feat: Add support for Apache Airflow, ArgoCD, Jenkins, and Nexus with corresponding configurations

- Added Apache Airflow with Makefile, README, and values.yaml for deployment. - Introduced ArgoCD with Makefile, README, and values.yaml for GitOps management. - Implemented Jenkins with Makefile, README, and values.yaml for CI/CD automation. - Included Nexus Repository Manager with Makefile, README, and values.yaml for artifact management. - Updated Gitea and Vault configurations for consistency and improved documentation. - Enhanced README files with installation instructions, usage, and configuration details in both English and Chinese.
2026-02-20 17:25:14 +08:00
parent 990b40d730
commit bfa41fb903
25 changed files with 1322 additions and 14 deletions
--- a/README.md
+++ b/README.md
@@ -10,27 +10,72 @@ This project provides a collection of Helm chart configurations for popular serv
 The following services are currently supported:
 ### Databases & Storage
 - ClickHouse
 - DuckDB
 - Elasticsearch
 - etcd
 - HBase
 - Kafka
 - Keycloak
 - Kibana
 - Langfuse
 - MariaDB
 - Milvus
 - MinIO
 - MongoDB
- Nginx
+- MySQL
- OpenTelemetry Collector
+- Neo4j
 - Phoenix
 - PostgreSQL
 - Pulsar
 - RabbitMQ
 - RabbitMQ Cluster Operator
 - Redis
 - Valkey
 - Vault
 - ZooKeeper
 ### DevOps & CI/CD
 - ArgoCD
 - Gitea
 - Gitea Runner
 - GitLab
 - GitLab Runner
 - Harbor
 - Jenkins
 - Nexus
 ### Data & Analytics
 - Airflow
 - Apache Flink
 ### Observability & Monitoring
 - Grafana
 - Kibana
 - Langfuse
 - Loki
 - OpenTelemetry Collector
 - Phoenix
 - Prometheus
 ### Streaming & API Gateway
 - Apache Pulsar
 - Kong
 - Nginx
 ### AI & ML
 - LiteLLM
 - MLflow
 - Open WebUI
 ### Identity & Service Mesh
 - Keycloak
 - Nacos
 Each service has its own directory under `src/`, containing:
 - `Makefile`: Service-specific configuration
--- a/src/airflow/Makefile
+++ b/src/airflow/Makefile
@@ -0,0 +1,16 @@
 HELM_RELEASE_NAME ?= airflow
 HELM_APPLICATION_NAME ?= airflow
 HELM_NAMESPACE ?= airflow
 HELM_DIR ?= ./helm
 HELM_CHART_VERSION ?=
 HELM_VALUES_FILE ?= ./values.yaml
 HELM_OCI_REGISTRY ?=
 HELM_OCI_NAMESPACE ?=
 HELM_OCI_USERNAME ?=
 HELM_OCI_PASSWORD ?=
 HELM_REPO_NAME ?= apache-airflow
 HELM_REPO_URL ?= https://airflow.apache.org
 HELM_CHART_REPO ?= $(HELM_REPO_NAME)/$(HELM_APPLICATION_NAME)
 HELM_LANE ?=
 include ../_template/base.mk
--- a/src/airflow/README.md
+++ b/src/airflow/README.md
@@ -0,0 +1,61 @@
 # Apache Airflow
 ## Introduction
 Apache Airflow is a platform to programmatically author, schedule, and monitor workflows. It uses directed acyclic graphs (DAGs) to manage workflow orchestration.
 ## Installation
 To install Airflow, run:
 ```bash
 make install
 ```
 ## Usage
 After installation, access Airflow:
 ```bash
 # Port forward to access web UI
 kubectl port-forward svc/airflow-webserver -n airflow 8080:8080
 ```
 Then open <http://localhost:8080> in your browser.
 Default credentials:
 - Username: `admin`
 - Password: `admin`
 ## Configuration
 The default configuration includes:
 - CeleryExecutor for distributed task execution
 - Built-in PostgreSQL for metadata database
 - Built-in Redis for Celery broker
 - Single replicas for webserver, scheduler, workers, and triggerer
 - 10Gi for logs persistence
 ## Components
 - **Webserver**: Serves the UI and API
 - **Scheduler**: Schedules and triggers tasks
 - **Workers**: Execute tasks (CeleryExecutor)
 - **Triggerer**: Runs event-based triggers
 - **Flower**: Celery monitoring tool
 ## Adding DAGs
 To add your DAGs:
 1. Enable `dags.gitSync` and configure your Git repository, OR
 2. Mount a persistent volume with your DAG files, OR
 3. Use the Airflow UI to upload DAG files (not recommended for production)
 ## Customization
 - Edit `values.yaml` to configure connections, variables, and pools
 - Scale workers by increasing `workers.replicas`
 - Enable ingress for external access
--- a/src/airflow/README.zh.md
+++ b/src/airflow/README.zh.md
@@ -0,0 +1,61 @@
 # Apache Airflow
 ## 简介
 Apache Airflow 是一个以编程方式编写、调度和监控工作流的平台。它使用有向无环图 (DAG) 来管理工作流编排。
 ## 安装
 安装 Airflow：
 ```bash
 make install
 ```
 ## 使用
 安装完成后，访问 Airflow：
 ```bash
 # 端口转发以访问 Web UI
 kubectl port-forward svc/airflow-webserver -n airflow 8080:8080
 ```
 然后在浏览器中打开 <http://localhost:8080>。
 默认凭据：
 - 用户名：`admin`
 - 密码：`admin`
 ## 配置
 默认配置包括：
 - CeleryExecutor 用于分布式任务执行
 - 内置 PostgreSQL 作为元数据库
 - 内置 Redis 作为 Celery 代理
 - Webserver、Scheduler、Workers 和 Triggerer 均为单副本
 - 10Gi 日志持久化存储
 ## 组件
 - **Webserver**: 提供 UI 和 API
 - **Scheduler**: 调度和触发任务
 - **Workers**: 执行任务 (CeleryExecutor)
 - **Triggerer**: 运行基于事件的触发器
 - **Flower**: Celery 监控工具
 ## 添加 DAG
 添加您的 DAG：
 1. 启用 `dags.gitSync` 并配置 Git 仓库，或
 2. 挂载包含 DAG 文件的持久卷，或
 3. 使用 Airflow UI 上传 DAG 文件（不推荐用于生产环境）
 ## 自定义
 - 编辑 `values.yaml` 配置连接、变量和池
 - 增加 `workers.replicas` 扩展 Workers
 - 启用 ingress 用于外部访问
--- a/src/airflow/values.yaml
+++ b/src/airflow/values.yaml
@@ -0,0 +1,118 @@
 # Apache Airflow Configuration
 # https://github.com/apache/airflow/blob/main/chart/values.yaml
 # Default airflow repository
 defaultAirflowRepository: apache/airflow
 # Default airflow tag
 defaultAirflowTag: 2.9.0
 # Airflow version
 airflowVersion: 2.9.0
 # Executor type
 executor: CeleryExecutor
 # Environment variables
 env:
  - name: AIRFLOW__CORE__LOAD_EXAMPLES
    value: 'False'
  - name: AIRFLOW__WEBSERVER__EXPOSE_CONFIG
    value: 'True'
 # Webserver configuration
 webserver:
  replicas: 1
  resources:
    requests:
      cpu: 500m
      memory: 1Gi
    limits:
      cpu: 1000m
      memory: 2Gi
  service:
    type: ClusterIP
 # Scheduler configuration
 scheduler:
  replicas: 1
  resources:
    requests:
      cpu: 500m
      memory: 1Gi
    limits:
      cpu: 1000m
      memory: 2Gi
 # Worker configuration (for CeleryExecutor)
 workers:
  replicas: 1
  resources:
    requests:
      cpu: 500m
      memory: 1Gi
    limits:
      cpu: 1000m
      memory: 2Gi
 # Triggerer configuration
 triggerer:
  enabled: true
  replicas: 1
  resources:
    requests:
      cpu: 250m
      memory: 512Mi
    limits:
      cpu: 500m
      memory: 1Gi
 # DAGs configuration
 dags:
  persistence:
    enabled: true
    size: 5Gi
    accessMode: ReadWriteOnce
  gitSync:
    enabled: false
 # Logs configuration
 logs:
  persistence:
    enabled: true
    size: 10Gi
 # PostgreSQL configuration (subchart)
 postgresql:
  enabled: true
  auth:
    username: postgres
    database: airflow
  primary:
    persistence:
      enabled: true
      size: 10Gi
 # Redis configuration (subchart for Celery)
 redis:
  enabled: true
  architecture: standalone
  auth:
    enabled: false
  master:
    persistence:
      enabled: true
      size: 5Gi
 # Flower configuration
 flower:
  enabled: true
  service:
    type: ClusterIP
 # Ingress configuration
 ingress:
  web:
    enabled: false
  flower:
    enabled: false
--- a/src/argocd/Makefile
+++ b/src/argocd/Makefile
@@ -0,0 +1,16 @@
 HELM_RELEASE_NAME ?= argocd
 HELM_APPLICATION_NAME ?= argo-cd
 HELM_NAMESPACE ?= argocd
 HELM_DIR ?= ./helm
 HELM_CHART_VERSION ?=
 HELM_VALUES_FILE ?= ./values.yaml
 HELM_OCI_REGISTRY ?=
 HELM_OCI_NAMESPACE ?=
 HELM_OCI_USERNAME ?=
 HELM_OCI_PASSWORD ?=
 HELM_REPO_NAME ?= argo
 HELM_REPO_URL ?= https://argoproj.github.io/argo-helm
 HELM_CHART_REPO ?= $(HELM_REPO_NAME)/$(HELM_APPLICATION_NAME)
 HELM_LANE ?=
 include ../_template/base.mk
--- a/src/argocd/README.md
+++ b/src/argocd/README.md
@@ -0,0 +1,43 @@
 # ArgoCD
 ## Introduction
 ArgoCD is a declarative, GitOps continuous delivery tool for Kubernetes. It follows the GitOps pattern of using Git repositories as the source of truth for defining the desired application state.
 ## Installation
 To install ArgoCD, run:
 ```bash
 make install
 ```
 Default credentials:
 - Username: `admin`
 - Password: `admin`
 ## Usage
 After installation, access ArgoCD:
 ```bash
 # Port forward to access UI
 kubectl port-forward svc/argocd-server -n argocd 8080:443
 # Get admin password
 kubectl get secret argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d
 ```
 Then open <https://localhost:8080> in your browser.
 ## Configuration
 The default configuration includes:
 - Single Redis instance
 - Single controller replica
 - Single repo server
 - Dex enabled for SSO
 For production, consider enabling HA mode with multiple replicas.
--- a/src/argocd/README.zh.md
+++ b/src/argocd/README.zh.md
@@ -0,0 +1,43 @@
 # ArgoCD
 ## 简介
 ArgoCD 是一个用于 Kubernetes 的声明式、GitOps 持续交付工具。它遵循 GitOps 模式，使用 Git 仓库作为定义期望应用状态的单一事实来源。
 ## 安装
 安装 ArgoCD：
 ```bash
 make install
 ```
 默认凭据：
 - 用户名：`admin`
 - 密码：`admin`
 ## 使用
 安装完成后，访问 ArgoCD：
 ```bash
 # 端口转发以访问 UI
 kubectl port-forward svc/argocd-server -n argocd 8080:443
 # 获取管理员密码
 kubectl get secret argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d
 ```
 然后在浏览器中打开 <https://localhost:8080>。
 ## 配置
 默认配置包括：
 - 单 Redis 实例
 - 单控制器副本
 - 单仓库服务器
 - 启用 Dex 用于 SSO
 生产环境建议启用 HA 模式，使用多副本部署。
--- a/src/argocd/values.yaml
+++ b/src/argocd/values.yaml
@@ -0,0 +1,31 @@
 # Argo CD Configuration
 # https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/values.yaml
 configs:
  secret:
    argocdServerAdminPassword: $2a$10$m9ZR7FP.6zSFhjDHndyeJuruTzZNjf7qCkybF7N7sNCGBqDXm7vwK # admin
    argocdServerAdminPasswordMtime: '2024-01-01T00:00:00Z'
 server:
  service:
    type: ClusterIP
  ingress:
    enabled: false
 dex:
  enabled: true
 redis:
  enabled: true
 repoServer:
  replicas: 1
 controller:
  replicas: 1
 applicationSet:
  enabled: true
 notifications:
  enabled: false
--- a/src/gitea-runner/Makefile
+++ b/src/gitea-runner/Makefile
@@ -8,7 +8,7 @@ HELM_OCI_REGISTRY ?=
 HELM_OCI_NAMESPACE ?=
 HELM_OCI_USERNAME ?=
 HELM_OCI_PASSWORD ?=
-HELM_REPO_NAME ?= gitea-charts
+HELM_REPO_NAME ?= gitea
 HELM_REPO_URL ?= https://dl.gitea.com/charts
 HELM_CHART_REPO ?= $(HELM_REPO_NAME)/actions
 HELM_LANE ?=
--- a/src/gitea/README.md
+++ b/src/gitea/README.md
@@ -9,9 +9,18 @@ Gitea is a community managed lightweight code hosting solution written in Go. It
 To install Gitea, run:
 ```bash
 make repo-add
 make install
 ```
 Or directly:
 ```bash
 helm repo add gitea https://dl.gitea.com/charts
 helm repo update
 helm install gitea gitea/gitea -f values.yaml
 ```
 ## Usage
 After installation, verify the deployment:
@@ -28,7 +37,116 @@ kubectl port-forward svc/gitea-http 3000:3000 -n gitea
 Then open <http://localhost:3000> in your browser.
 Default admin credentials:
 - Username: `gitea_admin`
 - Password: `r8sA8CPHD9!bt6d`
 ## Configuration
 ### Current Configuration (Development)
 当前配置为单实例开发环境，使用 SQLite 数据库。
 ### Production Configuration (High Availability)
 生产环境建议使用以下配置（需取消注释并配置）：
 ```yaml
 # 1. 禁用 SQLite，启用 PostgreSQL
 valkey-cluster:
  enabled: true # 启用 Valkey 集群（缓存/会话/队列）
 postgresql-ha:
  enabled: true # 启用 PostgreSQL HA
 gitea:
  config:
    database:
      DB_TYPE: postgres
 ```
 ### Single-Pod Production (Non-HA)
 如需单机生产环境（非高可用）：
 ```yaml
 valkey-cluster:
  enabled: false
 valkey:
  enabled: true
 postgresql:
  enabled: true
 postgresql-ha:
  enabled: false
 gitea:
  config:
    database:
      DB_TYPE: postgres
 ```
 ### External Database
 使用外部数据库：
 ```yaml
 postgresql:
  enabled: false
 postgresql-ha:
  enabled: false
 gitea:
  config:
    database:
      DB_TYPE: postgres # or mysql
      HOST: my-db-host:5432
      NAME: gitea
      USER: gitea
      PASSWD: secret
 ```
 ### Ingress Configuration
 ```yaml
 ingress:
  enabled: true
  hosts:
    - host: git.example.com
      paths:
        - path: /
  tls:
    - secretName: gitea-tls
      hosts:
        - git.example.com
 ```
 ## Helm Chart Values
 查看所有可配置参数：
 ```bash
 make values
 # 或
 helm show values gitea/gitea > gitea-values.yaml
 ```
 ## Important Changes (v12.x)
 - **Redis → Valkey**: Chart v12.x 从 Redis 迁移到 Valkey/Valkey-cluster 作为缓存
 - **Rootless by default**: 默认使用 rootless 镜像（更安全）
 - **PostgreSQL-HA by default**: 默认使用 PostgreSQL HA（高可用）
 ## Documentation
- [Official Gitea Documentation](https://docs.gitea.com/)
+- [Gitea Documentation](https://docs.gitea.com/)
- [Helm Chart Source](https://gitea.com/gitea/helm-chart)
+- [Gitea Chinese Documentation](https://docs.gitea.cn/)
 - [Gitea Helm Chart Source](https://gitea.com/gitea/helm-gitea)
 - [Kubernetes Installation Guide](https://docs.gitea.cn/installation/install-on-kubernetes)
 - [Gitea Configuration Cheat Sheet](https://docs.gitea.com/administration/config-cheat-sheet)
 ## Upgrade Notes
 从旧版本升级时请参考：
 - [Helm Chart Upgrading Guide](https://gitea.com/gitea/helm-gitea#upgrading)
--- a/src/gitea/README.zh.md
+++ b/src/gitea/README.zh.md
@@ -9,9 +9,18 @@ Gitea 是一个社区管理的轻量级代码托管解决方案，使用 Go 语
 要安装 Gitea，请运行：
 ```bash
 make repo-add
 make install
 ```
 或者直接使用 Helm：
 ```bash
 helm repo add gitea https://dl.gitea.com/charts
 helm repo update
 helm install gitea gitea/gitea -f values.yaml
 ```
 ## 使用
 安装完成后，验证部署：
@@ -28,7 +37,114 @@ kubectl port-forward svc/gitea-http 3000:3000 -n gitea
 然后在浏览器中打开 <http://localhost:3000>。
-## 文档
+默认管理员账户：
- [官方 Gitea 文档](https://docs.gitea.com/)
+- 用户名：`gitea_admin`
- [Helm Chart 源码](https://gitea.com/gitea/helm-chart)
+- 密码：`r8sA8CPHD9!bt6d`
 ## 配置说明
 ### 当前配置（开发环境）
 当前配置为单实例开发环境，使用 SQLite 数据库，适合快速测试和开发。
 ### 生产环境配置（高可用）
 生产环境建议使用以下配置：
 ```yaml
 # 启用 Valkey 集群和 PostgreSQL HA
 valkey-cluster:
  enabled: true # 启用 Valkey 集群作为缓存/会话/队列存储
 postgresql-ha:
  enabled: true # 启用 PostgreSQL 高可用
 gitea:
  config:
    database:
      DB_TYPE: postgres
 ```
 ### 单机生产环境（非高可用）
 如需单机生产环境：
 ```yaml
 valkey-cluster:
  enabled: false
 valkey:
  enabled: true
 postgresql:
  enabled: true
 postgresql-ha:
  enabled: false
 gitea:
  config:
    database:
      DB_TYPE: postgres
 ```
 ### 使用外部数据库
 如需使用外部数据库：
 ```yaml
 postgresql:
  enabled: false
 postgresql-ha:
  enabled: false
 gitea:
  config:
    database:
      DB_TYPE: postgres # 或 mysql
      HOST: my-db-host:5432
      NAME: gitea
      USER: gitea
      PASSWD: secret
 ```
 ### Ingress 配置
 ```yaml
 ingress:
  enabled: true
  hosts:
    - host: git.example.com
      paths:
        - path: /
  tls:
    - secretName: gitea-tls
      hosts:
        - git.example.com
 ```
 ## 查看所有配置参数
 ```bash
 make values
 # 或
 helm show values gitea/gitea > gitea-values.yaml
 ```
 ## v12.x 重要变更
 - **Redis → Valkey**: Chart v12.x 从 Redis 迁移到 Valkey/Valkey-cluster 作为缓存组件
 - **默认使用 rootless 镜像**: 更安全，但 SSH 监听端口改为 2222
 - **默认使用 PostgreSQL HA**: 高可用数据库配置
 ## 文档链接
 - [Gitea 文档](https://docs.gitea.com/)
 - [Gitea 中文文档](https://docs.gitea.cn/)
 - [Gitea Helm Chart 源码](https://gitea.com/gitea/helm-gitea)
 - [Kubernetes 安装指南](https://docs.gitea.cn/installation/install-on-kubernetes)
 - [Gitea 配置速查表](https://docs.gitea.com/administration/config-cheat-sheet)
 ## 升级注意事项
 从旧版本升级时请参考：
 - [Helm Chart 升级指南](https://gitea.com/gitea/helm-gitea#upgrading)
--- a/src/gitea/values.yaml
+++ b/src/gitea/values.yaml
@@ -7,8 +7,7 @@
 replicaCount: 1
 image:
-  repository: gitea/gitea
+  repository: gitea
  tag: latest
  pullPolicy: IfNotPresent
 service:
--- a/src/jenkins/Makefile
+++ b/src/jenkins/Makefile
@@ -0,0 +1,16 @@
 HELM_RELEASE_NAME ?= jenkins
 HELM_APPLICATION_NAME ?= jenkins
 HELM_NAMESPACE ?= jenkins
 HELM_DIR ?= ./helm
 HELM_CHART_VERSION ?=
 HELM_VALUES_FILE ?= ./values.yaml
 HELM_OCI_REGISTRY ?=
 HELM_OCI_NAMESPACE ?=
 HELM_OCI_USERNAME ?=
 HELM_OCI_PASSWORD ?=
 HELM_REPO_NAME ?= jenkins
 HELM_REPO_URL ?= https://charts.jenkins.io
 HELM_CHART_REPO ?= $(HELM_REPO_NAME)/$(HELM_APPLICATION_NAME)
 HELM_LANE ?=
 include ../_template/base.mk
--- a/src/jenkins/README.md
+++ b/src/jenkins/README.md
@@ -0,0 +1,54 @@
 # Jenkins
 ## Introduction
 Jenkins is an open-source automation server that enables developers to build, test, and deploy their software reliably. It supports thousands of plugins for various CI/CD pipelines.
 ## Installation
 To install Jenkins, run:
 ```bash
 make install
 ```
 ## Usage
 After installation, access Jenkins:
 ```bash
 # Port forward to access Jenkins
 kubectl port-forward svc/jenkins -n jenkins 8080:8080
 # Get admin password
 kubectl get secret jenkins -n jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 -d
 ```
 Then open <http://localhost:8080> and complete the setup wizard.
 ## Configuration
 The default configuration includes:
 - Pre-installed plugins for Kubernetes, Git, Pipeline, and Blue Ocean
 - 1 controller replica with 2Gi memory limit
 - 1Gi persistent volume for build data
 - Configuration as Code (CasC) enabled
 ## Installed Plugins
 - kubernetes - Kubernetes plugin for dynamic agents
 - workflow-aggregator - Pipeline plugin suite
 - git - Git integration
 - configuration-as-code - CasC support
 - blue-ocean - Modern UI
 - docker-workflow - Docker pipeline support
 - pipeline-stage-view - Pipeline visualization
 ## Customization
 To customize Jenkins:
 1. Edit `values.yaml` to add more plugins
 2. Configure CasC scripts for pre-configured jobs
 3. Adjust resource limits based on your workload
--- a/src/jenkins/README.zh.md
+++ b/src/jenkins/README.zh.md
@@ -0,0 +1,54 @@
 # Jenkins
 ## 简介
 Jenkins 是一个开源自动化服务器，使开发人员能够可靠地构建、测试和部署软件。它支持数千个插件，用于各种 CI/CD 流水线。
 ## 安装
 安装 Jenkins：
 ```bash
 make install
 ```
 ## 使用
 安装完成后，访问 Jenkins：
 ```bash
 # 端口转发以访问 Jenkins
 kubectl port-forward svc/jenkins -n jenkins 8080:8080
 # 获取管理员密码
 kubectl get secret jenkins -n jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 -d
 ```
 然后打开 <http://localhost:8080> 完成设置向导。
 ## 配置
 默认配置包括：
 - 预装 Kubernetes、Git、Pipeline 和 Blue Ocean 插件
 - 1 个控制器副本，内存限制 2Gi
 - 1Gi 持久卷用于构建数据
 - 启用配置即代码 (CasC)
 ## 已安装插件
 - kubernetes - Kubernetes 动态代理插件
 - workflow-aggregator - Pipeline 插件套件
 - git - Git 集成
 - configuration-as-code - CasC 支持
 - blue-ocean - 现代化 UI
 - docker-workflow - Docker 流水线支持
 - pipeline-stage-view - 流水线可视化
 ## 自定义
 自定义 Jenkins：
 1. 编辑 `values.yaml` 添加更多插件
 2. 配置 CasC 脚本用于预配置任务
 3. 根据工作负载调整资源限制
--- a/src/jenkins/values.yaml
+++ b/src/jenkins/values.yaml
@@ -0,0 +1,85 @@
 # Jenkins Configuration
 # https://github.com/jenkinsci/helm-charts/blob/main/charts/jenkins/values.yaml
 controller:
  image:
    repository: jenkins/jenkins
    tag: lts
    pullPolicy: IfNotPresent
  # Resource configuration
  resources:
    requests:
      cpu: 1000m
      memory: 2Gi
    limits:
      cpu: 2000m
      memory: 4Gi
  # Java options
  javaOpts: '-XX:MaxRAMPercentage=75.0'
  # Service configuration
  serviceType: ClusterIP
  servicePort: 8080
  targetPort: 8080
  # Ingress configuration
  ingress:
    enabled: false
  # Number of Jenkins controllers
  replicaCount: 1
  # Install plugins
  installPlugins:
    - kubernetes:3937.vd7b_82db_e347b_
    - workflow-aggregator:596.v8c21c963d92d
    - git:5.2.1
    - configuration-as-code:1775.v810dc950b_514
    - blue-ocean:1.27.13
    - docker-workflow:572.v950f58993843
    - pipeline-stage-view:2.34
    - credentials-binding:642.v737c34dea_6c2
    - credentials:1319.v7eb_51b_3a_c97b_
  # Initialize configuration as code
  JCasC:
    enabled: true
    defaultConfig: true
    configScripts: {}
  # Sidecars
  sidecars:
    configAutoReload:
      enabled: true
      image: kiwigrid/k8s-sidecar:1.26.1
 # Agent configuration
 agent:
  enabled: true
  image:
    repository: jenkins/inbound-agent
    tag: latest
  # Resource configuration for agents
  resources:
    requests:
      cpu: 500m
      memory: 1Gi
    limits:
      cpu: 1000m
      memory: 2Gi
  # Working directory
  workingDir: /home/jenkins/agent
  # Pod template configuration
  podName: default
  customJenkinsLabels: []
 # Persistence
 persistence:
  enabled: true
  size: 10Gi
  accessMode: ReadWriteOnce
--- a/src/nexus/Makefile
+++ b/src/nexus/Makefile
@@ -0,0 +1,16 @@
 HELM_RELEASE_NAME ?= nexus
 HELM_APPLICATION_NAME ?= nexus-repository-manager
 HELM_NAMESPACE ?= nexus
 HELM_DIR ?= ./helm
 HELM_CHART_VERSION ?=
 HELM_VALUES_FILE ?= ./values.yaml
 HELM_OCI_REGISTRY ?=
 HELM_OCI_NAMESPACE ?=
 HELM_OCI_USERNAME ?=
 HELM_OCI_PASSWORD ?=
 HELM_REPO_NAME ?= sonatype
 HELM_REPO_URL ?= https://sonatype.github.io/helm3-charts/
 HELM_CHART_REPO ?= $(HELM_REPO_NAME)/$(HELM_APPLICATION_NAME)
 HELM_LANE ?=
 include ../_template/base.mk
--- a/src/nexus/README.md
+++ b/src/nexus/README.md
@@ -0,0 +1,70 @@
 # Nexus Repository Manager
 ## Introduction
 Nexus Repository Manager is a powerful artifact repository manager that supports various formats including Maven, npm, NuGet, Docker, and more. It acts as a central hub for storing and managing software artifacts.
 ## Installation
 To install Nexus, run:
 ```bash
 make install
 ```
 ## Usage
 After installation, access Nexus:
 ```bash
 # Port forward to access Nexus
 kubectl port-forward svc/nexus-repository-manager -n nexus 8081:8081
 ```
 Then open <http://localhost:8081> in your browser.
 Default credentials:
 - Username: `admin`
 - Password: Retrieve from pod
 ```bash
 # Get admin password
 kubectl exec -it deployment/nexus-repository-manager -n nexus -- cat /nexus-data/admin.password
 ```
 ## Configuration
 The default configuration includes:
 - 100Gi persistent storage for artifacts
 - 4Gi memory limit
 - Single replica deployment
 - JVM heap size: 2g
 ## Repository Types
 Nexus supports various repository formats:
 - **Maven** (Java artifacts)
 - **npm** (Node.js packages)
 - **NuGet** (.NET packages)
 - **Docker** (Container images)
 - **PyPI** (Python packages)
 - **Raw** (Generic files)
 - **Yum/APT** (Linux packages)
 ## Docker Registry
 To enable Docker registry support:
 1. Edit `values.yaml` and set `nexus.docker.enabled: true`
 2. Configure registries with ports
 3. Expose via NodePort or Ingress
 ## Backup
 Consider enabling scheduled backups:
 1. Configure `backup.enabled: true`
 2. Set up backup schedule and storage
--- a/src/nexus/README.zh.md
+++ b/src/nexus/README.zh.md
@@ -0,0 +1,70 @@
 # Nexus Repository Manager
 ## 简介
 Nexus Repository Manager 是一个强大的制品仓库管理器，支持多种格式，包括 Maven、npm、NuGet、Docker 等。它充当存储和管理软件制品的中心枢纽。
 ## 安装
 安装 Nexus：
 ```bash
 make install
 ```
 ## 使用
 安装完成后，访问 Nexus：
 ```bash
 # 端口转发以访问 Nexus
 kubectl port-forward svc/nexus-repository-manager -n nexus 8081:8081
 ```
 然后在浏览器中打开 <http://localhost:8081>。
 默认凭据：
 - 用户名：`admin`
 - 密码：从 Pod 获取
 ```bash
 # 获取管理员密码
 kubectl exec -it deployment/nexus-repository-manager -n nexus -- cat /nexus-data/admin.password
 ```
 ## 配置
 默认配置包括：
 - 100Gi 持久化存储用于制品
 - 4Gi 内存限制
 - 单副本部署
 - JVM 堆大小：2g
 ## 仓库类型
 Nexus 支持多种仓库格式：
 - **Maven** (Java 制品)
 - **npm** (Node.js 包)
 - **NuGet** (.NET 包)
 - **Docker** (容器镜像)
 - **PyPI** (Python 包)
 - **Raw** (通用文件)
 - **Yum/APT** (Linux 包)
 ## Docker 仓库
 启用 Docker 仓库支持：
 1. 编辑 `values.yaml` 设置 `nexus.docker.enabled: true`
 2. 配置带端口的仓库
 3. 通过 NodePort 或 Ingress 暴露
 ## 备份
 建议启用定时备份：
 1. 配置 `backup.enabled: true`
 2. 设置备份计划和存储
--- a/src/nexus/values.yaml
+++ b/src/nexus/values.yaml
@@ -0,0 +1,84 @@
 # Nexus Repository Manager Configuration
 # https://github.com/sonatype/helm3-charts/blob/main/charts/nexus-repository-manager/values.yaml
 image:
  repository: sonatype/nexus3
  tag: 3.68.1
  pullPolicy: IfNotPresent
 # Resource configuration
 resources:
  requests:
    cpu: 500m
    memory: 2Gi
  limits:
    cpu: 2000m
    memory: 4Gi
 # JVM options
 env:
  - name: INSTALL4J_ADD_VM_PARAMS
    value: '-Xms2g -Xmx2g -XX:MaxDirectMemorySize=2g -XX:+UseG1GC'
 # Service configuration
 service:
  type: ClusterIP
  port: 8081
 # Ingress configuration
 ingress:
  enabled: false
 # Persistence
 persistence:
  enabled: true
  storageSize: 100Gi
  accessMode: ReadWriteOnce
 # Nexus configuration
 nexus:
  # Security context
  securityContext:
    runAsUser: 200
  # Additional volumes
  extraVolumes: []
  # Additional volume mounts
  extraVolumeMounts: []
  # Service configuration
  service:
    type: ClusterIP
    port: 8081
  # Docker registries configuration
  docker:
    enabled: false
    registries: []
 # ConfigMap for initial configuration
 config:
  enabled: false
  mountPath: /sonatype-nexus-conf
 # License configuration (for Nexus Pro)
 license:
  enabled: false
  secretFilePath:
 # Backup configuration
 backup:
  enabled: false
 # Route configuration (OpenShift)
 route:
  enabled: false
 # ServiceAccount configuration
 serviceAccount:
  create: true
 # RBAC configuration
 rbac:
  create: true
--- a/src/vault/Makefile
+++ b/src/vault/Makefile
@@ -0,0 +1,16 @@
 HELM_RELEASE_NAME ?= vault
 HELM_APPLICATION_NAME ?= vault
 HELM_NAMESPACE ?= vault
 HELM_DIR ?= ./helm
 HELM_CHART_VERSION ?=
 HELM_VALUES_FILE ?= ./values.yaml
 HELM_OCI_REGISTRY ?=
 HELM_OCI_NAMESPACE ?=
 HELM_OCI_USERNAME ?=
 HELM_OCI_PASSWORD ?=
 HELM_REPO_NAME ?= hashicorp
 HELM_REPO_URL ?= https://helm.releases.hashicorp.com
 HELM_CHART_REPO ?= $(HELM_REPO_NAME)/$(HELM_APPLICATION_NAME)
 HELM_LANE ?=
 include ../_template/base.mk
--- a/src/vault/README.md
+++ b/src/vault/README.md
@@ -0,0 +1,60 @@
 # Vault
 ## Introduction
 HashiCorp Vault is an identity-based secrets and encryption management system. It provides secure secret storage, dynamic secrets, data encryption, and identity-based access.
 ## Installation
 To install Vault, run:
 ```bash
 make install
 ```
 ## Usage
 After installation, initialize and unseal Vault:
 ```bash
 # Port forward to access Vault
 kubectl port-forward svc/vault -n vault 8200:8200
 # Initialize Vault (save the unseal keys!)
 vault operator init
 # Unseal Vault (run 3 times with different keys)
 vault operator unseal
 # Login with root token
 vault login
 ```
 Access the UI at <http://localhost:8200>.
 ## Configuration
 The default configuration runs Vault in standalone mode with:
 - File storage backend
 - 10Gi data storage
 - 10Gi audit storage
 - Kubernetes auth method enabled
 For production, consider using:
 - Integrated Raft storage with HA mode
 - Auto-unseal with cloud KMS
 - External PostgreSQL/MySQL backend
 ## Security Notes
 ⚠️ **Important**: The default configuration is suitable for development only.
 For production deployments:
 1. Enable TLS for all communications
 2. Use auto-unseal with cloud KMS
 3. Configure proper RBAC policies
 4. Enable audit logging
 5. Use HA mode with multiple replicas
--- a/src/vault/README.zh.md
+++ b/src/vault/README.zh.md
@@ -0,0 +1,60 @@
 # Vault
 ## 简介
 HashiCorp Vault 是一个基于身份的秘密和加密管理系统。它提供安全的秘密存储、动态秘密、数据加密和基于身份的访问控制。
 ## 安装
 安装 Vault：
 ```bash
 make install
 ```
 ## 使用
 安装完成后，初始化并解封 Vault：
 ```bash
 # 端口转发以访问 Vault
 kubectl port-forward svc/vault -n vault 8200:8200
 # 初始化 Vault（保存解封密钥！）
 vault operator init
 # 解封 Vault（使用不同的密钥运行 3 次）
 vault operator unseal
 # 使用根令牌登录
 vault login
 ```
 在 <http://localhost:8200> 访问 UI。
 ## 配置
 默认配置以单机模式运行 Vault，包括：
 - 文件存储后端
 - 10Gi 数据存储
 - 10Gi 审计存储
 - 启用 Kubernetes 认证方法
 生产环境建议使用：
 - 集成 Raft 存储的 HA 模式
 - 使用云 KMS 自动解封
 - 外部 PostgreSQL/MySQL 后端
 ## 安全注意事项
 ⚠️ **重要**：默认配置仅适用于开发环境。
 生产环境部署需要：
 1. 为所有通信启用 TLS
 2. 使用云 KMS 自动解封
 3. 配置适当的 RBAC 策略
 4. 启用审计日志
 5. 使用多副本 HA 模式
--- a/src/vault/values.yaml
+++ b/src/vault/values.yaml
@@ -0,0 +1,56 @@
 # HashiCorp Vault Configuration
 # https://github.com/hashicorp/vault-helm/blob/main/values.yaml
 server:
  enabled: true
  # Run Vault in standalone mode with file storage
  # For production, consider using Raft or Consul backend
  ha:
    enabled: false
  # Resource configuration
  resources:
    requests:
      memory: 256Mi
      cpu: 250m
    limits:
      memory: 512Mi
      cpu: 500m
  # Data storage configuration
  dataStorage:
    enabled: true
    size: 10Gi
    mountPath: /vault/data
  auditStorage:
    enabled: true
    size: 10Gi
    mountPath: /vault/audit
  # Service configuration
  service:
    enabled: true
    type: ClusterIP
    port: 8200
    targetPort: 8200
  # Ingress configuration
  ingress:
    enabled: false
  # Enable dev mode for testing only
  dev:
    enabled: false
    devRootToken: root
 # UI configuration
 ui:
  enabled: true
  serviceType: ClusterIP
 # Injector configuration
 injector:
  enabled: true
  replicas: 1