diff --git a/ansible/roles/traffic-engine/files/helm/conf/sce.conf b/ansible/roles/traffic-engine/files/helm/conf/sce.conf index c7134497..2df9181b 100644 --- a/ansible/roles/traffic-engine/files/helm/conf/sce.conf +++ b/ansible/roles/traffic-engine/files/helm/conf/sce.conf @@ -36,7 +36,7 @@ max_chaining_size=32 # bypass_all_traffic:1 NF2NF and SF2SF bypass_all_traffic=0 rx_burst_max=128 -app_symbol=sce_{{ .Values.sce_config.nic_index }} +app_symbol=sce_{{ .Release.Name }} dev_endpoint={{ .Values.sce_config.endpoint_nic }} dev_nf_interface={{ .Values.sce_config.steering_nic }} dev_endpoint_src_ip={{ .Values.sce_config.endpoint_ip }} @@ -64,7 +64,6 @@ telegraf_bind_address=127.0.0.1 telegraf_listen_port=8300 [bfdd] -#path=/var/run/frr/bfdd_{{ .Values.vsys_id }}.vty -path={{ .Values.sce_config.bfdd_socket_path }}/bfdd.vty +path=/run/frr/bfdd.vty device={{ .Values.sce_config.endpoint_nic }} gateway={{ .Values.sce_config.endpoint_gateway }} \ No newline at end of file diff --git a/ansible/roles/traffic-engine/files/helm/templates/_config.tpl b/ansible/roles/traffic-engine/files/helm/templates/_config.tpl index ed3fd4e1..08163246 100644 --- a/ansible/roles/traffic-engine/files/helm/templates/_config.tpl +++ b/ansible/roles/traffic-engine/files/helm/templates/_config.tpl @@ -139,7 +139,9 @@ enable_breakpad_upload=0 cp /opt/tsg/config/main.conf /opt/tsg/sapp/tsgconf/main.conf cp /opt/tsg/config/maat.conf /opt/tsg/sapp/tsgconf/maat.conf cp /opt/tsg/config/sapp.toml /opt/tsg/sapp/etc/sapp.toml +{{ if eq .Values.proxy.enable .Values.define_enable_val_yes }} cp /opt/tsg/config/kni.conf /opt/tsg/sapp/etc/kni/kni.conf +{{- end }} cp /opt/tsg/config/wangw.conf /opt/tsg/sapp/etc/wannat/wangw.conf cp /opt/tsg/config/wire_graft.conf /opt/tsg/sapp/etc/wire_graft/wire_graft.conf cp /opt/tsg/config/tsg_conn_sketch.inf /opt/tsg/sapp/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf @@ -158,8 +160,8 @@ enable_breakpad_upload=0 export TOKEN=$(cat ${SERVICEACCOUNT}/token) export CACERT=${SERVICEACCOUNT}/ca.crt curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/${NAMESPACE}/services/${SERVICENAME} -o /tmp/service.txt - export CLUSTER_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="cluster-announce-port") | .nodePort') - export HEALTH_CHECK_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="healthcheck-announce-port") | .nodePort') + export CLUSTER_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="shaping-cluster-announce-port") | .nodePort') + export HEALTH_CHECK_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="shaping-healthcheck-announce-port") | .nodePort') echo "export CLUSTER_ANNOUNCE_PORT=${CLUSTER_ANNOUNCE_PORT}" > /etc/profile.d/announceinfo.sh echo "export HEALTH_CHECK_ANNOUNCE_PORT=${HEALTH_CHECK_ANNOUNCE_PORT}" >> /etc/profile.d/announceinfo.sh chmod 0755 /etc/profile.d/announceinfo.sh diff --git a/ansible/roles/traffic-engine/files/helm/templates/service.yaml b/ansible/roles/traffic-engine/files/helm/templates/service.yaml index d6940246..caf71710 100644 --- a/ansible/roles/traffic-engine/files/helm/templates/service.yaml +++ b/ansible/roles/traffic-engine/files/helm/templates/service.yaml @@ -2,30 +2,18 @@ apiVersion: v1 kind: Service metadata: labels: - app: traffic-engine-announce-vsys-{{ .Values.vsys_id }} - name: traffic-engine-announce-vsys-{{ .Values.vsys_id }} - {{- with .Values.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} + app: shaping-announce-port-{{ .Release.Name }} + name: shaping-announce-port-{{ .Release.Name }} namespace: {{ .Release.Namespace }} spec: ports: - name: cluster-announce-port - {{- if .Values.service.type }}{{ if (and (eq .Values.service.type "NodePort") .Values.service.nodePort.clusterAnnounce) }} - nodePort: {{ .Values.service.nodePort.clusterAnnounce }} - {{- end }}{{ end }} - port: {{ .Values.service.port.clusterAnnounce }} - targetPort: cluster + port: 8551 + targetPort: 8551 - name: healthcheck-announce-port - {{- if .Values.service.type }}{{ if (and (eq .Values.service.type "NodePort") .Values.service.nodePort.healthcheckAnnounce) }} - nodePort: {{ .Values.service.nodePort.healthcheckAnnounce }} - {{- end }}{{ end }} - port: {{ .Values.service.port.healthcheckAnnounce }} - targetPort: healthcheck + port: 8552 + targetPort: 8552 selector: - app: traffic-engine-vsys-{{ .Values.vsys_id }} - {{- if .Values.service.type }} - type: {{ .Values.service.type }} - {{- end }} + app: traffic-engine-{{ .Release.Name }} + type: NodePort diff --git a/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml b/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml index 692ca078..73ec3f13 100644 --- a/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml +++ b/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml @@ -6,23 +6,22 @@ metadata: app: traffic-engine-{{ .Release.Name }} spec: - replicas: {{ .Values.replicaCount }} + replicas: 1 selector: matchLabels: - app: traffic-engine-vsys-{{ .Values.vsys_id }} + app: traffic-engine-{{ .Release.Name }} strategy: type: Recreate template: metadata: labels: - app: traffic-engine-vsys-{{ .Values.vsys_id }} - vsysId: vsys-{{ .Values.vsys_id }} + app: traffic-engine-{{ .Release.Name }} + vsysId: {{ .Values.vsys_id }} serviceFunction: {{ .Values.nic_raw_name }} annotations: configHash: "{{ .Values.configHash }}" - {{- with .Values.deployment.annotations }} - {{- toYaml . | nindent 8 }} - {{- end }} + prometheus.io/port: "9004" + prometheus.io/scrape: "true" spec: tolerations: @@ -34,8 +33,8 @@ spec: effect: NoSchedule containers: - name: firewall - image: "{{ .Values.image.firewall.repository }}:{{ .Values.image.firewall.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.firewall.pullPolicy }} + image: "docker.io/library/tsg-firewall:{{ .Chart.AppVersion }}" + imagePullPolicy: Never workingDir: /opt/tsg/sapp command: - "bash" @@ -48,10 +47,8 @@ spec: exec /opt/tsg/sapp/sapp ports: - containerPort: 9273 - - name: cluster - containerPort: 8551 - - name: healthcheck - containerPort: 8552 + - containerPort: 8551 + - containerPort: 8552 env: - name: MRZCPD_CTRLMSG_LISTEN_ADDR valueFrom: @@ -62,7 +59,7 @@ spec: fieldRef: fieldPath: status.hostIP - name: SERVICENAME - value: traffic-engine-announce-vsys-{{ .Values.vsys_id }} + value: shaping-announce-port-{{ .Release.Name }} - name: NODE_IP valueFrom: fieldRef: @@ -109,8 +106,8 @@ spec: {{- if and (eq .Values.proxy.enable .Values.define_enable_val_yes) (ge (len .Values.tfe_affinity) 1) }} - name: proxy - image: "{{ .Values.image.proxy.repository }}:{{ .Values.image.proxy.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.proxy.pullPolicy }} + image: "docker.io/library/tsg-proxy:{{ .Chart.AppVersion }}" + imagePullPolicy: Never workingDir: /opt/tsg/tfe command: - "bash" @@ -160,8 +157,8 @@ spec: {{- end }} - name: certstore - image: "{{ .Values.image.certstore.repository }}:{{ .Values.image.certstore.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.certstore.pullPolicy }} + image: "docker.io/library/tsg-certstore:{{ .Chart.AppVersion }}" + imagePullPolicy: Never workingDir: /opt/tsg/certstore command: - "bash" @@ -191,8 +188,8 @@ spec: mountPath: /etc/traffic-engine/hotfix/certstore - name: cert-redis - image: "{{ .Values.image.certRedis.repository }}:{{ .Values.image.certRedis.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.certRedis.pullPolicy }} + image: "docker.io/library/tsg-certstore:{{ .Chart.AppVersion }}" + imagePullPolicy: Never command: ["/usr/bin/redis-server", "/etc/cert-redis.conf"] securityContext: privileged: true @@ -202,7 +199,7 @@ spec: readOnly: true - name: telegraf - image: "{{ .Values.image.telegraf.repository }}:{{ .Values.image.telegraf.tag | default .Chart.AppVersion }}" + image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.telegraf.pullPolicy }} command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_statistic.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"] securityContext: @@ -223,7 +220,7 @@ spec: {{- if eq .Values.shaping.enable .Values.define_enable_val_yes }} - name: telegraf-shaping - image: "{{ .Values.image.telegraf.repository }}:{{ .Values.image.telegraf.tag | default .Chart.AppVersion }}" + image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.telegraf.pullPolicy }} command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_shaping.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"] securityContext: @@ -244,16 +241,16 @@ spec: {{- end }} - name: merge-exporter - image: "{{ .Values.mergeExporter.image.repository }}:{{ .Values.mergeExporter.image.tag }}" - imagePullPolicy: {{ .Values.mergeExporter.image.pullPolicy }} + image: "quay.io/rebuy/exporter-merger:v0.2.0" + imagePullPolicy: Never ports: - - containerPort: {{ .Values.mergeExporter.port }} + - containerPort: 9004 env: # space-separated list of URLs - name: MERGER_URLS {{- include "traffic-engine.merge-exporter.merge-urls" . | nindent 10 }} - name: MERGER_PORT - value: "{{ .Values.mergeExporter.mergePort }}" + value: "9004" - name: minidump-hook image: "{{ .Values.image.tsgInit.repository }}:{{ .Values.image.tsgInit.tag | default .Chart.AppVersion }}" @@ -269,7 +266,7 @@ spec: {{- if and (eq .Values.sce.enable .Values.define_enable_val_yes) (.Values.sce_config.endpoint_nic) }} - name: telegraf-sce - image: "{{ .Values.image.telegraf.repository }}:{{ .Values.image.telegraf.tag | default .Chart.AppVersion }}" + image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.telegraf.pullPolicy }} command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_sce.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"] securityContext: @@ -289,8 +286,8 @@ spec: readOnly: true - name: sce - image: "{{ .Values.image.sce.repository }}:{{ .Values.image.sce.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.sce.pullPolicy }} + image: "docker.io/library/tsg-sce:{{ .Chart.AppVersion }}" + imagePullPolicy: Never workingDir: /opt/tsg/sce command: - "bash" @@ -350,11 +347,11 @@ spec: - name: hotfix-sce mountPath: /etc/traffic-engine/hotfix/sce - name: bfdd-unix-socket - mountPath: {{ .Values.sce_config.bfdd_socket_path }} + mountPath: /run/frr - name: bfdd - image: "{{ .Values.image.bfdd.repository }}:{{ .Values.image.bfdd.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.bfdd.pullPolicy }} + image: "docker.io/library/tsg-bfdd:{{ .Chart.AppVersion }}" + imagePullPolicy: Never workingDir: /opt/tsg/bfdd command: - "bash" @@ -387,14 +384,14 @@ spec: - name: hotfix-bfdd mountPath: /etc/traffic-engine/hotfix/bfdd - name: bfdd-unix-socket - mountPath: {{ .Values.sce_config.bfdd_socket_path }} + mountPath: /run/frr {{- end }} initContainers: - name: tsg-init - image: "{{ .Values.image.tsgInit.repository }}:{{ .Values.image.tsgInit.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.tsgInit.pullPolicy }} + image: "docker.io/library/tsg-init:{{ .Chart.AppVersion }}" + imagePullPolicy: Never command: ["/opt/tsg/provision-init.sh"] securityContext: privileged: true diff --git a/ansible/roles/traffic-engine/files/helm/values.yaml b/ansible/roles/traffic-engine/files/helm/values.yaml index 76d065b0..2dde47d4 100644 --- a/ansible/roles/traffic-engine/files/helm/values.yaml +++ b/ansible/roles/traffic-engine/files/helm/values.yaml @@ -138,45 +138,6 @@ session_id_generator: snowflake_worker_id_base: 1 snowflake_worker_id_offset: 1 -replicaCount: 1 -image: - firewall: - repository: docker.io/library/tsg-firewall - pullPolicy: Never - tag: "" - proxy: - repository: docker.io/library/tsg-proxy - pullPolicy: Never - tag: "" - certstore: - repository: docker.io/library/tsg-certstore - pullPolicy: Never - tag: "" - certRedis: - repository: docker.io/library/tsg-certstore - pullPolicy: Never - tag: "" - telegraf: - repository: docker.io/library/tsg-telegraf - pullPolicy: Never - tag: "" - tsgInit: - repository: docker.io/library/tsg-init - pullPolicy: Never - tag: "" - sce: - repository: docker.io/library/tsg-sce - pullPolicy: Never - tag: "" - bfdd: - repository: docker.io/library/tsg-bfdd - pullPolicy: Never - tag: "" - - - - - decoders: DNS: yes QUIC: yes @@ -197,30 +158,6 @@ decoders: configHash: "defaulthash" - -mergeExporter: - image: - repository: quay.io/rebuy/exporter-merger - pullPolicy: Never - tag: "v0.2.0" - port: "9004" -# mergeUrls: "http://localhost:9273/metrics http://localhost:9001/metrics http://localhost:9002/metrics" - mergePort: "9004" - -deployment: - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9004" - -service: - type: "NodePort" - port: - clusterAnnounce: 8551 - healthcheckAnnounce: 8552 - nodePort: - clusterAnnounce: null - healthcheckAnnounce: null - shaping: enable: yes @@ -230,13 +167,11 @@ service_chaining: sce_config: steering_nic: nf_0_sce endpoint_nic: endpoint_0_sce - nic_index: 1 endpoint_ip: 127.0.0.1 endpoint_gateway: 127.0.0.1 endpoint_netip: 127.0.0.1 endpoint_mask: 24 affinity: [1] - bfdd_socket_path: "/run/frr" sid: firewall: 1