gfwleak/tsg-tsg-os-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature:TSG-20470:Support udp_collectors in helm chart.

Browse Source
This commit is contained in:
fumingwei
2024-04-10 11:53:56 +08:00
parent 682ad36d89
commit 794e055898
5 changed files with 212 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
ansible/roles/traffic-engine/files/helm/conf/firewall_logger_transmitter_schema.json Normal file
View File

@@ -0,0 +1,186 @@
{
"log_switch": "on",
"channel_list": [
{{- if eq .Values.external_resources.olap.udp_collectors.enable .Values.define_enable_val_yes }}
{
"channel": "udpsock",
"collector": "{{- include "traffic-engine.config.addresses.converter" (list .Values.external_resources.olap.udp_collectors.addresses ",") }}"
},
{{- end }}
{
"channel": "kafka",
"broker_list": "{{- include "traffic-engine.config.addresses.converter" (list .Values.external_resources.olap.kafka_brokers.addresses ",") }}",
"sasl_username": "{{ .Values.external_resources.olap.kafka_brokers.sasl_username }}",
"sasl_password": "{{ .Values.external_resources.olap.kafka_brokers.sasl_password }}",
"compression": "snappy",
"refresh_interval_ms": "600000",
"send_queue_max_msg": "1000000",
"required_acks": "1"
}
],
"format_list": [
"json",
"ipfix",
"mpack"
],
"ringbuff": {
"size": {{ .Values.firewall.logs.ringbuf.size }},
"num": 2
},
"transmitter_list": [
{{- if eq .Values.external_resources.olap.udp_collectors.enable .Values.define_enable_val_yes }}
{
"async": "off",
"name": "IPFIX-TEMPLATE",
"mode": [
{
"channel": "udpsock",
"format": [
"ipfix"
]
}
]
},
{{- end }}
{
"async": "off",
"name": "SESSION-RECORD",
"mode": [
{{- if eq .Values.external_resources.olap.udp_collectors.enable .Values.define_enable_val_yes }}
{
"channel": "udpsock",
"format": [
"ipfix"
]
},
{{- end }}
{
"channel": "kafka",
"format": [
"json"
]
}
]
},
{
"async": "off",
"name": "TRANSACTION-RECORD",
"mode": [
{
"channel": "kafka",
"format": [
"json"
]
}
]
},
{
"async": "off",
"name": "VOIP-RECORD",
"mode": [
{
"channel": "kafka",
"format": [
"json"
]
}
]
},
{
"async": "off",
"name": "TRAFFIC-FILE-STREAM-RECORD",
"mode": [
{
"channel": "kafka",
"format": [
"mpack"
]
}
]
},
{
"async": "off",
"name": "TROUBLESHOOTING-FILE-STREAM-RECORD",
"mode": [
{
"channel": "kafka",
"format": [
"mpack"
]
}
]
},
{
"async": "off",
"name": "DOS-SKETCH-RECORD",
"mode": [
{
"channel": "kafka",
"format": [
"json"
]
}
]
},
{
"async": "off",
"name": "POLICY-RULE-METRIC",
"mode": [
{
"channel": "kafka",
"format": [
"json"
]
}
]
},
{
"async": "off",
"name": "NETWORK-TRAFFIC-METRIC",
"mode": [
{
"channel": "kafka",
"format": [
"json"
]
}
]
},
{
"async": "off",
"name": "TRAFFIC-TOP-METRIC",
"mode": [
{
"channel": "kafka",
"format": [
"json"
]
}
]
},
{
"async": "off",
"name": "STATISTICS-RULE-METRIC",
"mode": [
{
"channel": "kafka",
"format": [
"json"
]
}
]
},
{
"async": "off",
"name": "OBJECT-STATISTICS-METRIC",
"mode": [
{
"channel": "kafka",
"format": [
"json"
]
}
]
}
]
}

13
ansible/roles/traffic-engine/files/helm/templates/_config.tpl
View File

@@ -10,6 +10,19 @@
{{- join $separtor $kafka_brokers }}
{{- end -}}
{{- define "traffic-engine.config.addresses.converter" -}}
{{- $addresses := list -}}
{{- $source := index . 0 -}}
{{- $separator := index . 1 -}}
{{- if $source }}
{{- range $source -}}
{{- $address := ( print .address ":" .port ) -}}
{{- $addresses = append $addresses $address -}}
{{- end -}}
{{- join $separator $addresses }}
{{- end }}
{{- end -}}
{{- define "traffic-engine.tfe.workerthread" -}}
{{- if eq (len .Values.tfe_affinity) 1 }}
{{- 1 }}

3
ansible/roles/traffic-engine/files/helm/templates/configmap-sapp.yaml
View File

@@ -18,4 +18,5 @@ data:
mail.conf: {{ tpl (.Files.Get "conf/mail.conf") . | quote }}
ssl_main.conf: {{ tpl (.Files.Get "conf/ssl_main.conf") . | quote }}
spec.toml: {{ tpl (.Files.Get "conf/spec.toml") . | quote }}
firewall_l7_protocol.conf: {{ tpl (.Files.Get "conf/firewall_l7_protocol.conf") . | quote }}
firewall_l7_protocol.conf: {{ tpl (.Files.Get "conf/firewall_l7_protocol.conf") . | quote }}
firewall_logger_transmitter_schema.json: {{ tpl (.Files.Get "conf/firewall_logger_transmitter_schema.json") . | quote }}

5
ansible/roles/traffic-engine/files/helm/templates/deployment-firewall.yaml
View File

@@ -178,7 +178,10 @@ spec:
subPath: "sapp/spec.toml"
- name: shared-configs-volume
mountPath: "/opt/tsg/sapp/tsgconf/firewall_l7_protocol.conf"
subPath: "sapp/firewall_l7_protocol.conf"
subPath: "sapp/firewall_l7_protocol.conf"
- name: shared-configs-volume
mountPath: "/opt/tsg/sapp/tsgconf/firewall_logger_transmitter_schema.json"
subPath: "sapp/firewall_logger_transmitter_schema.json"
- name: firewall-log
mountPath: /opt/tsg/sapp/log
- name: metrics-json-dir

7
ansible/roles/traffic-engine/files/helm/values.yaml
View File

@@ -32,6 +32,11 @@ external_resources:
addresses:
- address:
port:
udp_collectors:
enable: no
addresses:
- address:
port:
device:
@@ -51,6 +56,8 @@ firewall:
enable: yes
contains_dns_resource_record:
enable: yes
ringbuf:
size: 100000
appsketch:
enable: yes