jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
provisioning/schemas/deployment/modes/cicd_enterprise/defaults.ncl
Jesús Pérez 44648e3206
chore: complete nickel migration and consolidate legacy configs 
- Remove KCL ecosystem (~220 files deleted)
- Migrate all infrastructure to Nickel schema system
- Consolidate documentation: legacy docs → provisioning/docs/src/
- Add CI/CD workflows (.github/) and Rust build config (.cargo/)
- Update core system for Nickel schema parsing
- Update README.md and CHANGES.md for v5.0.0 release
- Fix pre-commit hooks: end-of-file, trailing-whitespace
- Breaking changes: KCL workspaces require migration
- Migration bridge available in docs/src/development/
2026-01-08 09:55:37 +00:00

205 lines
5.2 KiB
Plaintext
Raw Blame History

# Modes CICD & Enterprise Defaults
# Default configurations for CICD and Enterprise deployment modes
let base_defaults = import "../base/defaults.ncl" in
{
cicd_mode = {
mode_name = 'cicd,
description = "CI/CD pipeline automated execution",
authentication = {
auth_type = 'token,
token_config = {
token_path = "/var/run/secrets/provisioning/token",
token_format = 'jwt,
expiry_seconds = 3600,
refresh_enabled = false,
},
ssh_key_storage = 'kms,
},
services = {
orchestrator = {
deployment = 'remote,
remote_config = {
endpoint = "orchestrator.cicd.local",
port = 8080,
tls_enabled = true,
verify_ssl = true,
timeout = 60,
retries = 5,
},
},
control_center = {
deployment = 'disabled,
},
coredns = {
deployment = 'remote,
remote_config = {
endpoint = "dns.cicd.local",
port = 53,
},
},
gitea = {
deployment = 'remote,
remote_config = {
endpoint = "git.cicd.local",
port = 443,
tls_enabled = true,
},
},
oci_registry = {
deployment = 'remote,
type = 'harbor,
endpoint = "registry.cicd.local",
tls_enabled = true,
auth_required = true,
remote = {
timeout = 60,
retries = 5,
verify_ssl = true,
},
namespaces = {
extensions = "cicd-extensions",
kcl_packages = "cicd-kcl",
platform_images = "cicd-platform",
test_images = "cicd-test",
},
},
},
extensions = {
source = 'oci,
oci_registry = {
enabled = true,
endpoint = "registry.cicd.local",
namespace = "cicd-extensions",
auth_token_path = "/var/run/secrets/provisioning/oci-token",
tls_enabled = true,
verify_ssl = true,
cache_dir = "/tmp/provisioning-oci-cache",
},
},
workspaces = {
locking = 'disabled,
git_integration = 'required,
isolation = 'strict,
max_workspaces_per_user = 1,
},
security = {
encryption_at_rest = true,
encryption_in_transit = true,
secret_provider = {
provider = "vault",
},
dns_modification = 'coredns,
audit_logging = true,
audit_log_path = "/var/log/provisioning/cicd-audit.log",
network_isolation = true,
},
resource_limits = {
max_servers_per_user = 5,
max_cpu_cores_per_user = 16,
max_memory_gb_per_user = 64,
max_storage_gb_per_user = 200,
},
},
enterprise_mode = {
mode_name = 'enterprise,
description = "Production enterprise deployment with full security",
authentication = base_defaults.mtls_auth,
services = {
orchestrator = {
deployment = 'k8s,
k8s_config = {
namespace = "provisioning-system",
deployment_name = "orchestrator",
service_name = "orchestrator-svc",
replicas = 3,
image = "harbor.enterprise.local/provisioning/orchestrator:latest",
resources = {
cpu_request = "500m",
cpu_limit = "2000m",
memory_request = "1Gi",
memory_limit = "4Gi",
},
},
},
control_center = {
deployment = 'k8s,
k8s_config = {
namespace = "provisioning-system",
deployment_name = "control-center",
service_name = "control-center-svc",
replicas = 2,
image = "harbor.enterprise.local/provisioning/control-center:latest",
},
},
coredns = {
deployment = 'k8s,
k8s_config = {
namespace = "kube-system",
deployment_name = "coredns",
service_name = "kube-dns",
replicas = 2,
image = "registry.k8s.io/coredns/coredns:latest",
},
},
gitea = {
deployment = 'k8s,
k8s_config = {
namespace = "provisioning-system",
deployment_name = "gitea",
service_name = "gitea-svc",
replicas = 2,
image = "gitea/gitea:latest",
},
},
oci_registry = {
deployment = 'remote,
type = 'harbor,
endpoint = "harbor.enterprise.local",
tls_enabled = true,
auth_required = true,
remote = {
timeout = 60,
retries = 5,
verify_ssl = true,
},
namespaces = {
extensions = "prod-extensions",
kcl_packages = "prod-kcl",
platform_images = "prod-platform",
test_images = "test-images",
},
},
},
extensions = {
source = 'oci,
oci_registry = {
enabled = true,
endpoint = "harbor.enterprise.local",
namespace = "prod-extensions",
auth_token_path = "/etc/provisioning/tokens/oci",
tls_enabled = true,
verify_ssl = true,
cache_dir = "/var/cache/provisioning/oci",
},
},
workspaces = base_defaults.strict_locking,
security = base_defaults.strict_security,
resource_limits = base_defaults.prod_limits,
},
}
Reference in New Issue View Git Blame Copy Permalink