feat(infra-gitops): add suspend logic for infra-gitops-post based on environment variables
这个提交包含在:
rohow
+4
@@ -6,6 +6,10 @@ S3_ACCESS_SECRET_KEY=placeholder
|
|||||||
DNSPOD_SECRET_ID=placeholder
|
DNSPOD_SECRET_ID=placeholder
|
||||||
DNSPOD_SECRET_KEY=placeholder
|
DNSPOD_SECRET_KEY=placeholder
|
||||||
|
|
||||||
|
# Infra GitOps Post 阶段开关(参见 flux/README.md)
|
||||||
|
# 如果开启 需要完善 GITEA_ACTIONS_TOKEN / FLUX_WEB_OIDC_CLIENT_ID / FLUX_WEB_OIDC_CLIENT_SECRET 三个变量
|
||||||
|
INFRA_GITOPS_POST_SUSPEND=true
|
||||||
|
|
||||||
# Gitea Actions Runner Token(Gitea 启动后在 admin → Runners 生成)
|
# Gitea Actions Runner Token(Gitea 启动后在 admin → Runners 生成)
|
||||||
GITEA_ACTIONS_TOKEN=placeholder
|
GITEA_ACTIONS_TOKEN=placeholder
|
||||||
|
|
||||||
|
|||||||
+6
-1
@@ -48,11 +48,14 @@ Kustomization 间通过 `dependsOn` + `wait: true` 串行等待,避免顺序
|
|||||||
|
|
||||||
## 部署后手工步骤(infra-gitops-post)
|
## 部署后手工步骤(infra-gitops-post)
|
||||||
|
|
||||||
`infra-gitops-post` 默认 `suspend: true`,因为它依赖两类只能在 Gitea 启动后获取的凭据:
|
`infra-gitops-post` 通过父级 Kustomization 的 `spec.suspend: ${INFRA_GITOPS_POST_SUSPEND:=true}`
|
||||||
|
默认暂停,因为它依赖两类只能在 Gitea 启动后获取的凭据:
|
||||||
|
|
||||||
1. **Flux Operator Web 的 OIDC 客户端**
|
1. **Flux Operator Web 的 OIDC 客户端**
|
||||||
2. **Gitea Actions Runner Token**
|
2. **Gitea Actions Runner Token**
|
||||||
|
|
||||||
|
`flux-env` Secret 中设置 `INFRA_GITOPS_POST_SUSPEND=true|false`,从而决定 post 层是否自动放行。
|
||||||
|
|
||||||
步骤:
|
步骤:
|
||||||
|
|
||||||
1. 浏览器访问 `https://git.dev.cm`,首个注册账号自动成为 admin。
|
1. 浏览器访问 `https://git.dev.cm`,首个注册账号自动成为 admin。
|
||||||
@@ -68,6 +71,8 @@ Kustomization 间通过 `dependsOn` + `wait: true` 串行等待,避免顺序
|
|||||||
FLUX_WEB_OIDC_CLIENT_ID=<step 2 client id>
|
FLUX_WEB_OIDC_CLIENT_ID=<step 2 client id>
|
||||||
FLUX_WEB_OIDC_CLIENT_SECRET=<step 2 client secret>
|
FLUX_WEB_OIDC_CLIENT_SECRET=<step 2 client secret>
|
||||||
GITEA_ACTIONS_TOKEN=<step 3 token>
|
GITEA_ACTIONS_TOKEN=<step 3 token>
|
||||||
|
|
||||||
|
INFRA_GITOPS_POST_SUSPEND=false
|
||||||
```
|
```
|
||||||
|
|
||||||
5. 重新注入 `flux-env` Secret 并协调:
|
5. 重新注入 `flux-env` Secret 并协调:
|
||||||
|
|||||||
@@ -24,6 +24,11 @@ metadata:
|
|||||||
name: infra-gitops-post
|
name: infra-gitops-post
|
||||||
namespace: infra-gitops
|
namespace: infra-gitops
|
||||||
spec:
|
spec:
|
||||||
|
# drone/envsubst 不支持多变量逻辑或,因此聚合判断放在 .env → flux-env Secret 这一步:
|
||||||
|
# 构建脚本会在 GITEA_ACTIONS_TOKEN / FLUX_WEB_OIDC_CLIENT_ID / FLUX_WEB_OIDC_CLIENT_SECRET
|
||||||
|
# 任一为空时写入 INFRA_GITOPS_POST_SUSPEND=true,三者全部就绪时写入 false。
|
||||||
|
# 未设置该变量时(例如旧的 Secret 还没刷新),保守地保持暂停。
|
||||||
|
suspend: ${INFRA_GITOPS_POST_SUSPEND:=true}
|
||||||
interval: 30m
|
interval: 30m
|
||||||
timeout: 15m
|
timeout: 15m
|
||||||
retryInterval: 1m
|
retryInterval: 1m
|
||||||
|
|||||||
@@ -18,6 +18,17 @@ spec:
|
|||||||
name: imroc
|
name: imroc
|
||||||
namespace: infra-gitops
|
namespace: infra-gitops
|
||||||
interval: 12h
|
interval: 12h
|
||||||
|
# 启用漂移检测,集群中资源被误删时 Flux 会自动重建
|
||||||
|
driftDetection:
|
||||||
|
mode: enabled
|
||||||
|
# 升级失败或资源被删除时,允许卸载后重装以恢复
|
||||||
|
install:
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
upgrade:
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
remediateLastFailure: true
|
||||||
values:
|
values:
|
||||||
image:
|
image:
|
||||||
tag: "1.5.2"
|
tag: "1.5.2"
|
||||||
|
|||||||
在新议题中引用
屏蔽一个用户