jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
provisioning/schemas/deployment/modes/base/contracts.ncl
Jesús Pérez 44648e3206
chore: complete nickel migration and consolidate legacy configs 
- Remove KCL ecosystem (~220 files deleted)
- Migrate all infrastructure to Nickel schema system
- Consolidate documentation: legacy docs → provisioning/docs/src/
- Add CI/CD workflows (.github/) and Rust build config (.cargo/)
- Update core system for Nickel schema parsing
- Update README.md and CHANGES.md for v5.0.0 release
- Fix pre-commit hooks: end-of-file, trailing-whitespace
- Breaking changes: KCL workspaces require migration
- Migration bridge available in docs/src/development/
2026-01-08 09:55:37 +00:00

164 lines
5.1 KiB
Plaintext
Raw Blame History

# Modes Base Contracts
# Common execution mode contracts shared by all deployment modes
let rec contracts = {
ExecutionMode = {
mode_name | doc "Mode identifier" | [| 'solo, 'multi_user, 'cicd, 'enterprise |],
description | String,
authentication | contracts.AuthenticationStrategy,
services | contracts.ServiceDeployments,
extensions | contracts.ExtensionConfig,
workspaces | contracts.WorkspacePolicy,
security | contracts.SecurityConfig,
resource_limits | optional | contracts.ResourceLimits,
},
AuthenticationStrategy = {
auth_type | [| 'none, 'token, 'mtls, 'oauth, 'kms |],
token_config | optional,
mtls_config | optional,
oauth_config | optional,
ssh_key_storage | default = 'local | [| 'local, 'kms, 'vault |],
},
TokenConfig = {
token_path | String,
token_format | default = 'jwt | [| 'jwt, 'opaque |],
expiry_seconds | default = 86400 | Number,
refresh_enabled | default = true | Bool,
},
MTLSConfig = {
client_cert_path | String,
client_key_path | String,
ca_cert_path | String,
verify_server | default = true | Bool,
},
OAuthConfig = {
provider_url | String,
client_id | String,
client_secret_path | String,
scopes | default = ["read", "write"] | Array String,
redirect_uri | optional | String,
},
ServiceDeployments = {
orchestrator | contracts.ServiceConfig,
control_center | optional | contracts.ServiceConfig,
coredns | optional | contracts.ServiceConfig,
gitea | optional | contracts.ServiceConfig,
oci_registry | optional,
custom_services | optional | { _ : contracts.ServiceConfig },
},
ServiceConfig = {
deployment | [| 'local, 'remote, 'k8s, 'disabled |],
local_config | optional | contracts.LocalServiceConfig,
remote_config | optional | contracts.RemoteServiceConfig,
k8s_config | optional | contracts.K8sServiceConfig,
auto_start | default = false | Bool,
health_check | optional | contracts.HealthCheck,
},
LocalServiceConfig = {
binary_path | optional | String,
config_path | optional | String,
data_dir | String,
port | Number,
bind_address | default = "127.0.0.1" | String,
tls_enabled | default = false | Bool,
},
RemoteServiceConfig = {
endpoint | String,
port | optional | Number,
tls_enabled | default = true | Bool,
verify_ssl | default = true | Bool,
timeout | default = 30 | Number,
retries | default = 3 | Number,
},
K8sServiceConfig = {
namespace | default = "provisioning" | String,
deployment_name | String,
service_name | String,
replicas | default = 1 | Number,
image | String,
image_pull_policy | default = 'IfNotPresent | [| 'Always, 'IfNotPresent, 'Never |],
resources | optional | contracts.K8sResources,
},
K8sResources = {
cpu_request | default = "100m" | String,
cpu_limit | default = "500m" | String,
memory_request | default = "128Mi" | String,
memory_limit | default = "512Mi" | String,
},
HealthCheck = {
enabled | default = true | Bool,
endpoint | default = "/health" | String,
interval | default = 10 | Number,
timeout | default = 5 | Number,
healthy_threshold | default = 2 | Number,
unhealthy_threshold | default = 3 | Number,
},
ExtensionConfig = {
source | [| 'local, 'gitea, 'oci, 'mixed |],
local_path | optional | String,
gitea_config | optional | contracts.GiteaConfig,
oci_registry | optional | contracts.OCIExtensionConfig,
allow_mixed | default = false | Bool,
},
GiteaConfig = {
url | String,
organization | default = "provisioning" | String,
username | optional | String,
token_path | optional | String,
verify_ssl | default = true | Bool,
},
OCIExtensionConfig = {
enabled | default = true | Bool,
endpoint | String,
namespace | default = "provisioning-extensions" | String,
auth_token_path | optional | String,
tls_enabled | default = true | Bool,
verify_ssl | default = true | Bool,
cache_dir | default = "~/.provisioning/oci-cache" | String,
},
WorkspacePolicy = {
locking | default = 'disabled | [| 'disabled, 'enabled, 'required |],
lock_provider | optional | [| 'gitea, 'etcd, 'redis, 'filesystem |],
git_integration | default = 'optional | [| 'disabled, 'optional, 'required |],
isolation | default = 'user | [| 'none, 'user, 'strict |],
max_workspaces_per_user | optional | Number,
},
SecurityConfig = {
encryption_at_rest | default = false | Bool,
encryption_in_transit | default = false | Bool,
secret_provider | optional = { provider = "sops" },
dns_modification | default = 'none | [| 'none, 'coredns, 'system |],
audit_logging | default = false | Bool,
audit_log_path | optional | String,
network_isolation | default = false | Bool,
},
ResourceLimits = {
max_servers_per_user | default = 10 | Number,
max_cpu_cores_per_user | default = 32 | Number,
max_memory_gb_per_user | default = 128 | Number,
max_storage_gb_per_user | default = 500 | Number,
max_total_servers | optional | Number,
max_total_cpu_cores | optional | Number,
max_total_memory_gb | optional | Number,
},
} in
contracts
Reference in New Issue View Git Blame Copy Permalink