diff --git a/dbm-ui/backend/components/db_remote_service/client.py b/dbm-ui/backend/components/db_remote_service/client.py index 4380c5b58e..f472cda505 100644 --- a/dbm-ui/backend/components/db_remote_service/client.py +++ b/dbm-ui/backend/components/db_remote_service/client.py @@ -26,7 +26,7 @@ class _DRSApi(object): def __init__(self): ssl_flag = True - # 配置了DRS_SKIP_SSL,认为跳过ssl认证 + # 配置了DRS_SKIP_SSL,或者走容器化方式,认为跳过ssl认证 if env.DRS_SKIP_SSL: ssl_flag = False diff --git a/dbm-ui/backend/components/proxy_api.py b/dbm-ui/backend/components/proxy_api.py index d093cff2b8..c07a2c39c8 100644 --- a/dbm-ui/backend/components/proxy_api.py +++ b/dbm-ui/backend/components/proxy_api.py @@ -25,7 +25,7 @@ class ProxyAPI(DataAPI): def build_actual_url(self, param): url = super().build_actual_url(param) - # 如果配置了DOMAIN_SKIP_PROXY,表示跳过proxy代理 + # 如果配置了代理跳过,则直接返回url if env.DOMAIN_SKIP_PROXY: return url @@ -34,6 +34,11 @@ def build_actual_url(self, param): except KeyError: raise DataAPIException(_("ProxyApi 必须传入 bk_cloud_id 参数")) + # 如果配置了云区域容器化,并且是直连区域,则跳过代理并且忽略ssl + if env.CLOUD_CONTAINER_ENABLE and bk_cloud_id == 0: + self.ssl = False + return url + # 只取最新的nginx作为转发服务 proxy = DBCloudProxy.objects.filter(bk_cloud_id=bk_cloud_id).last() host = "https://" if self.ssl else "http://" diff --git a/dbm-ui/backend/db_meta/api/dbha/apis.py b/dbm-ui/backend/db_meta/api/dbha/apis.py index 7c1a2621f3..0aead585df 100644 --- a/dbm-ui/backend/db_meta/api/dbha/apis.py +++ b/dbm-ui/backend/db_meta/api/dbha/apis.py @@ -147,7 +147,8 @@ def instances( logger.warning("{} is not a valid ip, instance or domain".format(ad)) raise ValueError("{} is not a valid ip, instance or domain".format(ad)) - if logical_city_ids: + # 如果没有城市ID,或者城市ID包含-1,则不过滤城市 + if logical_city_ids and -1 not in logical_city_ids: queries &= Q(**{"machine__bk_city__logical_city_id__in": logical_city_ids}) if statuses: diff --git a/dbm-ui/backend/db_periodic_task/local_tasks/db_proxy.py b/dbm-ui/backend/db_periodic_task/local_tasks/db_proxy.py index 2de568e57f..b2a6d92fc1 100644 --- a/dbm-ui/backend/db_periodic_task/local_tasks/db_proxy.py +++ b/dbm-ui/backend/db_periodic_task/local_tasks/db_proxy.py @@ -30,7 +30,6 @@ from backend.db_proxy.models import ClusterExtension, DBCloudProxy, DBExtension from backend.db_services.ipchooser.query.resource import ResourceQueryHelper from backend.utils.redis import RedisConn -from backend.utils.string import base64_encode logger = logging.getLogger("celery") @@ -93,8 +92,9 @@ def _job_push_config_file(_cloud_id, _file_list, _nginx_list): extension_ids: List[int] = [] for db_type in cloud__db_type__extension[cloud_id].keys(): conf_tpl = getattr(nginxconf_tpl, f"{db_type}_conf_tpl", None) + + # 如果没有模板,则打印日志并跳过 if not conf_tpl: - # 如果没有模板,则打印日志并跳过 logger.warning(_("集群类型:{} 的nginx配置文件不存在,跳过对该nginx配置的下发").format(db_type)) continue @@ -102,18 +102,8 @@ def _job_push_config_file(_cloud_id, _file_list, _nginx_list): template = jinja_env.from_string(conf_tpl) for extension in cloud__db_type__extension[cloud_id][db_type]: - conf_payload = { - "bk_biz_id": extension.bk_biz_id, - "bk_cloud_id": extension.bk_cloud_id, - "db_type": extension.db_type, - "cluster_name": extension.cluster_name, - "service_type": extension.service_type, - "service_url": f"http://{extension.ip}:{extension.port}", - } - file_name = f"{extension.bk_biz_id}_{extension.db_type}_{extension.cluster_name}_nginx.conf" - file_content = base64_encode(template.render(conf_payload)) - file_list.append({"file_name": file_name, "content": file_content}) - + # 渲染配置 + file_list.append(nginxconf_tpl.render_nginx_tpl(template, extension, encode=True)) # 这里先提前写入access url,至于是否执行成功根据is_flush extension.save_access_url(nginx_url=f"{proxy.external_address}:{manage_port}") extension_ids.append(extension.id) diff --git a/dbm-ui/backend/db_proxy/constants.py b/dbm-ui/backend/db_proxy/constants.py index 33e3332440..4d537d4ede 100644 --- a/dbm-ui/backend/db_proxy/constants.py +++ b/dbm-ui/backend/db_proxy/constants.py @@ -8,10 +8,12 @@ an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. """ +from django.utils.crypto import get_random_string from django.utils.translation import ugettext_lazy as _ from backend.configuration.constants import DBType -from backend.flow.consts import CloudServiceName +from backend.core.encrypt.constants import AsymmetricCipherConfigType +from backend.core.encrypt.handlers import AsymmetricHandler from blue_krill.data_types.enum import EnumField, StructuredEnum SWAGGER_TAG = _("透传服务(proxypass)") @@ -60,18 +62,28 @@ class ExtensionAccountEnum(str, StructuredEnum): WEBCONSOLE_PWD = EnumField("webconsole_pwd", _("webconsole_pwd")) @classmethod - def get_account_in_info(cls, info): + def get_account_map(cls, info): """从info中获取存在的账号/密码信息""" account = {value: info[value] for value in cls.get_values() if value in info} return account @classmethod - def get_account_tuple_with_service(cls, service: CloudServiceName): - """获取不同组件包含的账号枚举类""" - account_tuples = [(cls.USER.value, cls.PWD.value)] - if service == CloudServiceName.DRS: - account_tuples.append((cls.WEBCONSOLE_USER, cls.WEBCONSOLE_PWD)) - return account_tuples + def generate_random_account(cls, bk_cloud_id: int): + """生成随机账号""" + rsa_cloud_name = AsymmetricCipherConfigType.get_cipher_cloud_name(bk_cloud_id) + user, password = get_random_string(8), get_random_string(16) + encrypt_user = AsymmetricHandler.encrypt(name=rsa_cloud_name, content=user) + encrypt_password = AsymmetricHandler.encrypt(name=rsa_cloud_name, content=password) + return {"user": user, "password": password, "encrypt_user": encrypt_user, "encrypt_password": encrypt_password} + + @classmethod + def get_account_info(cls, bk_cloud_id: int, details: dict, u_key: str, p_key: str): + """获取组件的账号和密码信息""" + rsa_cloud_name = AsymmetricCipherConfigType.get_cipher_cloud_name(bk_cloud_id) + encrypt_user, encrypt_password = details[u_key], details[p_key] + user = AsymmetricHandler.decrypt(name=rsa_cloud_name, content=encrypt_user) + password = AsymmetricHandler.decrypt(name=rsa_cloud_name, content=encrypt_password) + return {"user": user, "password": password, "encrypt_user": encrypt_user, "encrypt_password": encrypt_password} CLUSTER__SERVICE_MAP = { diff --git a/dbm-ui/backend/db_proxy/container/__init__.py b/dbm-ui/backend/db_proxy/container/__init__.py new file mode 100644 index 0000000000..77a7894df7 --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/__init__.py @@ -0,0 +1,12 @@ +# -*- coding: utf-8 -*- +""" +TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-DB管理系统(BlueKing-BK-DBM) available. +Copyright (C) 2017-2023 THL A29 Limited, a Tencent company. All rights reserved. +Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License. +You may obtain a copy of the License at https://opensource.org/licenses/MIT +Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on +an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +specific language governing permissions and limitations under the License. +""" + +# 云区域容器化改造 diff --git a/dbm-ui/backend/db_proxy/container/dbha/Dockerfile b/dbm-ui/backend/db_proxy/container/dbha/Dockerfile new file mode 100644 index 0000000000..71f3d5e60e --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/dbha/Dockerfile @@ -0,0 +1,20 @@ +FROM mirrors.tencent.com/build/blueking/dbmedium:latest as medium + +FROM debian:bookworm-slim + +# 更新包列表并安装 cron 和 gettext-base +RUN apt-get update && \ + apt-get install -y jq gettext-base curl && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +## 获取dns介质文件 +COPY --from=medium /app/medium/cloud/cloud-dbha/*/dbha /data/install/ +COPY ./start.bash ./dbha-conf-tpl.yaml /data/install/ + +WORKDIR /data/install + +RUN chmod +x start.bash + +## 启动dbha服务 +ENTRYPOINT ["/bin/bash", "-c", "/data/install/start.bash"] diff --git a/dbm-ui/backend/db_proxy/container/dbha/dbha-conf-tpl.yaml b/dbm-ui/backend/db_proxy/container/dbha/dbha-conf-tpl.yaml new file mode 100644 index 0000000000..9f0329ad24 --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/dbha/dbha-conf-tpl.yaml @@ -0,0 +1,123 @@ +log_conf: + log_path: "./log" + log_level: "LOG_DEBUG" + log_maxsize: 512 + log_maxbackups: 100 + log_maxage: 30 + log_compress: true +agent_conf: + active_db_type: [ + "riak", + "tendbha", + "tendbcluster", + "TwemproxyRedisInstance", + "PredixyTendisplusCluster", + "TwemproxyTendisSSDInstance" + ] + city_id: -1 + campus: "all" + cloud_id: 0 + fetch_interval: 60 + reporter_interval: 120 + local_ip: "$NODE_IP" +gm_conf: + city_id: 0 + campus: "zero" + cloud_id: 0 + liston_port: 50000 + local_ip: "$NODE_IP" + report_interval: 60 + GDM: + dup_expire: 600 + scan_interval: 1 + GMM: + GQA: + idc_cache_expire: 300 + single_switch_idc: 50 + single_switch_interval: 86400 + single_switch_limit: 48 + all_host_switch_limit: 150 + all_switch_interval: 7200 + GCM: + allowed_checksum_max_offset: 2 + allowed_slave_delay_max: 600 + allowed_time_delay_max: 300 + exec_slow_kbytes: 0 +password_conf: + host: "$BK_DBM_URL" + port: 80 + url_pre: "/apis/proxypass" + timeout: 10 + bk_conf: + bk_token: "$DB_CLOUD_TOKEN" +db_conf: + hadb: + host: "$HADB_URL" + port: 8080 + timeout: 120 + cmdb: + host: "$BK_DBM_URL" + port: 80 + url_pre: "/apis/proxypass" + timeout: 30 + bk_conf: + bk_token: "$DB_CLOUD_TOKEN" + mysql: + user: "$DBHA_USER" + pass: "$DBHA_PASSWORD" + proxy_user: "proxy" + proxy_pass: "$DBHA_PROXY_PASSWORD" + timeout: 10 + redis: + timeout: 10 + riak: + timeout: 10 +name_services: + dns_conf: + host: "$BK_DBM_URL" + port: 80 + url_pre: "/apis/proxypass" + user: "dbha" + pass: "xxx" + timeout: 10 + bk_conf: + bk_token: "$DB_CLOUD_TOKEN" + remote_conf: + host: "$BK_DBM_URL" + port: 80 + url_pre: "/apis/proxypass" + user: "dbha" + pass: "xxx" + timeout: 10 + bk_conf: + bk_token: "$DB_CLOUD_TOKEN" + polaris_conf: + host: "$BK_DBM_URL" + port: 80 + user: "nouser" + pass: "nopasswd" + url_pre: "/apis/proxypass/nameservice" + timeout: 10 + bk_conf: + bk_token: "$DB_CLOUD_TOKEN" + clb_conf: + host: "$BK_DBM_URL" + port: 80 + user: "nouser" + pass: "nopasswd" + url_pre: "/apis/proxypass/nameservice" + timeout: 10 + bk_conf: + bk_token: "$DB_CLOUD_TOKEN" +monitor: + bk_data_id: $BKMONITOR_EVENT_DATA_ID + access_token: "$BKMONITOR_EVENT_TOKEN" + beat_path: "$MYSQL_CROND_BEAT_PATH" + agent_address: "$MYSQL_CROND_AGENT_ADDRESS" + local_ip: "$NODE_IP" +ssh: + port: 36000 + user: "mysql" + pass: "$MYSQL_OS_PASSWORD" + dest: "agent" + timeout: 10 diff --git a/dbm-ui/backend/db_proxy/container/dbha/start.bash b/dbm-ui/backend/db_proxy/container/dbha/start.bash new file mode 100644 index 0000000000..4b5ddb9f45 --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/dbha/start.bash @@ -0,0 +1,33 @@ +# 写入dbha记录 +data=$( +curl -XPOST "$BK_DBM_URL/apis/proxypass/cloud/insert/" \ + --header "Content-Type: application/json" \ + --data-raw '{ + "bk_cloud_id": 0, + "extension": "DBHA", + "db_cloud_token": "'"$DB_CLOUD_TOKEN"'", + "details": { + "ip": "%", + "dbha_type": "'"$DBHA_TYPE"'", + "bk_city_code": "'"$DBHA_CITY"'", + "bk_city_name": "'"$DBHA_CAMPUS"'", + "bk_host_id": 0, + "bk_cloud_id": 0 + } + }' +) + +# 导出密码环境变量 +export DBHA_USER=$(echo $data | jq -r '.data.dbha_account.user') +export DBHA_PASSWORD=$(echo $data | jq -r '.data.dbha_account.password') +export DBHA_PROXY_PASSWORD=$(echo $data | jq -r '.data.proxy_password') +export MYSQL_OS_PASSWORD=$(echo $data | jq -r '.data.mysql_os_password') +# 导出监控环境变量 +export BKMONITOR_EVENT_DATA_ID=$(echo $data | jq -r '.data.bkm_dbm_report.event.data_id') +export BKMONITOR_EVENT_TOKEN=$(echo $data | jq -r '.data.bkm_dbm_report.event.token') + +# 配置文件注入环境变量,启动dbha服务 +touch log +envsubst < ./dbha-conf-tpl.yaml > ./dbha.conf +nohup ./dbha -config_file=dbha.conf -type=$DBHA_TYPE -> dbha-apply.log 2>&1 & +tail -f log diff --git a/dbm-ui/backend/db_proxy/container/dns/Dockerfile b/dbm-ui/backend/db_proxy/container/dns/Dockerfile new file mode 100644 index 0000000000..6e000f9b3a --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/dns/Dockerfile @@ -0,0 +1,21 @@ +FROM mirrors.tencent.com/build/blueking/dbmedium:latest as medium + +FROM debian:bookworm-slim + +# 更新包列表并安装 cron 和 gettext-base +RUN apt-get update && \ + apt-get install -y jq cron gettext-base curl && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +## 获取dns介质文件 +COPY --from=medium /app/medium/cloud/cloud-dns-bind/*/bind.tar.gz /data/install/ +COPY --from=medium /app/medium/cloud/cloud-dns-pullcrond/*/pull-crond /data/install/ +COPY ./start.bash ./pull-crond.conf /data/install/ + +WORKDIR /data/install + +RUN chmod +x start.bash + +## 启动dns服务 +ENTRYPOINT ["/bin/bash", "-c", "/data/install/start.bash"] diff --git a/dbm-ui/backend/db_proxy/container/dns/pull-crond.conf b/dbm-ui/backend/db_proxy/container/dns/pull-crond.conf new file mode 100644 index 0000000000..37ee039e2b --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/dns/pull-crond.conf @@ -0,0 +1,23 @@ +info_log_path="../log/info.log" +error_log_path="../log/err.log" + +db_cloud_token="$DB_CLOUD_TOKEN" +bk_dns_api_url="$BK_DBM_URL" +bk_cloud_id=0 + +data_id="$BKMONITOR_EVENT_DATA_ID" +access_token="$BKMONITOR_EVENT_TOKEN" +bkmonitorbeat="$MYSQL_CROND_BEAT_PATH" +agent_address="$MYSQL_CROND_AGENT_ADDRESS" +local_ip="" + +interval="3" +flush_switch="true" +forward_ip="$NODE_IP;" + +options_named_file="/usr/local/bind/etc/named.conf" +options_named_file_tpl="/usr/local/bind/etc/named.conf_tpl" +local_named_file="/usr/local/bind/etc/named.conf.local" +zone_dir_path="/usr/local/bind/var/run/named/" +rndc="/usr/local/bind/sbin/rndc" +rndc_config="/usr/local/bind/etc/rndc.conf" diff --git a/dbm-ui/backend/db_proxy/container/dns/start.bash b/dbm-ui/backend/db_proxy/container/dns/start.bash new file mode 100644 index 0000000000..63485309ee --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/dns/start.bash @@ -0,0 +1,51 @@ +path=/usr/local; + +# 写入dns记录 +data=$( +curl -XPOST "$BK_DBM_URL/apis/proxypass/cloud/insert/" \ + --header "Content-Type: application/json" \ + --data-raw '{ + "bk_cloud_id": 0, + "extension": "DNS", + "db_cloud_token": "'"$DB_CLOUD_TOKEN"'", + "details": { + "ip": "'"$NODE_IP"'", + "bk_city": "", + "is_access": 1, + "bk_host_id": 0, + "bk_cloud_id": 0 + } + }' +) + +# 导出监控环境变量 +export BKMONITOR_EVENT_DATA_ID=$(echo $data | jq -r '.data.bkm_dbm_report.event.data_id') +export BKMONITOR_EVENT_TOKEN=$(echo $data | jq -r '.data.bkm_dbm_report.event.token') + +# 解压bind文件 +tar -xvf /data/install/bind.tar.gz -C $path; +ln -s $path/bind9 $path/bind; +# 启动bind服务 +chown -R root:root $path/bind/* +$path/bind/sbin/named -4 + +# 配置pull-crond服务的文件路径 +mv /data/install/pull-crond $path/bind/admin; +mv /data/install/pull-crond.conf $path/bind/admin; + +# 增加定时拉起命令 +crontab -l > crontab_backup.txt +command="* * * * * cd $path/bind/admin; /bin/sh check_dns_and_pull_crond.sh 1>/dev/null 2>&1" + +if crontab -l | grep -Fxq "$command"; then + echo "Scheduled pull task already exists, ignore..." +else + (crontab -l ; echo "$command") | uniq - | crontab - + echo "Pull up task has been added to crontab。" +fi + +# 启动pull-crond服务 +cd $path/bind/admin/; +chmod 777 pull-crond; +envsubst < pull-crond.conf > pull-crond-run.conf +./pull-crond -c pull-crond-run.conf; diff --git a/dbm-ui/backend/db_proxy/container/drs/Dockerfile b/dbm-ui/backend/db_proxy/container/drs/Dockerfile new file mode 100644 index 0000000000..36e2a0fba2 --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/drs/Dockerfile @@ -0,0 +1,21 @@ +FROM mirrors.tencent.com/build/blueking/dbmedium:latest as medium + +FROM debian:bookworm-slim + +## 更新包列表并安装 cron 和 gettext-base +RUN apt-get update && \ + apt-get install -y curl jq && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +## 获取drs介质文件 +COPY --from=medium /app/medium/cloud/cloud-drs/*/db-remote-service /data/install/ +COPY --from=medium /app/medium/cloud/cloud-drs-tmysqlparse/*/tmysqlparse /data/install/ +COPY ./start.bash /data/install/ + +WORKDIR /data/install + +RUN chmod +x start.bash + +## 启动drs服务 +ENTRYPOINT ["/bin/bash", "-c", "/data/install/start.bash"] diff --git a/dbm-ui/backend/db_proxy/container/drs/start.bash b/dbm-ui/backend/db_proxy/container/drs/start.bash new file mode 100644 index 0000000000..579e51456d --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/drs/start.bash @@ -0,0 +1,33 @@ +# 写入DRS记录 +data=$( +curl -XPOST "$BK_DBM_URL/apis/proxypass/cloud/insert/" \ + --header "Content-Type: application/json" \ + --data-raw '{ + "bk_cloud_id": 0, + "extension": "DRS", + "db_cloud_token": "'"$DB_CLOUD_TOKEN"'", + "details": { + "ip": "%", + "bk_host_id": 0, + "bk_cloud_id": 0 + } + }' +) + +# 导出环境变量 +export DRS_MYSQL_ADMIN_PASSWORD=$(echo $data | jq -r '.data.drs_account.password') +export DRS_MYSQL_ADMIN_USER=$(echo $data | jq -r '.data.drs_account.user') +export SQLSERVER_ADMIN_PASSWORD=$DRS_MYSQL_ADMIN_PASSWORD +export SQLSERVER_ADMIN_USER=$DRS_MYSQL_ADMIN_USER +export DRS_PROXY_ADMIN_USER="proxy" +export DRS_PROXY_ADMIN_PASSWORD=$(echo $data | jq -r '.data.proxy_password') +export DRS_WEBCONSOLE_USER=$(echo $data | jq -r '.data.webconsole_account.user') +export DRS_WEBCONSOLE_PASSWORD=$(echo $data | jq -r '.data.webconsole_account.password') + +# 将dns ip添加到nameserver +awk -F, '{for(i=1; i<=NF; i++) print "nameserver " $i}' shard_env/dns_ip > dns_nameserver.conf +cp /etc/resolv.conf /etc/resolv.conf.bak +cat dns_nameserver.conf /etc/resolv.conf.bak > /etc/resolv.conf + +# 启动drs +./db-remote-service diff --git a/dbm-ui/backend/db_proxy/container/nginx/Dockerfile b/dbm-ui/backend/db_proxy/container/nginx/Dockerfile new file mode 100644 index 0000000000..22da0d4431 --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/nginx/Dockerfile @@ -0,0 +1,20 @@ +FROM mirrors.tencent.com/build/blueking/dbmedium:latest as medium + +FROM debian:bookworm-slim + +## 更新包列表并安装 cron 和 gettext-base +RUN apt-get update && \ + apt-get install -y cron gettext-base curl jq && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +## 获取nginx介质 +COPY --from=medium /app/medium/cloud/cloud-nginx/*/nginx-portable.tgz /data/install/ +COPY ./start.bash ./nginx-tpl.conf ./dbm.html ./crond.bash /data/install/ + +WORKDIR /data/install + +RUN chmod -R 755 /data/install/ + +## 启动nginx服务 +ENTRYPOINT ["/bin/bash", "-c", "service cron start && /data/install/start.bash"] diff --git a/dbm-ui/backend/db_proxy/container/nginx/crond.bash b/dbm-ui/backend/db_proxy/container/nginx/crond.bash new file mode 100644 index 0000000000..41e355744d --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/nginx/crond.bash @@ -0,0 +1,39 @@ +#!/bin/bash +path=/usr/local/bkdb + +# nginx定时拉取大数据配置,这里只考虑直连区域 +data=$( +curl -XPOST "$BK_DBM_URL/apis/proxypass/cloud/pull_nginx_conf/" \ + --header "Content-Type: application/json" \ + --data-raw '{ + "bk_cloud_id": 0, + "extension": "NGINX", + "db_cloud_token": "'"$DB_CLOUD_TOKEN"'", + "details": { + "ip": "'"$DBM_NGINX_DOMAIN"'", + "bk_host_id": 0, + "bk_cloud_id": 0 + } + }' +) +echo "$data" | jq -c '.data[]' | while read -r item; do + file_name=$(echo "$item" | jq -r '.file_name') + file_content=$(echo "$item" | jq -r '.content') + # 创建文件并写入内容 + echo "$file_content" > "$path/nginx-portable/conf/cluster_service/$file_name" +done +# 重启nginx +$path/nginx-portable/nginx-portable stop +$path/nginx-portable/nginx-portable start + +# nginx日志文件的定时清理,设置最大日志为100MB +nginx_log_path="$path/nginx-portable/logs" +max_log_size=$((100 * 1024 * 1024)) +access_log_size=$(stat -c%s "$path/nginx-portable/logs/access.log") +if [ "$access_log_size" -gt "$max_log_size" ]; then + echo > $nginx_log_path/access.log; +fi +err_log_size=$(stat -c%s "$path/nginx-portable/logs/error.log") +if [ "$err_log_size" -gt "$max_log_size" ]; then + echo > $nginx_log_path/err_log_size.log; +fi diff --git a/dbm-ui/backend/db_proxy/container/nginx/dbm.html b/dbm-ui/backend/db_proxy/container/nginx/dbm.html new file mode 100644 index 0000000000..3e56daa0eb --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/nginx/dbm.html @@ -0,0 +1,12 @@ + + + + + + DBM Nginx Page + + +

Hello, this is an example page!

+

Welcome to our nginx service.

+ + diff --git a/dbm-ui/backend/db_proxy/container/nginx/nginx-tpl.conf b/dbm-ui/backend/db_proxy/container/nginx/nginx-tpl.conf new file mode 100644 index 0000000000..420b156018 --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/nginx/nginx-tpl.conf @@ -0,0 +1,23 @@ +user root; +events { + worker_connections 65535; +} +http { + # 基础配置 + include mime.types; + default_type application/octet-stream; + sendfile on; + + # 转发大数据组件服务 + server { + listen 80; + server_name $DBM_NGINX_DOMAIN; + client_max_body_size 500M; + proxy_connect; + proxy_connect_allow 443 563; + + # 包含到大数据服务的子配置 + include /usr/local/bkdb/nginx-portable/conf/cluster_service/*.conf; + + } +} diff --git a/dbm-ui/backend/db_proxy/container/nginx/start.bash b/dbm-ui/backend/db_proxy/container/nginx/start.bash new file mode 100644 index 0000000000..40e459922e --- /dev/null +++ b/dbm-ui/backend/db_proxy/container/nginx/start.bash @@ -0,0 +1,43 @@ +path=/usr/local/bkdb +mkdir -p $path + +# 写入nginx记录 +curl -XPOST "$BK_DBM_URL/apis/proxypass/cloud/insert/" \ + --header "Content-Type: application/json" \ + --data-raw '{ + "bk_cloud_id": 0, + "extension": "NGINX", + "db_cloud_token": "'"$DB_CLOUD_TOKEN"'", + "details": { + "ip": "'"$DBM_NGINX_DOMAIN"'", + "bk_host_id": 0, + "bk_cloud_id": 0 + } + }' + +# 解压nginx +tar xvf /data/install/nginx-portable.tgz -C $path; +chmod -R 755 $path/nginx-portable/; +mkdir -p $path/nginx-portable/conf/cluster_service/ + +envsubst < /data/install/nginx-tpl.conf > /data/install/nginx.conf +mv /data/install/nginx.conf /data/install/crond.bash $path/nginx-portable/conf/ + +# 注入测试location +mkdir $path/nginx-portable/html/example_service/ +mv /data/install/dbm.html $path/nginx-portable/html/example_service/ +echo -e " +location /example_service/ { + root $path/nginx-portable/html; + index dbm.html; +} +" > $path/nginx-portable/conf/cluster_service/example_service.conf + +# 开启定时任务 +printenv > /etc/environment +crond_script_path=$path/nginx-portable/conf/crond.bash +(crontab -l ; echo "*/5 * * * * $crond_script_path") 2>&1 | grep -v "no crontab" | sort | uniq | crontab - + +# 开启nginx服务 +$path/nginx-portable/nginx-portable start; +tail -f $path/nginx-portable/logs/access.log diff --git a/dbm-ui/backend/db_proxy/nginxconf_tpl.py b/dbm-ui/backend/db_proxy/nginxconf_tpl.py index f5bcbd6828..f43f6bae54 100644 --- a/dbm-ui/backend/db_proxy/nginxconf_tpl.py +++ b/dbm-ui/backend/db_proxy/nginxconf_tpl.py @@ -7,6 +7,34 @@ an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. """ +from jinja2 import Environment, Template + +from backend.db_proxy.models import ClusterExtension +from backend.utils.string import base64_encode + + +def render_nginx_tpl(extension: ClusterExtension, template: Template = None, conf_tpl: str = None, encode=True): + """渲染nginx子配置模板文件""" + if not template: + jinja_env = Environment() + template = jinja_env.from_string(conf_tpl) + + conf_payload = { + "bk_biz_id": extension.bk_biz_id, + "bk_cloud_id": extension.bk_cloud_id, + "db_type": extension.db_type, + "cluster_name": extension.cluster_name, + "service_type": extension.service_type, + "service_url": f"http://{extension.ip}:{extension.port}", + } + file_name = f"{extension.bk_biz_id}_{extension.db_type}_{extension.cluster_name}_nginx.conf" + file_content = template.render(conf_payload) + + if encode: + file_content = base64_encode(file_content) + + return {"file_name": file_name, "content": file_content} + es_conf_tpl = """ location /{{bk_biz_id}}/{{db_type}}/{{cluster_name}}/{{service_type}} { diff --git a/dbm-ui/backend/db_proxy/urls.py b/dbm-ui/backend/db_proxy/urls.py index ae2af4aa77..b6074a47b8 100644 --- a/dbm-ui/backend/db_proxy/urls.py +++ b/dbm-ui/backend/db_proxy/urls.py @@ -12,6 +12,7 @@ from rest_framework.routers import DefaultRouter from backend.db_proxy.views.bkrepo.views import BKRepoProxyPassViewSet +from backend.db_proxy.views.cloud.views import CloudProxyPassViewSet from backend.db_proxy.views.db_meta.views import DBMetaApiProxyPassViewSet from backend.db_proxy.views.db_remote_service.views import DRSApiProxyPassViewSet from backend.db_proxy.views.dbconfig.views import DBConfigProxyPassViewSet @@ -37,5 +38,6 @@ routers.register(r"", JobApiProxyPassViewSet, basename="jobapi") routers.register(r"", DumperProxyPassViewSet, basename="dumper") routers.register(r"", DBPrivProxyPassViewSet, basename="dbpriv") +routers.register(r"cloud", CloudProxyPassViewSet, basename="cloud") urlpatterns = routers.urls diff --git a/dbm-ui/backend/db_proxy/views/cloud/__init__.py b/dbm-ui/backend/db_proxy/views/cloud/__init__.py new file mode 100644 index 0000000000..aa5085c628 --- /dev/null +++ b/dbm-ui/backend/db_proxy/views/cloud/__init__.py @@ -0,0 +1,10 @@ +# -*- coding: utf-8 -*- +""" +TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-DB管理系统(BlueKing-BK-DBM) available. +Copyright (C) 2017-2023 THL A29 Limited, a Tencent company. All rights reserved. +Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License. +You may obtain a copy of the License at https://opensource.org/licenses/MIT +Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on +an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +specific language governing permissions and limitations under the License. +""" diff --git a/dbm-ui/backend/db_proxy/views/cloud/serializers.py b/dbm-ui/backend/db_proxy/views/cloud/serializers.py new file mode 100644 index 0000000000..e8bf9b1df9 --- /dev/null +++ b/dbm-ui/backend/db_proxy/views/cloud/serializers.py @@ -0,0 +1,21 @@ +# -*- coding: utf-8 -*- +""" +TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-DB管理系统(BlueKing-BK-DBM) available. +Copyright (C) 2017-2023 THL A29 Limited, a Tencent company. All rights reserved. +Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License. +You may obtain a copy of the License at https://opensource.org/licenses/MIT +Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on +an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +specific language governing permissions and limitations under the License. +""" +from django.utils.translation import gettext_lazy as _ +from rest_framework import serializers + +from backend.db_proxy.constants import ExtensionType +from backend.db_proxy.views.serialiers import BaseProxyPassSerializer + + +class InsertDBExtensionSerializer(BaseProxyPassSerializer): + bk_cloud_id = serializers.IntegerField(help_text=_("云区域ID"), default=0) + extension = serializers.ChoiceField(help_text=_("扩展类型"), choices=ExtensionType.get_choices()) + details = serializers.JSONField(help_text=_("详情")) diff --git a/dbm-ui/backend/db_proxy/views/cloud/views.py b/dbm-ui/backend/db_proxy/views/cloud/views.py new file mode 100644 index 0000000000..fd2abd34ab --- /dev/null +++ b/dbm-ui/backend/db_proxy/views/cloud/views.py @@ -0,0 +1,145 @@ +# -*- coding: utf-8 -*- +""" +TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-DB管理系统(BlueKing-BK-DBM) available. +Copyright (C) 2017-2022 THL A29 Limited, a Tencent company. All rights reserved. +Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License. +You may obtain a copy of the License at https://opensource.org/licenses/MIT +Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on +an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +specific language governing permissions and limitations under the License. +""" + +from typing import Any, Dict, List + +from django.utils.translation import ugettext_lazy as _ +from rest_framework.decorators import action +from rest_framework.response import Response + +from backend.bk_web.swagger import common_swagger_auto_schema +from backend.configuration.handlers.password import DBPasswordHandler +from backend.configuration.models import SystemSettings +from backend.db_proxy import nginxconf_tpl +from backend.db_proxy.constants import SWAGGER_TAG, ExtensionAccountEnum, ExtensionServiceStatus, ExtensionType +from backend.db_proxy.models import ClusterExtension, DBCloudProxy, DBExtension +from backend.db_proxy.views.cloud.serializers import InsertDBExtensionSerializer +from backend.db_proxy.views.serialiers import BaseProxyPassSerializer +from backend.db_proxy.views.views import BaseProxyPassViewSet +from backend.flow.consts import MySQLPrivComponent, UserName + + +class CloudProxyPassViewSet(BaseProxyPassViewSet): + """ + 云区域组件接口的透传视图 + """ + + @common_swagger_auto_schema( + operation_summary=_("[容器化]写入云区域组件记录"), + request_body=InsertDBExtensionSerializer(), + tags=[SWAGGER_TAG], + ) + @action(methods=["POST"], serializer_class=InsertDBExtensionSerializer, detail=False) + def insert(self, request, *args, **kwargs): + data = self.params_validate(self.get_serializer_class()) + + output_info = {} + bk_cloud_id, extension_type = data["bk_cloud_id"], data["extension"] + extension = DBExtension.objects.filter(bk_cloud_id=bk_cloud_id, extension=extension_type) + bkm_dbm_report = SystemSettings.get_setting_value(key="BKM_DBM_REPORT") + + def insert_nginx(): + if extension.exists(): + return + # nginx需要写入代理信息 + ip = data["details"]["ip"] + DBCloudProxy.objects.create(bk_cloud_id=data["bk_cloud_id"], internal_address=ip, external_address=ip) + DBExtension(**data, status=ExtensionServiceStatus.RUNNING).save() + + def insert_dns(): + if extension.exists(): + return + DBExtension(**data, status=ExtensionServiceStatus.RUNNING).save() + output_info.update(bkm_dbm_report=bkm_dbm_report) + + def insert_drs(): + if not extension.exists(): + # drs随机生成账号/密码 + drs_account = ExtensionAccountEnum.generate_random_account(bk_cloud_id) + web_account = ExtensionAccountEnum.generate_random_account(bk_cloud_id) + data["details"].update( + user=drs_account["encrypt_user"], + pwd=drs_account["encrypt_password"], + webconsole_user=web_account["encrypt_user"], + webconsole_pwd=web_account["encrypt_password"], + ) + DBExtension(**data, status=ExtensionServiceStatus.RUNNING).save() + else: + drs = extension.first() + drs_account = ExtensionAccountEnum.get_account_info(bk_cloud_id, drs.details, "user", "pwd") + web_account = ExtensionAccountEnum.get_account_info( + bk_cloud_id, drs.details, "webconsole_user", "webconsole_pwd" + ) + # drs proxy密码 + proxy_password = DBPasswordHandler.get_component_password(UserName.PROXY, MySQLPrivComponent.PROXY) + output_info.update(drs_account=drs_account, webconsole_account=web_account, proxy_password=proxy_password) + + def insert_dbha(): + # 获取dbha的account信息 + def get_dbha_account(): + if not extension.exists(): + return ExtensionAccountEnum.generate_random_account(bk_cloud_id) + gm = extension.first().details + return ExtensionAccountEnum.get_account_info(bk_cloud_id, gm, "user", "pwd") + + # 插入dbha记录 + dbha_account = get_dbha_account() + dbha_type, ip = data["details"]["dbha_type"], data["details"]["ip"] + if not extension.filter(details__dbha_type=dbha_type, details__ip=ip).count(): + data["details"].update(user=dbha_account["encrypt_user"], pwd=dbha_account["encrypt_password"]) + DBExtension(**data, status=ExtensionServiceStatus.RUNNING).save() + # 获取proxy密码和mysql os密码 + dbha_password_map = DBPasswordHandler.batch_query_components_password( + components=[ + {"username": UserName.PROXY, "component": MySQLPrivComponent.PROXY}, + {"username": UserName.OS_MYSQL, "component": MySQLPrivComponent.MYSQL}, + ] + ) + output_info.update( + dbha_account=dbha_account, + proxy_password=dbha_password_map[UserName.PROXY][MySQLPrivComponent.PROXY], + mysql_os_password=dbha_password_map[UserName.OS_MYSQL][MySQLPrivComponent.MYSQL], + bkm_dbm_report=bkm_dbm_report, + ) + + if extension_type == ExtensionType.NGINX: + insert_nginx() + elif extension_type == ExtensionType.DNS: + insert_dns() + elif extension_type == ExtensionType.DRS: + insert_drs() + elif extension_type == ExtensionType.DBHA: + insert_dbha() + + return Response(output_info) + + @common_swagger_auto_schema( + operation_summary=_("[容器化]获取云区域nginx子配置文件"), + request_body=BaseProxyPassSerializer(), + tags=[SWAGGER_TAG], + ) + @action(methods=["POST"], detail=False, serializer_class=BaseProxyPassSerializer) + def pull_nginx_conf(self, request, *args, **kwargs): + bk_cloud_id = self.params_validate(self.get_serializer_class())["bk_cloud_id"] + # 目前子配置只有大数据转发,并且考虑社区化部署集群量较少,这里就全量拉去更新 + cluster_extensions = ClusterExtension.objects.filter(bk_cloud_id=bk_cloud_id) + proxy = DBCloudProxy.objects.filter(bk_cloud_id=bk_cloud_id).last() + file_list: List[Dict[str, Any]] = [] + for extension in cluster_extensions: + conf_tpl = getattr(nginxconf_tpl, f"{extension.db_type}_conf_tpl", None) + # 当前组件无子配置,忽略 + if not conf_tpl: + continue + file_list.append(nginxconf_tpl.render_nginx_tpl(conf_tpl=conf_tpl, extension=extension, encode=False)) + # 保存访问地址 + if not extension.access_url: + extension.save_access_url(nginx_url=f"{proxy.external_address}:{80}") + return Response(file_list) diff --git a/dbm-ui/backend/env/__init__.py b/dbm-ui/backend/env/__init__.py index 6bec572265..dffbe3f312 100644 --- a/dbm-ui/backend/env/__init__.py +++ b/dbm-ui/backend/env/__init__.py @@ -81,6 +81,7 @@ BK_APIGW_RESOURCE_DOCS_BASE_DIR = get_type_env( key="BK_APIGW_RESOURCE_DOCS_BASE_DIR", _type=str, default="backend/docs/apigw" ) +APIGW_PUBLIC_KEY = get_type_env(key="APIGW_PUBLIC_KEY", _type=str, default="") ENVIRONMENT = get_type_env(key="BKPAAS_ENVIRONMENT", default="prod", _type=str) @@ -152,8 +153,8 @@ MANAGE_PORT = get_type_env(key="MANAGE_PORT", _type=int, default=8080) # nginx转发dbm的地址(如果没有则取BK_SAAS_HOST) DBM_EXTERNAL_ADDRESS = get_type_env(key="DBM_EXTERNAL_ADDRESS", _type=str, default=BK_SAAS_HOST) - -APIGW_PUBLIC_KEY = get_type_env(key="APIGW_PUBLIC_KEY", _type=str, default="") +# 云区域容器化开关 +CLOUD_CONTAINER_ENABLE = get_type_env(key="CLOUD_CONTAINER_ENABLE", _type=str, default=False) # 版本号 APP_VERSION = get_type_env(key="APP_VERSION", _type=str, default="") diff --git a/dbm-ui/backend/env/dev.py b/dbm-ui/backend/env/dev.py index 7d20af3158..088ae481b6 100644 --- a/dbm-ui/backend/env/dev.py +++ b/dbm-ui/backend/env/dev.py @@ -20,8 +20,6 @@ TEST_ACCESS_HOSTS = get_type_env(key="TEST_ACCESS_HOSTS", _type=list, default=[]) WEBCONSOLE_USERNAME = get_type_env(key="WEBCONSOLE_USERNAME", _type=str, default="") WEBCONSOLE_PASSWORD = get_type_env(key="WEBCONSOLE_PASSWORD", _type=str, default="") -PARTITION_YW_USERNAME = get_type_env(key="PARTITION_YW_USERNAME", _type=str, default="") -PARTITION_YW_PASSWORD = get_type_env(key="PARTITION_YW_PASSWORD", _type=str, default="") # 资源池伪造开关 FAKE_RESOURCE_APPLY_ENABLE = get_type_env(key="FAKE_RESOURCE_APPLY_ENABLE", _type=bool, default=False) diff --git a/dbm-ui/backend/flow/engine/bamboo/scene/cloud/base_service_flow.py b/dbm-ui/backend/flow/engine/bamboo/scene/cloud/base_service_flow.py index d594fbcffd..3350912e99 100644 --- a/dbm-ui/backend/flow/engine/bamboo/scene/cloud/base_service_flow.py +++ b/dbm-ui/backend/flow/engine/bamboo/scene/cloud/base_service_flow.py @@ -13,11 +13,8 @@ from typing import Any, Dict, List, Optional, Union from bamboo_engine.builder import SubProcess -from django.utils.crypto import get_random_string from django.utils.translation import ugettext as _ -from backend.core.encrypt.constants import AsymmetricCipherConfigType -from backend.core.encrypt.handlers import AsymmetricHandler from backend.db_proxy.constants import ExtensionAccountEnum from backend.flow.consts import CloudServiceConfFileEnum, CloudServiceName from backend.flow.engine.bamboo.scene.common.builder import Builder, SubBuilder @@ -65,15 +62,20 @@ def __init__(self, root_id: str, data: Optional[Dict]): def _get_or_generate_usr_pwd(self, service: CloudServiceName): """获取drs和dbha的账户""" - rsa_cloud_name = AsymmetricCipherConfigType.get_cipher_cloud_name(self.data["bk_cloud_id"]) + bk_cloud_id = self.data["bk_cloud_id"] - def _fetch_usr_pwd(info, user_key, pwd_key): + def _fetch_usr_pwd(info, u_key, p_key): # 若任意一台主机信息包含用户/密码,则沿用直接返回解密原始账户或密码,否则生成 - user = info.get(user_key, AsymmetricHandler.encrypt(name=rsa_cloud_name, content=get_random_string(8))) - pwd = info.get(pwd_key, AsymmetricHandler.encrypt(name=rsa_cloud_name, content=get_random_string(16))) - plain_user = AsymmetricHandler.decrypt(name=rsa_cloud_name, content=user) - plain_pwd = AsymmetricHandler.decrypt(name=rsa_cloud_name, content=pwd) - return {user_key: user, pwd_key: pwd, f"plain_{user_key}": plain_user, f"plain_{pwd_key}": plain_pwd} + if info.get(u_key) and info.get(p_key): + account = ExtensionAccountEnum.get_account_info(bk_cloud_id, info, u_key, p_key) + else: + account = ExtensionAccountEnum.generate_random_account(bk_cloud_id) + return { + u_key: account["encrypt_user"], + p_key: account["encrypt_password"], + f"plain_{u_key}": account["user"], + f"plain_{p_key}": account["password"], + } # 获取部署组件的主机信息 host_infos = self.data[service] @@ -84,9 +86,11 @@ def _fetch_usr_pwd(info, user_key, pwd_key): host = host_infos["host_infos"][0] # 获取组件的账号密码信息 - account_info = {} - for account_tuple in ExtensionAccountEnum.get_account_tuple_with_service(service): - account_info.update(_fetch_usr_pwd(host, *account_tuple)) + account_info = _fetch_usr_pwd(host, ExtensionAccountEnum.USER, ExtensionAccountEnum.PWD) + if service == CloudServiceName.DRS: + web_acc = _fetch_usr_pwd(host, ExtensionAccountEnum.WEBCONSOLE_USER, ExtensionAccountEnum.WEBCONSOLE_PWD) + account_info.update(web_acc) + return account_info @staticmethod diff --git a/dbm-ui/backend/flow/engine/bamboo/scene/cloud/dbha_service_flow.py b/dbm-ui/backend/flow/engine/bamboo/scene/cloud/dbha_service_flow.py index fac6f0c2a8..7494e332cb 100644 --- a/dbm-ui/backend/flow/engine/bamboo/scene/cloud/dbha_service_flow.py +++ b/dbm-ui/backend/flow/engine/bamboo/scene/cloud/dbha_service_flow.py @@ -124,7 +124,7 @@ def service_apply_flow(self): pipeline=dbha_pipeline, proxy_func_name=CloudDBProxy.cloud_dbha_apply.__name__, host_infos=[*self.data["dbha"]["agent"], *self.data["dbha"]["gm"]], - host_kwargs=ExtensionAccountEnum.get_account_in_info(asdict(dbha_kwargs)), + host_kwargs=ExtensionAccountEnum.get_account_map(asdict(dbha_kwargs)), ) dbha_pipeline.run_pipeline() diff --git a/dbm-ui/backend/flow/engine/bamboo/scene/cloud/drs_service_flow.py b/dbm-ui/backend/flow/engine/bamboo/scene/cloud/drs_service_flow.py index 7e960b7dd0..2fd3194d40 100644 --- a/dbm-ui/backend/flow/engine/bamboo/scene/cloud/drs_service_flow.py +++ b/dbm-ui/backend/flow/engine/bamboo/scene/cloud/drs_service_flow.py @@ -63,7 +63,7 @@ def service_apply_flow(self): pipeline=drs_pipeline, proxy_func_name=CloudDBProxy.cloud_drs_apply.__name__, host_infos=drs_apply_host_infos, - host_kwargs=ExtensionAccountEnum.get_account_in_info(asdict(drs_kwargs)), + host_kwargs=ExtensionAccountEnum.get_account_map(asdict(drs_kwargs)), ) drs_pipeline.run_pipeline() diff --git a/dbm-ui/backend/flow/utils/cloud/script_template/dbha_template.py b/dbm-ui/backend/flow/utils/cloud/script_template/dbha_template.py index ce377274b0..f3dc1700d4 100644 --- a/dbm-ui/backend/flow/utils/cloud/script_template/dbha_template.py +++ b/dbm-ui/backend/flow/utils/cloud/script_template/dbha_template.py @@ -15,7 +15,7 @@ log_path: "./log" log_level: "LOG_DEBUG" log_maxsize: 512 - log_maxbackups: 5 + log_maxbackups: 100 log_maxage: 30 log_compress: true agent_conf: @@ -144,7 +144,7 @@ log_path: "./log" log_level: "LOG_DEBUG" log_maxsize: 512 - log_maxbackups: 5 + log_maxbackups: 100 log_maxage: 30 log_compress: true agent_conf: diff --git a/dbm-ui/backend/iam_app/handlers/drf_perm/proxypass.py b/dbm-ui/backend/iam_app/handlers/drf_perm/proxypass.py index 12c8464d43..6f10060dc9 100644 --- a/dbm-ui/backend/iam_app/handlers/drf_perm/proxypass.py +++ b/dbm-ui/backend/iam_app/handlers/drf_perm/proxypass.py @@ -10,6 +10,7 @@ """ import binascii +from django.conf import settings from django.utils.translation import ugettext as _ from rest_framework import permissions from rest_framework.exceptions import PermissionDenied @@ -28,6 +29,10 @@ class ProxyPassPermission(permissions.BasePermission): @classmethod def verify_token(cls, db_cloud_token, bk_cloud_id): + # 兼容云区域容器化,app_code:app_secret的鉴权模式 + if db_cloud_token == f"{settings.APP_CODE}:{settings.APP_TOKEN}": + return + try: token = AsymmetricHandler.decrypt(name=AsymmetricCipherConfigType.PROXYPASS.value, content=db_cloud_token) except (RSADecryptException, binascii.Error, KeyError, IndexError): diff --git a/dbm-ui/backend/ticket/builders/cloud/base.py b/dbm-ui/backend/ticket/builders/cloud/base.py index 1d190345f6..e687416ab8 100644 --- a/dbm-ui/backend/ticket/builders/cloud/base.py +++ b/dbm-ui/backend/ticket/builders/cloud/base.py @@ -98,7 +98,7 @@ def padding_account_info(cls, bk_cloud_id, host_infos, extension_type): extension_type = ExtensionType.DBHA ext = DBExtension.get_latest_extension(bk_cloud_id=bk_cloud_id, extension_type=extension_type) - account_info = ExtensionAccountEnum.get_account_in_info(ext.details) + account_info = ExtensionAccountEnum.get_account_map(ext.details) for host in host_infos: host.update(account_info) diff --git a/helm-charts/bk-dbm/Chart.lock b/helm-charts/bk-dbm/Chart.lock index add41b2702..bc281186f1 100644 --- a/helm-charts/bk-dbm/Chart.lock +++ b/helm-charts/bk-dbm/Chart.lock @@ -32,9 +32,6 @@ dependencies: - name: db-simulation repository: file://charts/db-simulation version: 0.1.11 -- name: db-remote-service - repository: file://charts/db-remote-service - version: 0.9.5 - name: db-dns-api repository: file://charts/db-dns-api version: 0.1.7 @@ -56,5 +53,17 @@ dependencies: - name: backup-consumer repository: file://charts/backup-consumer version: 0.0.3 -digest: sha256:31236606c1f0aa272b43c84f98bff88edb54144c6df8d1a07f0b5e9f93f20156 -generated: "2024-08-13T19:01:07.629281+08:00" +- name: db-remote-service + repository: file://charts/db-remote-service + version: 0.9.5 +- name: db-dns + repository: file://charts/db-dns + version: 0.1.0 +- name: db-nginx + repository: file://charts/db-nginx + version: 0.1.0 +- name: db-dbha + repository: file://charts/db-dbha + version: 0.1.0 +digest: sha256:505dce199e12c74e5852a426b8997b2c527c43c5cba321aebc58ef1040b43ff6 +generated: "2024-08-28T19:45:11.596886126+08:00" diff --git a/helm-charts/bk-dbm/Chart.yaml b/helm-charts/bk-dbm/Chart.yaml index 76e4830c32..a03f8bf182 100644 --- a/helm-charts/bk-dbm/Chart.yaml +++ b/helm-charts/bk-dbm/Chart.yaml @@ -44,10 +44,6 @@ dependencies: name: db-simulation repository: file://charts/db-simulation version: 0.1.11 - - condition: db-remote-service.enabled - name: db-remote-service - repository: file://charts/db-remote-service - version: 0.9.5 - condition: db-dns-api.enabled name: db-dns-api repository: file://charts/db-dns-api @@ -76,6 +72,22 @@ dependencies: name: backup-consumer repository: file://charts/backup-consumer version: 0.0.3 + - condition: global.cloudContainer + name: db-remote-service + repository: file://charts/db-remote-service + version: 0.9.5 + - condition: global.cloudContainer + name: db-dns + repository: file://charts/db-dns + version: 0.1.0 + - condition: global.cloudContainer + name: db-nginx + repository: file://charts/db-nginx + version: 0.1.0 + - condition: global.cloudContainer + name: db-dbha + repository: file://charts/db-dbha + version: 0.1.0 description: A Helm chart for bk-dbm name: bk-dbm type: application diff --git a/helm-charts/bk-dbm/charts/db-dbha/.helmignore b/helm-charts/bk-dbm/charts/db-dbha/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dbha/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm-charts/bk-dbm/charts/db-dbha/Chart.yaml b/helm-charts/bk-dbm/charts/db-dbha/Chart.yaml new file mode 100644 index 0000000000..65d95cdec8 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dbha/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: 0.0.1-alpha.18 +description: A Helm chart for Kubernetes +name: db-dbha +version: 0.1.0 diff --git a/helm-charts/bk-dbm/charts/db-dbha/templates/NOTES.txt b/helm-charts/bk-dbm/charts/db-dbha/templates/NOTES.txt new file mode 100644 index 0000000000..e69de29bb2 diff --git a/helm-charts/bk-dbm/charts/db-dbha/templates/_helpers.tpl b/helm-charts/bk-dbm/charts/db-dbha/templates/_helpers.tpl new file mode 100644 index 0000000000..ff3ef72f00 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dbha/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* Expand the name of the chart. */}} +{{- define "db-dbha.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "db-dbha.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* define related component name */}} +{{- define "db-dbha.component.fullname" -}} +{{- $root := first . -}} +{{- $type := last . -}} +{{- printf "%s-%s" (include "db-dbha.fullname" $root) $type -}} +{{- end -}} + +{{/* Create chart name and version as used by the chart label. */}} +{{- define "db-dbha.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* Common labels */}} +{{- define "db-dbha.labels" -}} +app.kubernetes.io/name: {{ include "db-dbha.name" . }} +helm.sh/chart: {{ include "db-dbha.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* Selector labels */}} +{{- define "db-dbha.selectorLabels" -}} +app.kubernetes.io/name: {{ include "db-dbha.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* Create the name of the service account to use */}} +{{- define "db-dbha.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "db-dbha.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + diff --git a/helm-charts/bk-dbm/charts/db-dbha/templates/deployments/agent.yaml b/helm-charts/bk-dbm/charts/db-dbha/templates/deployments/agent.yaml new file mode 100644 index 0000000000..d6927316b5 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dbha/templates/deployments/agent.yaml @@ -0,0 +1,71 @@ +{{- $dbhaType := "agent" -}} +{{- $agentComponentName := (include "db-dbha.component.fullname" (list . "agent")) -}} +{{- $gmComponentName := (include "db-dbha.component.fullname" (list . "gm")) -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $agentComponentName }} + labels: + {{ include "db-dbha.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.agentReplicaCount }} + selector: + matchLabels: + {{- include "db-dbha.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: {{ $agentComponentName }} + template: + metadata: + annotations: + reloader.stakater.com/auto: "true" + labels: + {{- include "db-dbha.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: {{ $agentComponentName }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "db-dns.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + {{- include "initContainersWaitFor" (list . $gmComponentName) | nindent 8}} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + env: + {{- if .Values.envs -}} + {{- include "envs" . | trim | nindent 12 }} + {{- end }} + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DBHA_TYPE + value: {{ $dbhaType }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.extraEnvVarsCM }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm-charts/bk-dbm/charts/db-dbha/templates/deployments/gm.yaml b/helm-charts/bk-dbm/charts/db-dbha/templates/deployments/gm.yaml new file mode 100644 index 0000000000..835d186a42 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dbha/templates/deployments/gm.yaml @@ -0,0 +1,78 @@ +{{- $dbhaType := "gm" -}} +{{- $gmComponentName := (include "db-dbha.component.fullname" (list . "gm")) -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $gmComponentName }} + labels: + {{ include "db-dbha.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.gmReplicaCount }} + selector: + matchLabels: + {{- include "db-dbha.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: {{ $gmComponentName }} + template: + metadata: + annotations: + reloader.stakater.com/auto: "true" + labels: + {{- include "db-dbha.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: {{ $gmComponentName }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "db-dbha.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + {{- include "initContainersWaitFor" (list . "bk-dbm-backend-api") | nindent 8}} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + protocol: TCP + containerPort: 50000 + env: + {{- if .Values.envs -}} + {{- include "envs" . | trim | nindent 6 }} + {{- end }} + - name: NODE_IP + value: {{ $gmComponentName }} + - name: DBHA_TYPE + value: {{ $dbhaType }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.extraEnvVarsCM }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + affinity: + {{- with .Values.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + # gm要求调度到不同的节点 + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - {{ $gmComponentName }} + topologyKey: "kubernetes.io/hostname" + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm-charts/bk-dbm/charts/db-dbha/templates/service.yaml b/helm-charts/bk-dbm/charts/db-dbha/templates/service.yaml new file mode 100644 index 0000000000..c113c3f44d --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dbha/templates/service.yaml @@ -0,0 +1,17 @@ +{{- $gmComponentName := (include "db-dbha.component.fullname" (list . "gm")) -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ $gmComponentName }} + labels: + {{- include "db-dbha.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.gmPort }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "db-dbha.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: {{ $gmComponentName }} diff --git a/helm-charts/bk-dbm/charts/db-dbha/templates/serviceaccount.yaml b/helm-charts/bk-dbm/charts/db-dbha/templates/serviceaccount.yaml new file mode 100644 index 0000000000..773ec8671d --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dbha/templates/serviceaccount.yaml @@ -0,0 +1,41 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "db-dbha.serviceAccountName" . }} + labels: + {{- include "db-dbha.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "db-dbha.fullname" . }}-role +rules: +- apiGroups: + - batch + - "" + resources: + - jobs + - pods + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "db-dbha.fullname" . }}-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "db-dbha.fullname" . }}-role +subjects: +- kind: ServiceAccount + name: {{ include "db-dbha.serviceAccountName" . }} + namespace: {{ default "default" .Release.Namespace }} +{{- end }} diff --git a/helm-charts/bk-dbm/charts/db-dbha/templates/servicemonitor.yaml b/helm-charts/bk-dbm/charts/db-dbha/templates/servicemonitor.yaml new file mode 100644 index 0000000000..df33952d4a --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dbha/templates/servicemonitor.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.global.serviceMonitor.enabled .Values.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "db-dbha.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "db-dbha.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "db-dbha.selectorLabels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - interval: 30s + params: {} + path: /metrics + port: http +{{- end -}} \ No newline at end of file diff --git a/helm-charts/bk-dbm/charts/db-dbha/values.yaml b/helm-charts/bk-dbm/charts/db-dbha/values.yaml new file mode 100644 index 0000000000..fc55bcdbfa --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dbha/values.yaml @@ -0,0 +1,65 @@ +# Default values for db-nginx-api. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# gm推荐副本2,agent推荐副本1,如果实例数多可以拓展agent数量 +gmReplicaCount: 2 +agentReplicaCount: 1 + +image: + registry: "mirrors.tencent.com" + repository: "build/blueking/cloud-dbha" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: + privileged: true + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +service: + type: ClusterIP + gmPort: 50000 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +tolerations: [] + +affinity: {} + +envs: {} + +nodeSelector: {} + +# 容器内指标采集 +serviceMonitor: + enabled: false +# 容器内日志采集,APM本身不需要,配置保留为方便后期开启服务本身的日志采集 +bkLogConfig: + enabled: false + dataId: 1 diff --git a/helm-charts/bk-dbm/charts/db-dns/.helmignore b/helm-charts/bk-dbm/charts/db-dns/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dns/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm-charts/bk-dbm/charts/db-dns/Chart.yaml b/helm-charts/bk-dbm/charts/db-dns/Chart.yaml new file mode 100644 index 0000000000..9dc08bb19e --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dns/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: 0.0.1-alpha.18 +description: A Helm chart for Kubernetes +name: db-dns +version: 0.1.0 diff --git a/helm-charts/bk-dbm/charts/db-dns/templates/NOTES.txt b/helm-charts/bk-dbm/charts/db-dns/templates/NOTES.txt new file mode 100644 index 0000000000..e69de29bb2 diff --git a/helm-charts/bk-dbm/charts/db-dns/templates/_helpers.tpl b/helm-charts/bk-dbm/charts/db-dns/templates/_helpers.tpl new file mode 100644 index 0000000000..1c8d301356 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dns/templates/_helpers.tpl @@ -0,0 +1,132 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "db-dns.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "db-dns.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "db-dns.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "db-dns.labels" -}} +app.kubernetes.io/name: {{ include "db-dns.name" . }} +helm.sh/chart: {{ include "db-dns.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "db-dns.selectorLabels" -}} +app.kubernetes.io/name: {{ include "db-dns.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "db-dns.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "db-dns.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +environment variables +*/}} +{{- define "envs" -}} +{{- range $key, $val := .Values.envs }} +- name: {{ $key }} + value: {{ $val | quote }} +{{- end }} +{{- end }} + +{{- define "k8sEnvs" -}} +- name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP +{{- end}} + + +{{- define "db-dns-podSpec" -}} +{{- with .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- toYaml . | nindent 8 }} +{{- end }} +serviceAccountName: {{ include "db-dns.serviceAccountName" . }} +securityContext: +{{- toYaml .Values.podSecurityContext | nindent 2 }} +initContainers: +{{- include "initContainersWaitFor" (list . "bk-dbm-backend-api") | nindent 2}} +containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 6 }} + image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 53 + hostPort: 53 + protocol: UDP + - containerPort: 53 + hostPort: 53 + protocol: TCP + env: + {{- include "k8sEnvs" . | nindent 6}} + {{- if .Values.envs -}} + {{- include "envs" . | trim | nindent 6 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.extraEnvVarsCM }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 6 }} +{{- with .Values.nodeSelector }} +nodeSelector: +{{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.affinity }} +affinity: +{{- toYaml . | nindent 2 }} +{{- end }} +{{- with .Values.tolerations }} +tolerations: +{{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/helm-charts/bk-dbm/charts/db-dns/templates/daemonset.yaml b/helm-charts/bk-dbm/charts/db-dns/templates/daemonset.yaml new file mode 100644 index 0000000000..514f403e2a --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dns/templates/daemonset.yaml @@ -0,0 +1,20 @@ +{{- if .Values.daemonRunning.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "db-dns.fullname" . }} + labels: + {{ include "db-dns.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "db-dns.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + reloader.stakater.com/auto: "true" + labels: + {{- include "db-dns.selectorLabels" . | nindent 8 }} + spec: + {{- include "db-dns-podSpec" . | nindent 6 }} +{{- end }} \ No newline at end of file diff --git a/helm-charts/bk-dbm/charts/db-dns/templates/deployment.yaml b/helm-charts/bk-dbm/charts/db-dns/templates/deployment.yaml new file mode 100644 index 0000000000..b5adadb6eb --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dns/templates/deployment.yaml @@ -0,0 +1,21 @@ +{{- if not .Values.daemonRunning.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "db-dns.fullname" . }} + labels: + {{ include "db-dns.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "db-dns.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + reloader.stakater.com/auto: "true" + labels: + {{- include "db-dns.selectorLabels" . | nindent 8 }} + spec: + {{- include "db-dns-podSpec" . | nindent 6 }} +{{- end }} \ No newline at end of file diff --git a/helm-charts/bk-dbm/charts/db-dns/templates/serviceaccount.yaml b/helm-charts/bk-dbm/charts/db-dns/templates/serviceaccount.yaml new file mode 100644 index 0000000000..a88db170de --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dns/templates/serviceaccount.yaml @@ -0,0 +1,41 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "db-dns.serviceAccountName" . }} + labels: + {{- include "db-dns.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "db-dns.fullname" . }}-role +rules: +- apiGroups: + - batch + - "" + resources: + - jobs + - pods + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "db-dns.fullname" . }}-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "db-dns.fullname" . }}-role +subjects: +- kind: ServiceAccount + name: {{ include "db-dns.serviceAccountName" . }} + namespace: {{ default "default" .Release.Namespace }} +{{- end }} diff --git a/helm-charts/bk-dbm/charts/db-dns/templates/servicemonitor.yaml b/helm-charts/bk-dbm/charts/db-dns/templates/servicemonitor.yaml new file mode 100644 index 0000000000..10338540d0 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dns/templates/servicemonitor.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.global.serviceMonitor.enabled .Values.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "db-dns.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "db-dns.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "db-dns.selectorLabels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - interval: 30s + params: {} + path: /metrics + port: http +{{- end -}} \ No newline at end of file diff --git a/helm-charts/bk-dbm/charts/db-dns/values.yaml b/helm-charts/bk-dbm/charts/db-dns/values.yaml new file mode 100644 index 0000000000..390d2bea83 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-dns/values.yaml @@ -0,0 +1,63 @@ +# Default values for db-dns-api. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + registry: "mirrors.tencent.com" + repository: "build/blueking/cloud-dns" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +daemonRunning: + enabled: true + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: + privileged: true + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: + cloud-component: dns + +tolerations: [] + +affinity: {} + +envs: {} + +# 容器内指标采集 +serviceMonitor: + enabled: false +# 容器内日志采集,APM本身不需要,配置保留为方便后期开启服务本身的日志采集 +bkLogConfig: + enabled: false + dataId: 1 diff --git a/helm-charts/bk-dbm/charts/db-nginx/.helmignore b/helm-charts/bk-dbm/charts/db-nginx/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-nginx/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm-charts/bk-dbm/charts/db-nginx/Chart.yaml b/helm-charts/bk-dbm/charts/db-nginx/Chart.yaml new file mode 100644 index 0000000000..ecfe0ed62b --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-nginx/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: 0.0.1-alpha.18 +description: A Helm chart for Kubernetes +name: db-nginx +version: 0.1.0 diff --git a/helm-charts/bk-dbm/charts/db-nginx/templates/NOTES.txt b/helm-charts/bk-dbm/charts/db-nginx/templates/NOTES.txt new file mode 100644 index 0000000000..e69de29bb2 diff --git a/helm-charts/bk-dbm/charts/db-nginx/templates/_helpers.tpl b/helm-charts/bk-dbm/charts/db-nginx/templates/_helpers.tpl new file mode 100644 index 0000000000..ee1dcdab9d --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-nginx/templates/_helpers.tpl @@ -0,0 +1,64 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "db-nginx.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "db-nginx.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "db-nginx.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "db-nginx.labels" -}} +app.kubernetes.io/name: {{ include "db-nginx.name" . }} +helm.sh/chart: {{ include "db-nginx.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "db-nginx.selectorLabels" -}} +app.kubernetes.io/name: {{ include "db-nginx.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "db-nginx.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "db-nginx.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/helm-charts/bk-dbm/charts/db-nginx/templates/deployment.yaml b/helm-charts/bk-dbm/charts/db-nginx/templates/deployment.yaml new file mode 100644 index 0000000000..4d8464f290 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-nginx/templates/deployment.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "db-nginx.fullname" . }} + labels: + {{ include "db-nginx.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "db-nginx.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + reloader.stakater.com/auto: "true" + labels: + {{- include "db-nginx.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "db-nginx.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + {{- include "initContainersWaitFor" (list . "bk-dbm-saas-api") | nindent 8}} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.extraEnvVarsCM }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm-charts/bk-dbm/charts/db-nginx/templates/ingress.yaml b/helm-charts/bk-dbm/charts/db-nginx/templates/ingress.yaml new file mode 100644 index 0000000000..13b9229e0e --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-nginx/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "db-nginx.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "db-nginx.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm-charts/bk-dbm/charts/db-nginx/templates/service.yaml b/helm-charts/bk-dbm/charts/db-nginx/templates/service.yaml new file mode 100644 index 0000000000..0aedaa344f --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-nginx/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "db-nginx.fullname" . }} + labels: + {{- include "db-nginx.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "db-nginx.selectorLabels" . | nindent 4 }} diff --git a/helm-charts/bk-dbm/charts/db-nginx/templates/serviceaccount.yaml b/helm-charts/bk-dbm/charts/db-nginx/templates/serviceaccount.yaml new file mode 100644 index 0000000000..a6b3486557 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-nginx/templates/serviceaccount.yaml @@ -0,0 +1,41 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "db-nginx.serviceAccountName" . }} + labels: + {{- include "db-nginx.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "db-nginx.fullname" . }}-role +rules: +- apiGroups: + - batch + - "" + resources: + - jobs + - pods + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "db-nginx.fullname" . }}-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "db-nginx.fullname" . }}-role +subjects: +- kind: ServiceAccount + name: {{ include "db-nginx.serviceAccountName" . }} + namespace: {{ default "default" .Release.Namespace }} +{{- end }} diff --git a/helm-charts/bk-dbm/charts/db-nginx/templates/servicemonitor.yaml b/helm-charts/bk-dbm/charts/db-nginx/templates/servicemonitor.yaml new file mode 100644 index 0000000000..aa11693ad3 --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-nginx/templates/servicemonitor.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.global.serviceMonitor.enabled .Values.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "db-nginx.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "db-nginx.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "db-nginx.selectorLabels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - interval: 30s + params: {} + path: /metrics + port: http +{{- end -}} \ No newline at end of file diff --git a/helm-charts/bk-dbm/charts/db-nginx/values.yaml b/helm-charts/bk-dbm/charts/db-nginx/values.yaml new file mode 100644 index 0000000000..41e670172d --- /dev/null +++ b/helm-charts/bk-dbm/charts/db-nginx/values.yaml @@ -0,0 +1,79 @@ +# Default values for db-nginx-api. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + registry: "mirrors.tencent.com" + repository: "build/blueking/cloud-nginx" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: + privileged: true + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: true + className: "" + annotations: {} + # kubernetes.io/ingress.class: db-nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +tolerations: [] + +affinity: {} + +envs: {} + +nodeSelector: {} + +# 容器内指标采集 +serviceMonitor: + enabled: false +# 容器内日志采集,APM本身不需要,配置保留为方便后期开启服务本身的日志采集 +bkLogConfig: + enabled: false + dataId: 1 diff --git a/helm-charts/bk-dbm/charts/db-remote-service/templates/_helpers.tpl b/helm-charts/bk-dbm/charts/db-remote-service/templates/_helpers.tpl index 1b506c9f03..98f789334e 100644 --- a/helm-charts/bk-dbm/charts/db-remote-service/templates/_helpers.tpl +++ b/helm-charts/bk-dbm/charts/db-remote-service/templates/_helpers.tpl @@ -70,3 +70,29 @@ environment variables value: {{ $val | quote }} {{- end }} {{- end }} + +{{- define "db-remote-service.container_env" -}} +env: + {{- include "dbm.envs" . | trim | nindent 2 }} +envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.extraEnvVarsCM }} + {{- end }} +{{- end }} + +{{- define "db-remote_service.initDnsNodeIp" -}} +- name: init-dns-node-ips + image: bitnami/kubectl:latest + command: ["/bin/sh", "-c"] + args: + - | + #!/bin/sh + LABEL_SELECTOR="cloud-component=dns" + NODE_IPS=$(kubectl get nodes -l $LABEL_SELECTOR -o jsonpath='{.items[*].status.addresses[?(@.type=="InternalIP")].address}') + NODE_IPS_CSV=$(echo $NODE_IPS | tr ' ' ',') + echo $NODE_IPS_CSV > /data/install/shard_env/dns_ip + volumeMounts: + - name: shared-env + mountPath: /data/install/shard_env/ +{{- end }} diff --git a/helm-charts/bk-dbm/charts/db-remote-service/templates/deployment.yaml b/helm-charts/bk-dbm/charts/db-remote-service/templates/deployment.yaml index cb05ca003a..aefbe8c93c 100644 --- a/helm-charts/bk-dbm/charts/db-remote-service/templates/deployment.yaml +++ b/helm-charts/bk-dbm/charts/db-remote-service/templates/deployment.yaml @@ -27,55 +27,25 @@ spec: serviceAccountName: {{ include "db-remote-service.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} - # volumes: - # - - # name: config-volume - # configMap: - # name: {{ include "db-remote-service.fullname" . }} - # items: - # - - # key: logger.yaml - # mode: 420 - # path: path/to/logger.yaml - # - - # key: config.yaml - # mode: 420 - # path: path/to/config.yaml - # defaultMode: 272 + initContainers: + {{- include "initContainersWaitFor" (list . "bk-dbm-saas-api") | nindent 8}} + {{- include "db-remote_service.initDnsNodeIp" . | nindent 8}} containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- include "db-remote-service.container_env" . | nindent 10 }} ports: - name: http containerPort: 80 - protocol: TCP - env: - {{- range $key, $val := .Values.envs }} - - name: {{ $key }} - value: {{ quote $val }} - {{- end }} - # livenessProbe: - # httpGet: - # path: /ping - # port: http - # readinessProbe: - # httpGet: - # path: /ping - # port: http + protocol: TCP resources: {{- toYaml .Values.resources | nindent 12 }} - # volumeMounts: - # - - # name: config-volume - # subPath: path/to/logger.yaml - # mountPath: /conf/logger.yaml - # - - # name: config-volume - # subPath: path/to/config.yaml - # mountPath: /conf/config.yaml + volumeMounts: + - name: shared-env + mountPath: /data/install/shard_env/ {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -88,3 +58,5 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + volumes: + {{- toYaml .Values.volumes | nindent 8}} diff --git a/helm-charts/bk-dbm/charts/db-remote-service/templates/serviceaccount.yaml b/helm-charts/bk-dbm/charts/db-remote-service/templates/serviceaccount.yaml index 747c39e1a5..66109405cf 100644 --- a/helm-charts/bk-dbm/charts/db-remote-service/templates/serviceaccount.yaml +++ b/helm-charts/bk-dbm/charts/db-remote-service/templates/serviceaccount.yaml @@ -9,4 +9,64 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "db-remote-service.fullname" . }}-role +rules: +- apiGroups: + - batch + - "" + resources: + - jobs + - pods + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "db-remote-service.fullname" . }}-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "db-remote-service.fullname" . }}-role +subjects: +- kind: ServiceAccount + name: {{ include "db-remote-service.serviceAccountName" . }} + namespace: {{ default "default" .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "db-remote-service.fullname" . }}-cluster-role +rules: +- apiGroups: + - batch + - "" + resources: + - jobs + - pods + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "db-remote-service.fullname" . }}-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "db-remote-service.fullname" . }}-cluster-role +subjects: +- kind: ServiceAccount + name: {{ include "db-remote-service.serviceAccountName" . }} + namespace: {{ default "default" .Release.Namespace }} {{- end }} diff --git a/helm-charts/bk-dbm/charts/db-remote-service/values.yaml b/helm-charts/bk-dbm/charts/db-remote-service/values.yaml index d48cec6760..2d43fcd483 100644 --- a/helm-charts/bk-dbm/charts/db-remote-service/values.yaml +++ b/helm-charts/bk-dbm/charts/db-remote-service/values.yaml @@ -57,7 +57,7 @@ ingress: # - chart-example.local resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious + # We usually recommend not to specify default resources and to leave thi"s as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. @@ -81,19 +81,6 @@ tolerations: [] affinity: {} -envs: - DRS_CONCURRENT: 500 - DRS_MYSQL_ADMIN_PASSWORD: gcs_admin_password - DRS_MYSQL_ADMIN_USER: gcs_admin - DRS_PROXY_ADMIN_PASSWORD: gcs_admin_password - DRS_PROXY_ADMIN_USER: gcs_admin - DRS_PORT: 80 - DRS_LOG_JSON: true # 是否使用 json 格式日志 - DRS_LOG_CONSOLE: true # 是否在 stdout 打印日志 - DRS_LOG_DEBUG: true # 启用 debug 日志级别 - DRS_LOG_FILE_DIR: logs - DRS_TMYSQLPARSER_BIN: tmysqlparse - DRS_TLS: false # 是否开启证书校验 - DRS_KEY_FILE: "" - DRS_CA_FILE: "" - DRS_CERT_FILE: "" +volumes: + - name: shared-env + emptyDir: {} diff --git a/helm-charts/bk-dbm/charts/dbm/templates/deployments/saas-api/saas-api.yaml b/helm-charts/bk-dbm/charts/dbm/templates/deployments/saas-api/saas-api.yaml index 41d8683347..771cea27f8 100644 --- a/helm-charts/bk-dbm/charts/dbm/templates/deployments/saas-api/saas-api.yaml +++ b/helm-charts/bk-dbm/charts/dbm/templates/deployments/saas-api/saas-api.yaml @@ -41,7 +41,7 @@ spec: - /bin/bash - -c args: - - gunicorn wsgi -w {{ .Values.saas.api.gunicornWorker }} -b :8000 --access-logfile - --error-logfile - --access-logformat '[%(h)s] %({request_id}i)s %(u)s %(t)s "%(r)s" %(s)s %(D)s %(b)s "%(f)s" "%(a)s"' + - gunicorn wsgi -t 120 -w {{ .Values.saas.api.gunicornWorker }} -b :8000 --access-logfile - --error-logfile - --access-logformat '[%(h)s] %({request_id}i)s %(u)s %(t)s "%(r)s" %(s)s %(D)s %(b)s "%(f)s" "%(a)s"' ports: - name: http containerPort: 8000 diff --git a/helm-charts/bk-dbm/templates/_helpers.tpl b/helm-charts/bk-dbm/templates/_helpers.tpl index e9f098cf91..17940eca0d 100644 --- a/helm-charts/bk-dbm/templates/_helpers.tpl +++ b/helm-charts/bk-dbm/templates/_helpers.tpl @@ -119,3 +119,20 @@ username: {{ $etcd.username }} password: {{ $etcd.password }} {{- end -}} {{- end -}} + + +{{/* +k8s waitfor让一个pod等待另一个pod启动,用于编排顺序 +*/}} +{{- define "initContainersWaitFor"}} +{{- $root := first .}} +{{- $label := last . -}} +- name: check-saas-api + image: "{{ $root.Values.global.k8sWaitFor.registry }}/{{ $root.Values.global.k8sWaitFor.repository }}:{{ $root.Values.global.k8sWaitFor.tag }}" + imagePullPolicy: {{ $root.Values.global.k8sWaitFor.pullPolicy }} + args: + - pod + - -lapp.kubernetes.io/component={{ $label }} + resources: + {{- toYaml $root.Values.global.k8sWaitFor.resources | nindent 4 }} +{{- end }} diff --git a/helm-charts/bk-dbm/templates/configmaps/db-dbha-configmap.yaml b/helm-charts/bk-dbm/templates/configmaps/db-dbha-configmap.yaml new file mode 100644 index 0000000000..e3d1d8b33d --- /dev/null +++ b/helm-charts/bk-dbm/templates/configmaps/db-dbha-configmap.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: db-dbha-configmap + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} +data: + DB_CLOUD_TOKEN: "{{ .Values.dbm.envs.bkAppCode }}:{{ .Values.dbm.envs.bkAppToken }}" + BK_DBM_URL: "{{ .Values.dbm.envs.dbmBackendApigwDomain | replace "http://" "" }}" + HADB_URL: "{{ .Values.dbm.envs.hadbApigwDomain | replace "http://" "" | replace ":8080" ""}}" + MYSQL_CROND_BEAT_PATH: "{{ .Values.bk.mysqlCrondBeatPath }}" + MYSQL_CROND_AGENT_ADDRESS: "{{ .Values.bk.mysqlCrondAgentAddress }}" diff --git a/helm-charts/bk-dbm/templates/configmaps/db-dns-configmap.yaml b/helm-charts/bk-dbm/templates/configmaps/db-dns-configmap.yaml new file mode 100644 index 0000000000..7e05b5119c --- /dev/null +++ b/helm-charts/bk-dbm/templates/configmaps/db-dns-configmap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: db-dns-configmap + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} +data: + DB_CLOUD_TOKEN: "{{ .Values.dbm.envs.bkAppCode }}:{{ .Values.dbm.envs.bkAppToken }}" + BK_DBM_URL: "{{ .Values.dbm.envs.dbmBackendApigwDomain }}" + MYSQL_CROND_BEAT_PATH: "{{ .Values.bk.mysqlCrondBeatPath }}" + MYSQL_CROND_AGENT_ADDRESS: "{{ .Values.bk.mysqlCrondAgentAddress }}" diff --git a/helm-charts/bk-dbm/templates/configmaps/db-remote-service-configmap.yaml b/helm-charts/bk-dbm/templates/configmaps/db-remote-service-configmap.yaml new file mode 100644 index 0000000000..5f9e21ffbc --- /dev/null +++ b/helm-charts/bk-dbm/templates/configmaps/db-remote-service-configmap.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: db-remote-service-configmap + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} +data: + DB_CLOUD_TOKEN: "{{ .Values.dbm.envs.bkAppCode }}:{{ .Values.dbm.envs.bkAppToken }}" + BK_DBM_URL: "{{ .Values.dbm.envs.dbmApigwDomain }}" + DRS_CONCURRENT: "500" + DRS_MYSQL_ADMIN_PASSWORD: "gcs_admin_password" + DRS_MYSQL_ADMIN_USER: "gcs_admin" + DRS_PROXY_ADMIN_PASSWORD: "gcs_admin_password" + DRS_PROXY_ADMIN_USER: "gcs_admin" + DRS_PORT: "80" + DRS_LOG_JSON: "true" # 是否使用 json 格式日志 + DRS_LOG_CONSOLE: "true" # 是否在 stdout 打印日志 + DRS_LOG_DEBUG: "true" # 启用 debug 日志级别 + DRS_LOG_FILE_DIR: "logs" + DRS_TMYSQLPARSER_BIN: "tmysqlparse" + DRS_TLS: "false" # 是否开启证书校验 + DRS_KEY_FILE: "" + DRS_CA_FILE: "" + DRS_CERT_FILE: "" diff --git a/helm-charts/bk-dbm/templates/configmaps/nginx-configmap.yaml b/helm-charts/bk-dbm/templates/configmaps/nginx-configmap.yaml new file mode 100644 index 0000000000..632ae54c17 --- /dev/null +++ b/helm-charts/bk-dbm/templates/configmaps/nginx-configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: db-nginx-configmap + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} +data: + DB_CLOUD_TOKEN: "{{ .Values.dbm.envs.bkAppCode }}:{{ .Values.dbm.envs.bkAppToken }}" + BK_DBM_URL: "{{ .Values.dbm.envs.dbmApigwDomain }}" + DBM_NGINX_DOMAIN: "{{ index .Values "db-nginx" "ingress" "hosts" 0 "host" }}" diff --git a/helm-charts/bk-dbm/values.yaml b/helm-charts/bk-dbm/values.yaml index c36cfe3e88..38cd3239dd 100644 --- a/helm-charts/bk-dbm/values.yaml +++ b/helm-charts/bk-dbm/values.yaml @@ -6,10 +6,19 @@ global: imagePullSecrets: [] storageClass: "" bkDomain: "example.com" + ## k8s wait-for + k8sWaitFor: + registry: "mirrors.tencent.com" + repository: "build/blueking/k8s-wait-for" + tag: "v1.5.1" + pullPolicy: IfNotPresent + resources: {} ## 蓝鲸主域名访问协议http/https bkDomainScheme: http serviceMonitor: enabled: true + ## 云区域容器化 + cloudContainer: false # bk public bk: @@ -105,6 +114,8 @@ dbm: brokerUrl: "redis://localhost:6379/0" # 蓝鲸数据库管理平台 dbaAppBkBizId: "dba_biz" + dbmApigwDomain: "http://bk-dbm" + dbmBackendApigwDomain: "http://bk-dbm-backend-api" mysqlPrivManagerApigwDomain: "http://bk-dbm-dbpriv" partitionApigwDomain: "http://bk-dbm-dbpartition" dbconfigApigwDomain: "http://bk-dbm-dbconfig" @@ -305,6 +316,24 @@ db-dns-api: TRACE_TOKEN: "" TRACE_DATA_ID: "" +db-dns: + extraEnvVarsCM: db-dns-configmap + +db-nginx: + extraEnvVarsCM: db-nginx-configmap + # ingress + ingress: + enabled: true + className: "" + hosts: + - host: bk-dbm-nginx + paths: + - path: / + pathType: ImplementationSpecific + +db-dbha: + extraEnvVarsCM: db-dbha-configmap + hadb-api: enabled: true @@ -365,6 +394,7 @@ db-resource: db-remote-service: enabled: false + extraEnvVarsCM: db-remote-service-configmap envs: # apm TRACE_SERVICE_NAME: db-remote-service