admin/ircs-prod-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: restore independent prod gitops config

Browse Source
This commit is contained in:
Prodiglagla
2026-06-15 17:26:52 +08:00
parent c86deb5e12
commit 9e326c375a
40 changed files with 215 additions and 207 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+22 -18
View File
@@ -1,27 +1,31 @@
# ircs-prod-config
# ircs-prod-config
Independent GitOps repository for IRCS V3 production namespace `ircs-prod`.
独立 GitOps 仓库,负责 IRCS V3 生产 namespace `ircs-prod` 的 Kubernetes 运行配置。
This repo intentionally separates production runtime state from the source repository:
代码仓库只负责构建和推送镜像;Argo CD 不再同步后端仓库中的生产清单。所有生产配置入口都在本仓库:
- source repo: `gitea-admin/ircs-project-v3`, builds and pushes service images.
- GitOps repo: `gitea-admin/ircs-prod-config`, declares Kubernetes runtime resources.
- Argo CD Application`apps/`
- 生产 core 清单:`ircs-prod/core/`
- 生产 edge HTTPRoute`ircs-prod/edge-cutover/`
- 数据库迁移 Job`ircs-prod/migration/`
Secrets are not stored here. Run `scripts/prepare-prod-secrets.ps1` before syncing the core ArgoCD application.
当前 Argo CD repoURL
Deployment order:
```text
http://gitea-http.gitea.svc.cluster.local:3000/admin/ircs-prod-config.git
```
1. Prepare `ircs-prod` namespace and secrets.
2. Apply `apps/ircs-prod-core-application.yaml` to ArgoCD and sync it.
3. Let the V3 migrator initialize a clean database. Do not migrate legacy `ircs-system` data by default.
4. Verify portals and BFF through cluster endpoints.
5. Sync `apps/ircs-prod-edge-application.yaml` or apply `ircs-prod/edge-cutover`, then remove old `ircs-system` business routes.
## 发布链路
Edge cutover is isolated from core to avoid hostname conflict while the old `ircs-system` routes still own production domains.
1. 后端或前端仓库的 Gitea Actions 构建 ARM64 镜像并推送到 `registry.mnnu.eu.org/ircs`
2. Actions clone 本仓库并更新 `ircs-prod/` 中对应镜像标签。
3. Actions 将 tag 回写 commit push 到本仓库 `main`
4. Argo CD 同步本仓库中的 `ircs-prod-core``ircs-prod-edge`
5. `ircs-prod-migrator` 保留为手动同步对象,避免迁移 Job 被镜像标签变化反复触发。
Current cutover state:
## 当前域名
- `ircs-prod-core`: Synced/Healthy.
- `ircs-prod-edge`: Synced/Healthy.
- `ircs-system/huawai-route` and `ircs-system/ircs-route`: removed.
- `ircs-system/kibana-route`: retained.
- `huawai.mnnu.eu.org` -> `ircs-portal-frontend:3000`
- `admin.mnnu.eu.org` -> `ircs-admin-frontend:80`
公网 TLS 由 Envoy Gateway 和基础设施处理,业务 Pod 内部不配置 TLS。