Files
pikasTech-unidesk/config/hwlab-web-probe-sentinel/profiles.yaml
T

289 lines
11 KiB
YAML

version: 1
kind: HwlabWebProbeSentinelProfiles
metadata:
id: hwlab-web-probe-sentinel-profiles
owner: UniDesk
specRef: PJ2026-01060508
composition:
mode: yaml-anchors-and-merge
intent: node overlays inherit common web-probe sentinel baselines and render node/lane identity from variables.
baselines:
sentinel: &sentinel-base
enabled: true
mode: web-probe-observe-wrapper
runtime:
common: &runtime-common
namespace: hwlab-${lane}
listenHost: 0.0.0.0
servicePort: 8080
pvcStorage: 10Gi
replicas: 1
healthPath: /api/health
metricsPath: /metrics
scheduler: &scheduler-10m
intervalMs: 600000
heartbeatStaleSeconds: 900
maxConcurrentRuns: 1
freshnessWarningMultiple: 2
observability:
otel:
enabled: true
serviceName: hwlab-web-probe-sentinel-${nodeLower}
tracesEndpoint: http://otel-collector.platform-infra.svc.cluster.local:4318/v1/traces
sampler: parentbased_traceidratio
samplerArg: "1"
scheduler15m: &scheduler-15m
intervalMs: 900000
heartbeatStaleSeconds: 900
maxConcurrentRuns: 1
sqlite: &sqlite-common
busyTimeoutMs: 2000
cicd:
source: &cicd-source
repository: pikasTech/unidesk
branch: master
gitSshUrl: ssh://git@ssh.github.com:443/pikasTech/unidesk.git
gitMirrorReadUrl: http://git-mirror-http.devops-infra.svc.cluster.local:8080/pikasTech/unidesk.git
buildContext: .
entrypoint: scripts/web-probe-sentinel-service.ts
checkoutPaths:
- scripts
- config
- config.json
- src
- package.json
- bun.lock
- bun.lockb
builder: &cicd-builder
namespace: devops-infra
sourceMode: sparse-git-checkout
gitSshSecretName: git-mirror-github-ssh
activeDeadlineSeconds: 900
ttlSecondsAfterFinished: 3600
monitorWeb: &monitor-web
frontendStack: vue3-vendored-browser-build
runtimeMode: runner-served-bridge
assetRoot: scripts/assets/web-probe-sentinel-monitor-web
envReuse:
mode: k8s-buildkit-and-ci-node-deps
nodeDepsPath: /opt/hwlab-ci-node-deps/node_modules
imageBuild:
packageMode: copy-only-containerfile
networkMode: host
proxySource: node.networkProfile.imageBuildProxy
contextIgnore: generated
verifyPhase: pre-image-build
buildkitState:
mode: hostPath
path: /var/lib/unidesk/web-probe-sentinel/buildkit-${nodeLower}
type: DirectoryOrCreate
gitMirror:
source: source.gitMirrorReadUrl
preSync: required
postFlush: required
ciBudget:
maxSeconds: 120
maintenance: &maintenance
startCommand: sentinel maintenance start
stopCommand: sentinel maintenance stop
confirmWait: &confirm-wait
maxSeconds: 120
publishCurrent: &publish-current
endToEndBudget:
maxSeconds: 120
stageBudgets:
sourceSyncSeconds: 20
sourceFetchSeconds: 20
monitorWebVerifySeconds: 15
imageBuildSeconds: 45
gitopsSeconds: 15
argoRuntimeSeconds: 30
dashboardVerifySeconds: 30
dashboard:
enabled: true
required: true
viewport: 1440x900
timeoutMs: 30000
waitTimeoutMs: 60000
commandTimeoutSeconds: 90
fullPage: false
publicExposure:
common: &public-exposure-common
enabled: true
mode: pk01-caddy-frp-path
hostname: monitor.pikapython.com
expectedA: 82.156.23.220
frpc: &frpc-common
image: 127.0.0.1:5000/hwlab/frpc:v0.68.1
serverAddr: 82.156.23.220
serverPort: 22000
tokenSourceRef: platform-infra/pk01-frp.env
tokenSourceKey: FRP_TOKEN
secretKey: frpc.toml
tokenKey: token
caddy: &caddy-common
route: PK01
configPath: /etc/caddy/Caddyfile
serviceName: caddy
email: ops@pikapython.com
tls: auto
responseHeaderTimeoutSeconds: 600
secrets:
jd01BootstrapSource: &jd01-bootstrap-source
purpose: bootstrap-admin
sourceRef: .env/HWLAB_admin.txt
sourceKey: HWLAB_ADMIN_PASSWORD
sourceLine: 2
dsflashPromptSource: &dsflash-prompt-source
purpose: prompt-set
sourceRef: hwlab/web-probe-sentinel-dsflash-go.env
sourceKey: DSFLASH_GO_TOOL_CALL_10X_PROMPTS_JSON
frpTokenSource: &frp-token-source
purpose: frp-token
sourceRef: platform-infra/pk01-frp.env
sourceKey: FRP_TOKEN
nodes:
JD01:
target: &jd01-target
node: ${NODE}
lane: ${LANE}
publicOriginRef: config/hwlab-node-lanes.yaml#lanes.${LANE}.targets.${NODE}.public.webUrl
cicdCommon: &jd01-cicd-common
controlPlaneConfigRef: config/hwlab-node-control-plane.yaml#targets[1]
source:
<<: *cicd-source
argo: &jd01-argo
namespace: argocd
projectName: hwlab-jd01
repoURL: http://git-mirror-http.devops-infra.svc.cluster.local:8080/pikasTech/HWLAB.git
targetRevision: v0.3-gitops
maintenance:
<<: *maintenance
monitorWeb:
<<: *monitor-web
confirmWait:
<<: *confirm-wait
publishCurrent:
<<: *publish-current
sentinels:
jd01-web-probe-sentinel:
sentinel:
<<: *sentinel-base
id: jd01-web-probe-sentinel
configRefs:
runtime: config/hwlab-web-probe-sentinel/profiles.yaml#nodes.${NODE}.sentinels.${nodeLower}-web-probe-sentinel.runtime
scenarios: config/hwlab-web-probe-sentinel/scenarios.multi-sentinel.yaml#sentinel.scenarios
promptSet: config/hwlab-web-probe-sentinel/prompt-set.dsflash-go.yaml#sentinel.promptSet
reportViews: config/hwlab-web-probe-sentinel/report-views.multi-sentinel.yaml#sentinel.reportViews
publicExposure: config/hwlab-web-probe-sentinel/profiles.yaml#nodes.${NODE}.sentinels.${nodeLower}-web-probe-sentinel.publicExposure
cicd: config/hwlab-web-probe-sentinel/profiles.yaml#nodes.${NODE}.sentinels.${nodeLower}-web-probe-sentinel.cicd
secrets: config/hwlab-web-probe-sentinel/profiles.yaml#nodes.${NODE}.sentinels.${nodeLower}-web-probe-sentinel.secrets
runtime:
<<: *runtime-common
target:
<<: *jd01-target
observeWrapperRef: config/hwlab-node-lanes.yaml#lanes.${LANE}.targets.${NODE}.observability.webProbe.sentinels[0]
serviceAccountName: hwlab-web-probe-sentinel-${nodeLower}
deploymentName: hwlab-web-probe-sentinel-${nodeLower}
serviceName: hwlab-web-probe-sentinel-${nodeLower}
pvcName: hwlab-web-probe-sentinel-${nodeLower}-state
stateRoot: /var/lib/web-probe-sentinel-${nodeLower}
imageRef: 127.0.0.1:5000/hwlab/web-probe-sentinel-${nodeLower}:source-commit
scheduler:
<<: *scheduler-10m
sqlite:
<<: *sqlite-common
path: /var/lib/web-probe-sentinel-${nodeLower}/index.sqlite
publicExposure:
<<: *public-exposure-common
publicBaseUrl: https://monitor.pikapython.com/sentinels/${nodeLower}-web-probe-sentinel
routePrefix: /sentinels/${nodeLower}-web-probe-sentinel
frpc:
<<: *frpc-common
deploymentName: hwlab-web-probe-sentinel-${nodeLower}-frpc
secretName: hwlab-web-probe-sentinel-${nodeLower}-frpc
httpProxy:
name: hwlab-${nodeLower}-${lane}-web-probe-sentinel
remotePort: 22098
localIP: hwlab-web-probe-sentinel-${nodeLower}.hwlab-${lane}.svc.cluster.local
localPort: 8080
caddy:
<<: *caddy-common
managedBlockOwner: hwlab-web-probe-sentinel-${nodeLower}-${lane}
cicd:
<<: *jd01-cicd-common
builder:
<<: *cicd-builder
jobPrefix: web-probe-sentinel-${nodeLower}-publish
gitopsPath: deploy/gitops/node/${nodeLower}/web-probe-sentinel
argo:
<<: *jd01-argo
applicationName: hwlab-web-probe-sentinel-${nodeLower}
image:
repository: 127.0.0.1:5000/hwlab/web-probe-sentinel-${nodeLower}
tagSource: source-commit
baseImageRef: config/hwlab-node-control-plane.yaml#targets[1].tekton.toolsImage.output
envRecipeRef: config/hwlab-web-probe-sentinel/profiles.yaml#nodes.${NODE}.sentinels.${nodeLower}-web-probe-sentinel.runtime
targetValidation:
scenarioId: workbench-dsflash-go-hwpod-two-turn-freeze-repro
maxSeconds: 360
serviceUnavailablePolicy: structured-failure
cadenceScheduler:
enabled: true
reason: k8s-native-periodic-quick-verify
concurrencyPolicy: Forbid
startingDeadlineSeconds: 600
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 5
activeDeadlineSlackSeconds: 60
ttlSecondsAfterFinished: 86400
backoffLimit: 0
secrets:
sources:
- <<: *jd01-bootstrap-source
- <<: *dsflash-prompt-source
- purpose: account-a
sourceRef: .env/HWLAB_admin.txt
sourceKey: HWLAB_BOOTSTRAP_ADMIN_PASSWORD
sourceLine: 2
format: web-account-json
usernameSourceRef: .env/HWLAB_admin.txt
usernameSourceLine: 1
- purpose: account-b
sourceRef: hwlab/${nodeLower}-${lane}-preset-users.env
sourceKey: ${NODE}_SECOND_USER_PASSWORD
format: web-account-json
username: ${nodeLower}-sentinel@hwlab.local
- <<: *frp-token-source
runtimeSecrets:
- name: hwlab-web-probe-sentinel-${nodeLower}-bootstrap
namespace: hwlab-${lane}
data:
- sourcePurpose: bootstrap-admin
targetKey: bootstrap-admin-password
- name: hwlab-web-probe-sentinel-${nodeLower}-prompt-set
namespace: hwlab-${lane}
data:
- sourcePurpose: prompt-set
targetKey: prompts.json
- name: hwlab-web-probe-sentinel-${nodeLower}-accounts
namespace: hwlab-${lane}
data:
- sourcePurpose: account-a
targetKey: account-a.json
- sourcePurpose: account-b
targetKey: account-b.json
- name: hwlab-web-probe-sentinel-${nodeLower}-frpc
namespace: hwlab-${lane}
data:
- sourcePurpose: frp-token
targetKey: token