feat(reconciler): update Helm chart configs, templates, and CI/CD integration for reconciler service

2025-07-22 17:50:25 +08:00 · 2025-07-22 17:50:25 +08:00 · 95aa8fd84b
commit 95aa8fd84b
parent 11a1191628
11 changed files with 621 additions and 1 deletions
--- a/freeleaps-devops-reconciler/helm-pkg/reconciler/Chart.yaml
+++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/Chart.yaml
@ -0,0 +1,6 @@
+apiVersion: v2
+name: chat
+description: A Helm Chart of chat service, which part of Freeleaps Platform, powered by Freeleaps.
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
--- a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/certificate.yaml
+++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/certificate.yaml
@ -0,0 +1,27 @@
+{{ $namespace := .Release.Namespace }}
+{{ $appVersion := .Chart.AppVersion | quote }}
+{{ $releaseCertificate := .Release.Service }}
+{{ $releaseName := .Release.Name }}
+{{- range $ingress := .Values.reconciler.ingresses }}
+{{- if not $ingress.tls.exists  }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ $ingress.name }}
+  namespace: {{ $namespace }}
+  labels:
+    app.kubernetes.io/version: {{ $appVersion }}
+    app.kubernetes.io/name: {{ $ingress.name | quote }}
+    app.kubernetes.io/managed-by: {{ $releaseCertificate }}
+    app.kubernetes.io/instance: {{ $releaseName }}
+spec:
+  commonName: {{ $ingress.host }}
+  dnsNames:
+    - {{ $ingress.host }}
+  issuerRef:
+    name: {{ $ingress.tls.issuerRef.name }}
+    kind: {{ $ingress.tls.issuerRef.kind }}
+  secretName: {{ $ingress.tls.name }}
+{{- end }}
+{{- end }}
--- a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/deployment.yaml
+++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/deployment.yaml
@ -0,0 +1,121 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+    app.kubernetes.io/name: "reconciler"
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Values.logIngest.enabled }}
+  annotations:
+      opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/reconciler/opentelemetry.yaml") . | sha256sum }}
+{{- end }}
+  name: "reconciler"
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: "reconciler"
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+      app.kubernetes.io/managed-by: {{ .Release.Service }}
+  replicas: {{ .Values.reconciler.replicas }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+        app.kubernetes.io/name: "reconciler"
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+      annotations:
+        app.kubernetes.io/config-checksum: {{ include (print $.Template.BasePath "/reconciler/reconciler-config.yaml") . | sha256sum }}
+{{- if .Values.logIngest.enabled }}
+        opentelemetry.io/config-checksum: {{ include (print $.Template.BasePath "/reconciler/opentelemetry.yaml") . | sha256sum }}
+        sidecar.opentelemetry.io/inject: "{{ .Release.Namespace}}/{{ .Release.Name }}-opentelemetry-collector"
+{{- end }}
+    spec:
+{{- if .Values.logIngest.enabled }}
+      serviceAccountName: "{{ .Release.Name }}-otel-collector"
+{{- end }}
+      containers:
+        - name: "reconciler"
+          image: "{{ coalesce .Values.reconciler.image.registry .Values.global.registry "docker.io"}}/{{ coalesce .Values.reconciler.image.repository .Values.global.repository }}/{{ .Values.reconciler.image.name }}:{{ .Values.reconciler.image.tag | default "latest" }}"
+          imagePullPolicy: {{ .Values.reconciler.image.imagePullPolicy | default "IfNotPresent" }}
+          ports:
+            {{- range $port := .Values.reconciler.ports }}
+            - containerPort: {{ $port.containerPort }}
+              name: {{ $port.name }}
+              protocol: {{ $port.protocol }}
+            {{- end }}
+          {{- if .Values.reconciler.resources }}  
+          resources:
+            {{- toYaml .Values.reconciler.resources | nindent 12 }}
+          {{- end }}
+          {{- if .Values.reconciler.probes }}
+          {{- if and (.Values.reconciler.probes.liveness) (eq .Values.reconciler.probes.liveness.type "httpGet") }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.reconciler.probes.liveness.config.path }}
+              port: {{ .Values.reconciler.probes.liveness.config.port }}
+            {{- if .Values.reconciler.probes.liveness.config.initialDelaySeconds }}
+            initialDelaySeconds: {{ .Values.reconciler.probes.liveness.config.initialDelaySeconds }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.liveness.config.periodSeconds }}
+            periodSeconds: {{ .Values.reconciler.probes.liveness.config.periodSeconds }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.liveness.config.timeoutSeconds }}
+            timeoutSeconds: {{ .Values.reconciler.probes.liveness.config.timeoutSeconds }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.liveness.config.successThreshold }}
+            successThreshold: {{ .Values.reconciler.probes.liveness.config.successThreshold }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.liveness.config.failureThreshold }}
+            failureThreshold: {{ .Values.reconciler.probes.liveness.config.failureThreshold }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.liveness.config.terminationGracePeriodSeconds }}
+            terminationGracePeriodSeconds: {{ .Values.reconciler.probes.liveness.config.terminationGracePeriodSeconds }}
+            {{- end }}
+          {{- end }}
+          {{- if and (.Values.reconciler.probes.readiness) (eq .Values.reconciler.probes.readiness.type "httpGet") }}
+          readinessProbe:
+            httpGet:
+              path: {{ .Values.reconciler.probes.readiness.config.path }}
+              port: {{ .Values.reconciler.probes.readiness.config.port }}
+            {{- if .Values.reconciler.probes.readiness.config.initialDelaySeconds }}
+            initialDelaySeconds: {{ .Values.reconciler.probes.readiness.config.initialDelaySeconds }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.readiness.config.periodSeconds }}
+            periodSeconds: {{ .Values.reconciler.probes.readiness.config.periodSeconds }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.readiness.config.timeoutSeconds }}
+            timeoutSeconds: {{ .Values.reconciler.probes.readiness.config.timeoutSeconds }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.readiness.config.successThreshold }}
+            successThreshold: {{ .Values.reconciler.probes.readiness.config.successThreshold }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.readiness.config.failureThreshold }}
+            failureThreshold: {{ .Values.reconciler.probes.readiness.config.failureThreshold }}
+            {{- end }}
+            {{- if .Values.reconciler.probes.readiness.config.terminationGracePeriodSeconds }}
+            terminationGracePeriodSeconds: {{ .Values.reconciler.probes.readiness.config.terminationGracePeriodSeconds }}
+            {{- end }}
+          {{- end }}
+          {{- end}}
+          env:
+            {{- range $key, $value := .Values.reconciler.configs }}
+            - name: {{ $key | snakecase | upper }}
+              valueFrom:
+                secretKeyRef:
+                  name: reconciler-config
+                  key: {{ $key | snakecase | upper }}
+            {{- end }}
+{{- if .Values.logIngest.enabled }}
+          volumeMounts:
+            - name: app-logs
+              mountPath: {{ .Values.logIngest.logPath }}
+{{- end }}
+{{- if .Values.logIngest.enabled }}
+      volumes:
+        - name: app-logs
+          emptyDir: {}
+{{- end }}
--- a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/ingress.yaml
+++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/ingress.yaml
@ -0,0 +1,36 @@
+{{ $namespace := .Release.Namespace }}
+{{ $appVersion := .Chart.AppVersion | quote }}
+{{ $releaseIngress := .Release.Service }}
+{{ $releaseName := .Release.Name }}
+{{- range $ingress := .Values.reconciler.ingresses }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $ingress.name }}
+  namespace: {{ $namespace }}
+  labels:
+    app.kubernetes.io/version: {{ $appVersion }}
+    app.kubernetes.io/name: {{ $ingress.name | quote }}
+    app.kubernetes.io/managed-by: {{ $releaseIngress }}
+    app.kubernetes.io/instance: {{ $releaseName }}
+spec:
+{{- if $ingress.class }}
+  ingressClassName: {{ $ingress.class }}
+{{- end }}
+{{- if $ingress.tls }}
+  tls:
+    - hosts:
+        - {{ $ingress.host }}
+{{- if $ingress.tls.exists }}
+      secretName: {{ $ingress.tls.secretRef.name }}
+{{- else }}
+      secretName: {{ $ingress.tls.name }}
+{{- end }}
+{{- end }}
+  rules:
+    - host: {{ $ingress.host }}
+      http:
+        paths:
+{{- toYaml $ingress.rules | nindent 10 }}
+{{- end }}
--- a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/reconciler-config.yaml
+++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/reconciler-config.yaml
@ -0,0 +1,70 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: reconciler-config
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  DEBUG: {{ .Values.reconciler.configs.debug | b64enc | quote }}
+  K8S_CLUSTER_DOMAIN: {{ .Values.reconciler.configs.k8sClusterDomain | b64enc | quote }}
+  AUTO_DISCOVER_K8S_CLUSTER_DOMAIN_MAX_RETRIES: {{ .Values.reconciler.configs.autoDiscoverK8sClusterDomainMaxRetries | toString | b64enc | quote }}
+  RABBITMQ_HOST: {{ .Values.reconciler.configs.rabbitmqHost | b64enc | quote }}
+  RABBITMQ_PORT: {{ .Values.reconciler.configs.rabbitmqPort | toString | b64enc | quote }}
+  RABBITMQ_USERNAME: {{ .Values.reconciler.configs.rabbitmqUsername | b64enc | quote }}
+  RABBITMQ_PASSWORD: {{ .Values.reconciler.configs.rabbitmqPassword | b64enc | quote }}
+  RABBITMQ_VHOST: {{ .Values.reconciler.configs.rabbitmqVhost | b64enc | quote }}
+  RABBITMQ_INPUT_QUEUE: {{ .Values.reconciler.configs.rabbitmqInputQueue | b64enc | quote }}
+  RABBITMQ_OUTPUT_QUEUE: {{ .Values.reconciler.configs.rabbitmqOutputQueue | b64enc | quote }}
+  RABBITMQ_ENABLE_EXCHANGE_BINDING: {{ .Values.reconciler.configs.rabbitmqEnableExchangeBinding | b64enc | quote }}
+  RABBITMQ_INPUT_EXCHANGE: {{ .Values.reconciler.configs.rabbitmqInputExchange | b64enc | quote }}
+  RABBITMQ_INPUT_EXCHANGE_TYPE: {{ .Values.reconciler.configs.rabbitmqInputExchangeType | b64enc | quote }}
+  RABBITMQ_INPUT_ROUTING_KEY: {{ .Values.reconciler.configs.rabbitmqInputRoutingKey | b64enc | quote }}
+  RABBITMQ_OUTPUT_EXCHANGE: {{ .Values.reconciler.configs.rabbitmqOutputExchange | b64enc | quote }}
+  RABBITMQ_OUTPUT_ROUTING_KEY: {{ .Values.reconciler.configs.rabbitmqOutputRoutingKey | b64enc | quote }}
+  JENKINS_ENDPOINT: {{ .Values.reconciler.configs.jenkinsEndpoint | b64enc | quote }}
+  JENKINS_USERNAME: {{ .Values.reconciler.configs.jenkinsUsername | b64enc | quote }}
+  JENKINS_TOKEN: {{ .Values.reconciler.configs.jenkinsToken | b64enc | quote }}
+  JENKINS_API_TIMEOUT: {{ .Values.reconciler.configs.jenkinsApiTimeout | toString | b64enc | quote }}
+  JENKINS_FOLDER_CREATION_RETRY_COUNT: {{ .Values.reconciler.configs.jenkinsFolderCreationRetryCount | toString | b64enc | quote }}
+  ARGOCD_ENDPOINT: {{ .Values.reconciler.configs.argocdEndpoint | b64enc | quote }}
+  ARGOCD_USERNAME: {{ .Values.reconciler.configs.argocdUsername | b64enc | quote }}
+  ARGOCD_PASSWORD: {{ .Values.reconciler.configs.argocdPassword | b64enc | quote }}
+  ARGOCD_API_TIMEOUT: {{ .Values.reconciler.configs.argocdApiTimeout | toString | b64enc | quote }}
+  ARGOCD_RESOURCE_CREATION_TIMEOUT: {{ .Values.reconciler.configs.argocdResourceCreationTimeout | toString | b64enc | quote }}
+  DEFAULT_GIT_USERNAME: {{ .Values.reconciler.configs.defaultGitUsername | b64enc | quote }}
+  DEFAULT_GIT_PASSWORD: {{ .Values.reconciler.configs.defaultGitPassword | b64enc | quote }}
+  DEFAULT_REGISTRY_USERNAME: {{ .Values.reconciler.configs.defaultRegistryUsername | b64enc | quote }}
+  DEFAULT_REGISTRY_PASSWORD: {{ .Values.reconciler.configs.defaultRegistryPassword | b64enc | quote }}
+  KUBERNETES_API_TIMEOUT: {{ .Values.reconciler.configs.kubernetesApiTimeout | toString | b64enc | quote }}
+  DEFAULT_HTTP_TIMEOUT: {{ .Values.reconciler.configs.defaultHttpTimeout | toString | b64enc | quote }}
+  ALLOW_HTTP_GIT_URLS: {{ .Values.reconciler.configs.allowHttpGitUrls | b64enc | quote }}
+  LOG_LEVEL: {{ .Values.reconciler.configs.logLevel | b64enc | quote }}
+  LOG_FORMAT: {{ .Values.reconciler.configs.logFormat | b64enc | quote }}
+  OPERATOR_NAMESPACE: {{ .Values.reconciler.configs.operatorNamespace | b64enc | quote }}
+  RECONCILE_INTERVAL: {{ .Values.reconciler.configs.reconcileInterval | toString | b64enc | quote }}
+  ENABLE_MOCK_SERVICE: {{ .Values.reconciler.configs.enableMockService | b64enc | quote }}
+  MOCK_SERVICE_PORT: {{ .Values.reconciler.configs.mockServicePort | toString | b64enc | quote }}
+  DEV_MODE: {{ .Values.reconciler.configs.devMode | b64enc | quote }}
+  GODADDY_API_KEY: {{ .Values.reconciler.configs.godaddyApiKey | b64enc | quote }}
+  GODADDY_API_SECRET: {{ .Values.reconciler.configs.godaddyApiSecret | b64enc | quote }}
+  GODADDY_BASE_DOMAIN: {{ .Values.reconciler.configs.godaddyBaseDomain | b64enc | quote }}
+  DOMAIN_TEMPLATE: {{ .Values.reconciler.configs.domainTemplate | b64enc | quote }}
+  INGRESS_CLASS_NAME: {{ .Values.reconciler.configs.ingressClassName | b64enc | quote }}
+  CERT_MANAGER_CLUSTER_ISSUER: {{ .Values.reconciler.configs.certManagerClusterIssuer | b64enc | quote }}
+  DNS_CREATION_TIMEOUT: {{ .Values.reconciler.configs.dnsCreationTimeout | toString | b64enc | quote }}
+  CERTIFICATE_ISSUANCE_TIMEOUT: {{ .Values.reconciler.configs.certificateIssuanceTimeout | toString | b64enc | quote }}
+  INGRESS_READY_TIMEOUT: {{ .Values.reconciler.configs.ingressReadyTimeout | toString | b64enc | quote }}
+  NETWORK_RESOURCE_CLEANUP_TIMEOUT: {{ .Values.reconciler.configs.networkResourceCleanupTimeout | toString | b64enc | quote }}
+  NETWORK_RESOURCE_RETRY_COUNT: {{ .Values.reconciler.configs.networkResourceRetryCount | toString | b64enc | quote }}
+  NETWORK_RESOURCE_RETRY_DELAY: {{ .Values.reconciler.configs.networkResourceRetryDelay | toString | b64enc | quote }}
+  SERVICE_API_ACCESS_HOST: {{ .Values.reconciler.configs.serviceApiAccessHost | b64enc | quote }}
+  SERVICE_API_ACCESS_PORT: {{ .Values.reconciler.configs.serviceApiAccessPort | toString | b64enc | quote }}
+  MONGODB_NAME: {{ .Values.reconciler.configs.mongodbName | b64enc | quote }}
+  MONGODB_URI: {{ .Values.reconciler.configs.mongodbUri | b64enc | quote }}
+  MONGODB_PORT: {{ .Values.reconciler.configs.mongodbPort | toString | b64enc | quote }}
+  REDIS_URL: {{ .Values.reconciler.configs.redisUrl | b64enc | quote }}
+  REDIS_IS_CLUSTER: {{ .Values.reconciler.configs.redisIsCluster | b64enc | quote }}
+  JWT_SECRET_KEY: {{ .Values.reconciler.configs.jwtSecretKey | b64enc | quote }}
+  JWT_ALGORITHM: {{ .Values.reconciler.configs.jwtAlgorithm | b64enc | quote }}
+  METRICS_ENABLED: {{ .Values.reconciler.configs.metricsEnabled | b64enc | quote }}
+  PROBES_ENABLED: {{ .Values.reconciler.configs.probesEnabled | b64enc | quote }}
--- a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/service.yaml
+++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/service.yaml
@ -0,0 +1,26 @@
+{{ $namespace := .Release.Namespace }}
+{{ $appVersion := .Chart.AppVersion | quote }}
+{{ $releaseService := .Release.Service }}
+{{ $releaseName := .Release.Name }}
+{{- range $service := .Values.reconciler.services }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ $service.name }}
+  namespace: {{ $namespace }}
+  labels:
+    app.kubernetes.io/version: {{ $appVersion }}
+    app.kubernetes.io/name: {{ $service.name | quote }}
+    app.kubernetes.io/managed-by: {{ $releaseService }}
+    app.kubernetes.io/instance: {{ $releaseName }}
+spec:
+  ports:
+    - port: {{ $service.port }}
+      targetPort: {{ $service.targetPort }}
+  selector:
+    app.kubernetes.io/version: {{ $appVersion }}
+    app.kubernetes.io/name: "reconciler"
+    app.kubernetes.io/managed-by: {{ $releaseService }}
+    app.kubernetes.io/instance: {{ $releaseName }}
+{{- end }}
--- a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/servicemonitor.yaml
+++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/servicemonitor.yaml
@ -0,0 +1,40 @@
+{{ $namespace := .Release.Namespace }}
+{{ $appVersion := .Chart.AppVersion | quote }}
+{{ $releaseService := .Release.Service }}
+{{ $releaseName := .Release.Name }}
+
+{{- range $service := .Values.reconciler.services }}
+{{- if $service.serviceMonitor.enabled }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ $service.name }}-monitor
+  namespace: {{ $service.serviceMonitor.namespace }}
+  labels:
+    app.kubernetes.io/version: {{ $appVersion }}
+    app.kubernetes.io/name: {{ $service.name }}-monitor
+    app.kubernetes.io/managed-by: {{ $releaseService }}
+    app.kubernetes.io/instance: {{ $releaseName }}
+    {{- if $service.serviceMonitor.labels }}
+    {{- toYaml $service.serviceMonitor.labels | nindent 4 }}
+    {{- end }}
+spec:
+  endpoints:
+    - path: /api/_/metrics
+      targetPort: {{ $service.targetPort }}
+      {{- if $service.serviceMonitor.interval }}
+      interval: {{ $service.serviceMonitor.interval }}
+      {{- end }}
+      {{- if $service.serviceMonitor.scrapeTimeout }}
+      scrapeTimeout: {{ $service.serviceMonitor.scrapeTimeout }}
+      {{- end }}
+  namespaceSelector:
+    matchNames:
+      - {{ $namespace | quote }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ $service.name }}
+      app.kubernetes.io/instance: {{ $releaseName }}
+{{- end }}
+{{- end }}
--- a/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/vpa.yaml
+++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/templates/reconciler/vpa.yaml
@ -0,0 +1,32 @@
+{{- if .Values.reconciler.vpa }}
+---
+apiVersion: autoscaling.k8s.io/v1
+kind: VerticalPodAutoscaler
+metadata:
+  name: {{ .Release.Name }}-reconciler-vpa
+  namespace: {{ .Release.Namespace }}
+spec:
+  targetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: reconciler
+  resourcePolicy:
+    containerPolicies:
+      - containerName: '*'
+        {{- if .Values.reconciler.vpa.minAllowed.enabled }}
+        minAllowed:
+          cpu: {{ .Values.reconciler.vpa.minAllowed.cpu }}
+          memory: {{ .Values.reconciler.vpa.minAllowed.memory }}
+        {{- end }}
+        {{- if .Values.reconciler.vpa.maxAllowed.enabled }}
+        maxAllowed:
+          cpu: {{ .Values.reconciler.vpa.maxAllowed.cpu }}
+          memory: {{ .Values.reconciler.vpa.maxAllowed.memory }}
+        {{- end }}
+        {{- if .Values.reconciler.vpa.controlledResources }}
+        controlledResources:
+          {{- range .Values.reconciler.vpa.controlledResources }}
+          - {{ . }}
+          {{- end }}
+        {{- end }}
+{{- end }}
--- a/freeleaps-devops-reconciler/helm-pkg/reconciler/values.alpha.yaml
+++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/values.alpha.yaml
@ -0,0 +1,131 @@
+global:
+  registry: docker.io
+  repository: freeleaps
+  nodeSelector: {}
+logIngest:
+  enabled: false
+reconciler:
+  replicas: 1
+  image:
+    registry:
+    repository: freeleaps
+    name: reconciler
+    tag: 1.0.0
+    imagePullPolicy: IfNotPresent
+  ports:
+    - name: http
+      containerPort: 8080
+      protocol: TCP
+  resources:
+    requests:
+      cpu: "0.1"
+      memory: "64Mi"
+    limits:
+      cpu: "0.2"
+      memory: "128Mi"
+  # FIXME: Wait until the developers implements the probes APIs
+  probes: {}
+  services:
+    - name: reconciler-service
+      type: ClusterIP
+      port: 8080
+      targetPort: 8080
+      serviceMonitor:
+        enabled: false
+        labels:
+          release: kube-prometheus-stack
+        namespace: freeleaps-monitoring-system
+        interval: 30s
+        scrapeTimeout: ""
+  # Defaults to {}, which means doesn't have any ingress
+  ingresses: {}
+  configs:
+    # General
+    debug: "false"
+    k8sClusterDomain: "kubernetes.default.svc.cluster.local"
+    autoDiscoverK8sClusterDomainMaxRetries: 5
+    # RabbitMQ
+    rabbitmqHost: "localhost"
+    rabbitmqPort: 5672
+    rabbitmqUsername: "admin"
+    rabbitmqPassword: "admin"
+    rabbitmqVhost: "/"
+    rabbitmqInputQueue: "freeleaps.devops.reconciler.input"
+    rabbitmqOutputQueue: "freeleaps.devops.reconciler.output"
+    rabbitmqEnableExchangeBinding: "true"
+    rabbitmqInputExchange: "freeleaps.notification.exchange"
+    rabbitmqInputExchangeType: "direct"
+    rabbitmqInputRoutingKey: "freeleaps.devops.reconciler.input"
+    rabbitmqOutputExchange: "freeleaps.notification.exchange"
+    rabbitmqOutputRoutingKey: "freeleaps.devops.reconciler.output"
+    # Jenkins
+    jenkinsEndpoint: "http://localhost:8080"
+    jenkinsUsername: "admin"
+    jenkinsToken: "admin"
+    jenkinsApiTimeout: 30
+    jenkinsFolderCreationRetryCount: 3
+    # ArgoCD
+    argocdEndpoint: "http://localhost:8080"
+    argocdUsername: "admin"
+    argocdPassword: "admin"
+    argocdApiTimeout: 30
+    argocdResourceCreationTimeout: 30
+    # Default Credentials
+    defaultGitUsername: "admin"
+    defaultGitPassword: "admin"
+    defaultRegistryUsername: "admin"
+    defaultRegistryPassword: "admin"
+    # API Timeouts
+    kubernetesApiTimeout: 30
+    defaultHttpTimeout: 30
+    # Git
+    allowHttpGitUrls: "false"
+    # Advanced
+    logLevel: "INFO"
+    logFormat: "text"
+    operatorNamespace: "freeleaps-devops-system"
+    reconcileInterval: 30
+    # Development
+    enableMockService: "false"
+    mockServicePort: 5000
+    devMode: "false"
+    # Network Resource Management
+    godaddyApiKey: ""
+    godaddyApiSecret: ""
+    godaddyBaseDomain: "mathmast.com"
+    domainTemplate: "{env}.{project_id}.mathmast.com"
+    ingressClassName: "nginx"
+    certManagerClusterIssuer: "letsencrypt-prod"
+    dnsCreationTimeout: 300
+    certificateIssuanceTimeout: 600
+    ingressReadyTimeout: 300
+    networkResourceCleanupTimeout: 300
+    networkResourceRetryCount: 3
+    networkResourceRetryDelay: 30
+    # Service
+    serviceApiAccessHost: "0.0.0.0"
+    serviceApiAccessPort: "8080"
+    # MongoDB/Redis (如需可补充)
+    mongodbName: ""
+    mongodbUri: ""
+    mongodbPort: ""
+    redisUrl: ""
+    redisIsCluster: "false"
+    # JWT
+    jwtSecretKey: ""
+    jwtAlgorithm: ""
+    # Metrics/Probes
+    metricsEnabled: "false"
+    probesEnabled: "false"
+  vpa:
+    minAllowed:
+      enabled: false
+      cpu: "0.1"
+      memory: "64Mi"
+    maxAllowed:
+      enabled: true
+      cpu: "0.2"
+      memory: "128Mi"
+    controlledResources:
+      - cpu
+      - memory
--- a/freeleaps-devops-reconciler/helm-pkg/reconciler/values.yaml
+++ b/freeleaps-devops-reconciler/helm-pkg/reconciler/values.yaml
@ -0,0 +1,131 @@
+global:
+  registry: docker.io
+  repository: freeleaps
+  nodeSelector: {}
+logIngest:
+  enabled: false
+reconciler:
+  replicas: 1
+  image:
+    registry:
+    repository: freeleaps
+    name: reconciler
+    tag: 1.0.0
+    imagePullPolicy: IfNotPresent
+  ports:
+    - name: http
+      containerPort: 8080
+      protocol: TCP
+  resources:
+    requests:
+      cpu: "0.1"
+      memory: "64Mi"
+    limits:
+      cpu: "0.2"
+      memory: "128Mi"
+  # FIXME: Wait until the developers implements the probes APIs
+  probes: {}
+  services:
+    - name: reconciler-service
+      type: ClusterIP
+      port: 8080
+      targetPort: 8080
+      serviceMonitor:
+        enabled: false
+        labels:
+          release: kube-prometheus-stack
+        namespace: freeleaps-monitoring-system
+        interval: 30s
+        scrapeTimeout: ""
+  # Defaults to {}, which means doesn't have any ingress
+  ingresses: {}
+  configs:
+    # General
+    debug: "false"
+    k8sClusterDomain: "kubernetes.default.svc.cluster.local"
+    autoDiscoverK8sClusterDomainMaxRetries: 5
+    # RabbitMQ
+    rabbitmqHost: "localhost"
+    rabbitmqPort: 5672
+    rabbitmqUsername: "admin"
+    rabbitmqPassword: "admin"
+    rabbitmqVhost: "/"
+    rabbitmqInputQueue: "freeleaps.devops.reconciler.input"
+    rabbitmqOutputQueue: "freeleaps.devops.reconciler.output"
+    rabbitmqEnableExchangeBinding: "true"
+    rabbitmqInputExchange: "freeleaps.notification.exchange"
+    rabbitmqInputExchangeType: "direct"
+    rabbitmqInputRoutingKey: "freeleaps.devops.reconciler.input"
+    rabbitmqOutputExchange: "freeleaps.notification.exchange"
+    rabbitmqOutputRoutingKey: "freeleaps.devops.reconciler.output"
+    # Jenkins
+    jenkinsEndpoint: "http://localhost:8080"
+    jenkinsUsername: "admin"
+    jenkinsToken: "admin"
+    jenkinsApiTimeout: 30
+    jenkinsFolderCreationRetryCount: 3
+    # ArgoCD
+    argocdEndpoint: "http://localhost:8080"
+    argocdUsername: "admin"
+    argocdPassword: "admin"
+    argocdApiTimeout: 30
+    argocdResourceCreationTimeout: 30
+    # Default Credentials
+    defaultGitUsername: "admin"
+    defaultGitPassword: "admin"
+    defaultRegistryUsername: "admin"
+    defaultRegistryPassword: "admin"
+    # API Timeouts
+    kubernetesApiTimeout: 30
+    defaultHttpTimeout: 30
+    # Git
+    allowHttpGitUrls: "false"
+    # Advanced
+    logLevel: "INFO"
+    logFormat: "text"
+    operatorNamespace: "freeleaps-devops-system"
+    reconcileInterval: 30
+    # Development
+    enableMockService: "false"
+    mockServicePort: 5000
+    devMode: "false"
+    # Network Resource Management
+    godaddyApiKey: ""
+    godaddyApiSecret: ""
+    godaddyBaseDomain: "mathmast.com"
+    domainTemplate: "{env}.{project_id}.mathmast.com"
+    ingressClassName: "nginx"
+    certManagerClusterIssuer: "letsencrypt-prod"
+    dnsCreationTimeout: 300
+    certificateIssuanceTimeout: 600
+    ingressReadyTimeout: 300
+    networkResourceCleanupTimeout: 300
+    networkResourceRetryCount: 3
+    networkResourceRetryDelay: 30
+    # Service
+    serviceApiAccessHost: "0.0.0.0"
+    serviceApiAccessPort: "8080"
+    # MongoDB/Redis (如需可补充)
+    mongodbName: ""
+    mongodbUri: ""
+    mongodbPort: ""
+    redisUrl: ""
+    redisIsCluster: "false"
+    # JWT
+    jwtSecretKey: ""
+    jwtAlgorithm: ""
+    # Metrics/Probes
+    metricsEnabled: "false"
+    probesEnabled: "false"
+  vpa:
+    minAllowed:
+      enabled: false
+      cpu: "0.1"
+      memory: "64Mi"
+    maxAllowed:
+      enabled: true
+      cpu: "0.2"
+      memory: "128Mi"
+    controlledResources:
+      - cpu
+      - memory
--- a/freeleaps/alpha/ci/freeleaps-service-hub/Jenkinsfile
+++ b/freeleaps/alpha/ci/freeleaps-service-hub/Jenkinsfile
@ -1,4 +1,4 @@
-library 'first-class-pipeline'
+library 'first-class-pipeline@Nicolas_local_ops'

 executeFreeleapsPipeline {
  serviceName = 'freeleaps'