bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

veles: promote managed app deployments

Browse Source
This commit is contained in:
jenkins 2026-06-09 15:47:33 -03:00
parent 0d8571b7a6
commit 531bc440d5
3 changed files with 60 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
services/veles/backend-deployment.yaml
View File

@ -7,7 +7,7 @@ metadata:
labels: labels:
app: veles-backend app: veles-backend
spec: spec:
replicas: 0 replicas: 1
revisionHistoryLimit: 2 revisionHistoryLimit: 2
selector: selector:
matchLabels: matchLabels:
@ -27,7 +27,8 @@ spec:
value: "true" value: "true"
effect: NoSchedule effect: NoSchedule
securityContext: securityContext:
fsGroup: 1000 fsGroup: 10001
fsGroupChangePolicy: OnRootMismatch
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
containers: containers:
@ -38,6 +39,18 @@ spec:
- name: http - name: http
containerPort: 8796 containerPort: 8796
protocol: TCP protocol: TCP
readinessProbe:
httpGet:
path: /api/v1/ready
port: http
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
httpGet:
path: /api/v1/live
port: http
initialDelaySeconds: 20
periodSeconds: 20
envFrom: envFrom:
- configMapRef: - configMapRef:
name: veles-app-config name: veles-app-config
@ -52,8 +65,8 @@ spec:
memory: 4Gi memory: 4Gi
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
runAsUser: 1000 runAsUser: 10001
runAsGroup: 1000 runAsGroup: 10001
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
drop: ["ALL"] drop: ["ALL"]

27
services/veles/configmap.yaml
View File

@ -6,12 +6,19 @@ metadata:
namespace: veles namespace: veles
data: data:
VELES_ENV: alpha VELES_ENV: alpha
VELES_PROFILE: cluster
VELES_AUTH_MODE: oidc
VELES_SIM_RUNNER: kubernetes-job
VELES_PUBLIC_URL: https://veles.bstein.dev
VELES_PUBLIC_BASE_URL: https://veles.bstein.dev VELES_PUBLIC_BASE_URL: https://veles.bstein.dev
VELES_BACKEND_HTTP_PORT: "8796" VELES_BACKEND_HTTP_PORT: "8796"
VELES_FRONTEND_HTTP_PORT: "8080" VELES_FRONTEND_HTTP_PORT: "8080"
VELES_OIDC_ISSUER_URL: https://sso.bstein.dev/realms/veles
VELES_OIDC_ISSUER: https://sso.bstein.dev/realms/veles VELES_OIDC_ISSUER: https://sso.bstein.dev/realms/veles
VELES_OIDC_CLIENT_ID: veles-web VELES_OIDC_CLIENT_ID: veles-web
VELES_OIDC_ALLOWED_GROUPS: alpha,admin
VELES_OIDC_REQUIRED_GROUPS: alpha,admin VELES_OIDC_REQUIRED_GROUPS: alpha,admin
VELES_OIDC_ADMIN_GROUPS: admin
VELES_OIDC_GROUPS_CLAIM: groups VELES_OIDC_GROUPS_CLAIM: groups
VELES_OIDC_ROLES_CLAIM: realm_access.roles VELES_OIDC_ROLES_CLAIM: realm_access.roles
VELES_DATABASE_HOST: veles-postgres.veles.svc.cluster.local VELES_DATABASE_HOST: veles-postgres.veles.svc.cluster.local
@ -19,12 +26,30 @@ data:
VELES_DATABASE_NAME: veles VELES_DATABASE_NAME: veles
VELES_ARTIFACTS_PATH: /data/veles-artifacts VELES_ARTIFACTS_PATH: /data/veles-artifacts
VELES_ARTIFACTS_MODE: rwo-backend-owned VELES_ARTIFACTS_MODE: rwo-backend-owned
VELES_LOG_ROOT: /data/veles-artifacts/logs
VELES_REPORT_ROOT: /data/veles-artifacts/reports
VELES_ARTIFACT_ROOT: /data/veles-artifacts/artifacts
VELES_RETENTION_DAYS: "30"
VELES_SIM_NAMESPACE: veles VELES_SIM_NAMESPACE: veles
VELES_NAMESPACE: veles
VELES_SIM_IMAGE: registry.bstein.dev/veles/veles-sim-worker:0.1.0-0 # {"$imagepolicy": "veles:veles-sim-worker"}
VELES_SIM_SERVICE_ACCOUNT: veles-sim VELES_SIM_SERVICE_ACCOUNT: veles-sim
VELES_SIM_PRIORITY_CLASS: veles-sim VELES_SIM_PRIORITY_CLASS: veles-sim
VELES_SIM_NODE_SELECTOR: veles.bstein.dev/simulation=true VELES_SIM_NODE_SELECTOR: veles.bstein.dev/node-pool=oceanus,kubernetes.io/arch=amd64
VELES_SIM_TOLERATIONS: veles.bstein.dev/simulation=true:NoSchedule
VELES_SIM_TOLERATION_KEY: veles.bstein.dev/simulation VELES_SIM_TOLERATION_KEY: veles.bstein.dev/simulation
VELES_SIM_TOLERATION_VALUE: "true" VELES_SIM_TOLERATION_VALUE: "true"
VELES_SIM_ACTIVE_DEADLINE_SECONDS: "7200"
VELES_SIM_TTL_SECONDS: "3600"
VELES_SIM_CPU_REQUEST: 500m
VELES_SIM_CPU_LIMIT: "2"
VELES_SIM_MEMORY_REQUEST: 1Gi
VELES_SIM_MEMORY_LIMIT: 4Gi
VELES_SIM_ARTIFACT_PVC: veles-artifacts
VELES_SIM_ARTIFACT_MOUNT_PATH: /data/veles-artifacts
VELES_SIM_FS_GROUP: "10001"
VELES_MAX_ACTIVE_SIMS_PER_USER: "1"
VELES_MAX_ACTIVE_SIMS_GLOBAL: "4"
VELES_RETENTION_NODE_SELECTOR: veles.bstein.dev/simulation=true VELES_RETENTION_NODE_SELECTOR: veles.bstein.dev/simulation=true
VELES_RETENTION_TOLERATION_KEY: veles.bstein.dev/simulation VELES_RETENTION_TOLERATION_KEY: veles.bstein.dev/simulation
VELES_RETENTION_TOLERATION_VALUE: "true" VELES_RETENTION_TOLERATION_VALUE: "true"

21
services/veles/frontend-deployment.yaml
View File

@ -7,7 +7,7 @@ metadata:
labels: labels:
app: veles-frontend app: veles-frontend
spec: spec:
replicas: 0 replicas: 2
revisionHistoryLimit: 2 revisionHistoryLimit: 2
selector: selector:
matchLabels: matchLabels:
@ -42,7 +42,8 @@ spec:
operator: In operator: In
values: ["rpi5"] values: ["rpi5"]
securityContext: securityContext:
fsGroup: 1000 fsGroup: 101
fsGroupChangePolicy: OnRootMismatch
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
containers: containers:
@ -53,6 +54,18 @@ spec:
- name: http - name: http
containerPort: 8080 containerPort: 8080
protocol: TCP protocol: TCP
readinessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 3
periodSeconds: 10
livenessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 20
periodSeconds: 20
envFrom: envFrom:
- configMapRef: - configMapRef:
name: veles-app-config name: veles-app-config
@ -65,8 +78,8 @@ spec:
memory: 512Mi memory: 512Mi
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
runAsUser: 1000 runAsUser: 101
runAsGroup: 1000 runAsGroup: 101
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
drop: ["ALL"] drop: ["ALL"]