876 lines
35 KiB
YAML
876 lines
35 KiB
YAML
version: 1
|
|
kind: hwlab-node-control-plane
|
|
metadata:
|
|
owner: unidesk
|
|
relatedIssues:
|
|
- 290
|
|
- 491
|
|
- 1010
|
|
- 1119
|
|
- 1148
|
|
- 1234
|
|
imagePolicy:
|
|
requireReproducibleBuildSource: true
|
|
forbidPrivateOrNodeLocalImagesAsInputs: true
|
|
allowNodeLocalRegistryAsBuildOutput: true
|
|
requiredSourceKinds:
|
|
- dockerfile
|
|
- docker-compose
|
|
nodes:
|
|
D601:
|
|
route: D601
|
|
kubeRoute: D601:k3s
|
|
k3s:
|
|
serviceName: k3s
|
|
dropInPath: /etc/systemd/system/k3s.service.d/20-unidesk-node-config.conf
|
|
nodeStatusName: d601
|
|
execStartPre:
|
|
- - -/usr/bin/umount
|
|
- /Docker/host
|
|
serverArgs:
|
|
- server
|
|
- --disable
|
|
- traefik
|
|
- --disable
|
|
- servicelb
|
|
- --disable
|
|
- metrics-server
|
|
- --node-name
|
|
- D601
|
|
- --node-label
|
|
- unidesk.ai/node-id=D601
|
|
- --node-label
|
|
- unidesk.ai/provider-id=D601
|
|
- --tls-san
|
|
- 127.0.0.1
|
|
- --tls-san
|
|
- host.docker.internal
|
|
- --write-kubeconfig-mode
|
|
- "644"
|
|
- --kubelet-arg
|
|
- image-gc-high-threshold=95
|
|
- --kubelet-arg
|
|
- image-gc-low-threshold=90
|
|
- --kubelet-arg
|
|
- max-pods=500
|
|
kubelet:
|
|
maxPods: 500
|
|
registry:
|
|
mode: host-docker
|
|
endpoint: 127.0.0.1:5000
|
|
egressProxy:
|
|
mode: k8s-service-cluster-ip
|
|
clientName: d601-global-proxy
|
|
namespace: platform-infra
|
|
serviceName: sub2api-egress-proxy
|
|
port: 10808
|
|
sourceConfigRef: config/platform-infra/egress-proxy-sources.yaml#sources.master-shadowsocks
|
|
noProxy:
|
|
- localhost
|
|
- 127.0.0.1
|
|
- ::1
|
|
- 127.0.0.1:5000
|
|
- localhost:5000
|
|
- .svc
|
|
- .svc.cluster.local
|
|
- .cluster.local
|
|
- kubernetes
|
|
- kubernetes.default
|
|
- kubernetes.default.svc
|
|
- 10.0.0.0/8
|
|
- 10.42.0.0/16
|
|
- 10.43.0.0/16
|
|
- 172.16.0.0/12
|
|
- 192.168.0.0/16
|
|
- 82.156.23.220
|
|
- 74.48.78.17
|
|
- hyueapi.com
|
|
- .hyueapi.com
|
|
D518:
|
|
route: D518
|
|
kubeRoute: D518:k3s
|
|
k3s:
|
|
serviceName: k3s
|
|
dropInPath: /etc/systemd/system/k3s.service.d/20-unidesk-node-config.conf
|
|
nodeStatusName: d518
|
|
execStartPre:
|
|
- - -/usr/bin/umount
|
|
- /Docker/host
|
|
serverArgs:
|
|
- server
|
|
- --disable
|
|
- traefik
|
|
- --disable
|
|
- servicelb
|
|
- --disable
|
|
- metrics-server
|
|
- --node-name
|
|
- D518
|
|
- --node-label
|
|
- unidesk.ai/node-id=D518
|
|
- --node-label
|
|
- unidesk.ai/provider-id=D518
|
|
- --tls-san
|
|
- 127.0.0.1
|
|
- --tls-san
|
|
- host.docker.internal
|
|
- --write-kubeconfig-mode
|
|
- "644"
|
|
- --kubelet-arg
|
|
- image-gc-high-threshold=95
|
|
- --kubelet-arg
|
|
- image-gc-low-threshold=90
|
|
- --kubelet-arg
|
|
- max-pods=500
|
|
kubelet:
|
|
maxPods: 500
|
|
registry:
|
|
mode: host-docker
|
|
endpoint: 127.0.0.1:5000
|
|
egressProxy:
|
|
mode: k8s-service-cluster-ip
|
|
clientName: d518-global-proxy
|
|
namespace: platform-infra
|
|
serviceName: sub2api-egress-proxy
|
|
port: 10808
|
|
sourceConfigRef: config/platform-infra/egress-proxy-sources.yaml#sources.master-shadowsocks
|
|
noProxy:
|
|
- localhost
|
|
- 127.0.0.1
|
|
- ::1
|
|
- 127.0.0.1:5000
|
|
- localhost:5000
|
|
- .svc
|
|
- .svc.cluster.local
|
|
- .cluster.local
|
|
- kubernetes
|
|
- kubernetes.default
|
|
- kubernetes.default.svc
|
|
- 10.0.0.0/8
|
|
- 10.42.0.0/16
|
|
- 10.43.0.0/16
|
|
- 172.16.0.0/12
|
|
- 192.168.0.0/16
|
|
- 82.156.23.220
|
|
- 74.48.78.17
|
|
- hyueapi.com
|
|
- .hyueapi.com
|
|
JD01:
|
|
route: JD01
|
|
kubeRoute: JD01:k3s
|
|
k3s:
|
|
serviceName: k3s
|
|
dropInPath: /etc/systemd/system/k3s.service.d/20-unidesk-node-config.conf
|
|
nodeStatusName: jd01
|
|
execStartPre: []
|
|
install:
|
|
enabled: true
|
|
channel: stable
|
|
version: v1.36.2+k3s1
|
|
installScriptUrl: https://get.k3s.io
|
|
binaryUrl: https://github.com/k3s-io/k3s/releases/download/v1.36.2%2Bk3s1/k3s
|
|
sha256Url: https://github.com/k3s-io/k3s/releases/download/v1.36.2%2Bk3s1/sha256sum-amd64.txt
|
|
expectedSha256: 65a55ec56c24eab44383086166ec620a491952b7e23941a49ddca6e8a4c4b4de
|
|
hostProxyConfigRef: config/platform-infra/host-proxy.yaml#targets.JD01
|
|
proxyEnvPath: /etc/unidesk/proxy.env
|
|
registriesYamlPath: /etc/rancher/k3s/registries.yaml
|
|
localRegistry:
|
|
containerName: registry
|
|
image: docker.m.daocloud.io/library/registry:2
|
|
canonicalImage: registry:2
|
|
bind: 127.0.0.1:5000:5000
|
|
state:
|
|
dir: /root/.unidesk/k3s-install
|
|
logPath: /root/.unidesk/k3s-install/install.log
|
|
statusPath: /root/.unidesk/k3s-install/status.json
|
|
downloads:
|
|
connectTimeoutSeconds: 15
|
|
maxTimeSeconds: 1200
|
|
retry: 8
|
|
retryDelaySeconds: 5
|
|
serverArgs:
|
|
- server
|
|
- --disable
|
|
- traefik
|
|
- --disable
|
|
- servicelb
|
|
- --disable
|
|
- metrics-server
|
|
- --node-name
|
|
- JD01
|
|
- --node-label
|
|
- unidesk.ai/node-id=JD01
|
|
- --node-label
|
|
- unidesk.ai/provider-id=JD01
|
|
- --tls-san
|
|
- 127.0.0.1
|
|
- --tls-san
|
|
- host.docker.internal
|
|
- --write-kubeconfig-mode
|
|
- "644"
|
|
- --kubelet-arg
|
|
- image-gc-high-threshold=95
|
|
- --kubelet-arg
|
|
- image-gc-low-threshold=90
|
|
- --kubelet-arg
|
|
- max-pods=500
|
|
kubelet:
|
|
maxPods: 500
|
|
registry:
|
|
mode: k8s-workload
|
|
endpoint: 127.0.0.1:5000
|
|
namespace: devops-infra
|
|
deploymentName: node-local-registry
|
|
serviceName: node-local-registry
|
|
pvcName: node-local-registry-storage
|
|
storage: 20Gi
|
|
image: docker.m.daocloud.io/library/registry:2
|
|
imagePullPolicy: IfNotPresent
|
|
containerPort: 5000
|
|
listenHost: 127.0.0.1
|
|
listenPort: 5000
|
|
hostNetwork: true
|
|
egressProxy:
|
|
mode: host-route
|
|
clientName: jd01-host-proxy
|
|
hostProxyConfigRef: config/platform-infra/host-proxy.yaml#targets.JD01
|
|
proxyEnvPath: /etc/unidesk/proxy.env
|
|
proxyUrl: http://10.42.0.1:10808
|
|
noProxy:
|
|
- localhost
|
|
- 127.0.0.1
|
|
- ::1
|
|
- 127.0.0.1:5000
|
|
- localhost:5000
|
|
- .svc
|
|
- .svc.cluster.local
|
|
- .cluster.local
|
|
- kubernetes
|
|
- kubernetes.default
|
|
- kubernetes.default.svc
|
|
- argocd-repo-server
|
|
- argocd-repo-server.argocd
|
|
- argocd-redis
|
|
- argocd-redis.argocd
|
|
- git-mirror-http
|
|
- git-mirror-http.devops-infra
|
|
- git-mirror-write
|
|
- git-mirror-write.devops-infra
|
|
- 10.0.0.0/8
|
|
- 10.42.0.0/16
|
|
- 10.43.0.0/16
|
|
- 172.16.0.0/12
|
|
- 192.168.0.0/16
|
|
- 82.156.23.220
|
|
- 74.48.78.17
|
|
- hyueapi.com
|
|
- .hyueapi.com
|
|
|
|
targets:
|
|
- id: d601-v03
|
|
node: D601
|
|
lane: v03
|
|
enabled: true
|
|
ciNamespace: hwlab-ci
|
|
runtimeNamespace: hwlab-v03
|
|
source:
|
|
repository: pikasTech/HWLAB
|
|
branch: v0.3
|
|
gitops:
|
|
branch: v0.3-gitops
|
|
path: deploy/gitops/node/d601/runtime-v03
|
|
gitMirror:
|
|
namespace: devops-infra
|
|
serviceReadName: git-mirror-http
|
|
serviceWriteName: git-mirror-write
|
|
cachePvcName: hwlab-git-mirror-cache
|
|
cachePvcStorage: 20Gi
|
|
cacheHostPath: /var/lib/rancher/k3s/storage/hwlab-d601-v03-git-mirror-cache
|
|
servicePort: 8080
|
|
readContainerPort: 8080
|
|
writeContainerPort: 8080
|
|
deploymentReplicas: 1
|
|
secretName: git-mirror-github-ssh
|
|
syncConfigMapName: git-mirror-sync-script
|
|
syncJobPrefix: git-mirror-hwlab-d601-v03-sync-manual
|
|
flushJobPrefix: git-mirror-hwlab-d601-v03-flush-manual
|
|
readUrl: http://git-mirror-http.devops-infra.svc.cluster.local/pikasTech/HWLAB.git
|
|
writeUrl: http://git-mirror-write.devops-infra.svc.cluster.local/pikasTech/HWLAB.git
|
|
egressProxy:
|
|
mode: node-global
|
|
required: true
|
|
podHostNetwork: false
|
|
injectPodEnv: false
|
|
githubTransport:
|
|
mode: ssh
|
|
privateKeySecretKey: ssh-privatekey
|
|
privateKeySourceRef: github/hwlab-git-mirror-ssh.env
|
|
privateKeySourceKey: GITHUB_SSH_PRIVATE_KEY_B64
|
|
privateKeySourceEncoding: base64
|
|
knownHostsSecretKey: known_hosts
|
|
knownHostsSourceRef: github/hwlab-git-mirror-ssh.env
|
|
knownHostsSourceKey: GITHUB_KNOWN_HOSTS_B64
|
|
knownHostsSourceEncoding: base64
|
|
tekton:
|
|
install:
|
|
enabled: true
|
|
sourceKind: url
|
|
version: pipeline-v1.12.0-triggers-v0.34.0
|
|
fieldManager: unidesk-hwlab-node-tekton
|
|
manifests:
|
|
- name: pipeline
|
|
url: https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.12.0/release.yaml
|
|
- name: triggers
|
|
url: https://infra.tekton.dev/tekton-releases/triggers/previous/v0.34.0/release.yaml
|
|
- name: triggers-interceptors
|
|
url: https://infra.tekton.dev/tekton-releases/triggers/previous/v0.34.0/interceptors.yaml
|
|
requiredCrds:
|
|
- pipelines.tekton.dev
|
|
- pipelineruns.tekton.dev
|
|
- tasks.tekton.dev
|
|
- taskruns.tekton.dev
|
|
expectedDeploymentNamespaces:
|
|
- tekton-pipelines
|
|
- tekton-pipelines-resolvers
|
|
readinessTimeoutSeconds: 900
|
|
runtimeProxy:
|
|
enabled: false
|
|
pipelineName: hwlab-d601-v03-ci-image-publish
|
|
serviceAccountName: hwlab-d601-v03-tekton-runner
|
|
pipelineRunPrefix: hwlab-d601-v03-ci-poll
|
|
gitWorkspaceSecret:
|
|
name: hwlab-git-ssh
|
|
namespace: hwlab-ci
|
|
sourceRefFrom: gitMirror.githubTransport
|
|
privateKeySecretKey: ssh-privatekey
|
|
knownHostsSecretKey: known_hosts
|
|
runtimeObserverRbac:
|
|
namespace: hwlab-v03
|
|
roleName: hwlab-d601-v03-runtime-observer
|
|
roleBindingName: hwlab-d601-v03-runtime-observer
|
|
argoObserverRbac:
|
|
namespace: argocd
|
|
roleName: hwlab-d601-v03-argo-observer
|
|
roleBindingName: hwlab-d601-v03-argo-observer
|
|
toolsImage:
|
|
output: 127.0.0.1:5000/hwlab/hwlab-ci-node-tools:node22-alpine-bun-v1
|
|
imagePullPolicy: Always
|
|
sourceKind: dockerfile
|
|
context: .
|
|
dockerfileInline:
|
|
filename: hwlab-ci-node-tools.public.Dockerfile
|
|
lines:
|
|
- FROM docker.io/library/golang:1.24-bookworm AS golang-toolchain
|
|
- FROM 127.0.0.1:5000/hwlab/hwlab-ci-node-tools:node22-alpine-bun-v1
|
|
- ARG HTTP_PROXY
|
|
- ARG HTTPS_PROXY
|
|
- ARG ALL_PROXY
|
|
- ARG NO_PROXY
|
|
- ARG http_proxy
|
|
- ARG https_proxy
|
|
- ARG all_proxy
|
|
- ARG no_proxy
|
|
- COPY --from=golang-toolchain /usr/local/go /usr/local/go
|
|
- ENV PATH=/usr/local/go/bin:$PATH
|
|
- RUN ln -sf /usr/local/bin/bun /usr/local/bin/bunx
|
|
- ENV HWLAB_CI_NODE_DEPS=/opt/hwlab-ci-node-deps/node_modules
|
|
- RUN set -eu; export HTTP_PROXY="${HTTP_PROXY:-${http_proxy:-}}"; export HTTPS_PROXY="${HTTPS_PROXY:-${https_proxy:-$HTTP_PROXY}}"; export ALL_PROXY="${ALL_PROXY:-${all_proxy:-}}"; export NO_PROXY="${NO_PROXY:-${no_proxy:-}}"; export http_proxy="$HTTP_PROXY"; export https_proxy="$HTTPS_PROXY"; export all_proxy="$ALL_PROXY"; export no_proxy="$NO_PROXY"; export npm_config_registry="https://registry.npmmirror.com/"; export BUN_CONFIG_REGISTRY="https://registry.npmmirror.com/"; export npm_config_noproxy="$NO_PROXY"; if [ -n "$HTTP_PROXY" ]; then export npm_config_proxy="$HTTP_PROXY"; fi; if [ -n "$HTTPS_PROXY" ]; then export npm_config_https_proxy="$HTTPS_PROXY"; fi; export npm_config_fetch_retries=2; export npm_config_fetch_retry_mintimeout=2000; export npm_config_fetch_retry_maxtimeout=16000; export npm_config_fetch_timeout=120000; proxy_label="${HTTP_PROXY:+HTTP_PROXY}"; proxy_label="${proxy_label:-none}"; mkdir -p /opt/hwlab-ci-node-deps; cd /opt/hwlab-ci-node-deps; printf '{"private":true,"dependencies":{}}\n' > package.json; ok=0; delay=2; for attempt in 1 2 3 4 5; do echo "{\"event\":\"tools-yaml-node-npm-install\",\"attempt\":\"$attempt/5\",\"registry\":\"$npm_config_registry\",\"proxy\":\"$proxy_label\"}" >&2; if timeout 180s npm install --package-lock=false --no-save --ignore-scripts --no-audit --no-fund --omit=dev yaml@2.8.3; then ok=1; break; fi; if [ "$attempt" = 5 ]; then break; fi; echo "{\"event\":\"tools-yaml-node-npm-install\",\"status\":\"retrying\",\"attempt\":\"$attempt/5\",\"sleepSeconds\":$delay}" >&2; sleep "$delay"; delay=$((delay * 2)); done; test "$ok" = 1; node --input-type=module -e 'import("/opt/hwlab-ci-node-deps/node_modules/yaml/browser/dist/index.js").then((yaml)=>console.log("yaml-ok", typeof yaml.parse))'
|
|
- RUN node --version && npm --version && bun --version && git --version && python3 --version && docker --version && ssh -V && go version
|
|
buildArgs: {}
|
|
buildNetwork: host
|
|
publicBaseImages:
|
|
- docker.io/library/node:22-bookworm-slim
|
|
- docker.io/library/golang:1.24-bookworm
|
|
- docker.io/oven/bun:1.3.13
|
|
- docker.io/buildpack-deps:bookworm-scm
|
|
- docker.io/library/python:3.12-slim-bookworm
|
|
- docker.io/docker:29-cli
|
|
buildOwner: D601
|
|
buildMode: node-local
|
|
ciBuildBenchmarks:
|
|
- profile: no-mirror-full
|
|
runtimeLaneConfigRef: config/hwlab-node-lanes.yaml#lanes.v03.targets.D601
|
|
pipelineRunPrefix: hwlab-v03-ci-bench
|
|
catalogPathTemplate: .unidesk/ci-build-benchmark/{profile}/{pipelineRun}/artifact-catalog.json
|
|
imageTagMode: full
|
|
pipelineTimeoutSeconds: 7200
|
|
cachePolicy:
|
|
noPipelineRunReuse: true
|
|
forceFullBuild: true
|
|
forbidGitopsCatalogReuse: true
|
|
forbidDependencyCache: true
|
|
forbidBuildkitCache: true
|
|
forbidRegistryMirror: true
|
|
forbidLocalPreheatedImages: true
|
|
timings:
|
|
requiredStages:
|
|
- source-fetch
|
|
- dependency-install
|
|
- base-image-pull
|
|
- service-image-build
|
|
- registry-push
|
|
- pipeline-total
|
|
failureFamilies:
|
|
- dns
|
|
- proxy-connect
|
|
- tls-timeout
|
|
- rate-limit
|
|
- auth
|
|
- cache-hit-forbidden
|
|
- image-policy
|
|
- build-script
|
|
- registry-push
|
|
argo:
|
|
namespace: argocd
|
|
projectName: hwlab-d601
|
|
applicationName: hwlab-node-v03
|
|
applicationFile: application-v03.yaml
|
|
install:
|
|
enabled: true
|
|
sourceKind: url
|
|
version: v3.4.2
|
|
manifestUrl: https://raw.githubusercontent.com/argoproj/argo-cd/v3.4.2/manifests/install.yaml
|
|
fieldManager: unidesk-hwlab-node-argocd
|
|
imagePullPolicy: IfNotPresent
|
|
preloadImages:
|
|
- 127.0.0.1:5000/hwlab/argocd:v3.4.2
|
|
- 127.0.0.1:5000/hwlab/dex:v2.45.0
|
|
- 127.0.0.1:5000/hwlab/redis:8.2.3-alpine
|
|
imageRewrites:
|
|
- source: quay.io/argoproj/argocd:v3.4.2
|
|
pullImage: quay.m.daocloud.io/argoproj/argocd:v3.4.2
|
|
target: 127.0.0.1:5000/hwlab/argocd:v3.4.2
|
|
- source: ghcr.io/dexidp/dex:v2.45.0
|
|
pullImage: ghcr.m.daocloud.io/dexidp/dex:v2.45.0
|
|
target: 127.0.0.1:5000/hwlab/dex:v2.45.0
|
|
- source: public.ecr.aws/docker/library/redis:8.2.3-alpine
|
|
pullImage: docker.m.daocloud.io/library/redis:8.2.3-alpine
|
|
target: 127.0.0.1:5000/hwlab/redis:8.2.3-alpine
|
|
requiredCrds:
|
|
- applications.argoproj.io
|
|
- appprojects.argoproj.io
|
|
expectedDeployments:
|
|
- argocd-applicationset-controller
|
|
- argocd-dex-server
|
|
- argocd-notifications-controller
|
|
- argocd-redis
|
|
- argocd-repo-server
|
|
- argocd-server
|
|
expectedStatefulSets:
|
|
- argocd-application-controller
|
|
readinessTimeoutSeconds: 600
|
|
runtimeProxy:
|
|
enabled: false
|
|
- id: jd01-v03
|
|
node: JD01
|
|
lane: v03
|
|
enabled: true
|
|
ciNamespace: hwlab-ci
|
|
runtimeNamespace: hwlab-v03
|
|
source:
|
|
repository: pikasTech/HWLAB
|
|
branch: v0.3
|
|
gitops:
|
|
branch: v0.3-gitops
|
|
path: deploy/gitops/node/jd01/runtime-v03
|
|
gitMirror:
|
|
namespace: devops-infra
|
|
serviceReadName: git-mirror-http
|
|
serviceWriteName: git-mirror-write
|
|
cachePvcName: hwlab-git-mirror-cache
|
|
cachePvcStorage: 20Gi
|
|
cacheHostPath: null
|
|
servicePort: 8080
|
|
readContainerPort: 8080
|
|
writeContainerPort: 8081
|
|
deploymentReplicas: 1
|
|
secretName: git-mirror-github-ssh
|
|
syncConfigMapName: git-mirror-sync-script
|
|
syncJobPrefix: git-mirror-hwlab-jd01-v03-sync-manual
|
|
flushJobPrefix: git-mirror-hwlab-jd01-v03-flush-manual
|
|
readUrl: http://git-mirror-http.devops-infra.svc.cluster.local:8080/pikasTech/HWLAB.git
|
|
writeUrl: http://git-mirror-write.devops-infra.svc.cluster.local:8080/pikasTech/HWLAB.git
|
|
egressProxy:
|
|
mode: host-route
|
|
required: true
|
|
podHostNetwork: false
|
|
injectPodEnv: true
|
|
githubTransport:
|
|
mode: ssh
|
|
privateKeySecretKey: ssh-privatekey
|
|
privateKeySourceRef: github/hwlab-git-mirror-ssh.env
|
|
privateKeySourceKey: GITHUB_SSH_PRIVATE_KEY_B64
|
|
privateKeySourceEncoding: base64
|
|
knownHostsSecretKey: known_hosts
|
|
knownHostsSourceRef: github/hwlab-git-mirror-ssh.env
|
|
knownHostsSourceKey: GITHUB_KNOWN_HOSTS_B64
|
|
knownHostsSourceEncoding: base64
|
|
tekton:
|
|
install:
|
|
enabled: true
|
|
sourceKind: url
|
|
version: pipeline-v1.12.0-triggers-v0.34.0
|
|
fieldManager: unidesk-hwlab-node-tekton
|
|
manifests:
|
|
- name: pipeline
|
|
url: https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.12.0/release.yaml
|
|
- name: triggers
|
|
url: https://infra.tekton.dev/tekton-releases/triggers/previous/v0.34.0/release.yaml
|
|
- name: triggers-interceptors
|
|
url: https://infra.tekton.dev/tekton-releases/triggers/previous/v0.34.0/interceptors.yaml
|
|
requiredCrds:
|
|
- pipelines.tekton.dev
|
|
- pipelineruns.tekton.dev
|
|
- tasks.tekton.dev
|
|
- taskruns.tekton.dev
|
|
expectedDeploymentNamespaces:
|
|
- tekton-pipelines
|
|
- tekton-pipelines-resolvers
|
|
readinessTimeoutSeconds: 900
|
|
runtimeProxy:
|
|
enabled: false
|
|
pipelineName: hwlab-jd01-v03-ci-image-publish
|
|
serviceAccountName: hwlab-jd01-v03-tekton-runner
|
|
pipelineRunPrefix: hwlab-jd01-v03-ci-poll
|
|
gitWorkspaceSecret:
|
|
name: hwlab-git-ssh
|
|
namespace: hwlab-ci
|
|
sourceRefFrom: gitMirror.githubTransport
|
|
privateKeySecretKey: ssh-privatekey
|
|
knownHostsSecretKey: known_hosts
|
|
runtimeObserverRbac:
|
|
namespace: hwlab-v03
|
|
roleName: hwlab-jd01-v03-runtime-observer
|
|
roleBindingName: hwlab-jd01-v03-runtime-observer
|
|
argoObserverRbac:
|
|
namespace: argocd
|
|
roleName: hwlab-jd01-v03-argo-observer
|
|
roleBindingName: hwlab-jd01-v03-argo-observer
|
|
toolsImage:
|
|
output: 127.0.0.1:5000/hwlab/hwlab-ci-node-tools:node22-alpine-bun-v1
|
|
imagePullPolicy: Always
|
|
sourceKind: dockerfile
|
|
context: .
|
|
dockerfileInline:
|
|
filename: hwlab-ci-node-tools.public.Dockerfile
|
|
lines:
|
|
- FROM docker.io/oven/bun:1.3.13 AS bun-runtime
|
|
- FROM docker.io/docker:29-cli AS docker-cli
|
|
- FROM docker.io/library/golang:1.24-bookworm AS golang-toolchain
|
|
- FROM docker.io/library/node:22-bookworm-slim AS node-runtime
|
|
- FROM docker.io/library/python:3.12-bookworm
|
|
- ARG HTTP_PROXY
|
|
- ARG HTTPS_PROXY
|
|
- ARG ALL_PROXY
|
|
- ARG NO_PROXY
|
|
- ARG http_proxy
|
|
- ARG https_proxy
|
|
- ARG all_proxy
|
|
- ARG no_proxy
|
|
- COPY --from=golang-toolchain /usr/local/go /usr/local/go
|
|
- COPY --from=node-runtime /usr/local/bin/node /usr/local/bin/node
|
|
- COPY --from=node-runtime /usr/local/lib/node_modules /usr/local/lib/node_modules
|
|
- COPY --from=bun-runtime /usr/local/bin/bun /usr/local/bin/bun
|
|
- COPY --from=docker-cli /usr/local/bin/docker /usr/local/bin/docker
|
|
- ENV PATH=/usr/local/go/bin:$PATH
|
|
- RUN ln -sf /usr/local/lib/node_modules/npm/bin/npm-cli.js /usr/local/bin/npm && ln -sf /usr/local/lib/node_modules/npm/bin/npx-cli.js /usr/local/bin/npx
|
|
- RUN ln -sf /usr/local/bin/bun /usr/local/bin/bunx
|
|
- ENV HWLAB_CI_NODE_DEPS=/opt/hwlab-ci-node-deps/node_modules
|
|
- RUN set -eu; export HTTP_PROXY="${HTTP_PROXY:-${http_proxy:-}}"; export HTTPS_PROXY="${HTTPS_PROXY:-${https_proxy:-$HTTP_PROXY}}"; export ALL_PROXY="${ALL_PROXY:-${all_proxy:-}}"; export NO_PROXY="${NO_PROXY:-${no_proxy:-}}"; export http_proxy="$HTTP_PROXY"; export https_proxy="$HTTPS_PROXY"; export all_proxy="$ALL_PROXY"; export no_proxy="$NO_PROXY"; export npm_config_registry="https://registry.npmmirror.com/"; export BUN_CONFIG_REGISTRY="https://registry.npmmirror.com/"; export npm_config_noproxy="$NO_PROXY"; if [ -n "$HTTP_PROXY" ]; then export npm_config_proxy="$HTTP_PROXY"; fi; if [ -n "$HTTPS_PROXY" ]; then export npm_config_https_proxy="$HTTPS_PROXY"; fi; export npm_config_fetch_retries=2; export npm_config_fetch_retry_mintimeout=2000; export npm_config_fetch_retry_maxtimeout=16000; export npm_config_fetch_timeout=120000; proxy_label="${HTTP_PROXY:+HTTP_PROXY}"; proxy_label="${proxy_label:-none}"; mkdir -p /opt/hwlab-ci-node-deps; cd /opt/hwlab-ci-node-deps; printf '{"private":true,"dependencies":{}}\n' > package.json; ok=0; delay=2; for attempt in 1 2 3 4 5; do echo "{\"event\":\"tools-yaml-node-npm-install\",\"attempt\":\"$attempt/5\",\"registry\":\"$npm_config_registry\",\"proxy\":\"$proxy_label\"}" >&2; if timeout 180s npm install --package-lock=false --no-save --ignore-scripts --no-audit --no-fund --omit=dev yaml@2.8.3; then ok=1; break; fi; if [ "$attempt" = 5 ]; then break; fi; echo "{\"event\":\"tools-yaml-node-npm-install\",\"status\":\"retrying\",\"attempt\":\"$attempt/5\",\"sleepSeconds\":$delay}" >&2; sleep "$delay"; delay=$((delay * 2)); done; test "$ok" = 1; node --input-type=module -e 'import("/opt/hwlab-ci-node-deps/node_modules/yaml/browser/dist/index.js").then((yaml)=>console.log("yaml-ok", typeof yaml.parse))'
|
|
- RUN node --version && npm --version && bun --version && git --version && python3 --version && docker --version && ssh -V && go version
|
|
buildArgs: {}
|
|
buildNetwork: host
|
|
publicBaseImages:
|
|
- docker.io/library/node:22-bookworm-slim
|
|
- docker.io/library/golang:1.24-bookworm
|
|
- docker.io/oven/bun:1.3.13
|
|
- docker.io/buildpack-deps:bookworm-scm
|
|
- docker.io/library/python:3.12-bookworm
|
|
- docker.io/docker:29-cli
|
|
buildOwner: JD01
|
|
buildMode: node-local
|
|
ciBuildBenchmarks:
|
|
- profile: no-mirror-full
|
|
runtimeLaneConfigRef: config/hwlab-node-lanes.yaml#lanes.v03.targets.JD01
|
|
pipelineRunPrefix: hwlab-jd01-v03-ci-bench
|
|
catalogPathTemplate: .unidesk/ci-build-benchmark/{profile}/{pipelineRun}/artifact-catalog.json
|
|
imageTagMode: full
|
|
pipelineTimeoutSeconds: 7200
|
|
cachePolicy:
|
|
noPipelineRunReuse: true
|
|
forceFullBuild: true
|
|
forbidGitopsCatalogReuse: true
|
|
forbidDependencyCache: true
|
|
forbidBuildkitCache: true
|
|
forbidRegistryMirror: true
|
|
forbidLocalPreheatedImages: true
|
|
timings:
|
|
requiredStages:
|
|
- source-fetch
|
|
- dependency-install
|
|
- base-image-pull
|
|
- service-image-build
|
|
- registry-push
|
|
- pipeline-total
|
|
failureFamilies:
|
|
- dns
|
|
- proxy-connect
|
|
- tls-timeout
|
|
- rate-limit
|
|
- auth
|
|
- cache-hit-forbidden
|
|
- image-policy
|
|
- build-script
|
|
- registry-push
|
|
argo:
|
|
namespace: argocd
|
|
projectName: hwlab-jd01
|
|
applicationName: hwlab-node-v03
|
|
applicationFile: application-v03.yaml
|
|
install:
|
|
enabled: true
|
|
sourceKind: url
|
|
version: v3.4.2
|
|
manifestUrl: https://raw.githubusercontent.com/argoproj/argo-cd/v3.4.2/manifests/install.yaml
|
|
fieldManager: unidesk-hwlab-node-argocd
|
|
imagePullPolicy: IfNotPresent
|
|
preloadImages:
|
|
- 127.0.0.1:5000/hwlab/argocd:v3.4.2
|
|
- 127.0.0.1:5000/hwlab/dex:v2.45.0
|
|
- 127.0.0.1:5000/hwlab/redis:8.2.3-alpine
|
|
imageRewrites:
|
|
- source: quay.io/argoproj/argocd:v3.4.2
|
|
pullImage: quay.m.daocloud.io/argoproj/argocd:v3.4.2
|
|
target: 127.0.0.1:5000/hwlab/argocd:v3.4.2
|
|
- source: ghcr.io/dexidp/dex:v2.45.0
|
|
pullImage: ghcr.m.daocloud.io/dexidp/dex:v2.45.0
|
|
target: 127.0.0.1:5000/hwlab/dex:v2.45.0
|
|
- source: public.ecr.aws/docker/library/redis:8.2.3-alpine
|
|
pullImage: docker.m.daocloud.io/library/redis:8.2.3-alpine
|
|
target: 127.0.0.1:5000/hwlab/redis:8.2.3-alpine
|
|
requiredCrds:
|
|
- applications.argoproj.io
|
|
- appprojects.argoproj.io
|
|
expectedDeployments:
|
|
- argocd-applicationset-controller
|
|
- argocd-dex-server
|
|
- argocd-notifications-controller
|
|
- argocd-redis
|
|
- argocd-repo-server
|
|
- argocd-server
|
|
expectedStatefulSets:
|
|
- argocd-application-controller
|
|
readinessTimeoutSeconds: 600
|
|
runtimeProxy:
|
|
enabled: true
|
|
mode: host-route
|
|
configRef: nodes.JD01.egressProxy
|
|
hostNetwork: false
|
|
injectEnv: true
|
|
deployments:
|
|
- argocd-repo-server
|
|
statefulSets:
|
|
- argocd-application-controller
|
|
- id: d518-v03
|
|
node: D518
|
|
lane: v03
|
|
enabled: true
|
|
ciNamespace: hwlab-ci
|
|
runtimeNamespace: hwlab-v03
|
|
source:
|
|
repository: pikasTech/HWLAB
|
|
branch: v0.3
|
|
gitops:
|
|
branch: v0.3-gitops
|
|
path: deploy/gitops/node/d518/runtime-v03
|
|
gitMirror:
|
|
namespace: devops-infra
|
|
serviceReadName: git-mirror-http
|
|
serviceWriteName: git-mirror-write
|
|
cachePvcName: hwlab-git-mirror-cache
|
|
cachePvcStorage: 20Gi
|
|
cacheHostPath: /var/lib/rancher/k3s/storage/hwlab-d518-v03-git-mirror-cache
|
|
servicePort: 8080
|
|
readContainerPort: 8080
|
|
writeContainerPort: 8080
|
|
deploymentReplicas: 1
|
|
secretName: git-mirror-github-ssh
|
|
syncConfigMapName: git-mirror-sync-script
|
|
syncJobPrefix: git-mirror-hwlab-d518-v03-sync-manual
|
|
flushJobPrefix: git-mirror-hwlab-d518-v03-flush-manual
|
|
readUrl: http://git-mirror-http.devops-infra.svc.cluster.local:8080/pikasTech/HWLAB.git
|
|
writeUrl: http://git-mirror-write.devops-infra.svc.cluster.local:8080/pikasTech/HWLAB.git
|
|
egressProxy:
|
|
mode: node-global
|
|
required: true
|
|
podHostNetwork: false
|
|
injectPodEnv: false
|
|
githubTransport:
|
|
mode: ssh
|
|
privateKeySecretKey: ssh-privatekey
|
|
privateKeySourceRef: github/hwlab-git-mirror-ssh.env
|
|
privateKeySourceKey: GITHUB_SSH_PRIVATE_KEY_B64
|
|
privateKeySourceEncoding: base64
|
|
knownHostsSecretKey: known_hosts
|
|
knownHostsSourceRef: github/hwlab-git-mirror-ssh.env
|
|
knownHostsSourceKey: GITHUB_KNOWN_HOSTS_B64
|
|
knownHostsSourceEncoding: base64
|
|
tekton:
|
|
install:
|
|
enabled: true
|
|
sourceKind: url
|
|
version: pipeline-v1.12.0-triggers-v0.34.0
|
|
fieldManager: unidesk-hwlab-node-tekton
|
|
manifests:
|
|
- name: pipeline
|
|
url: https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.12.0/release.yaml
|
|
- name: triggers
|
|
url: https://infra.tekton.dev/tekton-releases/triggers/previous/v0.34.0/release.yaml
|
|
- name: triggers-interceptors
|
|
url: https://infra.tekton.dev/tekton-releases/triggers/previous/v0.34.0/interceptors.yaml
|
|
requiredCrds:
|
|
- pipelines.tekton.dev
|
|
- pipelineruns.tekton.dev
|
|
- tasks.tekton.dev
|
|
- taskruns.tekton.dev
|
|
expectedDeploymentNamespaces:
|
|
- tekton-pipelines
|
|
- tekton-pipelines-resolvers
|
|
readinessTimeoutSeconds: 900
|
|
runtimeProxy:
|
|
enabled: false
|
|
pipelineName: hwlab-d518-v03-ci-image-publish
|
|
serviceAccountName: hwlab-d518-v03-tekton-runner
|
|
pipelineRunPrefix: hwlab-d518-v03-ci-poll
|
|
gitWorkspaceSecret:
|
|
name: hwlab-git-ssh
|
|
namespace: hwlab-ci
|
|
sourceRefFrom: gitMirror.githubTransport
|
|
privateKeySecretKey: ssh-privatekey
|
|
knownHostsSecretKey: known_hosts
|
|
runtimeObserverRbac:
|
|
namespace: hwlab-v03
|
|
roleName: hwlab-d518-v03-runtime-observer
|
|
roleBindingName: hwlab-d518-v03-runtime-observer
|
|
argoObserverRbac:
|
|
namespace: argocd
|
|
roleName: hwlab-d518-v03-argo-observer
|
|
roleBindingName: hwlab-d518-v03-argo-observer
|
|
toolsImage:
|
|
output: 127.0.0.1:5000/hwlab/hwlab-ci-node-tools:node22-alpine-bun-v1
|
|
imagePullPolicy: Always
|
|
sourceKind: dockerfile
|
|
context: .
|
|
dockerfileInline:
|
|
filename: hwlab-ci-node-tools.public.Dockerfile
|
|
lines:
|
|
- FROM docker.io/oven/bun:1.3.13 AS bun-runtime
|
|
- FROM docker.io/docker:29-cli AS docker-cli
|
|
- FROM docker.io/library/golang:1.24-bookworm AS golang-toolchain
|
|
- FROM docker.io/library/node:22-bookworm-slim AS node-runtime
|
|
- FROM docker.io/library/python:3.12-bookworm
|
|
- ARG HTTP_PROXY
|
|
- ARG HTTPS_PROXY
|
|
- ARG ALL_PROXY
|
|
- ARG NO_PROXY
|
|
- ARG http_proxy
|
|
- ARG https_proxy
|
|
- ARG all_proxy
|
|
- ARG no_proxy
|
|
- COPY --from=golang-toolchain /usr/local/go /usr/local/go
|
|
- COPY --from=node-runtime /usr/local/bin/node /usr/local/bin/node
|
|
- COPY --from=node-runtime /usr/local/lib/node_modules /usr/local/lib/node_modules
|
|
- COPY --from=bun-runtime /usr/local/bin/bun /usr/local/bin/bun
|
|
- COPY --from=docker-cli /usr/local/bin/docker /usr/local/bin/docker
|
|
- ENV PATH=/usr/local/go/bin:$PATH
|
|
- RUN ln -sf /usr/local/lib/node_modules/npm/bin/npm-cli.js /usr/local/bin/npm && ln -sf /usr/local/lib/node_modules/npm/bin/npx-cli.js /usr/local/bin/npx
|
|
- RUN ln -sf /usr/local/bin/bun /usr/local/bin/bunx
|
|
- ENV HWLAB_CI_NODE_DEPS=/opt/hwlab-ci-node-deps/node_modules
|
|
- RUN set -eu; unset HTTP_PROXY HTTPS_PROXY ALL_PROXY http_proxy https_proxy all_proxy; export npm_config_registry="https://registry.npmmirror.com/"; export BUN_CONFIG_REGISTRY="https://registry.npmmirror.com/"; export npm_config_fetch_retries=2; export npm_config_fetch_retry_mintimeout=2000; export npm_config_fetch_retry_maxtimeout=16000; export npm_config_fetch_timeout=120000; mkdir -p /opt/hwlab-ci-node-deps; cd /opt/hwlab-ci-node-deps; printf '{"private":true,"dependencies":{}}\n' > package.json; ok=0; delay=2; for attempt in 1 2 3 4 5; do echo "{\"event\":\"tools-yaml-node-npm-install\",\"attempt\":\"$attempt/5\",\"registry\":\"$npm_config_registry\",\"proxy\":\"none\"}" >&2; if timeout 180s npm install --package-lock=false --no-save --ignore-scripts --no-audit --no-fund --omit=dev yaml@2.8.3; then ok=1; break; fi; if [ "$attempt" = 5 ]; then break; fi; echo "{\"event\":\"tools-yaml-node-npm-install\",\"status\":\"retrying\",\"attempt\":\"$attempt/5\",\"sleepSeconds\":$delay}" >&2; sleep "$delay"; delay=$((delay * 2)); done; test "$ok" = 1; node --input-type=module -e 'import("/opt/hwlab-ci-node-deps/node_modules/yaml/browser/dist/index.js").then((yaml)=>console.log("yaml-ok", typeof yaml.parse))'
|
|
- RUN node --version && npm --version && bun --version && git --version && python3 --version && docker --version && ssh -V && go version
|
|
buildArgs: {}
|
|
buildNetwork: host
|
|
publicBaseImages:
|
|
- docker.io/library/node:22-bookworm-slim
|
|
- docker.io/library/golang:1.24-bookworm
|
|
- docker.io/oven/bun:1.3.13
|
|
- docker.io/buildpack-deps:bookworm-scm
|
|
- docker.io/library/python:3.12-bookworm
|
|
- docker.io/docker:29-cli
|
|
buildOwner: D518
|
|
buildMode: node-local
|
|
ciBuildBenchmarks:
|
|
- profile: no-mirror-full
|
|
runtimeLaneConfigRef: config/hwlab-node-lanes.yaml#lanes.v03.targets.D518
|
|
pipelineRunPrefix: hwlab-d518-v03-ci-bench
|
|
catalogPathTemplate: .unidesk/ci-build-benchmark/{profile}/{pipelineRun}/artifact-catalog.json
|
|
imageTagMode: full
|
|
pipelineTimeoutSeconds: 7200
|
|
cachePolicy:
|
|
noPipelineRunReuse: true
|
|
forceFullBuild: true
|
|
forbidGitopsCatalogReuse: true
|
|
forbidDependencyCache: true
|
|
forbidBuildkitCache: true
|
|
forbidRegistryMirror: true
|
|
forbidLocalPreheatedImages: true
|
|
timings:
|
|
requiredStages:
|
|
- source-fetch
|
|
- dependency-install
|
|
- base-image-pull
|
|
- service-image-build
|
|
- registry-push
|
|
- pipeline-total
|
|
failureFamilies:
|
|
- dns
|
|
- proxy-connect
|
|
- tls-timeout
|
|
- rate-limit
|
|
- auth
|
|
- cache-hit-forbidden
|
|
- image-policy
|
|
- build-script
|
|
- registry-push
|
|
argo:
|
|
namespace: argocd
|
|
projectName: hwlab-d518
|
|
applicationName: hwlab-node-v03
|
|
applicationFile: application-v03.yaml
|
|
install:
|
|
enabled: true
|
|
sourceKind: url
|
|
version: v3.4.2
|
|
manifestUrl: https://raw.githubusercontent.com/argoproj/argo-cd/v3.4.2/manifests/install.yaml
|
|
fieldManager: unidesk-hwlab-node-argocd
|
|
imagePullPolicy: IfNotPresent
|
|
preloadImages:
|
|
- 127.0.0.1:5000/hwlab/argocd:v3.4.2
|
|
- 127.0.0.1:5000/hwlab/dex:v2.45.0
|
|
- 127.0.0.1:5000/hwlab/redis:8.2.3-alpine
|
|
imageRewrites:
|
|
- source: quay.io/argoproj/argocd:v3.4.2
|
|
pullImage: quay.m.daocloud.io/argoproj/argocd:v3.4.2
|
|
target: 127.0.0.1:5000/hwlab/argocd:v3.4.2
|
|
- source: ghcr.io/dexidp/dex:v2.45.0
|
|
pullImage: ghcr.m.daocloud.io/dexidp/dex:v2.45.0
|
|
target: 127.0.0.1:5000/hwlab/dex:v2.45.0
|
|
- source: public.ecr.aws/docker/library/redis:8.2.3-alpine
|
|
pullImage: docker.m.daocloud.io/library/redis:8.2.3-alpine
|
|
target: 127.0.0.1:5000/hwlab/redis:8.2.3-alpine
|
|
requiredCrds:
|
|
- applications.argoproj.io
|
|
- appprojects.argoproj.io
|
|
expectedDeployments:
|
|
- argocd-applicationset-controller
|
|
- argocd-dex-server
|
|
- argocd-notifications-controller
|
|
- argocd-redis
|
|
- argocd-repo-server
|
|
- argocd-server
|
|
expectedStatefulSets:
|
|
- argocd-application-controller
|
|
readinessTimeoutSeconds: 600
|
|
runtimeProxy:
|
|
enabled: false
|