}
buildNetwork: host
publicBaseImages:
- docker.io/library/node:22-bookworm-slim
- docker.io/library/golang:1.24-bookworm
- docker.io/oven/bun:1.3.13
- docker.io/buildpack-deps:bookworm-scm
- docker.io/library/python:3.12-slim-bookworm
- docker.io/docker:29-cli
buildOwner: D601
buildMode: node-local
ciBuildBenchmarks:
- profile: no-mirror-full
runtimeLaneConfigRef: config/hwlab-node-lanes.yaml#lanes.v03.targets.D601
pipelineRunPrefix: hwlab-v03-ci-bench
catalogPathTemplate: .unidesk/ci-build-benchmark/{profile}/{pipelineRun}/artifact-catalog.json
imageTagMode: full
pipelineTimeoutSeconds: 7200
cachePolicy:
noPipelineRunReuse: true
forceFullBuild: true
forbidGitopsCatalogReuse: true
forbidDependencyCache: true
forbidBuildkitCache: true
forbidRegistryMirror: true
forbidLocalPreheatedImages: true
timings:
requiredStages:
- source-fetch
- dependency-install
- base-image-pull
- service-image-build
- registry-push
- pipeline-total
failureFamilies:
- dns
- proxy-connect
- tls-timeout
- rate-limit
- auth
- cache-hit-forbidden
- image-policy
- build-script
- registry-push
argo:
namespace: argocd
projectName: hwlab-d601
applicationName: hwlab-node-v03
applicationFile: application-v03.yaml
install:
enabled: true
sourceKind: url
version: v3.4.2
manifestUrl: https://raw.githubusercontent.com/argoproj/argo-cd/v3.4.2/manifests/install.yaml
fieldManager: unidesk-hwlab-node-argocd
imagePullPolicy: IfNotPresent
preloadImages:
- 127.0.0.1:5000/hwlab/argocd:v3.4.2
- 127.0.0.1:5000/hwlab/dex:v2.45.0
- 127.0.0.1:5000/hwlab/redis:8.2.3-alpine
imageRewrites:
- source: quay.io/argoproj/argocd:v3.4.2
pullImage: quay.m.daocloud.io/argoproj/argocd:v3.4.2
target: 127.0.0.1:5000/hwlab/argocd:v3.4.2
- source: ghcr.io/dexidp/dex:v2.45.0
pullImage: ghcr.m.daocloud.io/dexidp/dex:v2.45.0
target: 127.0.0.1:5000/hwlab/dex:v2.45.0
- source: public.ecr.aws/docker/library/redis:8.2.3-alpine
pullImage: docker.m.daocloud.io/library/redis:8.2.3-alpine
target: 127.0.0.1:5000/hwlab/redis:8.2.3-alpine
requiredCrds:
- applications.argoproj.io
- appprojects.argoproj.io
expectedDeployments:
- argocd-applicationset-controller
- argocd-dex-server
- argocd-notifications-controller
- argocd-redis
- argocd-repo-server
- argocd-server
expectedStatefulSets:
- argocd-application-controller
readinessTimeoutSeconds: 600
- id: d518-v03
node: D518
lane: v03
enabled: true
ciNamespace: hwlab-ci
runtimeNamespace: hwlab-v03
source:
repository: pikasTech/HWLAB
branch: v0.3
gitops:
branch: v0.3-gitops
path: deploy/gitops/node/d518/runtime-v03
gitMirror:
namespace: devops-infra
serviceReadName: git-mirror-http
serviceWriteName: git-mirror-write
cachePvcName: hwlab-git-mirror-cache
cachePvcStorage: 20Gi
cacheHostPath: /var/lib/rancher/k3s/storage/hwlab-d518-v03-git-mirror-cache
servicePort: 8080
deploymentReplicas: 1
secretName: git-mirror-github-ssh
syncConfigMapName: git-mirror-sync-script
syncJobPrefix: git-mirror-hwlab-d518-v03-sync-manual
flushJobPrefix: git-mirror-hwlab-d518-v03-flush-manual
readUrl: http://git-mirror-http.devops-infra.svc.cluster.local:8080/pikasTech/HWLAB.git
writeUrl: http://git-mirror-write.devops-infra.svc.cluster.local:8080/pikasTech/HWLAB.git
egressProxy:
mode: node-global
required: true
githubTransport:
mode: ssh
privateKeySecretKey: ssh-privatekey
privateKeySourceRef: github/hwlab-git-mirror-ssh.env
privateKeySourceKey: GITHUB_SSH_PRIVATE_KEY_B64
privateKeySourceEncoding: base64
knownHostsSecretKey: known_hosts
knownHostsSourceRef: github/hwlab-git-mirror-ssh.env
knownHostsSourceKey: GITHUB_KNOWN_HOSTS_B64
knownHostsSourceEncoding: base64
tekton:
pipelineName: hwlab-d518-v03-ci-image-publish
serviceAccountName: hwlab-d518-v03-tekton-runner
pipelineRunPrefix: hwlab-d518-v03-ci-poll
gitWorkspaceSecret:
name: hwlab-git-ssh
namespace: hwlab-ci
sourceRefFrom: gitMirror.githubTransport
privateKeySecretKey: ssh-privatekey
knownHostsSecretKey: known_hosts
runtimeObserverRbac:
namespace: hwlab-v03
roleName: hwlab-d518-v03-runtime-observer
roleBindingName: hwlab-d518-v03-runtime-observer
argoObserverRbac:
namespace: argocd
roleName: hwlab-d518-v03-argo-observer
roleBindingName: hwlab-d518-v03-argo-observer
toolsImage:
output: 127.0.0.1:5000/hwlab/hwlab-ci-node-tools:node22-alpine-bun-v1
imagePullPolicy: Always
sourceKind: dockerfile
context: .
dockerfileInline:
filename: hwlab-ci-node-tools.public.Dockerfile
lines:
- FROM docker.io/oven/bun:1.3.13 AS bun-runtime
- FROM docker.io/docker:29-cli AS docker-cli
- FROM docker.io/library/golang:1.24-bookworm AS golang-toolchain
- FROM docker.io/library/node:22-bookworm-slim AS node-runtime
- FROM docker.io/library/python:3.12-bookworm
- ARG HTTP_PROXY
- ARG HTTPS_PROXY
- ARG ALL_PROXY
- ARG NO_PROXY
- ARG http_proxy
- ARG https_proxy
- ARG all_proxy
- ARG no_proxy
- COPY --from=golang-toolchain /usr/local/go /usr/local/go
- COPY --from=node-runtime /usr/local/bin/node /usr/local/bin/node
- COPY --from=node-runtime /usr/local/lib/node_modules /usr/local/lib/node_modules
- COPY --from=bun-runtime /usr/local/bin/bun /usr/local/bin/bun
- COPY --from=docker-cli /usr/local/bin/docker /usr/local/bin/docker
- ENV PATH=/usr/local/go/bin:$PATH
- RUN ln -sf /usr/local/lib/node_modules/npm/bin/npm-cli.js /usr/local/bin/npm && ln -sf /usr/local/lib/node_modules/npm/bin/npx-cli.js /usr/local/bin/npx
- RUN ln -sf /usr/local/bin/bun /usr/local/bin/bunx
- ENV HWLAB_CI_NODE_DEPS=/opt/hwlab-ci-node-deps/node_modules
- RUN set -eu; unset HTTP_PROXY HTTPS_PROXY ALL_PROXY http_proxy https_proxy all_proxy; export npm_config_registry="https://registry.npmmirror.com/"; export BUN_CONFIG_REGISTRY="https://registry.npmmirror.com/"; export npm_config_fetch_retries=2; export npm_config_fetch_retry_mintimeout=2000; export npm_config_fetch_retry_maxtimeout=16000; export npm_config_fetch_timeout=120000; mkdir -p /opt/hwlab-ci-node-deps; cd /opt/hwlab-ci-node-deps; printf '{"private":true,"dependencies":{}}\n' > package.json; ok=0; delay=2; for attempt in 1 2 3 4 5; do echo "{\"event\":\"tools-yaml-node-npm-install\",\"attempt\":\"$attempt/5\",\"registry\":\"$npm_config_registry\",\"proxy\":\"none\"}" >&2; if timeout 180s npm install --package-lock=false --no-save --ignore-scripts --no-audit --no-fund --omit=dev yaml@2.8.3; then ok=1; break; fi; if [ "$attempt" = 5 ]; then break; fi; echo "{\"event\":\"tools-yaml-node-npm-install\",\"status\":\"retrying\",\"attempt\":\"$attempt/5\",\"sleepSeconds\":$delay}" >&2; sleep "$delay"; delay=$((delay * 2)); done; test "$ok" = 1; node --input-type=module -e 'import("/opt/hwlab-ci-node-deps/node_modules/yaml/browser/dist/index.js").then((yaml)=>console.log("yaml-ok", typeof yaml.parse))'
- RUN node --version && npm --version && bun --version && git --version && python3 --version && docker --version && ssh -V && go version
buildArgs: {}
buildNetwork: host
publicBaseImages:
- docker.io/library/node:22-bookworm-slim
- docker.io/library/golang:1.24-bookworm
- docker.io/oven/bun:1.3.13
- docker.io/buildpack-deps:bookworm-scm
- docker.io/library/python:3.12-bookworm
- docker.io/docker:29-cli
buildOwner: D518
buildMode: node-local
ciBuildBenchmarks:
- profile: no-mirror-full
runtimeLaneConfigRef: config/hwlab-node-lanes.yaml#lanes.v03.targets.D518
pipelineRunPrefix: hwlab-d518-v03-ci-bench
catalogPathTemplate: .unidesk/ci-build-benchmark/{profile}/{pipelineRun}/artifact-catalog.json
imageTagMode: full
pipelineTimeoutSeconds: 7200
cachePolicy:
noPipelineRunReuse: true
forceFullBuild: true
forbidGitopsCatalogReuse: true
forbidDependencyCache: true
forbidBuildkitCache: true
forbidRegistryMirror: true
forbidLocalPreheatedImages: true
timings:
requiredStages:
- source-fetch
- dependency-install
- base-image-pull
- service-image-build
- registry-push
- pipeline-total
failureFamilies:
- dns
- proxy-connect
- tls-timeout
- rate-limit
- auth
- cache-hit-forbidden
- image-policy
- build-script
- registry-push
argo:
namespace: argocd
projectName: hwlab-d518
applicationName: hwlab-node-v03
applicationFile: application-v03.yaml
install:
enabled: true
sourceKind: url
version: v3.4.2
manifestUrl: https://raw.githubusercontent.com/argoproj/argo-cd/v3.4.2/manifests/install.yaml
fieldManager: unidesk-hwlab-node-argocd
imagePullPolicy: IfNotPresent
preloadImages:
- 127.0.0.1:5000/hwlab/argocd:v3.4.2
- 127.0.0.1:5000/hwlab/dex:v2.45.0
- 127.0.0.1:5000/hwlab/redis:8.2.3-alpine
imageRewrites:
- source: quay.io/argoproj/argocd:v3.4.2
pullImage: quay.m.daocloud.io/argoproj/argocd:v3.4.2
target: 127.0.0.1:5000/hwlab/argocd:v3.4.2
- source: ghcr.io/dexidp/dex:v2.45.0
pullImage: ghcr.m.daocloud.io/dexidp/dex:v2.45.0
target: 127.0.0.1:5000/hwlab/dex:v2.45.0
- source: public.ecr.aws/docker/library/redis:8.2.3-alpine
pullImage: docker.m.daocloud.io/library/redis:8.2.3-alpine
target: 127.0.0.1:5000/hwlab/redis:8.2.3-alpine
requiredCrds:
- applications.argoproj.io
- appprojects.argoproj.io
expectedDeployments:
- argocd-applicationset-controller
- argocd-dex-server
- argocd-notifications-controller
- argocd-redis
- argocd-repo-server
- argocd-server
expectedStatefulSets:
- argocd-application-controller
readinessTimeoutSeconds: 600