gfwleak/tsg-tsg-os-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature:TSG-18563:使用emptydir方式解决configmap readonly问题

Browse Source
This commit is contained in:
fumingwei
2024-01-08 19:09:27 +08:00
parent 9a85b80abe
commit 09e8ca413c
5 changed files with 126 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
ansible/roles/traffic-engine/files/helm/templates/_config.tpl
View File

@@ -122,42 +122,10 @@ enable_breakpad_upload=0
{{- end }}
{{- end -}}
{{- define "traffic-engine.sce.copy-config-to-dest" -}}
cp /opt/tsg/config/sce.conf /opt/tsg/sce/conf
cp /opt/tsg/config/tsg_device_tag.json /opt/tsg/etc/tsg_device_tag.json
{{- end -}}
{{- define "traffic-engine.bfdd.prestart" -}}
if [ -f "/etc/traffic-engine/hotfix/bfdd/scripts/prestart.sh" ]; then chmod 0755 /etc/traffic-engine/hotfix/bfdd/scripts/prestart.sh; /etc/traffic-engine/hotfix/bfdd/scripts/prestart.sh;fi
{{- end -}}
{{- define "traffic-engine.firewall.copy-config-to-dest" -}}
cp /opt/tsg/config/conflist.inf /opt/tsg/sapp/plug/conflist.inf
cp /opt/tsg/config/gdev.conf /opt/tsg/sapp/etc/gdev.conf
cp /opt/tsg/config/main.conf /opt/tsg/sapp/tsgconf/main.conf
cp /opt/tsg/config/maat.conf /opt/tsg/sapp/tsgconf/maat.conf
cp /opt/tsg/config/sapp.toml /opt/tsg/sapp/etc/sapp.toml
cp /opt/tsg/config/send_raw_pkt.conf /opt/tsg/sapp/etc/send_raw_pkt.conf
cp /opt/tsg/config/tsg_device_tag.json /opt/tsg/etc/tsg_device_tag.json
cp /opt/tsg/config/vlan_flipping_map.conf /opt/tsg/sapp/etc/vlan_flipping_map.conf
cp /opt/tsg/config/firewall.inf /opt/tsg/sapp/plug/business/firewall/firewall.inf
cp /opt/tsg/config/necessary_plug_list.conf /opt/tsg/sapp/etc/necessary_plug_list.conf
cp /opt/tsg/config/http_main.conf /opt/tsg/sapp/conf/http/http_main.conf
cp /opt/tsg/config/mail.conf /opt/tsg/sapp/conf/mail/mail.conf
cp /opt/tsg/config/ssl_main.conf /opt/tsg/sapp/conf/ssl/ssl_main.conf
cp /opt/tsg/config/spec.toml /opt/tsg/sapp/stellar_plugin/spec.toml
{{- end -}}
{{- define "traffic-engine.proxy.copy-config-to-dest" -}}
cp /opt/tsg/config/tfe.conf /opt/tsg/tfe/conf/tfe/tfe.conf
cp /opt/tsg/config/tsg_device_tag.json /opt/tsg/etc/tsg_device_tag.json
{{- end -}}
{{- define "traffic-engine.certstore.copy-config-to-dest" -}}
cp /opt/tsg/config/cert_store.ini /opt/tsg/certstore/conf/cert_store.ini
cp /opt/tsg/config/tsg_device_tag.json /opt/tsg/etc/tsg_device_tag.json
{{- end -}}
{{- define "traffic-engine.certstore.prestart" -}}
if [ -f "/etc/traffic-engine/hotfix/certstore/scripts/prestart.sh" ]; then chmod 0755 /etc/traffic-engine/hotfix/certstore/scripts/prestart.sh; /etc/traffic-engine/hotfix/certstore/scripts/prestart.sh;fi
{{- end -}}
@@ -175,10 +143,8 @@ export CACERT=${SERVICEACCOUNT}/ca.crt
{{- define "public.serialize-node-annotations" -}}
curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/nodes/${NODE_NAME} -o /tmp/node-${NODE_NAME}.json
export DEVICE_SN=$(cat /tmp/node-${NODE_NAME}.json | jq -r '.metadata.annotations."tsg-os/device-sn"')
mkdir -p /target_config/opt/tsg/etc
mkdir -p /target_config/etc/profile.d
echo "{\"sn\": \"$DEVICE_SN\"}" > /target_config/opt/tsg/etc/tsg_sn.json
echo "export device_id=${DEVICE_SN}" > /target_config/etc/profile.d/device_id.sh
echo "{\"sn\": \"$DEVICE_SN\"}" > /opt/tsg/shared-configs/tsg_sn.json
echo "export device_id=${DEVICE_SN}" > /opt/tsg/shared-configs/device_id.sh
{{- end -}}
@@ -199,11 +165,6 @@ echo "export device_id=${DEVICE_SN}" > /target_config/etc/profile.d/device_id.sh
*/}}
{{- define "traffic-engine.shaping.copy-config-to-dest" -}}
cp /opt/tsg/config/shaping.conf /opt/tsg/shaping_engine/conf
cp /opt/tsg/config/tsg_device_tag.json /opt/tsg/etc/tsg_device_tag.json
{{- end -}}
{{- define "traffic-engine.shaping.set-shaping-config" -}}
sed -Ei "s|NODE_IP_LOCATION|${NODE_IP?}|g" /opt/tsg/shaping_engine/conf/shaping.conf
sed -Ei "s|CLUSTER_ANNOUNCE_PORT_LOCATION|${CLUSTER_ANNOUNCE_PORT?}|g" /opt/tsg/shaping_engine/conf/shaping.conf

54
ansible/roles/traffic-engine/files/helm/templates/deployment-firewall.yaml
View File

@@ -44,7 +44,6 @@ spec:
- "-ec"
- |
ldconfig
{{ template "traffic-engine.firewall.copy-config-to-dest" . }}
{{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }}
{{- if eq .Values.external_resources.cm.connectivity "local_cache" }}
sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/sapp/tsgconf/maat.conf
@@ -94,10 +93,53 @@ spec:
failureThreshold: 90
periodSeconds: 10
{{- end }}
volumeMounts:
- name: shared-configs-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
subPath: "tsg_sn.json"
- name: shared-configs-volume
mountPath: "/opt/tsg/sapp/plug/conflist.inf"
subPath: "sapp/conflist.inf"
- name: shared-configs-volume
mountPath: "/opt/tsg/sapp/etc/gdev.conf"
subPath: "sapp/gdev.conf"
- name: shared-configs-volume
mountPath: "/opt/tsg/sapp/tsgconf/main.conf"
subPath: "sapp/main.conf"
- name: shared-configs-volume
mountPath: "/opt/tsg/sapp/tsgconf/maat.conf"
subPath: "sapp/maat.conf"
- name: shared-configs-volume
mountPath: "/opt/tsg/sapp/etc/sapp.toml"
subPath: "sapp/sapp.toml"
- name: shared-configs-volume
mountPath: "/opt/tsg/sapp/etc/send_raw_pkt.conf"
subPath: "sapp/send_raw_pkt.conf"
- name: shared-configs-volume
mountPath: "/opt/tsg/etc/tsg_device_tag.json"
subPath: "sapp/tsg_device_tag.json"
- name: shared-configs-volume
mountPath: "/opt/tsg/sapp/etc/vlan_flipping_map.conf"
subPath: "sapp/vlan_flipping_map.conf"
- name: shared-configs-volume
mountPath: "/opt/tsg/sapp/plug/business/firewall/firewall.inf"
subPath: "sapp/firewall.inf"
- name: shared-configs-volume
mountPath: "/opt/tsg/sapp/etc/necessary_plug_list.conf"
subPath: "sapp/necessary_plug_list.conf"
- name: shared-configs-volume
mountPath: "/opt/tsg/sapp/conf/http/http_main.conf"
subPath: "sapp/http_main.conf"
- name: shared-configs-volume
mountPath: "/opt/tsg/sapp/conf/mail/mail.conf"
subPath: "sapp/mail.conf"
- name: shared-configs-volume
mountPath: "/opt/tsg/sapp/conf/ssl/ssl_main.conf"
subPath: "sapp/ssl_main.conf"
- name: shared-configs-volume
mountPath: "/opt/tsg/sapp/stellar_plugin/spec.toml"
subPath: "sapp/spec.toml"
- name: firewall-minidump
mountPath: /run/sapp/crashreport
- name: firewall-log
@@ -172,7 +214,7 @@ spec:
- "bash"
- "-ec"
- |
cp -r /opt/tsg/configs/* /opt/tsg/shared-configs
cp -r /opt/tsg/configs/* /opt/tsg/shared-configs/
{{- include "public.prepare-access-API" . | nindent 12 }}
{{- include "public.serialize-node-annotations" . | nindent 12 }}
securityContext:
@@ -189,14 +231,14 @@ spec:
volumeMounts:
- name: shared-configs-volume
mountPath: /opt/tsg/shared-configs
- name: app-configs-volume
mountPath: "/opt/tsg/config"
- name: sapp-configs-volume
mountPath: /opt/tsg/configs/sapp
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
volumes:
- name: app-configs-volume
- name: sapp-configs-volume
configMap:
name: sapp-{{ .Release.Name }}
- name: shared-configs-volume

53
ansible/roles/traffic-engine/files/helm/templates/deployment-proxy.yaml
View File

@@ -46,7 +46,6 @@ spec:
- "-ec"
- |
ldconfig
{{ template "traffic-engine.proxy.copy-config-to-dest" . }}
{{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }}
{{- if eq .Values.external_resources.cm.connectivity "local_cache" }}
sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/tfe/conf/tfe/tfe.conf
@@ -83,11 +82,15 @@ spec:
periodSeconds: 10
{{- end }}
volumeMounts:
- name: tfe
mountPath: "/opt/tsg/config"
- name: config-volume
- name: shared-configs-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
subPath: "tsg_sn.json"
- name: shared-configs-volume
mountPath: "/opt/tsg/tfe/conf/tfe/tfe.conf"
subPath: "tfe/tfe.conf"
- name: shared-configs-volume
mountPath: "/opt/tsg/etc/tsg_device_tag.json"
subPath: "tfe/tsg_device_tag.json"
- name: proxy-minidump
mountPath: /run/tfe/crashreport
- name: proxy-log
@@ -106,7 +109,6 @@ spec:
- "bash"
- "-ec"
- |
{{ template "traffic-engine.certstore.copy-config-to-dest" . }}
{{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }}
{{- if eq .Values.external_resources.cm.connectivity "local_cache" }}
sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/certstore/conf/cert_store.ini
@@ -128,11 +130,15 @@ spec:
{{- end }}
volumeMounts:
{{ template "traffic-engine.mount.localtime" . }}
- name: certstore
mountPath: "/opt/tsg/config"
- name: config-volume
- name: shared-configs-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
subPath: "tsg_sn.json"
- name: shared-configs-volume
mountPath: "/opt/tsg/certstore/conf/cert_store.ini"
subPath: "certstore/cert_store.ini"
- name: shared-configs-volume
mountPath: "/opt/tsg/etc/tsg_device_tag.json"
subPath: "certstore/tsg_device_tag.json"
- name: certstore-minidump
mountPath: /run/certstore/crashreport
- name: certstore-log
@@ -160,15 +166,15 @@ spec:
securityContext:
privileged: true
volumeMounts:
- name: telegraf
- name: telegraf-configs-volume
mountPath: "/etc/telegraf/telegraf_proxy.conf"
subPath: "telegraf_proxy.conf"
- name: config-volume
- name: shared-configs-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: config-volume
subPath: "tsg_sn.json"
- name: shared-configs-volume
mountPath: "/etc/profile.d/device_id.sh"
subPath: "etc/profile.d/device_id.sh"
subPath: "device_id.sh"
{{ template "traffic-engine.mount.localtime" . }}
- name: log-dir-hook
@@ -284,6 +290,7 @@ spec:
/usr/sbin/ip -6 rule add iif tap_c tab 102
/usr/sbin/ip -6 rule add iif tap_s tab 102
cp -r /opt/tsg/configs/* /opt/tsg/shared-configs/
{{ include "public.prepare-access-API" . | nindent 12 }}
{{- include "public.serialize-node-annotations" . | nindent 12 }}
@@ -299,21 +306,25 @@ spec:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: config-volume
mountPath: /target_config
- name: shared-configs-volume
mountPath: /opt/tsg/shared-configs
- name: certstore-configs-volume
mountPath: /opt/tsg/configs/certstore
- name: tfe-configs-volume
mountPath: /opt/tsg/configs/tfe
{{ template "traffic-engine.mount.localtime" . }}
volumes:
- name: certstore
- name: certstore-configs-volume
configMap:
name: certstore-{{ .Release.Name }}
- name: tfe
- name: tfe-configs-volume
configMap:
name: tfe-{{ .Release.Name }}
- name: telegraf
- name: telegraf-configs-volume
configMap:
name: telegraf-{{ .Release.Name }}
- name: config-volume
- name: shared-configs-volume
emptyDir: {}
- name: proxy-minidump
hostPath:

40
ansible/roles/traffic-engine/files/helm/templates/deployment-service-chaining.yaml
View File

@@ -46,7 +46,6 @@ spec:
- "-ec"
- |
ldconfig
{{ template "traffic-engine.sce.copy-config-to-dest" . }}
{{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }}
{{- if eq .Values.external_resources.cm.connectivity "local_cache" }}
sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/sce/conf/sce.conf
@@ -83,11 +82,15 @@ spec:
periodSeconds: 10
{{- end }}
volumeMounts:
- name: sce
mountPath: "/opt/tsg/config"
- name: config-volume
- name: shared-configs-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
subPath: "tsg_sn.json"
- name: shared-configs-volume
mountPath: "/opt/tsg/sce/conf/sce.conf"
subPath: "sce/sce.conf"
- name: shared-configs-volume
mountPath: "/opt/tsg/etc/tsg_device_tag.json"
subPath: "sce/tsg_device_tag.json"
- name: sce-minidump
mountPath: /run/sce/crashreport
- name: sce-log
@@ -121,9 +124,9 @@ spec:
securityContext:
privileged: true
volumeMounts:
- name: config-volume
- name: shared-configs-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
subPath: "tsg_sn.json"
- name: bfdd-minidump
mountPath: /run/bfdd/crashreport
- name: bfdd-log
@@ -145,15 +148,15 @@ spec:
securityContext:
privileged: true
volumeMounts:
- name: telegraf
- name: telegraf-configs-volume
mountPath: "/etc/telegraf/telegraf_sce.conf"
subPath: "telegraf_sce.conf"
- name: config-volume
- name: shared-configs-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: config-volume
subPath: "tsg_sn.json"
- name: shared-configs-volume
mountPath: "/etc/profile.d/device_id.sh"
subPath: "etc/profile.d/device_id.sh"
subPath: "device_id.sh"
{{ template "traffic-engine.mount.localtime" . }}
- name: log-dir-hook
@@ -180,6 +183,7 @@ spec:
- "bash"
- "-ec"
- |
cp -r /opt/tsg/configs/* /opt/tsg/shared-configs/
{{- include "public.prepare-access-API" . | nindent 12 }}
{{- include "public.serialize-node-annotations" . | nindent 12 }}
{{- if .Values.sce_config.vxlan_config.endpoint_nic }}
@@ -204,18 +208,20 @@ spec:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: config-volume
mountPath: /target_config
- name: shared-configs-volume
mountPath: /opt/tsg/shared-configs
- name: sce-configs-volume
mountPath: /opt/tsg/configs/sce
{{ template "traffic-engine.mount.localtime" . }}
volumes:
- name: telegraf
- name: telegraf-configs-volume
configMap:
name: telegraf-{{ .Release.Name }}
- name: sce
- name: sce-configs-volume
configMap:
name: sce-{{ .Release.Name }}
- name: config-volume
- name: shared-configs-volume
emptyDir: {}
- name: sce-minidump
hostPath:

36
ansible/roles/traffic-engine/files/helm/templates/deployment-shaping.yaml
View File

@@ -46,7 +46,6 @@ spec:
- "-ec"
- |
ldconfig
{{ template "traffic-engine.shaping.copy-config-to-dest" . }}
{{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }}
{{- if eq .Values.external_resources.cm.connectivity "local_cache" }}
sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/shaping_engine/conf/shaping.conf
@@ -99,11 +98,15 @@ spec:
securityContext:
privileged: true
volumeMounts:
- name: shaping
mountPath: "/opt/tsg/config"
- name: config-volume
- name: shared-configs-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
subPath: "tsg_sn.json"
- name: shared-configs-volume
mountPath: "/opt/tsg/shaping_engine/conf/shaping.conf"
subPath: "shaping/shaping.conf"
- name: shared-configs-volume
mountPath: "/opt/tsg/etc/tsg_device_tag.json"
subPath: "shaping/tsg_device_tag.json"
- name: shaping-minidump
mountPath: /run/shaping/crashreport
- name: shaping-log
@@ -124,15 +127,15 @@ spec:
securityContext:
privileged: true
volumeMounts:
- name: telegraf
- name: telegraf-configs-volume
mountPath: "/etc/telegraf/telegraf_shaping.conf"
subPath: "telegraf_shaping.conf"
- name: config-volume
- name: shared-configs-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: config-volume
subPath: "tsg_sn.json"
- name: shared-configs-volume
mountPath: "/etc/profile.d/device_id.sh"
subPath: "etc/profile.d/device_id.sh"
subPath: "device_id.sh"
{{ template "traffic-engine.mount.localtime" . }}
- name: log-dir-hook
@@ -157,6 +160,7 @@ spec:
- "bash"
- "-ec"
- |
cp -r /opt/tsg/configs/* /opt/tsg/shared-configs/
{{- include "public.prepare-access-API" . | nindent 12 }}
{{- include "public.serialize-node-annotations" . | nindent 12 }}
securityContext:
@@ -172,18 +176,20 @@ spec:
fieldPath: spec.nodeName
volumeMounts:
- name: config-volume
mountPath: /target_config
- name: shared-configs-volume
mountPath: /opt/tsg/shared-configs
- name: shaping-configs-volume
mountPath: /opt/tsg/configs/shaping
{{ template "traffic-engine.mount.localtime" . }}
volumes:
- name: telegraf
- name: telegraf-configs-volume
configMap:
name: telegraf-{{ .Release.Name }}
- name: shaping
- name: shaping-configs-volume
configMap:
name: shaping-{{ .Release.Name }}
- name: config-volume
- name: shared-configs-volume
emptyDir: {}
- name: shaping-minidump
hostPath: