🐞 fix:TSG-18539 add dynamic-host-port

2024-03-01 18:41:55 +08:00
parent 55234cc551
commit 7fd4db21b9
4 changed files with 121 additions and 32 deletions
--- a/ansible/roles/k3s-install/files/dynamic-hostport.yaml
+++ b/ansible/roles/k3s-install/files/dynamic-hostport.yaml
@@ -0,0 +1,96 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: dynamic-hostports-account
+  namespace: tsg-os-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: dynamic-hostports-account-nodes
+rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: dynamic-hostports-account-pods
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["list","watch","patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: dynamic-hostports-account-services
+rules:
+- apiGroups: [""]
+  resources: ["endpoints", "services"]
+  verbs: ["list","create","delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: dynamic-hostports-account-binding-nodes
+subjects:
+  - kind: ServiceAccount
+    namespace: tsg-os-system
+    name: dynamic-hostports-account
+    apiGroup: ""
+roleRef:
+  kind: ClusterRole
+  name: dynamic-hostports-account-nodes
+  apiGroup: ""
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: dynamic-hostports-account-binding-pods
+subjects:
+  - kind: ServiceAccount
+    namespace: tsg-os-system
+    name: dynamic-hostports-account
+    apiGroup: ""
+roleRef:
+  kind: ClusterRole
+  name: dynamic-hostports-account-pods
+  apiGroup: ""
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: dynamic-hostports-account-binding-services
+subjects:
+- kind: ServiceAccount
+  namespace: tsg-os-system
+  name: dynamic-hostports-account
+  apiGroup: ""
+roleRef:
+  kind: ClusterRole
+  name: dynamic-hostports-account-services
+  apiGroup: ""
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dynamic-hostports-deployment
+  namespace: tsg-os-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dynamic-hostports-app
+  template:
+    metadata:
+      labels:
+        app: dynamic-hostports-app
+    spec:
+      serviceAccountName: dynamic-hostports-account
+      containers:
+      - name: dynamic-hostports-container
+        image: 0blu/dynamic-hostport-manager:latest
+        imagePullPolicy: Never
+      restartPolicy: Always
--- a/ansible/roles/k3s-install/tasks/main.yml
+++ b/ansible/roles/k3s-install/tasks/main.yml
@@ -130,4 +130,16 @@
 - name: "copy mrzcpd-deviceplugin file to dest"
  copy:
    src: "{{ role_path }}/files/daemonset-mrzcpd-deviceplugin.yaml"
-    dest: /var/lib/rancher/k3s/server/manifests/
+    dest: /var/lib/rancher/k3s/server/manifests/
+
+- name: "copy dynamic-hostport yaml file to k3s manifests directory"
+  copy:
+    src: "{{ role_path }}/files/dynamic-hostport.yaml"
+    dest: /var/lib/rancher/k3s/server/manifests/
+
+- name: "Get dynamic-hostport chart images to dest"
+  get_url:
+    url: https://repo.geedge.net/filerepo/install/release/tsg-container-images/dynamic-host-port.tar
+    dest: /var/lib/rancher/k3s/agent/images/dynamic-host-port.tar
+    url_username: "{{ lookup('env', 'PULP_REPO_USERNAME') }}"
+    url_password: "{{ lookup('env', 'PULP_REPO_PASSWORD') }}"
--- a/ansible/roles/traffic-engine/files/helm/templates/deployment-shaping.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/deployment-shaping.yaml
@@ -23,6 +23,7 @@ spec:
        vsysId: "{{ .Values.vsys_id }}"
        serviceFunction: {{ .Release.Name }}
        component: shaping
+        dynamic-hostports: '8551.8552'
      annotations:
        prometheus.io/port: "9007"
        prometheus.io/scrape: "true"
@@ -51,9 +52,12 @@ spec:
            {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }}
            sed -Ei -c "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/shaping_engine/conf/shaping.conf
            {{- end }}
-            curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/${NAMESPACE}/services/shaping-announce-port-{{ .Release.Name }} -o /tmp/service.txt
-            export CLUSTER_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="cluster-announce-port") | .nodePort')
-            export HEALTH_CHECK_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="healthcheck-announce-port") | .nodePort')
+            until nslookup ${MY_POD_NAME}-8551.default.svc; do echo waiting for kubernetes service; sleep 2; done
+            curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/${NAMESPACE}/services/${MY_POD_NAME}-8551 -o /tmp/service.txt
+            export CLUSTER_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | .nodePort')
+            until nslookup ${MY_POD_NAME}-8552.default.svc; do echo waiting for kubernetes service; sleep 2; done
+            curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/${NAMESPACE}/services/${MY_POD_NAME}-8552 -o /tmp/service.txt
+            export HEALTH_CHECK_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] |  .nodePort')
            echo "export CLUSTER_ANNOUNCE_PORT=${CLUSTER_ANNOUNCE_PORT}" > /etc/profile.d/announceinfo.sh
            echo "export HEALTH_CHECK_ANNOUNCE_PORT=${HEALTH_CHECK_ANNOUNCE_PORT}" >> /etc/profile.d/announceinfo.sh
            chmod 0755 /etc/profile.d/announceinfo.sh
@@ -80,6 +84,10 @@ spec:
          - containerPort: 8552
          - containerPort: 9007
        env:
+        - name: MY_POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
        - name: DEPLOYMENT_NAME
          value: {{ .Release.Name }}-shaping
        - name: NODE_IP
@@ -182,14 +190,6 @@ spec:
          - |
            until nslookup kubernetes.default.svc; do echo waiting for kubernetes service; sleep 2; done

-      - name: init-announce-svc
-        image: "registry.gdnt-cloud.website/tsg-init:{{ .Chart.AppVersion }}"
-        imagePullPolicy: Never
-        command:
-          - "bash"
-          - "-ec"
-          - |
-            until nslookup shaping-announce-port-{{ .Release.Name }}.default.svc; do echo waiting for kubernetes service; sleep 2; done

      {{- if eq .Values.external_resources.cm.connectivity "local_cache" }}
      - name: init-cm-svc
@@ -282,4 +282,4 @@ spec:
        hostPath:
          path: /
      {{- end }}
-{{- end }}
+{{- end }}
--- a/ansible/roles/traffic-engine/files/helm/templates/service.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/service.yaml
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: shaping-announce-port-{{ .Release.Name }}
-  name: shaping-announce-port-{{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-
-spec:
-  ports:
-  - name: cluster-announce-port
-    port: 8551
-    targetPort: 8551
-  - name: healthcheck-announce-port
-    port: 8552
-    targetPort: 8552
-  selector:
-    app: {{ .Release.Name }}-shaping
-  type: NodePort