bugfix:TSG-18563:traffic-engine configmap文件名字新增configmap前缀,优化public.prepare-access-API调用方式

2024-01-09 17:55:00 +08:00
parent 0568f4657d
commit d148c607d8
11 changed files with 38 additions and 17 deletions
--- a/ansible/roles/traffic-engine/files/helm/templates/_config.tpl
+++ b/ansible/roles/traffic-engine/files/helm/templates/_config.tpl
@@ -122,7 +122,10 @@ enable_breakpad_upload=0
 {{- end }}
 {{- end -}}

-
+{{/*
+Set up the environment to enable API access. 
+The template should be invoked in command line.
+*/}}
 {{- define "public.prepare-access-API" -}}
 export APISERVER=https://kubernetes.default.svc
 export SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount
@@ -131,7 +134,11 @@ export TOKEN=$(cat ${SERVICEACCOUNT}/token)
 export CACERT=${SERVICEACCOUNT}/ca.crt
 {{- end -}}

-
+{{/*
+Read the node annotations information and serialize it into a file.
+The template should be invoked from the command line.
+The template requires "public.prepare-access-API".
+*/}}
 {{- define "public.serialize-node-annotations" -}}
 curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/nodes/${NODE_NAME} -o /tmp/node-${NODE_NAME}.json
 export DEVICE_SN=$(cat /tmp/node-${NODE_NAME}.json | jq -r '.metadata.annotations."tsg-os/device-sn"')
@@ -139,6 +146,10 @@ echo "{\"sn\": \"$DEVICE_SN\"}" >      /opt/tsg/shared-configs/tsg_sn.json
 echo "export device_id=${DEVICE_SN}" > /opt/tsg/shared-configs/device_id.sh
 {{- end -}}

+{{/*
+The volumes related to "mrzcpd". 
+The volumes will be mounted by "traffic-engine.mount.mrzcpd".
+*/}}
 {{- define "traffic-engine.volume.mrzcpd" -}}
 - name: opt-tsg-mrzcpd
  hostPath:
@@ -159,6 +170,10 @@ echo "export device_id=${DEVICE_SN}" > /opt/tsg/shared-configs/device_id.sh
    type: File
 {{- end -}}

+{{/*
+The volumeMounts related to "mrzcpd".  
+Requires "traffic-engine.volume.mrzcpd"
+*/}}
 {{- define "traffic-engine.mount.mrzcpd" -}}
 - name: opt-tsg-mrzcpd
  mountPath: /opt/tsg/mrzcpd
@@ -194,14 +209,15 @@ echo "export device_id=${DEVICE_SN}" > /opt/tsg/shared-configs/device_id.sh
 {{- end }}
 {{- end -}}

+{{/*
+Read cm service ip and set it up as an environment variable.
+Requires "public.prepare-access-API"
+*/}}
 {{- define "traffic-engine.global.cm.read-server-ip" -}}
-{{- if eq .Values.external_resources.cm.connectivity "local_cache" }}
-{{ include "public.prepare-access-API" . }}
 curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/tsg-os-system/services/${CM_CACHE_SERVICE_NAME} -o /tmp/cm-cache.txt
 export CM_POLICY_LOCAL_CACHE_IP=$(cat /tmp/cm-cache.txt  | jq -r '.spec.clusterIP')
 echo "export CM_POLICY_LOCAL_CACHE_IP=${CM_POLICY_LOCAL_CACHE_IP}" > /etc/profile.d/cm-local-cache.sh
 chmod 0755 /etc/profile.d/cm-local-cache.sh
-{{- end }}
 {{- end -}}

 {{- define "traffic-engine.global.sd.server-ip" -}}
@@ -224,16 +240,15 @@ chmod 0755 /etc/profile.d/cm-local-cache.sh
 {{- end }}
 {{- end -}}

+{{/*
+Read sd service ip and set it up as an environment variable.
+Requires "public.prepare-access-API"
+*/}}
 {{- define "traffic-engine.global.sd.read-server-ip" -}}
-{{- if eq .Values.external_resources.sd.enable .Values.define_enable_val_yes }}
-{{- if eq .Values.external_resources.sd.connectivity "local_cache" }}
-{{ include "public.prepare-access-API" . }}
 curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/tsg-os-system/services/${SD_CACHE_SERVICE_NAME} -o /tmp/sd-cache.txt
 export SD_POLICY_LOCAL_CACHE_IP=$(cat /tmp/sd-cache.txt  | jq -r '.spec.clusterIP')
 echo "export SD_POLICY_LOCAL_CACHE_IP=${SD_POLICY_LOCAL_CACHE_IP}" > /etc/profile.d/sd-local-cache.sh
 chmod 0755 /etc/profile.d/sd-local-cache.sh
-{{- end }}
-{{- end }}
 {{- end -}}

 {{- define "public.sync-host-timezone.volume" -}}
--- a/ansible/roles/traffic-engine/files/helm/templates/configmap-certstore.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/configmap-certstore.yaml
--- a/ansible/roles/traffic-engine/files/helm/templates/configmap-sapp.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/configmap-sapp.yaml
--- a/ansible/roles/traffic-engine/files/helm/templates/configmap-sce.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/configmap-sce.yaml
--- a/ansible/roles/traffic-engine/files/helm/templates/configmap-shaping.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/configmap-shaping.yaml
--- a/ansible/roles/traffic-engine/files/helm/templates/configmap-telegraf.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/configmap-telegraf.yaml
--- a/ansible/roles/traffic-engine/files/helm/templates/configmap-tfe.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/configmap-tfe.yaml
--- a/ansible/roles/traffic-engine/files/helm/templates/deployment-firewall.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/deployment-firewall.yaml
@@ -44,12 +44,15 @@ spec:
          - "-ec"
          - |
            ldconfig
-            {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }}
+            {{- if or (eq .Values.external_resources.cm.connectivity "local_cache") (and (eq .Values.external_resources.sd.enable .Values.define_enable_val_yes) (eq .Values.external_resources.sd.connectivity "local_cache")) }}
+            {{- include "public.prepare-access-API" . | nindent 12 }}
+            {{- end }}
            {{- if eq .Values.external_resources.cm.connectivity "local_cache" }}
+            {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }}
            sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/sapp/tsgconf/maat.conf
            {{- end }}
-            {{- include "traffic-engine.global.sd.read-server-ip" . | nindent 12 }}
            {{- if eq .Values.external_resources.sd.connectivity "local_cache" }}
+            {{- include "traffic-engine.global.sd.read-server-ip" . | nindent 12 }}
            sed -Ei "s|SD_POLICY_LOCAL_CACHE_IP_LOCATION|${SD_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/sapp/tsgconf/maat.conf
            {{- end }}
            {{- if eq .Values.debug.firewall.enable_prestart_script .Values.define_enable_val_yes }}
--- a/ansible/roles/traffic-engine/files/helm/templates/deployment-proxy.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/deployment-proxy.yaml
@@ -46,8 +46,9 @@ spec:
          - "-ec"
          - |
            ldconfig
-            {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }}
            {{- if eq .Values.external_resources.cm.connectivity "local_cache" }}
+            {{- include "public.prepare-access-API" . | nindent 12 }}
+            {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }}
            sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/tfe/conf/tfe/tfe.conf
            {{- end }}
            {{- if eq .Values.debug.proxy.enable_prestart_script .Values.define_enable_val_yes }}
@@ -122,8 +123,9 @@ spec:
          - "bash"
          - "-ec"
          - |
-            {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }}
            {{- if eq .Values.external_resources.cm.connectivity "local_cache" }}
+            {{- include "public.prepare-access-API" . | nindent 12 }}
+            {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }}
            sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/certstore/conf/cert_store.ini
            {{- end }}
            exec /opt/tsg/certstore/bin/certstore
--- a/ansible/roles/traffic-engine/files/helm/templates/deployment-service-chaining.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/deployment-service-chaining.yaml
@@ -46,8 +46,9 @@ spec:
          - "-ec"
          - |
            ldconfig
-            {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }}
            {{- if eq .Values.external_resources.cm.connectivity "local_cache" }}
+            {{- include "public.prepare-access-API" . | nindent 12 }}
+            {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }}
            sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/sce/conf/sce.conf
            {{- end }}
            {{- if eq .Values.debug.service_chaining.enable_prestart_script .Values.define_enable_val_yes }}
--- a/ansible/roles/traffic-engine/files/helm/templates/deployment-shaping.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/deployment-shaping.yaml
@@ -46,11 +46,11 @@ spec:
          - "-ec"
          - |
            ldconfig
-            {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }}
+            {{- include "public.prepare-access-API" . | nindent 12 }}
            {{- if eq .Values.external_resources.cm.connectivity "local_cache" }}
+            {{- include "traffic-engine.global.cm.read-server-ip" . | nindent 12 }}
            sed -Ei "s|CM_POLICY_LOCAL_CACHE_IP_LOCATION|${CM_POLICY_LOCAL_CACHE_IP?}|g" /opt/tsg/shaping_engine/conf/shaping.conf
            {{- end }}
-            {{- include "public.prepare-access-API" . | nindent 12 }}
            curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/${NAMESPACE}/services/${SERVICENAME} -o /tmp/service.txt
            export CLUSTER_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="cluster-announce-port") | .nodePort')
            export HEALTH_CHECK_ANNOUNCE_PORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="healthcheck-announce-port") | .nodePort')