From 8029a5cb34c3e82a488689c00541b7f171380ad7 Mon Sep 17 00:00:00 2001 From: iSecloud <869820505@qq.com> Date: Wed, 14 Aug 2024 10:40:09 +0800 Subject: [PATCH] =?UTF-8?q?feat(backend):=20=E4=BA=91=E5=8C=BA=E5=9F=9F?= =?UTF-8?q?=E7=BB=84=E4=BB=B6=E5=AE=B9=E5=99=A8=E5=8C=96=20#6703?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fix: drs容器化 feat: dbha 容器化 feat: dbha容器化 fix: bugs --- dbm-ui/backend/db_meta/api/dbha/apis.py | 3 +- .../db_periodic_task/local_tasks/db_proxy.py | 18 +-- dbm-ui/backend/db_proxy/constants.py | 11 ++ dbm-ui/backend/db_proxy/container/__init__.py | 12 ++ .../db_proxy/container/dbha/Dockerfile | 20 +++ .../container/dbha/dbha-conf-tpl.yaml | 126 +++++++++++++++++ .../db_proxy/container/dbha/start.bash | 31 ++++ .../backend/db_proxy/container/dns/Dockerfile | 21 +++ .../db_proxy/container/dns/pull-crond.conf | 23 +++ .../backend/db_proxy/container/dns/start.bash | 45 ++++++ .../backend/db_proxy/container/drs/Dockerfile | 21 +++ .../backend/db_proxy/container/drs/start.bash | 28 ++++ .../db_proxy/container/nginx/Dockerfile | 20 +++ .../db_proxy/container/nginx/crond.bash | 37 +++++ .../backend/db_proxy/container/nginx/dbm.html | 12 ++ .../db_proxy/container/nginx/nginx-tpl.conf | 23 +++ .../db_proxy/container/nginx/start.bash | 42 ++++++ dbm-ui/backend/db_proxy/nginxconf_tpl.py | 28 ++++ dbm-ui/backend/db_proxy/urls.py | 2 + .../backend/db_proxy/views/cloud/__init__.py | 10 ++ .../db_proxy/views/cloud/serializers.py | 21 +++ dbm-ui/backend/db_proxy/views/cloud/views.py | 104 ++++++++++++++ dbm-ui/backend/env/dev.py | 2 - .../bamboo/scene/cloud/base_service_flow.py | 17 ++- .../cloud/script_template/dbha_template.py | 4 +- .../iam_app/handlers/drf_perm/proxypass.py | 5 + helm-charts/bk-dbm/Chart.lock | 19 ++- helm-charts/bk-dbm/Chart.yaml | 20 ++- helm-charts/bk-dbm/charts/db-dbha/.helmignore | 22 +++ helm-charts/bk-dbm/charts/db-dbha/Chart.yaml | 5 + .../bk-dbm/charts/db-dbha/templates/NOTES.txt | 0 .../charts/db-dbha/templates/_helpers.tpl | 62 ++++++++ .../db-dbha/templates/daemonsets/agent.yaml | 70 ++++++++++ .../db-dbha/templates/deployments/gm.yaml | 78 +++++++++++ .../charts/db-dbha/templates/service.yaml | 17 +++ .../db-dbha/templates/serviceaccount.yaml | 41 ++++++ .../db-dbha/templates/servicemonitor.yaml | 21 +++ helm-charts/bk-dbm/charts/db-dbha/values.yaml | 64 +++++++++ helm-charts/bk-dbm/charts/db-dns/.helmignore | 22 +++ helm-charts/bk-dbm/charts/db-dns/Chart.yaml | 5 + .../bk-dbm/charts/db-dns/templates/NOTES.txt | 0 .../charts/db-dns/templates/_helpers.tpl | 132 ++++++++++++++++++ .../charts/db-dns/templates/daemonset.yaml | 20 +++ .../charts/db-dns/templates/deployment.yaml | 21 +++ .../db-dns/templates/serviceaccount.yaml | 41 ++++++ .../db-dns/templates/servicemonitor.yaml | 21 +++ helm-charts/bk-dbm/charts/db-dns/values.yaml | 63 +++++++++ .../bk-dbm/charts/db-nginx/.helmignore | 22 +++ helm-charts/bk-dbm/charts/db-nginx/Chart.yaml | 5 + .../charts/db-nginx/templates/NOTES.txt | 0 .../charts/db-nginx/templates/_helpers.tpl | 64 +++++++++ .../charts/db-nginx/templates/deployment.yaml | 56 ++++++++ .../charts/db-nginx/templates/ingress.yaml | 61 ++++++++ .../charts/db-nginx/templates/service.yaml | 15 ++ .../db-nginx/templates/serviceaccount.yaml | 41 ++++++ .../db-nginx/templates/servicemonitor.yaml | 21 +++ .../bk-dbm/charts/db-nginx/values.yaml | 79 +++++++++++ .../db-remote-service/templates/_helpers.tpl | 10 ++ .../templates/deployment.yaml | 42 +----- .../templates/serviceaccount.yaml | 29 ++++ .../charts/db-remote-service/values.yaml | 16 --- .../deployments/saas-api/saas-api.yaml | 2 +- helm-charts/bk-dbm/templates/_helpers.tpl | 17 +++ .../configmaps/db-dbha-configmap.yaml | 15 ++ .../configmaps/db-dns-configmap.yaml | 15 ++ .../db-remote-service-configmap.yaml | 26 ++++ .../templates/configmaps/nginx-configmap.yaml | 12 ++ helm-charts/bk-dbm/values.yaml | 28 ++++ 68 files changed, 1918 insertions(+), 88 deletions(-) create mode 100644 dbm-ui/backend/db_proxy/container/__init__.py create mode 100644 dbm-ui/backend/db_proxy/container/dbha/Dockerfile create mode 100644 dbm-ui/backend/db_proxy/container/dbha/dbha-conf-tpl.yaml create mode 100644 dbm-ui/backend/db_proxy/container/dbha/start.bash create mode 100644 dbm-ui/backend/db_proxy/container/dns/Dockerfile create mode 100644 dbm-ui/backend/db_proxy/container/dns/pull-crond.conf create mode 100644 dbm-ui/backend/db_proxy/container/dns/start.bash create mode 100644 dbm-ui/backend/db_proxy/container/drs/Dockerfile create mode 100644 dbm-ui/backend/db_proxy/container/drs/start.bash create mode 100644 dbm-ui/backend/db_proxy/container/nginx/Dockerfile create mode 100644 dbm-ui/backend/db_proxy/container/nginx/crond.bash create mode 100644 dbm-ui/backend/db_proxy/container/nginx/dbm.html create mode 100644 dbm-ui/backend/db_proxy/container/nginx/nginx-tpl.conf create mode 100644 dbm-ui/backend/db_proxy/container/nginx/start.bash create mode 100644 dbm-ui/backend/db_proxy/views/cloud/__init__.py create mode 100644 dbm-ui/backend/db_proxy/views/cloud/serializers.py create mode 100644 dbm-ui/backend/db_proxy/views/cloud/views.py create mode 100644 helm-charts/bk-dbm/charts/db-dbha/.helmignore create mode 100644 helm-charts/bk-dbm/charts/db-dbha/Chart.yaml create mode 100644 helm-charts/bk-dbm/charts/db-dbha/templates/NOTES.txt create mode 100644 helm-charts/bk-dbm/charts/db-dbha/templates/_helpers.tpl create mode 100644 helm-charts/bk-dbm/charts/db-dbha/templates/daemonsets/agent.yaml create mode 100644 helm-charts/bk-dbm/charts/db-dbha/templates/deployments/gm.yaml create mode 100644 helm-charts/bk-dbm/charts/db-dbha/templates/service.yaml create mode 100644 helm-charts/bk-dbm/charts/db-dbha/templates/serviceaccount.yaml create mode 100644 helm-charts/bk-dbm/charts/db-dbha/templates/servicemonitor.yaml create mode 100644 helm-charts/bk-dbm/charts/db-dbha/values.yaml create mode 100644 helm-charts/bk-dbm/charts/db-dns/.helmignore create mode 100644 helm-charts/bk-dbm/charts/db-dns/Chart.yaml create mode 100644 helm-charts/bk-dbm/charts/db-dns/templates/NOTES.txt create mode 100644 helm-charts/bk-dbm/charts/db-dns/templates/_helpers.tpl create mode 100644 helm-charts/bk-dbm/charts/db-dns/templates/daemonset.yaml create mode 100644 helm-charts/bk-dbm/charts/db-dns/templates/deployment.yaml create mode 100644 helm-charts/bk-dbm/charts/db-dns/templates/serviceaccount.yaml create mode 100644 helm-charts/bk-dbm/charts/db-dns/templates/servicemonitor.yaml create mode 100644 helm-charts/bk-dbm/charts/db-dns/values.yaml create mode 100644 helm-charts/bk-dbm/charts/db-nginx/.helmignore create mode 100644 helm-charts/bk-dbm/charts/db-nginx/Chart.yaml create mode 100644 helm-charts/bk-dbm/charts/db-nginx/templates/NOTES.txt create mode 100644 helm-charts/bk-dbm/charts/db-nginx/templates/_helpers.tpl create mode 100644 helm-charts/bk-dbm/charts/db-nginx/templates/deployment.yaml create mode 100644 helm-charts/bk-dbm/charts/db-nginx/templates/ingress.yaml create mode 100644 helm-charts/bk-dbm/charts/db-nginx/templates/service.yaml create mode 100644 helm-charts/bk-dbm/charts/db-nginx/templates/serviceaccount.yaml create mode 100644 helm-charts/bk-dbm/charts/db-nginx/templates/servicemonitor.yaml create mode 100644 helm-charts/bk-dbm/charts/db-nginx/values.yaml create mode 100644 helm-charts/bk-dbm/templates/configmaps/db-dbha-configmap.yaml create mode 100644 helm-charts/bk-dbm/templates/configmaps/db-dns-configmap.yaml create mode 100644 helm-charts/bk-dbm/templates/configmaps/db-remote-service-configmap.yaml create mode 100644 helm-charts/bk-dbm/templates/configmaps/nginx-configmap.yaml diff --git a/dbm-ui/backend/db_meta/api/dbha/apis.py b/dbm-ui/backend/db_meta/api/dbha/apis.py index 67ca326406..ae9cf837cd 100644 --- a/dbm-ui/backend/db_meta/api/dbha/apis.py +++ b/dbm-ui/backend/db_meta/api/dbha/apis.py @@ -146,7 +146,8 @@ def instances( else: logger.warning("{} is not a valid ip, instance or domain".format(ad)) - if logical_city_ids: + # 如果没有城市ID,或者城市ID包含-1,则不过滤城市 + if logical_city_ids and -1 not in logical_city_ids: queries &= Q(**{"machine__bk_city__logical_city_id__in": logical_city_ids}) if statuses: diff --git a/dbm-ui/backend/db_periodic_task/local_tasks/db_proxy.py b/dbm-ui/backend/db_periodic_task/local_tasks/db_proxy.py index 2de568e57f..b2a6d92fc1 100644 --- a/dbm-ui/backend/db_periodic_task/local_tasks/db_proxy.py +++ b/dbm-ui/backend/db_periodic_task/local_tasks/db_proxy.py @@ -30,7 +30,6 @@ from backend.db_proxy.models import ClusterExtension, DBCloudProxy, DBExtension from backend.db_services.ipchooser.query.resource import ResourceQueryHelper from backend.utils.redis import RedisConn -from backend.utils.string import base64_encode logger = logging.getLogger("celery") @@ -93,8 +92,9 @@ def _job_push_config_file(_cloud_id, _file_list, _nginx_list): extension_ids: List[int] = [] for db_type in cloud__db_type__extension[cloud_id].keys(): conf_tpl = getattr(nginxconf_tpl, f"{db_type}_conf_tpl", None) + + # 如果没有模板,则打印日志并跳过 if not conf_tpl: - # 如果没有模板,则打印日志并跳过 logger.warning(_("集群类型:{} 的nginx配置文件不存在,跳过对该nginx配置的下发").format(db_type)) continue @@ -102,18 +102,8 @@ def _job_push_config_file(_cloud_id, _file_list, _nginx_list): template = jinja_env.from_string(conf_tpl) for extension in cloud__db_type__extension[cloud_id][db_type]: - conf_payload = { - "bk_biz_id": extension.bk_biz_id, - "bk_cloud_id": extension.bk_cloud_id, - "db_type": extension.db_type, - "cluster_name": extension.cluster_name, - "service_type": extension.service_type, - "service_url": f"http://{extension.ip}:{extension.port}", - } - file_name = f"{extension.bk_biz_id}_{extension.db_type}_{extension.cluster_name}_nginx.conf" - file_content = base64_encode(template.render(conf_payload)) - file_list.append({"file_name": file_name, "content": file_content}) - + # 渲染配置 + file_list.append(nginxconf_tpl.render_nginx_tpl(template, extension, encode=True)) # 这里先提前写入access url,至于是否执行成功根据is_flush extension.save_access_url(nginx_url=f"{proxy.external_address}:{manage_port}") extension_ids.append(extension.id) diff --git a/dbm-ui/backend/db_proxy/constants.py b/dbm-ui/backend/db_proxy/constants.py index 33e3332440..336a2cb432 100644 --- a/dbm-ui/backend/db_proxy/constants.py +++ b/dbm-ui/backend/db_proxy/constants.py @@ -8,9 +8,12 @@ an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. """ +from django.utils.crypto import get_random_string from django.utils.translation import ugettext_lazy as _ from backend.configuration.constants import DBType +from backend.core.encrypt.constants import AsymmetricCipherConfigType +from backend.core.encrypt.handlers import AsymmetricHandler from backend.flow.consts import CloudServiceName from blue_krill.data_types.enum import EnumField, StructuredEnum @@ -73,6 +76,14 @@ def get_account_tuple_with_service(cls, service: CloudServiceName): account_tuples.append((cls.WEBCONSOLE_USER, cls.WEBCONSOLE_PWD)) return account_tuples + @classmethod + def generate_random_account(cls, bk_cloud_id: int): + rsa_cloud_name = AsymmetricCipherConfigType.get_cipher_cloud_name(bk_cloud_id) + user, password = get_random_string(8), get_random_string(16) + encrypt_user = AsymmetricHandler.encrypt(name=rsa_cloud_name, content=user) + encrypt_password = AsymmetricHandler.encrypt(name=rsa_cloud_name, content=password) + return {"user": user, "password": password, "encrypt_user": encrypt_user, "encrypt_password": encrypt_password} + CLUSTER__SERVICE_MAP = { DBType.Kafka: ClusterServiceType.KAFKA_MANAGER, diff --git a/dbm-ui/backend/db_proxy/container/__init__.py b/dbm-ui/backend/db_proxy/container/__init__.py new file mode 100644 index 0000000000..77a7894df7 --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/__init__.py @@ -0,0 +1,12 @@ +# -*- coding: utf-8 -*- +""" +TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-DB管理系统(BlueKing-BK-DBM) available. +Copyright (C) 2017-2023 THL A29 Limited, a Tencent company. All rights reserved. +Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License. +You may obtain a copy of the License at https://opensource.org/licenses/MIT +Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on +an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +specific language governing permissions and limitations under the License. +""" + +# 云区域容器化改造 diff --git a/dbm-ui/backend/db_proxy/container/dbha/Dockerfile b/dbm-ui/backend/db_proxy/container/dbha/Dockerfile new file mode 100644 index 0000000000..e876694798 --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/dbha/Dockerfile @@ -0,0 +1,20 @@ +FROM mirrors.tencent.com/build/blueking/dbmedium:latest as medium + +FROM debian:bookworm-slim + +# 更新包列表并安装 cron 和 gettext-base +RUN apt-get update && \ + apt-get install -y jq gettext-base curl && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +## 获取dns介质文件 +COPY --from=medium /app/medium/cloud/cloud-dbha/*/dbha /data/install/ +COPY ./start.bash ./dbha-conf-tpl.yaml /data/install/ + +WORKDIR /data/install + +RUN chmod +x start.bash + +## 启动dns服务 +ENTRYPOINT ["/bin/bash", "-c", "/data/install/start.bash"] diff --git a/dbm-ui/backend/db_proxy/container/dbha/dbha-conf-tpl.yaml b/dbm-ui/backend/db_proxy/container/dbha/dbha-conf-tpl.yaml new file mode 100644 index 0000000000..d01e126859 --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/dbha/dbha-conf-tpl.yaml @@ -0,0 +1,126 @@ +log_conf: + log_path: "./log" + log_level: "LOG_DEBUG" + log_maxsize: 512 + log_maxbackups: 100 + log_maxage: 30 + log_compress: true +agent_conf: + active_db_type: [ + "riak", + "tendbha", + "tendbcluster", + "TwemproxyRedisInstance", + "PredixyTendisplusCluster", + "TwemproxyTendisSSDInstance" + ] + city_id: -1 + campus: "all" + cloud_id: 0 + fetch_interval: 60 + reporter_interval: 120 + local_ip: "$NODE_IP" +gm_conf: + city_id: 0 + campus: "zero" + cloud_id: 0 + liston_port: 50000 + local_ip: "$NODE_IP" + report_interval: 60 + GDM: + dup_expire: 600 + scan_interval: 1 + GMM: + GQA: + idc_cache_expire: 300 + single_switch_idc: 50 + single_switch_interval: 86400 + single_switch_limit: 48 + all_host_switch_limit: 150 + all_switch_interval: 7200 + GCM: + allowed_checksum_max_offset: 2 + allowed_slave_delay_max: 600 + allowed_time_delay_max: 300 + exec_slow_kbytes: 0 +password_conf: + host: "$BK_DBM_URL" + port: 80 + url_pre: "/apis/proxypass" + timeout: 10 + bk_conf: + bk_token: "$DB_CLOUD_TOKEN" +db_conf: + hadb: + host: "$BK_DBM_URL" + port: 80 + url_pre: "/apis/proxypass/hadb" + timeout: 120 + bk_conf: + bk_token: "$DB_CLOUD_TOKEN" + cmdb: + host: "$BK_DBM_URL" + port: 80 + url_pre: "/apis/proxypass" + timeout: 30 + bk_conf: + bk_token: "$DB_CLOUD_TOKEN" + mysql: + user: "$DBHA_USER" + pass: "$DBHA_PASSWORD" + proxy_user: "proxy" + proxy_pass: "$DBHA_PROXY_PASSWORD" + timeout: 10 + redis: + timeout: 10 + riak: + timeout: 10 +name_services: + dns_conf: + host: "$BK_DBM_URL" + port: 80 + url_pre: "/apis/proxypass" + user: "dbha" + pass: "xxx" + timeout: 10 + bk_conf: + bk_token: "$DB_CLOUD_TOKEN" + remote_conf: + host: "$BK_DBM_URL" + port: 80 + url_pre: "/apis/proxypass" + user: "dbha" + pass: "xxx" + timeout: 10 + bk_conf: + bk_token: "$DB_CLOUD_TOKEN" + polaris_conf: + host: "$BK_DBM_URL" + port: 80 + user: "nouser" + pass: "nopasswd" + url_pre: "/apis/proxypass/nameservice" + timeout: 10 + bk_conf: + bk_token: "$DB_CLOUD_TOKEN" + clb_conf: + host: "$BK_DBM_URL" + port: 80 + user: "nouser" + pass: "nopasswd" + url_pre: "/apis/proxypass/nameservice" + timeout: 10 + bk_conf: + bk_token: "$DB_CLOUD_TOKEN" +monitor: + bk_data_id: $BKMONITOR_EVENT_DATA_ID + access_token: "$BKMONITOR_EVENT_TOKEN" + beat_path: "$MYSQL_CROND_BEAT_PATH" + agent_address: "$MYSQL_CROND_AGENT_ADDRESS" + local_ip: "$NODE_IP" +ssh: + port: 36000 + user: "mysql" + pass: "$MYSQL_OS_PASSWORD" + dest: "agent" + timeout: 10 diff --git a/dbm-ui/backend/db_proxy/container/dbha/start.bash b/dbm-ui/backend/db_proxy/container/dbha/start.bash new file mode 100644 index 0000000000..77381f8cc5 --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/dbha/start.bash @@ -0,0 +1,31 @@ +# 写入dbha记录 +data=$( +curl -XPOST "$BK_DBM_URL/apis/proxypass/cloud/insert/" \ + --header "Content-Type: application/json" \ + --data-raw '{ + "bk_cloud_id": 0, + "extension": "DBHA", + "db_cloud_token": "'"$DB_CLOUD_TOKEN"'", + "details": { + "ip": "'"$NODE_IP"'", + "dbha_type": "'"$DBHA_TYPE"'", + "bk_city_code": "'"$DBHA_CITY"'", + + "bk_city_name": "'"$DBHA_CAMPUS"'", + "bk_host_id": 0, + "bk_cloud_id": 0 + } + }' +) + +# 导出密码环境变量 +export DBHA_USER=$(echo $data | jq -r '.data.dbha_account.user') +export DBHA_PASSWORD=$(echo $data | jq -r '.data.dbha_account.password') +export DBHA_PROXY_PASSWORD=$(echo $data | jq -r '.data.proxy_password') +export MYSQL_OS_PASSWORD=$(echo $data | jq -r '.data.mysql_os_password') + +# 配置文件注入环境变量,启动dbha服务 +touch log +envsubst < ./dbha-conf-tpl.yaml > ./dbha.conf +nohup ./dbha -config_file=dbha.conf -type=$DBHA_TYPE -> dbha-apply.log 2>&1 & +tail -f log diff --git a/dbm-ui/backend/db_proxy/container/dns/Dockerfile b/dbm-ui/backend/db_proxy/container/dns/Dockerfile new file mode 100644 index 0000000000..532923cf8b --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/dns/Dockerfile @@ -0,0 +1,21 @@ +FROM mirrors.tencent.com/build/blueking/dbmedium:latest as medium + +FROM debian:bookworm-slim + +# 更新包列表并安装 cron 和 gettext-base +RUN apt-get update && \ + apt-get install -y cron gettext-base curl && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +## 获取dns介质文件 +COPY --from=medium /app/medium/cloud/cloud-dns-bind/*/bind.tar.gz /data/install/ +COPY --from=medium /app/medium/cloud/cloud-dns-pullcrond/*/pull-crond /data/install/ +COPY ./start.bash ./pull-crond.conf /data/install/ + +WORKDIR /data/install + +RUN chmod +x start.bash + +## 启动dns服务 +ENTRYPOINT ["/bin/bash", "-c", "/data/install/start.bash"] diff --git a/dbm-ui/backend/db_proxy/container/dns/pull-crond.conf b/dbm-ui/backend/db_proxy/container/dns/pull-crond.conf new file mode 100644 index 0000000000..4e2a9dda67 --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/dns/pull-crond.conf @@ -0,0 +1,23 @@ +info_log_path="../log/info.log" +error_log_path="../log/err.log" + +db_cloud_token="$DB_CLOUD_TOKEN" +bk_dns_api_url="$BK_DBM_URL" +bk_cloud_id=0 + +data_id="$BKMONITOR_EVENT_DATA_ID" +access_token="$BKMONITOR_EVENT_TOKEN" +bkmonitorbeat="$MYSQL_CROND_BEAT_PATH" +agent_address="$MYSQL_CROND_AGENT_ADDRESS" +local_ip="" + +interval="3" +flush_switch="true" +forward_ip="$NODE_IP" + +options_named_file="/usr/local/bind/etc/named.conf" +options_named_file_tpl="/usr/local/bind/etc/named.conf_tpl" +local_named_file="/usr/local/bind/etc/named.conf.local" +zone_dir_path="/usr/local/bind/var/run/named/" +rndc="/usr/local/bind/sbin/rndc" +rndc_config="/usr/local/bind/etc/rndc.conf" diff --git a/dbm-ui/backend/db_proxy/container/dns/start.bash b/dbm-ui/backend/db_proxy/container/dns/start.bash new file mode 100644 index 0000000000..73dbb8b71a --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/dns/start.bash @@ -0,0 +1,45 @@ +path=/usr/local; + +# 写入dns记录 +curl -XPOST "$BK_DBM_URL/apis/proxypass/cloud/insert/" \ + --header "Content-Type: application/json" \ + --data-raw '{ + "bk_cloud_id": 0, + "extension": "DNS", + "db_cloud_token": "'"$DB_CLOUD_TOKEN"'", + "details": { + "ip": "'"$NODE_IP"'", + "bk_city": "", + "is_access": 1, + "bk_host_id": 0, + "bk_cloud_id": 0 + } + }' + +# 解压bind文件 +tar -xvf /data/install/bind.tar.gz -C $path; +ln -s $path/bind9 $path/bind; +# 启动bind服务 +chown -R root:root $path/bind/* +$path/bind/sbin/named -4 + +# 配置pull-crond服务的文件路径 +mv /data/install/pull-crond $path/bind/admin; +mv /data/install/pull-crond.conf $path/bind/admin; + +# 增加定时拉起命令 +crontab -l > crontab_backup.txt +command="* * * * * cd $path/bind/admin; /bin/sh check_dns_and_pull_crond.sh 1>/dev/null 2>&1" + +if crontab -l | grep -Fxq "$command"; then + echo "Scheduled pull task already exists, ignore..." +else + (crontab -l ; echo "$command") | uniq - | crontab - + echo "Pull up task has been added to crontab。" +fi + +# 启动pull-crond服务 +cd $path/bind/admin/; +chmod 777 pull-crond; +envsubst < pull-crond.conf > pull-crond-run.conf +./pull-crond -c pull-crond-run.conf; diff --git a/dbm-ui/backend/db_proxy/container/drs/Dockerfile b/dbm-ui/backend/db_proxy/container/drs/Dockerfile new file mode 100644 index 0000000000..36e2a0fba2 --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/drs/Dockerfile @@ -0,0 +1,21 @@ +FROM mirrors.tencent.com/build/blueking/dbmedium:latest as medium + +FROM debian:bookworm-slim + +## 更新包列表并安装 cron 和 gettext-base +RUN apt-get update && \ + apt-get install -y curl jq && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +## 获取drs介质文件 +COPY --from=medium /app/medium/cloud/cloud-drs/*/db-remote-service /data/install/ +COPY --from=medium /app/medium/cloud/cloud-drs-tmysqlparse/*/tmysqlparse /data/install/ +COPY ./start.bash /data/install/ + +WORKDIR /data/install + +RUN chmod +x start.bash + +## 启动drs服务 +ENTRYPOINT ["/bin/bash", "-c", "/data/install/start.bash"] diff --git a/dbm-ui/backend/db_proxy/container/drs/start.bash b/dbm-ui/backend/db_proxy/container/drs/start.bash new file mode 100644 index 0000000000..268c96909f --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/drs/start.bash @@ -0,0 +1,28 @@ +# 写入DRS记录 +data=$( +curl -XPOST "$BK_DBM_URL/apis/proxypass/cloud/insert/" \ + --header "Content-Type: application/json" \ + --data-raw '{ + "bk_cloud_id": 0, + "extension": "DRS", + "db_cloud_token": "'"$DB_CLOUD_TOKEN"'", + "details": { + "ip": "%", + "bk_host_id": 0, + "bk_cloud_id": 0 + } + }' +) + +# 导出环境变量 +export DRS_MYSQL_ADMIN_PASSWORD=$(echo $data | jq -r '.data.drs_account.password') +export DRS_MYSQL_ADMIN_USER=$(echo $data | jq -r '.data.drs_account.user') +export SQLSERVER_ADMIN_PASSWORD=$DRS_MYSQL_ADMIN_PASSWORD +export SQLSERVER_ADMIN_USER=$DRS_MYSQL_ADMIN_USER +export DRS_PROXY_ADMIN_USER="proxy" +export DRS_PROXY_ADMIN_PASSWORD=$(echo $data | jq -r '.data.proxy_password') +export DRS_WEBCONSOLE_USER=$(echo $data | jq -r '.data.webconsole_account.user') +export DRS_WEBCONSOLE_PASSWORD=$(echo $data | jq -r '.data.webconsole_account.password') + +# 启动drs +./db-remote-service diff --git a/dbm-ui/backend/db_proxy/container/nginx/Dockerfile b/dbm-ui/backend/db_proxy/container/nginx/Dockerfile new file mode 100644 index 0000000000..22da0d4431 --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/nginx/Dockerfile @@ -0,0 +1,20 @@ +FROM mirrors.tencent.com/build/blueking/dbmedium:latest as medium + +FROM debian:bookworm-slim + +## 更新包列表并安装 cron 和 gettext-base +RUN apt-get update && \ + apt-get install -y cron gettext-base curl jq && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +## 获取nginx介质 +COPY --from=medium /app/medium/cloud/cloud-nginx/*/nginx-portable.tgz /data/install/ +COPY ./start.bash ./nginx-tpl.conf ./dbm.html ./crond.bash /data/install/ + +WORKDIR /data/install + +RUN chmod -R 755 /data/install/ + +## 启动nginx服务 +ENTRYPOINT ["/bin/bash", "-c", "service cron start && /data/install/start.bash"] diff --git a/dbm-ui/backend/db_proxy/container/nginx/crond.bash b/dbm-ui/backend/db_proxy/container/nginx/crond.bash new file mode 100644 index 0000000000..2962cafdbe --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/nginx/crond.bash @@ -0,0 +1,37 @@ +path=/data/install + +# nginx定时拉取大数据配置,这里只考虑直连区域 +data=$( +curl -XPOST "$BK_DBM_URL/apis/proxypass/cloud/pull_nginx_conf/" \ + --header "Content-Type: application/json" \ + --data-raw '{ + "bk_cloud_id": 0, + "extension": "NGINX", + "db_cloud_token": "'"$DB_CLOUD_TOKEN"'", + "details": { + "ip": "'"$DBM_NGINX_DOMAIN"'", + "bk_host_id": 0, + "bk_cloud_id": 0 + } + }' +) +echo "$data" | jq -c '.data[]' | while read -r item; do + file_name=$(echo "$item" | jq -r '.file_name') + file_content=$(echo "$item" | jq -r '.content') + # 创建文件并写入内容 + echo "$file_content" > "$path/nginx-portable/conf/cluster_service/$file_name" +done +# 重启nginx +$path/nginx-portable/nginx-portable restart + +# nginx日志文件的定时清理,设置最大日志为100MB +nginx_log_path="$path/nginx-portable/logs" +max_log_size=$((100 * 1024 * 1024)) +access_log_size=$(stat -c%s "$path/nginx-portable/logs/access.log") +if [ "$access_log_size" -gt "$max_log_size" ]; then + echo > $nginx_log_path/access.log; +fi +err_log_size=$(stat -c%s "$path/nginx-portable/logs/error.log") +if [ "$err_log_size" -gt "$max_log_size" ]; then + echo > $nginx_log_path/err_log_size.log; +fi diff --git a/dbm-ui/backend/db_proxy/container/nginx/dbm.html b/dbm-ui/backend/db_proxy/container/nginx/dbm.html new file mode 100644 index 0000000000..3e56daa0eb --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/nginx/dbm.html @@ -0,0 +1,12 @@ + + +
+ + +Welcome to our nginx service.
+ + diff --git a/dbm-ui/backend/db_proxy/container/nginx/nginx-tpl.conf b/dbm-ui/backend/db_proxy/container/nginx/nginx-tpl.conf new file mode 100644 index 0000000000..420b156018 --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/nginx/nginx-tpl.conf @@ -0,0 +1,23 @@ +user root; +events { + worker_connections 65535; +} +http { + # 基础配置 + include mime.types; + default_type application/octet-stream; + sendfile on; + + # 转发大数据组件服务 + server { + listen 80; + server_name $DBM_NGINX_DOMAIN; + client_max_body_size 500M; + proxy_connect; + proxy_connect_allow 443 563; + + # 包含到大数据服务的子配置 + include /usr/local/bkdb/nginx-portable/conf/cluster_service/*.conf; + + } +} diff --git a/dbm-ui/backend/db_proxy/container/nginx/start.bash b/dbm-ui/backend/db_proxy/container/nginx/start.bash new file mode 100644 index 0000000000..11704d1db8 --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/nginx/start.bash @@ -0,0 +1,42 @@ +path=/usr/local/bkdb +mkdir -p $path + +# 写入nginx记录 +curl -XPOST "$BK_DBM_URL/apis/proxypass/cloud/insert/" \ + --header "Content-Type: application/json" \ + --data-raw '{ + "bk_cloud_id": 0, + "extension": "NGINX", + "db_cloud_token": "'"$DB_CLOUD_TOKEN"'", + "details": { + "ip": "'"$DBM_NGINX_DOMAIN"'", + "bk_host_id": 0, + "bk_cloud_id": 0 + } + }' + +# 解压nginx +tar xvf /data/install/nginx-portable.tgz -C $path; +chmod -R 755 $path/nginx-portable/; +mkdir -p $path/nginx-portable/conf/cluster_service/ + +envsubst < /data/install/nginx-tpl.conf > /data/install/nginx.conf +mv /data/install/nginx.conf /data/install/crond.bash $path/nginx-portable/conf/ + +# 注入测试location +mkdir $path/nginx-portable/html/example_service/ +mv /data/install/dbm.html $path/nginx-portable/html/example_service/ +echo -e " +location /example_service/ { + root $path/nginx-portable/html; + index dbm.html; +} +" > $path/nginx-portable/conf/cluster_service/example_service.conf + +# 开启定时任务 +crond_script_path=$path/nginx-portable/conf/crond.bash +(crontab -l ; echo "*/5 * * * * $crond_script_path") 2>&1 | grep -v "no crontab" | sort | uniq | crontab - + +# 开启nginx服务 +$path/nginx-portable/nginx-portable start; +tail -f $path/nginx-portable/logs/access.log diff --git a/dbm-ui/backend/db_proxy/nginxconf_tpl.py b/dbm-ui/backend/db_proxy/nginxconf_tpl.py index f5bcbd6828..f43f6bae54 100644 --- a/dbm-ui/backend/db_proxy/nginxconf_tpl.py +++ b/dbm-ui/backend/db_proxy/nginxconf_tpl.py @@ -7,6 +7,34 @@ an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. """ +from jinja2 import Environment, Template + +from backend.db_proxy.models import ClusterExtension +from backend.utils.string import base64_encode + + +def render_nginx_tpl(extension: ClusterExtension, template: Template = None, conf_tpl: str = None, encode=True): + """渲染nginx子配置模板文件""" + if not template: + jinja_env = Environment() + template = jinja_env.from_string(conf_tpl) + + conf_payload = { + "bk_biz_id": extension.bk_biz_id, + "bk_cloud_id": extension.bk_cloud_id, + "db_type": extension.db_type, + "cluster_name": extension.cluster_name, + "service_type": extension.service_type, + "service_url": f"http://{extension.ip}:{extension.port}", + } + file_name = f"{extension.bk_biz_id}_{extension.db_type}_{extension.cluster_name}_nginx.conf" + file_content = template.render(conf_payload) + + if encode: + file_content = base64_encode(file_content) + + return {"file_name": file_name, "content": file_content} + es_conf_tpl = """ location /{{bk_biz_id}}/{{db_type}}/{{cluster_name}}/{{service_type}} { diff --git a/dbm-ui/backend/db_proxy/urls.py b/dbm-ui/backend/db_proxy/urls.py index ae2af4aa77..b6074a47b8 100644 --- a/dbm-ui/backend/db_proxy/urls.py +++ b/dbm-ui/backend/db_proxy/urls.py @@ -12,6 +12,7 @@ from rest_framework.routers import DefaultRouter from backend.db_proxy.views.bkrepo.views import BKRepoProxyPassViewSet +from backend.db_proxy.views.cloud.views import CloudProxyPassViewSet from backend.db_proxy.views.db_meta.views import DBMetaApiProxyPassViewSet from backend.db_proxy.views.db_remote_service.views import DRSApiProxyPassViewSet from backend.db_proxy.views.dbconfig.views import DBConfigProxyPassViewSet @@ -37,5 +38,6 @@ routers.register(r"", JobApiProxyPassViewSet, basename="jobapi") routers.register(r"", DumperProxyPassViewSet, basename="dumper") routers.register(r"", DBPrivProxyPassViewSet, basename="dbpriv") +routers.register(r"cloud", CloudProxyPassViewSet, basename="cloud") urlpatterns = routers.urls diff --git a/dbm-ui/backend/db_proxy/views/cloud/__init__.py b/dbm-ui/backend/db_proxy/views/cloud/__init__.py new file mode 100644 index 0000000000..aa5085c628 --- /dev/null +++ b/dbm-ui/backend/db_proxy/views/cloud/__init__.py @@ -0,0 +1,10 @@ +# -*- coding: utf-8 -*- +""" +TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-DB管理系统(BlueKing-BK-DBM) available. +Copyright (C) 2017-2023 THL A29 Limited, a Tencent company. All rights reserved. +Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License. +You may obtain a copy of the License at https://opensource.org/licenses/MIT +Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on +an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +specific language governing permissions and limitations under the License. +""" diff --git a/dbm-ui/backend/db_proxy/views/cloud/serializers.py b/dbm-ui/backend/db_proxy/views/cloud/serializers.py new file mode 100644 index 0000000000..e8bf9b1df9 --- /dev/null +++ b/dbm-ui/backend/db_proxy/views/cloud/serializers.py @@ -0,0 +1,21 @@ +# -*- coding: utf-8 -*- +""" +TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-DB管理系统(BlueKing-BK-DBM) available. +Copyright (C) 2017-2023 THL A29 Limited, a Tencent company. All rights reserved. +Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License. +You may obtain a copy of the License at https://opensource.org/licenses/MIT +Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on +an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +specific language governing permissions and limitations under the License. +""" +from django.utils.translation import gettext_lazy as _ +from rest_framework import serializers + +from backend.db_proxy.constants import ExtensionType +from backend.db_proxy.views.serialiers import BaseProxyPassSerializer + + +class InsertDBExtensionSerializer(BaseProxyPassSerializer): + bk_cloud_id = serializers.IntegerField(help_text=_("云区域ID"), default=0) + extension = serializers.ChoiceField(help_text=_("扩展类型"), choices=ExtensionType.get_choices()) + details = serializers.JSONField(help_text=_("详情")) diff --git a/dbm-ui/backend/db_proxy/views/cloud/views.py b/dbm-ui/backend/db_proxy/views/cloud/views.py new file mode 100644 index 0000000000..0f7a042582 --- /dev/null +++ b/dbm-ui/backend/db_proxy/views/cloud/views.py @@ -0,0 +1,104 @@ +# -*- coding: utf-8 -*- +""" +TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-DB管理系统(BlueKing-BK-DBM) available. +Copyright (C) 2017-2022 THL A29 Limited, a Tencent company. All rights reserved. +Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License. +You may obtain a copy of the License at https://opensource.org/licenses/MIT +Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on +an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +specific language governing permissions and limitations under the License. +""" + +from typing import Any, Dict, List + +from django.utils.translation import ugettext_lazy as _ +from rest_framework.decorators import action +from rest_framework.response import Response + +from backend.bk_web.swagger import common_swagger_auto_schema +from backend.configuration.handlers.password import DBPasswordHandler +from backend.db_proxy import nginxconf_tpl +from backend.db_proxy.constants import SWAGGER_TAG, ExtensionAccountEnum, ExtensionServiceStatus, ExtensionType +from backend.db_proxy.models import ClusterExtension, DBCloudProxy, DBExtension +from backend.db_proxy.views.cloud.serializers import InsertDBExtensionSerializer +from backend.db_proxy.views.serialiers import BaseProxyPassSerializer +from backend.db_proxy.views.views import BaseProxyPassViewSet +from backend.flow.consts import MySQLPrivComponent, UserName + + +class CloudProxyPassViewSet(BaseProxyPassViewSet): + """ + 云区域组件接口的透传视图 + """ + + @common_swagger_auto_schema( + operation_summary=_("[容器化]写入云区域组件记录"), + request_body=InsertDBExtensionSerializer(), + tags=[SWAGGER_TAG], + ) + @action(methods=["POST"], serializer_class=InsertDBExtensionSerializer, detail=False) + def insert(self, request, *args, **kwargs): + data = self.params_validate(self.get_serializer_class()) + output_info = {} + bk_cloud_id = data["bk_cloud_id"] + + if data["extension"] == ExtensionType.NGINX: + # nginx需要写入代理信息 + ip = data["details"]["ip"] + DBCloudProxy.objects.create(bk_cloud_id=data["bk_cloud_id"], internal_address=ip, external_address=ip) + elif data["extension"] == ExtensionType.DRS: + # drs随机生成账号/密码 + drs_account = ExtensionAccountEnum.generate_random_account(bk_cloud_id) + webconsole_account = ExtensionAccountEnum.generate_random_account(bk_cloud_id) + data["details"].update( + use=drs_account["encrypt_user"], + pwd=drs_account["encrypt_password"], + webconsole_user=webconsole_account["encrypt_user"], + webconsole_pwd=webconsole_account["encrypt_password"], + ) + # drs proxy密码 + proxy_password = DBPasswordHandler.get_component_password(UserName.PROXY, MySQLPrivComponent.PROXY) + output_info.update( + drs_account=drs_account, webconsole_account=webconsole_account, proxy_password=proxy_password + ) + elif data["extension"] == ExtensionType.DBHA: + # dbha 随机生成账号/密码 + dbha_account = ExtensionAccountEnum.generate_random_account(bk_cloud_id) + # 获取proxy密码和mysql os密码 + dbha_password_map = DBPasswordHandler.batch_query_components_password( + components=[ + {"username": UserName.PROXY, "component": MySQLPrivComponent.PROXY}, + {"username": UserName.OS_MYSQL, "component": MySQLPrivComponent.MYSQL}, + ] + ) + output_info.update( + dbha_account=dbha_account, + proxy_password=dbha_password_map[UserName.PROXY][MySQLPrivComponent.PROXY], + mysql_os_password=dbha_password_map[UserName.OS_MYSQL][MySQLPrivComponent.MYSQL], + ) + + DBExtension(**data, status=ExtensionServiceStatus.RUNNING).save() + return Response(output_info) + + @common_swagger_auto_schema( + operation_summary=_("[容器化]获取云区域nginx子配置文件"), + request_body=BaseProxyPassSerializer(), + tags=[SWAGGER_TAG], + ) + @action(methods=["POST"], detail=False, serializer_class=BaseProxyPassSerializer) + def pull_nginx_conf(self, request, *args, **kwargs): + bk_cloud_id = self.params_validate(self.get_serializer_class())["bk_cloud_id"] + # 目前子配置只有大数据转发,并且考虑社区化部署集群量较少,这里就全量拉去更新 + cluster_extensions = ClusterExtension.objects.filter(bk_cloud_id=bk_cloud_id) + proxy = DBCloudProxy.objects.filter(bk_cloud_id=bk_cloud_id).last() + file_list: List[Dict[str, Any]] = [] + for extension in cluster_extensions: + conf_tpl = getattr(nginxconf_tpl, f"{extension.db_type}_conf_tpl", None) + # 当前组件无子配置,忽略 + if not conf_tpl: + continue + file_list.append(nginxconf_tpl.render_nginx_tpl(conf_tpl=conf_tpl, extension=extension, encode=False)) + # 保存访问地址 + if not extension.access_url: + extension.save_access_url(nginx_url=f"{proxy.external_address}:{80}") + return Response(file_list) diff --git a/dbm-ui/backend/env/dev.py b/dbm-ui/backend/env/dev.py index 7d20af3158..088ae481b6 100644 --- a/dbm-ui/backend/env/dev.py +++ b/dbm-ui/backend/env/dev.py @@ -20,8 +20,6 @@ TEST_ACCESS_HOSTS = get_type_env(key="TEST_ACCESS_HOSTS", _type=list, default=[]) WEBCONSOLE_USERNAME = get_type_env(key="WEBCONSOLE_USERNAME", _type=str, default="") WEBCONSOLE_PASSWORD = get_type_env(key="WEBCONSOLE_PASSWORD", _type=str, default="") -PARTITION_YW_USERNAME = get_type_env(key="PARTITION_YW_USERNAME", _type=str, default="") -PARTITION_YW_PASSWORD = get_type_env(key="PARTITION_YW_PASSWORD", _type=str, default="") # 资源池伪造开关 FAKE_RESOURCE_APPLY_ENABLE = get_type_env(key="FAKE_RESOURCE_APPLY_ENABLE", _type=bool, default=False) diff --git a/dbm-ui/backend/flow/engine/bamboo/scene/cloud/base_service_flow.py b/dbm-ui/backend/flow/engine/bamboo/scene/cloud/base_service_flow.py index d594fbcffd..d258ce8e79 100644 --- a/dbm-ui/backend/flow/engine/bamboo/scene/cloud/base_service_flow.py +++ b/dbm-ui/backend/flow/engine/bamboo/scene/cloud/base_service_flow.py @@ -13,7 +13,6 @@ from typing import Any, Dict, List, Optional, Union from bamboo_engine.builder import SubProcess -from django.utils.crypto import get_random_string from django.utils.translation import ugettext as _ from backend.core.encrypt.constants import AsymmetricCipherConfigType @@ -69,10 +68,18 @@ def _get_or_generate_usr_pwd(self, service: CloudServiceName): def _fetch_usr_pwd(info, user_key, pwd_key): # 若任意一台主机信息包含用户/密码,则沿用直接返回解密原始账户或密码,否则生成 - user = info.get(user_key, AsymmetricHandler.encrypt(name=rsa_cloud_name, content=get_random_string(8))) - pwd = info.get(pwd_key, AsymmetricHandler.encrypt(name=rsa_cloud_name, content=get_random_string(16))) - plain_user = AsymmetricHandler.decrypt(name=rsa_cloud_name, content=user) - plain_pwd = AsymmetricHandler.decrypt(name=rsa_cloud_name, content=pwd) + if info.get(user_key) and info.get(pwd_key): + user, pwd = info[user_key], info[pwd_key] + plain_user = AsymmetricHandler.decrypt(name=rsa_cloud_name, content=user) + plain_pwd = AsymmetricHandler.decrypt(name=rsa_cloud_name, content=pwd) + else: + account = ExtensionAccountEnum.generate_random_account(self.data["bk_cloud_id"]) + user, pwd, plain_user, plain_pwd = ( + account["encrypt_user"], + account["encrypt_password"], + account["user"], + account["password"], + ) return {user_key: user, pwd_key: pwd, f"plain_{user_key}": plain_user, f"plain_{pwd_key}": plain_pwd} # 获取部署组件的主机信息 diff --git a/dbm-ui/backend/flow/utils/cloud/script_template/dbha_template.py b/dbm-ui/backend/flow/utils/cloud/script_template/dbha_template.py index ce377274b0..f3dc1700d4 100644 --- a/dbm-ui/backend/flow/utils/cloud/script_template/dbha_template.py +++ b/dbm-ui/backend/flow/utils/cloud/script_template/dbha_template.py @@ -15,7 +15,7 @@ log_path: "./log" log_level: "LOG_DEBUG" log_maxsize: 512 - log_maxbackups: 5 + log_maxbackups: 100 log_maxage: 30 log_compress: true agent_conf: @@ -144,7 +144,7 @@ log_path: "./log" log_level: "LOG_DEBUG" log_maxsize: 512 - log_maxbackups: 5 + log_maxbackups: 100 log_maxage: 30 log_compress: true agent_conf: diff --git a/dbm-ui/backend/iam_app/handlers/drf_perm/proxypass.py b/dbm-ui/backend/iam_app/handlers/drf_perm/proxypass.py index 12c8464d43..6f10060dc9 100644 --- a/dbm-ui/backend/iam_app/handlers/drf_perm/proxypass.py +++ b/dbm-ui/backend/iam_app/handlers/drf_perm/proxypass.py @@ -10,6 +10,7 @@ """ import binascii +from django.conf import settings from django.utils.translation import ugettext as _ from rest_framework import permissions from rest_framework.exceptions import PermissionDenied @@ -28,6 +29,10 @@ class ProxyPassPermission(permissions.BasePermission): @classmethod def verify_token(cls, db_cloud_token, bk_cloud_id): + # 兼容云区域容器化,app_code:app_secret的鉴权模式 + if db_cloud_token == f"{settings.APP_CODE}:{settings.APP_TOKEN}": + return + try: token = AsymmetricHandler.decrypt(name=AsymmetricCipherConfigType.PROXYPASS.value, content=db_cloud_token) except (RSADecryptException, binascii.Error, KeyError, IndexError): diff --git a/helm-charts/bk-dbm/Chart.lock b/helm-charts/bk-dbm/Chart.lock index add41b2702..bc281186f1 100644 --- a/helm-charts/bk-dbm/Chart.lock +++ b/helm-charts/bk-dbm/Chart.lock @@ -32,9 +32,6 @@ dependencies: - name: db-simulation repository: file://charts/db-simulation version: 0.1.11 -- name: db-remote-service - repository: file://charts/db-remote-service - version: 0.9.5 - name: db-dns-api repository: file://charts/db-dns-api version: 0.1.7 @@ -56,5 +53,17 @@ dependencies: - name: backup-consumer repository: file://charts/backup-consumer version: 0.0.3 -digest: sha256:31236606c1f0aa272b43c84f98bff88edb54144c6df8d1a07f0b5e9f93f20156 -generated: "2024-08-13T19:01:07.629281+08:00" +- name: db-remote-service + repository: file://charts/db-remote-service + version: 0.9.5 +- name: db-dns + repository: file://charts/db-dns + version: 0.1.0 +- name: db-nginx + repository: file://charts/db-nginx + version: 0.1.0 +- name: db-dbha + repository: file://charts/db-dbha + version: 0.1.0 +digest: sha256:505dce199e12c74e5852a426b8997b2c527c43c5cba321aebc58ef1040b43ff6 +generated: "2024-08-28T19:45:11.596886126+08:00" diff --git a/helm-charts/bk-dbm/Chart.yaml b/helm-charts/bk-dbm/Chart.yaml index a6d39c1640..2b6cff1f32 100644 --- a/helm-charts/bk-dbm/Chart.yaml +++ b/helm-charts/bk-dbm/Chart.yaml @@ -44,10 +44,6 @@ dependencies: name: db-simulation repository: file://charts/db-simulation version: 0.1.11 - - condition: db-remote-service.enabled - name: db-remote-service - repository: file://charts/db-remote-service - version: 0.9.5 - condition: db-dns-api.enabled name: db-dns-api repository: file://charts/db-dns-api @@ -76,6 +72,22 @@ dependencies: name: backup-consumer repository: file://charts/backup-consumer version: 0.0.3 + - condition: global.cloudContainer + name: db-remote-service + repository: file://charts/db-remote-service + version: 0.9.5 + - condition: global.cloudContainer + name: db-dns + repository: file://charts/db-dns + version: 0.1.0 + - condition: global.cloudContainer + name: db-nginx + repository: file://charts/db-nginx + version: 0.1.0 + - condition: global.cloudContainer + name: db-dbha + repository: file://charts/db-dbha + version: 0.1.0 description: A Helm chart for bk-dbm name: bk-dbm type: application diff --git a/helm-charts/bk-dbm/charts/db-dbha/.helmignore b/helm-charts/bk-dbm/charts/db-dbha/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dbha/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm-charts/bk-dbm/charts/db-dbha/Chart.yaml b/helm-charts/bk-dbm/charts/db-dbha/Chart.yaml new file mode 100644 index 0000000000..65d95cdec8 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dbha/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: 0.0.1-alpha.18 +description: A Helm chart for Kubernetes +name: db-dbha +version: 0.1.0 diff --git a/helm-charts/bk-dbm/charts/db-dbha/templates/NOTES.txt b/helm-charts/bk-dbm/charts/db-dbha/templates/NOTES.txt new file mode 100644 index 0000000000..e69de29bb2 diff --git a/helm-charts/bk-dbm/charts/db-dbha/templates/_helpers.tpl b/helm-charts/bk-dbm/charts/db-dbha/templates/_helpers.tpl new file mode 100644 index 0000000000..ff3ef72f00 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dbha/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* Expand the name of the chart. */}} +{{- define "db-dbha.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "db-dbha.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* define related component name */}} +{{- define "db-dbha.component.fullname" -}} +{{- $root := first . -}} +{{- $type := last . -}} +{{- printf "%s-%s" (include "db-dbha.fullname" $root) $type -}} +{{- end -}} + +{{/* Create chart name and version as used by the chart label. */}} +{{- define "db-dbha.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* Common labels */}} +{{- define "db-dbha.labels" -}} +app.kubernetes.io/name: {{ include "db-dbha.name" . }} +helm.sh/chart: {{ include "db-dbha.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* Selector labels */}} +{{- define "db-dbha.selectorLabels" -}} +app.kubernetes.io/name: {{ include "db-dbha.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* Create the name of the service account to use */}} +{{- define "db-dbha.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "db-dbha.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + diff --git a/helm-charts/bk-dbm/charts/db-dbha/templates/daemonsets/agent.yaml b/helm-charts/bk-dbm/charts/db-dbha/templates/daemonsets/agent.yaml new file mode 100644 index 0000000000..31ea107b98 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dbha/templates/daemonsets/agent.yaml @@ -0,0 +1,70 @@ +{{- $dbhaType := "agent" -}} +{{- $agentComponentName := (include "db-dbha.component.fullname" (list . "agent")) -}} +{{- $gmComponentName := (include "db-dbha.component.fullname" (list . "gm")) -}} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ $agentComponentName }} + labels: + {{ include "db-dbha.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "db-dbha.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: {{ $agentComponentName }} + template: + metadata: + annotations: + reloader.stakater.com/auto: "true" + labels: + {{- include "db-dbha.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: {{ $agentComponentName }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "db-dns.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + {{- include "initContainersWaitFor" (list . $gmComponentName) | nindent 8}} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + env: + {{- if .Values.envs -}} + {{- include "envs" . | trim | nindent 12 }} + {{- end }} + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DBHA_TYPE + value: {{ $dbhaType }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.extraEnvVarsCM }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm-charts/bk-dbm/charts/db-dbha/templates/deployments/gm.yaml b/helm-charts/bk-dbm/charts/db-dbha/templates/deployments/gm.yaml new file mode 100644 index 0000000000..daec0670d3 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dbha/templates/deployments/gm.yaml @@ -0,0 +1,78 @@ +{{- $dbhaType := "gm" -}} +{{- $gmComponentName := (include "db-dbha.component.fullname" (list . "gm")) -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $gmComponentName }} + labels: + {{ include "db-dbha.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.gmReplicaCount }} + selector: + matchLabels: + {{- include "db-dbha.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: {{ $gmComponentName }} + template: + metadata: + annotations: + reloader.stakater.com/auto: "true" + labels: + {{- include "db-dbha.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: {{ $gmComponentName }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "db-dbha.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + {{- include "initContainersWaitFor" (list . "bk-dbm-saas-api") | nindent 8}} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + protocol: TCP + containerPort: 50000 + env: + {{- if .Values.envs -}} + {{- include "envs" . | trim | nindent 6 }} + {{- end }} + - name: NODE_IP + value: {{ $gmComponentName }} + - name: DBHA_TYPE + value: {{ $dbhaType }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.extraEnvVarsCM }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + affinity: + {{- with .Values.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + # gm要求调度到不同的节点 + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - {{ $gmComponentName }} + topologyKey: "kubernetes.io/hostname" + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm-charts/bk-dbm/charts/db-dbha/templates/service.yaml b/helm-charts/bk-dbm/charts/db-dbha/templates/service.yaml new file mode 100644 index 0000000000..c113c3f44d --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dbha/templates/service.yaml @@ -0,0 +1,17 @@ +{{- $gmComponentName := (include "db-dbha.component.fullname" (list . "gm")) -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ $gmComponentName }} + labels: + {{- include "db-dbha.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.gmPort }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "db-dbha.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: {{ $gmComponentName }} diff --git a/helm-charts/bk-dbm/charts/db-dbha/templates/serviceaccount.yaml b/helm-charts/bk-dbm/charts/db-dbha/templates/serviceaccount.yaml new file mode 100644 index 0000000000..773ec8671d --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dbha/templates/serviceaccount.yaml @@ -0,0 +1,41 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "db-dbha.serviceAccountName" . }} + labels: + {{- include "db-dbha.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "db-dbha.fullname" . }}-role +rules: +- apiGroups: + - batch + - "" + resources: + - jobs + - pods + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "db-dbha.fullname" . }}-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "db-dbha.fullname" . }}-role +subjects: +- kind: ServiceAccount + name: {{ include "db-dbha.serviceAccountName" . }} + namespace: {{ default "default" .Release.Namespace }} +{{- end }} diff --git a/helm-charts/bk-dbm/charts/db-dbha/templates/servicemonitor.yaml b/helm-charts/bk-dbm/charts/db-dbha/templates/servicemonitor.yaml new file mode 100644 index 0000000000..df33952d4a --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dbha/templates/servicemonitor.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.global.serviceMonitor.enabled .Values.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "db-dbha.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "db-dbha.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "db-dbha.selectorLabels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - interval: 30s + params: {} + path: /metrics + port: http +{{- end -}} \ No newline at end of file diff --git a/helm-charts/bk-dbm/charts/db-dbha/values.yaml b/helm-charts/bk-dbm/charts/db-dbha/values.yaml new file mode 100644 index 0000000000..20ba875d4a --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dbha/values.yaml @@ -0,0 +1,64 @@ +# Default values for db-nginx-api. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# gm推荐副本就2 +gmReplicaCount: 2 + +image: + registry: "mirrors.tencent.com" + repository: "build/blueking/cloud-dbha" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: + privileged: true + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +service: + type: ClusterIP + gmPort: 50000 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +tolerations: [] + +affinity: {} + +envs: {} + +nodeSelector: {} + +# 容器内指标采集 +serviceMonitor: + enabled: false +# 容器内日志采集,APM本身不需要,配置保留为方便后期开启服务本身的日志采集 +bkLogConfig: + enabled: false + dataId: 1 diff --git a/helm-charts/bk-dbm/charts/db-dns/.helmignore b/helm-charts/bk-dbm/charts/db-dns/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dns/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm-charts/bk-dbm/charts/db-dns/Chart.yaml b/helm-charts/bk-dbm/charts/db-dns/Chart.yaml new file mode 100644 index 0000000000..9dc08bb19e --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dns/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: 0.0.1-alpha.18 +description: A Helm chart for Kubernetes +name: db-dns +version: 0.1.0 diff --git a/helm-charts/bk-dbm/charts/db-dns/templates/NOTES.txt b/helm-charts/bk-dbm/charts/db-dns/templates/NOTES.txt new file mode 100644 index 0000000000..e69de29bb2 diff --git a/helm-charts/bk-dbm/charts/db-dns/templates/_helpers.tpl b/helm-charts/bk-dbm/charts/db-dns/templates/_helpers.tpl new file mode 100644 index 0000000000..fc97fd5b56 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dns/templates/_helpers.tpl @@ -0,0 +1,132 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "db-dns.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "db-dns.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "db-dns.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "db-dns.labels" -}} +app.kubernetes.io/name: {{ include "db-dns.name" . }} +helm.sh/chart: {{ include "db-dns.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "db-dns.selectorLabels" -}} +app.kubernetes.io/name: {{ include "db-dns.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "db-dns.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "db-dns.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +environment variables +*/}} +{{- define "envs" -}} +{{- range $key, $val := .Values.envs }} +- name: {{ $key }} + value: {{ $val | quote }} +{{- end }} +{{- end }} + +{{- define "k8sEnvs" -}} +- name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP +{{- end}} + + +{{- define "db-dns-podSpec" -}} +{{- with .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- toYaml . | nindent 8 }} +{{- end }} +serviceAccountName: {{ include "db-dns.serviceAccountName" . }} +securityContext: +{{- toYaml .Values.podSecurityContext | nindent 2 }} +initContainers: +{{- include "initContainersWaitFor" (list . "bk-dbm-saas-api") | nindent 2}} +containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 6 }} + image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 53 + hostPort: 53 + protocol: UDP + - containerPort: 53 + hostPort: 53 + protocol: TCP + env: + {{- include "k8sEnvs" . | nindent 6}} + {{- if .Values.envs -}} + {{- include "envs" . | trim | nindent 6 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.extraEnvVarsCM }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 6 }} +{{- with .Values.nodeSelector }} +nodeSelector: +{{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.affinity }} +affinity: +{{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.tolerations }} +tolerations: +{{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/helm-charts/bk-dbm/charts/db-dns/templates/daemonset.yaml b/helm-charts/bk-dbm/charts/db-dns/templates/daemonset.yaml new file mode 100644 index 0000000000..514f403e2a --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dns/templates/daemonset.yaml @@ -0,0 +1,20 @@ +{{- if .Values.daemonRunning.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "db-dns.fullname" . }} + labels: + {{ include "db-dns.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "db-dns.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + reloader.stakater.com/auto: "true" + labels: + {{- include "db-dns.selectorLabels" . | nindent 8 }} + spec: + {{- include "db-dns-podSpec" . | nindent 6 }} +{{- end }} \ No newline at end of file diff --git a/helm-charts/bk-dbm/charts/db-dns/templates/deployment.yaml b/helm-charts/bk-dbm/charts/db-dns/templates/deployment.yaml new file mode 100644 index 0000000000..b5adadb6eb --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dns/templates/deployment.yaml @@ -0,0 +1,21 @@ +{{- if not .Values.daemonRunning.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "db-dns.fullname" . }} + labels: + {{ include "db-dns.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "db-dns.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + reloader.stakater.com/auto: "true" + labels: + {{- include "db-dns.selectorLabels" . | nindent 8 }} + spec: + {{- include "db-dns-podSpec" . | nindent 6 }} +{{- end }} \ No newline at end of file diff --git a/helm-charts/bk-dbm/charts/db-dns/templates/serviceaccount.yaml b/helm-charts/bk-dbm/charts/db-dns/templates/serviceaccount.yaml new file mode 100644 index 0000000000..a88db170de --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dns/templates/serviceaccount.yaml @@ -0,0 +1,41 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "db-dns.serviceAccountName" . }} + labels: + {{- include "db-dns.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "db-dns.fullname" . }}-role +rules: +- apiGroups: + - batch + - "" + resources: + - jobs + - pods + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "db-dns.fullname" . }}-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "db-dns.fullname" . }}-role +subjects: +- kind: ServiceAccount + name: {{ include "db-dns.serviceAccountName" . }} + namespace: {{ default "default" .Release.Namespace }} +{{- end }} diff --git a/helm-charts/bk-dbm/charts/db-dns/templates/servicemonitor.yaml b/helm-charts/bk-dbm/charts/db-dns/templates/servicemonitor.yaml new file mode 100644 index 0000000000..10338540d0 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dns/templates/servicemonitor.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.global.serviceMonitor.enabled .Values.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "db-dns.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "db-dns.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "db-dns.selectorLabels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - interval: 30s + params: {} + path: /metrics + port: http +{{- end -}} \ No newline at end of file diff --git a/helm-charts/bk-dbm/charts/db-dns/values.yaml b/helm-charts/bk-dbm/charts/db-dns/values.yaml new file mode 100644 index 0000000000..390d2bea83 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dns/values.yaml @@ -0,0 +1,63 @@ +# Default values for db-dns-api. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + registry: "mirrors.tencent.com" + repository: "build/blueking/cloud-dns" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +daemonRunning: + enabled: true + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: + privileged: true + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: + cloud-component: dns + +tolerations: [] + +affinity: {} + +envs: {} + +# 容器内指标采集 +serviceMonitor: + enabled: false +# 容器内日志采集,APM本身不需要,配置保留为方便后期开启服务本身的日志采集 +bkLogConfig: + enabled: false + dataId: 1 diff --git a/helm-charts/bk-dbm/charts/db-nginx/.helmignore b/helm-charts/bk-dbm/charts/db-nginx/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-nginx/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm-charts/bk-dbm/charts/db-nginx/Chart.yaml b/helm-charts/bk-dbm/charts/db-nginx/Chart.yaml new file mode 100644 index 0000000000..ecfe0ed62b --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-nginx/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: 0.0.1-alpha.18 +description: A Helm chart for Kubernetes +name: db-nginx +version: 0.1.0 diff --git a/helm-charts/bk-dbm/charts/db-nginx/templates/NOTES.txt b/helm-charts/bk-dbm/charts/db-nginx/templates/NOTES.txt new file mode 100644 index 0000000000..e69de29bb2 diff --git a/helm-charts/bk-dbm/charts/db-nginx/templates/_helpers.tpl b/helm-charts/bk-dbm/charts/db-nginx/templates/_helpers.tpl new file mode 100644 index 0000000000..ee1dcdab9d --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-nginx/templates/_helpers.tpl @@ -0,0 +1,64 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "db-nginx.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "db-nginx.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "db-nginx.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "db-nginx.labels" -}} +app.kubernetes.io/name: {{ include "db-nginx.name" . }} +helm.sh/chart: {{ include "db-nginx.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "db-nginx.selectorLabels" -}} +app.kubernetes.io/name: {{ include "db-nginx.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "db-nginx.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "db-nginx.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/helm-charts/bk-dbm/charts/db-nginx/templates/deployment.yaml b/helm-charts/bk-dbm/charts/db-nginx/templates/deployment.yaml new file mode 100644 index 0000000000..4d8464f290 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-nginx/templates/deployment.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "db-nginx.fullname" . }} + labels: + {{ include "db-nginx.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "db-nginx.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + reloader.stakater.com/auto: "true" + labels: + {{- include "db-nginx.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "db-nginx.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + {{- include "initContainersWaitFor" (list . "bk-dbm-saas-api") | nindent 8}} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.extraEnvVarsCM }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm-charts/bk-dbm/charts/db-nginx/templates/ingress.yaml b/helm-charts/bk-dbm/charts/db-nginx/templates/ingress.yaml new file mode 100644 index 0000000000..13b9229e0e --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-nginx/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "db-nginx.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "db-nginx.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm-charts/bk-dbm/charts/db-nginx/templates/service.yaml b/helm-charts/bk-dbm/charts/db-nginx/templates/service.yaml new file mode 100644 index 0000000000..0aedaa344f --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-nginx/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "db-nginx.fullname" . }} + labels: + {{- include "db-nginx.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "db-nginx.selectorLabels" . | nindent 4 }} diff --git a/helm-charts/bk-dbm/charts/db-nginx/templates/serviceaccount.yaml b/helm-charts/bk-dbm/charts/db-nginx/templates/serviceaccount.yaml new file mode 100644 index 0000000000..a6b3486557 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-nginx/templates/serviceaccount.yaml @@ -0,0 +1,41 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "db-nginx.serviceAccountName" . }} + labels: + {{- include "db-nginx.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "db-nginx.fullname" . }}-role +rules: +- apiGroups: + - batch + - "" + resources: + - jobs + - pods + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "db-nginx.fullname" . }}-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "db-nginx.fullname" . }}-role +subjects: +- kind: ServiceAccount + name: {{ include "db-nginx.serviceAccountName" . }} + namespace: {{ default "default" .Release.Namespace }} +{{- end }} diff --git a/helm-charts/bk-dbm/charts/db-nginx/templates/servicemonitor.yaml b/helm-charts/bk-dbm/charts/db-nginx/templates/servicemonitor.yaml new file mode 100644 index 0000000000..aa11693ad3 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-nginx/templates/servicemonitor.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.global.serviceMonitor.enabled .Values.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "db-nginx.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "db-nginx.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "db-nginx.selectorLabels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - interval: 30s + params: {} + path: /metrics + port: http +{{- end -}} \ No newline at end of file diff --git a/helm-charts/bk-dbm/charts/db-nginx/values.yaml b/helm-charts/bk-dbm/charts/db-nginx/values.yaml new file mode 100644 index 0000000000..41e670172d --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-nginx/values.yaml @@ -0,0 +1,79 @@ +# Default values for db-nginx-api. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + registry: "mirrors.tencent.com" + repository: "build/blueking/cloud-nginx" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: + privileged: true + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: true + className: "" + annotations: {} + # kubernetes.io/ingress.class: db-nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +tolerations: [] + +affinity: {} + +envs: {} + +nodeSelector: {} + +# 容器内指标采集 +serviceMonitor: + enabled: false +# 容器内日志采集,APM本身不需要,配置保留为方便后期开启服务本身的日志采集 +bkLogConfig: + enabled: false + dataId: 1 diff --git a/helm-charts/bk-dbm/charts/db-remote-service/templates/_helpers.tpl b/helm-charts/bk-dbm/charts/db-remote-service/templates/_helpers.tpl index 1b506c9f03..e6ca8a199b 100644 --- a/helm-charts/bk-dbm/charts/db-remote-service/templates/_helpers.tpl +++ b/helm-charts/bk-dbm/charts/db-remote-service/templates/_helpers.tpl @@ -70,3 +70,13 @@ environment variables value: {{ $val | quote }} {{- end }} {{- end }} + +{{- define "db-remote-service.container_env" -}} +env: + {{- include "dbm.envs" . | trim | nindent 2 }} +envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.extraEnvVarsCM }} + {{- end }} +{{- end }} diff --git a/helm-charts/bk-dbm/charts/db-remote-service/templates/deployment.yaml b/helm-charts/bk-dbm/charts/db-remote-service/templates/deployment.yaml index cb05ca003a..5cec864d52 100644 --- a/helm-charts/bk-dbm/charts/db-remote-service/templates/deployment.yaml +++ b/helm-charts/bk-dbm/charts/db-remote-service/templates/deployment.yaml @@ -27,55 +27,21 @@ spec: serviceAccountName: {{ include "db-remote-service.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} - # volumes: - # - - # name: config-volume - # configMap: - # name: {{ include "db-remote-service.fullname" . }} - # items: - # - - # key: logger.yaml - # mode: 420 - # path: path/to/logger.yaml - # - - # key: config.yaml - # mode: 420 - # path: path/to/config.yaml - # defaultMode: 272 + initContainers: + {{- include "initContainersWaitFor" (list . "bk-dbm-saas-api") | nindent 8}} containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- include "db-remote-service.container_env" . | nindent 10 }} ports: - name: http containerPort: 80 - protocol: TCP - env: - {{- range $key, $val := .Values.envs }} - - name: {{ $key }} - value: {{ quote $val }} - {{- end }} - # livenessProbe: - # httpGet: - # path: /ping - # port: http - # readinessProbe: - # httpGet: - # path: /ping - # port: http + protocol: TCP resources: {{- toYaml .Values.resources | nindent 12 }} - # volumeMounts: - # - - # name: config-volume - # subPath: path/to/logger.yaml - # mountPath: /conf/logger.yaml - # - - # name: config-volume - # subPath: path/to/config.yaml - # mountPath: /conf/config.yaml {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/helm-charts/bk-dbm/charts/db-remote-service/templates/serviceaccount.yaml b/helm-charts/bk-dbm/charts/db-remote-service/templates/serviceaccount.yaml index 747c39e1a5..d8e4c9b855 100644 --- a/helm-charts/bk-dbm/charts/db-remote-service/templates/serviceaccount.yaml +++ b/helm-charts/bk-dbm/charts/db-remote-service/templates/serviceaccount.yaml @@ -9,4 +9,33 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "db-remote-service.fullname" . }}-role +rules: +- apiGroups: + - batch + - "" + resources: + - jobs + - pods + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "db-remote-service.fullname" . }}-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "db-remote-service.fullname" . }}-role +subjects: +- kind: ServiceAccount + name: {{ include "db-remote-service.serviceAccountName" . }} + namespace: {{ default "default" .Release.Namespace }} {{- end }} diff --git a/helm-charts/bk-dbm/charts/db-remote-service/values.yaml b/helm-charts/bk-dbm/charts/db-remote-service/values.yaml index d48cec6760..f5d63f9847 100644 --- a/helm-charts/bk-dbm/charts/db-remote-service/values.yaml +++ b/helm-charts/bk-dbm/charts/db-remote-service/values.yaml @@ -81,19 +81,3 @@ tolerations: [] affinity: {} -envs: - DRS_CONCURRENT: 500 - DRS_MYSQL_ADMIN_PASSWORD: gcs_admin_password - DRS_MYSQL_ADMIN_USER: gcs_admin - DRS_PROXY_ADMIN_PASSWORD: gcs_admin_password - DRS_PROXY_ADMIN_USER: gcs_admin - DRS_PORT: 80 - DRS_LOG_JSON: true # 是否使用 json 格式日志 - DRS_LOG_CONSOLE: true # 是否在 stdout 打印日志 - DRS_LOG_DEBUG: true # 启用 debug 日志级别 - DRS_LOG_FILE_DIR: logs - DRS_TMYSQLPARSER_BIN: tmysqlparse - DRS_TLS: false # 是否开启证书校验 - DRS_KEY_FILE: "" - DRS_CA_FILE: "" - DRS_CERT_FILE: "" diff --git a/helm-charts/bk-dbm/charts/dbm/templates/deployments/saas-api/saas-api.yaml b/helm-charts/bk-dbm/charts/dbm/templates/deployments/saas-api/saas-api.yaml index 41d8683347..771cea27f8 100644 --- a/helm-charts/bk-dbm/charts/dbm/templates/deployments/saas-api/saas-api.yaml +++ b/helm-charts/bk-dbm/charts/dbm/templates/deployments/saas-api/saas-api.yaml @@ -41,7 +41,7 @@ spec: - /bin/bash - -c args: - - gunicorn wsgi -w {{ .Values.saas.api.gunicornWorker }} -b :8000 --access-logfile - --error-logfile - --access-logformat '[%(h)s] %({request_id}i)s %(u)s %(t)s "%(r)s" %(s)s %(D)s %(b)s "%(f)s" "%(a)s"' + - gunicorn wsgi -t 120 -w {{ .Values.saas.api.gunicornWorker }} -b :8000 --access-logfile - --error-logfile - --access-logformat '[%(h)s] %({request_id}i)s %(u)s %(t)s "%(r)s" %(s)s %(D)s %(b)s "%(f)s" "%(a)s"' ports: - name: http containerPort: 8000 diff --git a/helm-charts/bk-dbm/templates/_helpers.tpl b/helm-charts/bk-dbm/templates/_helpers.tpl index e9f098cf91..17940eca0d 100644 --- a/helm-charts/bk-dbm/templates/_helpers.tpl +++ b/helm-charts/bk-dbm/templates/_helpers.tpl @@ -119,3 +119,20 @@ username: {{ $etcd.username }} password: {{ $etcd.password }} {{- end -}} {{- end -}} + + +{{/* +k8s waitfor让一个pod等待另一个pod启动,用于编排顺序 +*/}} +{{- define "initContainersWaitFor"}} +{{- $root := first .}} +{{- $label := last . -}} +- name: check-saas-api + image: "{{ $root.Values.global.k8sWaitFor.registry }}/{{ $root.Values.global.k8sWaitFor.repository }}:{{ $root.Values.global.k8sWaitFor.tag }}" + imagePullPolicy: {{ $root.Values.global.k8sWaitFor.pullPolicy }} + args: + - pod + - -lapp.kubernetes.io/component={{ $label }} + resources: + {{- toYaml $root.Values.global.k8sWaitFor.resources | nindent 4 }} +{{- end }} diff --git a/helm-charts/bk-dbm/templates/configmaps/db-dbha-configmap.yaml b/helm-charts/bk-dbm/templates/configmaps/db-dbha-configmap.yaml new file mode 100644 index 0000000000..8672dd1cd8 --- /dev/null +++ b/helm-charts/bk-dbm/templates/configmaps/db-dbha-configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: db-dbha-configmap + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} +data: + DB_CLOUD_TOKEN: "{{ .Values.dbm.envs.bkAppCode }}:{{ .Values.dbm.envs.bkAppToken }}" + BK_DBM_URL: "{{ .Values.dbm.envs.dbmApigwDomain | replace "http://" "" }}" + BKMONITOR_EVENT_DATA_ID: "" + BKMONITOR_EVENT_TOKEN: "" + MYSQL_CROND_BEAT_PATH: "{{ .Values.bk.mysqlCrondBeatPath }}" + MYSQL_CROND_AGENT_ADDRESS: "{{ .Values.bk.mysqlCrondAgentAddress }}" diff --git a/helm-charts/bk-dbm/templates/configmaps/db-dns-configmap.yaml b/helm-charts/bk-dbm/templates/configmaps/db-dns-configmap.yaml new file mode 100644 index 0000000000..11796920a3 --- /dev/null +++ b/helm-charts/bk-dbm/templates/configmaps/db-dns-configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: db-dns-configmap + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} +data: + DB_CLOUD_TOKEN: "{{ .Values.dbm.envs.bkAppCode }}:{{ .Values.dbm.envs.bkAppToken }}" + BK_DBM_URL: "{{ .Values.dbm.envs.dbmApigwDomain }}" + BKMONITOR_EVENT_DATA_ID: "" + BKMONITOR_EVENT_TOKEN: "" + MYSQL_CROND_BEAT_PATH: "{{ .Values.bk.mysqlCrondBeatPath }}" + MYSQL_CROND_AGENT_ADDRESS: "{{ .Values.bk.mysqlCrondAgentAddress }}" diff --git a/helm-charts/bk-dbm/templates/configmaps/db-remote-service-configmap.yaml b/helm-charts/bk-dbm/templates/configmaps/db-remote-service-configmap.yaml new file mode 100644 index 0000000000..5f9e21ffbc --- /dev/null +++ b/helm-charts/bk-dbm/templates/configmaps/db-remote-service-configmap.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: db-remote-service-configmap + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} +data: + DB_CLOUD_TOKEN: "{{ .Values.dbm.envs.bkAppCode }}:{{ .Values.dbm.envs.bkAppToken }}" + BK_DBM_URL: "{{ .Values.dbm.envs.dbmApigwDomain }}" + DRS_CONCURRENT: "500" + DRS_MYSQL_ADMIN_PASSWORD: "gcs_admin_password" + DRS_MYSQL_ADMIN_USER: "gcs_admin" + DRS_PROXY_ADMIN_PASSWORD: "gcs_admin_password" + DRS_PROXY_ADMIN_USER: "gcs_admin" + DRS_PORT: "80" + DRS_LOG_JSON: "true" # 是否使用 json 格式日志 + DRS_LOG_CONSOLE: "true" # 是否在 stdout 打印日志 + DRS_LOG_DEBUG: "true" # 启用 debug 日志级别 + DRS_LOG_FILE_DIR: "logs" + DRS_TMYSQLPARSER_BIN: "tmysqlparse" + DRS_TLS: "false" # 是否开启证书校验 + DRS_KEY_FILE: "" + DRS_CA_FILE: "" + DRS_CERT_FILE: "" diff --git a/helm-charts/bk-dbm/templates/configmaps/nginx-configmap.yaml b/helm-charts/bk-dbm/templates/configmaps/nginx-configmap.yaml new file mode 100644 index 0000000000..632ae54c17 --- /dev/null +++ b/helm-charts/bk-dbm/templates/configmaps/nginx-configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: db-nginx-configmap + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} +data: + DB_CLOUD_TOKEN: "{{ .Values.dbm.envs.bkAppCode }}:{{ .Values.dbm.envs.bkAppToken }}" + BK_DBM_URL: "{{ .Values.dbm.envs.dbmApigwDomain }}" + DBM_NGINX_DOMAIN: "{{ index .Values "db-nginx" "ingress" "hosts" 0 "host" }}" diff --git a/helm-charts/bk-dbm/values.yaml b/helm-charts/bk-dbm/values.yaml index c36cfe3e88..f5b15d0cbe 100644 --- a/helm-charts/bk-dbm/values.yaml +++ b/helm-charts/bk-dbm/values.yaml @@ -6,10 +6,19 @@ global: imagePullSecrets: [] storageClass: "" bkDomain: "example.com" + ## k8s wait-for + k8sWaitFor: + registry: "mirrors.tencent.com" + repository: "build/blueking/k8s-wait-for" + tag: "v1.5.1" + pullPolicy: IfNotPresent + resources: {} ## 蓝鲸主域名访问协议http/https bkDomainScheme: http serviceMonitor: enabled: true + ## 云区域容器化 + cloudContainer: false # bk public bk: @@ -305,6 +314,24 @@ db-dns-api: TRACE_TOKEN: "" TRACE_DATA_ID: "" +db-dns: + extraEnvVarsCM: db-dns-configmap + +db-nginx: + extraEnvVarsCM: db-nginx-configmap + # ingress + ingress: + enabled: true + className: "" + hosts: + - host: bk-dbm-nginx + paths: + - path: / + pathType: ImplementationSpecific + +db-dbha: + extraEnvVarsCM: db-dbha-configmap + hadb-api: enabled: true @@ -365,6 +392,7 @@ db-resource: db-remote-service: enabled: false + extraEnvVarsCM: db-remote-service-configmap envs: # apm TRACE_SERVICE_NAME: db-remote-service