gfwleak/tsg-tsg-os-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature:TSG-14769:将traffic-engine deployment拆分为firewall,proxy,service-chaining,shaping四个deployment

Browse Source
This commit is contained in:
fumingwei
2023-04-20 19:21:04 +08:00
parent d221af3d34
commit dc3cb1939f
6 changed files with 769 additions and 633 deletions
Download Patch File Download Diff File Expand all files Collapse all files

125
ansible/roles/traffic-engine/files/helm/templates/_config.tpl
View File

@@ -167,27 +167,9 @@ enable_breakpad_upload=0
mkdir -p /target_config/etc/default
chmod 0755 /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh
/opt/tsg/tsg-os-provision/scripts/obtain_sn.sh
{{ if eq .Values.proxy.enable .Values.define_enable_val_yes }}
ip tuntap add dev tap0 mode tap multi_queue
/usr/sbin/ip link set tap0 address fe:65:b7:03:50:bd
/usr/sbin/ip link set tap0 up
/usr/sbin/ip addr flush dev tap0
/usr/sbin/ip addr add 172.16.241.2/30 dev tap0
/usr/sbin/ip neigh flush dev tap0
/usr/sbin/ip neigh add 172.16.241.1 lladdr 00:0e:c6:d6:72:c1 dev tap0 nud permanent
/usr/sbin/ip6tables -A INPUT -i tap0 -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
/usr/sbin/iptables -A INPUT -i tap0 -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
/usr/sbin/ip rule add iif tap0 tab 100
/usr/sbin/ip route add local default dev lo table 100
/usr/sbin/ip rule add fwmark 0x65 lookup 101
/usr/sbin/ip route add default dev tap0 via 172.16.241.1 table 101
/usr/sbin/ip addr add fd00::02/64 dev tap0
/usr/sbin/ip -6 route add default via fd00::01
/usr/sbin/ip -6 rule add iif tap0 tab 102
/usr/sbin/ip -6 route add local default dev lo table 102
/usr/sbin/ip -6 neigh add fd00::01 lladdr 00:0e:c6:d6:72:c1 dev tap0 nud permanent
{{- end }}
mount -o remount,rw /sys
{{- end -}}
{{- define "traffic-engine.init.sce" -}}
{{ if .Values.sce_config.endpoint_nic }}
ip tuntap add dev {{ .Values.sce_config.endpoint_nic }} mode tap
ip link set dev {{ .Values.sce_config.endpoint_nic }} up
@@ -263,21 +245,6 @@ enable_breakpad_upload=0
{{- end }}
{{- end -}}
{{- define "traffic-engine.firewall.liveness-probe" -}}
{{- if eq .Values.debug.firewall.enable_liveness_probe .Values.define_enable_val_yes }}
livenessProbe:
tcpSocket:
port: 9273
failureThreshold: 1
timeoutSeconds: 10
startupProbe:
tcpSocket:
port: 9273
failureThreshold: 90
periodSeconds: 10
{{- end }}
{{- end -}}
{{- define "traffic-engine.firewall.volume.prestart" -}}
{{- if eq .Values.debug.firewall.enable_prestart_script .Values.define_enable_val_yes }}
- name: firewall-prestart
@@ -307,22 +274,6 @@ enable_breakpad_upload=0
{{- end }}
{{- end -}}
{{- define "traffic-engine.proxy.liveness-probe" -}}
{{- if eq .Values.debug.proxy.enable_liveness_probe .Values.define_enable_val_yes }}
livenessProbe:
tcpSocket:
port: 9001
failureThreshold: 1
timeoutSeconds: 10
startupProbe:
tcpSocket:
port: 9001
failureThreshold: 30
periodSeconds: 10
{{- end }}
{{- end -}}
{{- define "traffic-engine.proxy.start" -}}
{{- if eq .Values.debug.proxy.enable_interactive_startup .Values.define_enable_val_yes -}}
while true; do sleep 10;done
@@ -369,21 +320,6 @@ enable_breakpad_upload=0
{{- end -}}
{{- define "traffic-engine.service-chaining.liveness-probe" -}}
{{- if eq .Values.debug.service_chaining.enable_liveness_probe .Values.define_enable_val_yes }}
livenessProbe:
tcpSocket:
port: 9006
failureThreshold: 1
timeoutSeconds: 10
startupProbe:
tcpSocket:
port: 9006
failureThreshold: 30
periodSeconds: 10
{{- end }}
{{- end -}}
{{- define "traffic-engine.service-chaining.start" -}}
{{- if eq .Values.debug.service_chaining.enable_interactive_startup .Values.define_enable_val_yes -}}
while true; do sleep 10;done
@@ -430,21 +366,6 @@ enable_breakpad_upload=0
{{- end -}}
{{- define "traffic-engine.shaping.liveness-probe" -}}
{{- if eq .Values.debug.shaping.enable_liveness_probe .Values.define_enable_val_yes }}
livenessProbe:
tcpSocket:
port: 9007
failureThreshold: 1
timeoutSeconds: 10
startupProbe:
tcpSocket:
port: 9007
failureThreshold: 30
periodSeconds: 10
{{- end }}
{{- end -}}
{{- define "traffic-engine.shaping.start" -}}
{{- if eq .Values.debug.shaping.enable_interactive_startup .Values.define_enable_val_yes -}}
while true; do sleep 10;done
@@ -490,4 +411,44 @@ enable_breakpad_upload=0
{{- end }}
{{- end -}}
{{- define "traffic-engine.volume.mrzcpd" -}}
- name: opt-tsg-mrzcpd
hostPath:
path: /opt/tsg/mrzcpd
- name: var-run-mrzcpd
hostPath:
path: /var/run/mrzcpd
- name: var-run-dpdk
hostPath:
path: /var/run/dpdk
- name: root-sys
hostPath:
path: /root/sys
{{- end -}}
{{- define "traffic-engine.mount.mrzcpd" -}}
- name: opt-tsg-mrzcpd
mountPath: /opt/tsg/mrzcpd
readOnly: false
- name: var-run-mrzcpd
mountPath: /var/run/mrzcpd
readOnly: false
- name: var-run-dpdk
mountPath: /var/run/dpdk
readOnly: false
- name: root-sys
mountPath: /root/sys
readOnly: false
{{- end -}}
{{- define "traffic-engine.volume.localtime" -}}
- name: localtime-node
hostPath:
path: /etc/localtime
{{- end -}}
{{- define "traffic-engine.mount.localtime" -}}
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
{{- end -}}

171
ansible/roles/traffic-engine/files/helm/templates/deployment-firewall.yaml Normal file
View File

@@ -0,0 +1,171 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-firewall
labels:
app: {{ .Release.Name }}
component: firewall
spec:
replicas: 1
selector:
matchLabels:
app: {{ .Release.Name }}-firewall
strategy:
type: Recreate
template:
metadata:
labels:
app: {{ .Release.Name }}-firewall
vsysId: "{{ .Values.vsys_id }}"
serviceFunction: {{ .Release.Name }}
annotations:
prometheus.io/port: "9004"
prometheus.io/scrape: "true"
spec:
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
containers:
- name: firewall
image: "docker.io/library/tsg-firewall:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
workingDir: /opt/tsg/sapp
command:
- "bash"
- "-ec"
- |
{{ template "traffic-engine.firewall.copy-config-to-dest" . }}
{{ template "traffic-engine.firewall.prestart" . }}
{{ template "traffic-engine.firewall.start" . }}
ports:
- containerPort: 9273
env:
- name: MRZCPD_CTRLMSG_LISTEN_ADDR
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: OVERRIDE_SLED_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
securityContext:
privileged: true
{{- if eq .Values.debug.firewall.enable_liveness_probe .Values.define_enable_val_yes }}
livenessProbe:
tcpSocket:
port: 9273
failureThreshold: 1
timeoutSeconds: 10
startupProbe:
tcpSocket:
port: 9273
failureThreshold: 90
periodSeconds: 10
{{- end }}
volumeMounts:
- name: sapp
mountPath: "/opt/tsg/config"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: firewall-minidump
mountPath: /run/sapp/crashreport
- name: firewall-log
mountPath: /opt/tsg/sapp/log
{{ template "traffic-engine.mount.mrzcpd" . }}
{{ template "traffic-engine.mount.localtime" . }}
{{ template "traffic-engine.firewall.mount.prestart" . }}
{{ template "traffic-engine.firewall.mount.hostpath" . }}
- name: telegraf
image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_statistic.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"]
securityContext:
privileged: true
volumeMounts:
- name: telegraf
mountPath: "/etc/telegraf/telegraf_statistic.conf"
subPath: "telegraf_statistic.conf"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: config-volume
mountPath: "/etc/default/telegraf"
subPath: "etc/default/telegraf"
{{ template "traffic-engine.mount.localtime" . }}
- name: telegraf-security
image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_security.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"]
securityContext:
privileged: true
volumeMounts:
- name: telegraf
mountPath: "/etc/telegraf/telegraf_security.conf"
subPath: "telegraf_security.conf"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: config-volume
mountPath: "/etc/default/telegraf"
subPath: "etc/default/telegraf"
{{ template "traffic-engine.mount.localtime" . }}
initContainers:
- name: firewall-init
image: "docker.io/library/tsg-init:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command:
- "bash"
- "-ec"
- |
{{ template "traffic-engine.init" . }}
securityContext:
privileged: true
env:
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
volumeMounts:
- name: config-volume
mountPath: /target_config
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
volumes:
- name: telegraf
configMap:
name: telegraf-{{ .Release.Name }}
- name: sapp
configMap:
name: sapp-{{ .Release.Name }}
- name: config-volume
emptyDir: {}
- name: firewall-minidump
hostPath:
path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-firewall:{{ .Chart.AppVersion }}/
- name: firewall-log
hostPath:
path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/sapp/
- name: prestart-dir
hostPath:
path: /etc/tsg-os/{{ .Release.Name }}/
type: DirectoryOrCreate
{{ template "traffic-engine.volume.mrzcpd" . }}
{{ template "traffic-engine.volume.localtime" . }}
{{ template "traffic-engine.firewall.volume.prestart" . }}
{{ template "traffic-engine.volume.hostpath" . }}

198
ansible/roles/traffic-engine/files/helm/templates/deployment-proxy.yaml Normal file
View File

@@ -0,0 +1,198 @@
{{- if and (eq .Values.proxy.enable .Values.define_enable_val_yes) (ge (len .Values.tfe_affinity) 1) }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-proxy
labels:
app: {{ .Release.Name }}
component: firewall
spec:
replicas: 1
selector:
matchLabels:
app: {{ .Release.Name }}-proxy
strategy:
type: Recreate
template:
metadata:
labels:
app: {{ .Release.Name }}-proxy
vsysId: "{{ .Values.vsys_id }}"
serviceFunction: {{ .Release.Name }}
annotations:
prometheus.io/port: "9004"
prometheus.io/scrape: "true"
spec:
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
containers:
- name: proxy
image: "docker.io/library/tsg-proxy:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
workingDir: /opt/tsg/tfe
command:
- "bash"
- "-ec"
- |
{{ template "traffic-engine.proxy.copy-config-to-dest" . }}
{{ template "traffic-engine.proxy.prestart" . }}
{{ template "traffic-engine.proxy.start" . }}
ports:
- containerPort: 9001
env:
- name: MRZCPD_CTRLMSG_LISTEN_ADDR
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: OVERRIDE_SLED_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
securityContext:
privileged: true
{{- if eq .Values.debug.proxy.enable_liveness_probe .Values.define_enable_val_yes }}
livenessProbe:
tcpSocket:
port: 9001
failureThreshold: 1
timeoutSeconds: 10
startupProbe:
tcpSocket:
port: 9001
failureThreshold: 30
periodSeconds: 10
{{- end }}
volumeMounts:
- name: tfe
mountPath: "/opt/tsg/config"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: proxy-minidump
mountPath: /run/tfe/crashreport
- name: proxy-log
mountPath: /opt/tsg/tfe/log
{{ template "traffic-engine.mount.mrzcpd" . }}
{{ template "traffic-engine.mount.localtime" . }}
{{ template "traffic-engine.proxy.mount.prestart" . }}
{{ template "traffic-engine.proxy.mount.hostpath" . }}
- name: certstore
image: "docker.io/library/tsg-certstore:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
workingDir: /opt/tsg/certstore
command:
- "bash"
- "-ec"
- |
{{ template "traffic-engine.certstore.copy-config-to-dest" . }}
{{ template "traffic-engine.certstore.prestart" . }}
exec /opt/tsg/certstore/bin/certstore
securityContext:
privileged: true
ports:
- containerPort: 9002
volumeMounts:
{{ template "traffic-engine.mount.localtime" . }}
- name: certstore
mountPath: "/opt/tsg/config"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: certstore-minidump
mountPath: /run/certstore/crashreport
- name: certstore-log
mountPath: /opt/tsg/certstore/logs
- name: hotfix-certstore
mountPath: /etc/traffic-engine/hotfix/certstore
- name: cert-redis
image: "docker.io/library/tsg-certstore:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command: ["/usr/bin/redis-server", "/etc/cert-redis.conf"]
securityContext:
privileged: true
volumeMounts:
{{ template "traffic-engine.mount.localtime" . }}
initContainers:
- name: proxy-init
image: "docker.io/library/tsg-init:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command:
- "bash"
- "-ec"
- |
{{ template "traffic-engine.init" . }}
ip tuntap add dev tap0 mode tap multi_queue
/usr/sbin/ip link set tap0 address fe:65:b7:03:50:bd
/usr/sbin/ip link set tap0 up
/usr/sbin/ip addr flush dev tap0
/usr/sbin/ip addr add 172.16.241.2/30 dev tap0
/usr/sbin/ip neigh flush dev tap0
/usr/sbin/ip neigh add 172.16.241.1 lladdr 00:0e:c6:d6:72:c1 dev tap0 nud permanent
/usr/sbin/ip6tables -A INPUT -i tap0 -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
/usr/sbin/iptables -A INPUT -i tap0 -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
/usr/sbin/ip rule add iif tap0 tab 100
/usr/sbin/ip route add local default dev lo table 100
/usr/sbin/ip rule add fwmark 0x65 lookup 101
/usr/sbin/ip route add default dev tap0 via 172.16.241.1 table 101
/usr/sbin/ip addr add fd00::02/64 dev tap0
/usr/sbin/ip -6 route add default via fd00::01
/usr/sbin/ip -6 rule add iif tap0 tab 102
/usr/sbin/ip -6 route add local default dev lo table 102
/usr/sbin/ip -6 neigh add fd00::01 lladdr 00:0e:c6:d6:72:c1 dev tap0 nud permanent
mount -o remount,rw /sys
securityContext:
privileged: true
env:
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
volumeMounts:
- name: config-volume
mountPath: /target_config
{{ template "traffic-engine.mount.localtime" . }}
volumes:
- name: certstore
configMap:
name: certstore-{{ .Release.Name }}
- name: tfe
configMap:
name: tfe-{{ .Release.Name }}
- name: config-volume
emptyDir: {}
- name: proxy-minidump
hostPath:
path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-proxy:{{ .Chart.AppVersion }}/
- name: certstore-minidump
hostPath:
path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-certstore:{{ .Chart.AppVersion }}/
- name: proxy-log
hostPath:
path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/tfe/
- name: certstore-log
hostPath:
path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/certstore/
- name: hotfix-certstore
hostPath:
path: /etc/traffic-engine/hotfix/certstore
- name: prestart-dir
hostPath:
path: /etc/tsg-os/{{ .Release.Name }}/
type: DirectoryOrCreate
{{ template "traffic-engine.volume.mrzcpd" . }}
{{ template "traffic-engine.volume.localtime" . }}
{{ template "traffic-engine.proxy.volume.prestart" . }}
{{ template "traffic-engine.volume.hostpath" . }}
{{- end }}

198
ansible/roles/traffic-engine/files/helm/templates/deployment-service-chaining.yaml Normal file
View File

@@ -0,0 +1,198 @@
{{- if and (eq .Values.service_chaining.enable .Values.define_enable_val_yes) (.Values.sce_config.endpoint_nic) }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-service-chaining
labels:
app: {{ .Release.Name }}
component: service-chaining
spec:
replicas: 1
selector:
matchLabels:
app: {{ .Release.Name }}-service-chaining
strategy:
type: Recreate
template:
metadata:
labels:
app: {{ .Release.Name }}-service-chaining
vsysId: "{{ .Values.vsys_id }}"
serviceFunction: {{ .Release.Name }}
annotations:
prometheus.io/port: "9004"
prometheus.io/scrape: "true"
spec:
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
containers:
- name: telegraf-sce
image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_sce.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"]
securityContext:
privileged: true
volumeMounts:
- name: telegraf
mountPath: "/etc/telegraf/telegraf_sce.conf"
subPath: "telegraf_sce.conf"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: config-volume
mountPath: "/etc/default/telegraf"
subPath: "etc/default/telegraf"
{{ template "traffic-engine.mount.localtime" . }}
- name: sce
image: "docker.io/library/tsg-sce:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
workingDir: /opt/tsg/sce
command:
- "bash"
- "-ec"
- |
{{ template "traffic-engine.sce.copy-config-to-dest" . }}
{{ template "traffic-engine.service-chaining.prestart" . }}
{{ template "traffic-engine.service-chaining.start" . }}
ports:
- containerPort: 9006
env:
- name: MRZCPD_CTRLMSG_LISTEN_ADDR
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: OVERRIDE_SLED_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
securityContext:
privileged: true
{{- if eq .Values.debug.service_chaining.enable_liveness_probe .Values.define_enable_val_yes }}
livenessProbe:
tcpSocket:
port: 9006
failureThreshold: 1
timeoutSeconds: 10
startupProbe:
tcpSocket:
port: 9006
failureThreshold: 30
periodSeconds: 10
{{- end }}
volumeMounts:
- name: sce
mountPath: "/opt/tsg/config"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: sce-minidump
mountPath: /run/sce/crashreport
- name: sce-log
mountPath: /opt/tsg/sce/log
- name: bfdd-unix-socket
mountPath: /run/frr
{{ template "traffic-engine.mount.mrzcpd" . }}
{{ template "traffic-engine.mount.localtime" . }}
{{ template "traffic-engine.service-chaining.mount.prestart" . }}
{{ template "traffic-engine.service-chaining.mount.hostpath" . }}
- name: bfdd
image: "docker.io/library/tsg-bfdd:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
workingDir: /opt/tsg/bfdd
command:
- "bash"
- "-ec"
- |
{{ template "traffic-engine.bfdd.prestart" . }}
exec /opt/tsg/bfdd/bfdd -u root -g root
env:
- name: MRZCPD_CTRLMSG_LISTEN_ADDR
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: OVERRIDE_SLED_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
securityContext:
privileged: true
volumeMounts:
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: bfdd-minidump
mountPath: /run/bfdd/crashreport
- name: bfdd-log
mountPath: /opt/tsg/bfdd/log
- name: hotfix-bfdd
mountPath: /etc/traffic-engine/hotfix/bfdd
- name: bfdd-unix-socket
mountPath: /run/frr
{{ template "traffic-engine.mount.localtime" . }}
initContainers:
- name: service-chaining-init
image: "docker.io/library/tsg-init:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command:
- "bash"
- "-ec"
- |
{{ template "traffic-engine.init" . }}
{{ template "traffic-engine.init.sce" . }}
securityContext:
privileged: true
env:
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
volumeMounts:
- name: config-volume
mountPath: /target_config
{{ template "traffic-engine.mount.localtime" . }}
volumes:
- name: telegraf
configMap:
name: telegraf-{{ .Release.Name }}
- name: sce
configMap:
name: sce-{{ .Release.Name }}
- name: config-volume
emptyDir: {}
- name: sce-minidump
hostPath:
path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-sce:{{ .Chart.AppVersion }}/
- name: bfdd-minidump
hostPath:
path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-bfdd:{{ .Chart.AppVersion }}/
- name: sce-log
hostPath:
path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/sce/
- name: bfdd-log
hostPath:
path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/bfdd/
- name: hotfix-bfdd
hostPath:
path: /etc/traffic-engine/hotfix/bfdd
- name: bfdd-unix-socket
emptyDir: {}
- name: prestart-dir
hostPath:
path: /etc/tsg-os/{{ .Release.Name }}/
type: DirectoryOrCreate
{{ template "traffic-engine.volume.mrzcpd" . }}
{{ template "traffic-engine.volume.localtime" . }}
{{ template "traffic-engine.service-chaining.volume.prestart" . }}
{{ template "traffic-engine.volume.hostpath" . }}
{{- end }}

159
ansible/roles/traffic-engine/files/helm/templates/deployment-shaping.yaml Normal file
View File

@@ -0,0 +1,159 @@
{{- if eq .Values.shaping.enable .Values.define_enable_val_yes }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-shaping
labels:
app: {{ .Release.Name }}
component: shaping
spec:
replicas: 1
selector:
matchLabels:
app: {{ .Release.Name }}-shaping
strategy:
type: Recreate
template:
metadata:
labels:
app: {{ .Release.Name }}-shaping
vsysId: "{{ .Values.vsys_id }}"
serviceFunction: {{ .Release.Name }}
annotations:
prometheus.io/port: "9004"
prometheus.io/scrape: "true"
spec:
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
containers:
- name: shaping
image: "docker.io/library/tsg-shaping:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
workingDir: /opt/tsg/shaping_engine
command:
- "bash"
- "-ec"
- |
{{ template "traffic-engine.shaping.copy-config-to-dest" . }}
{{ template "traffic-engine.shaping.get-service-node-port" . }}
{{ template "traffic-engine.shaping.set-shaping-config" . }}
{{ template "traffic-engine.shaping.prestart" . }}
{{ template "traffic-engine.shaping.start" . }}
ports:
- containerPort: 8551
- containerPort: 8552
- containerPort: 9007
env:
- name: SERVICENAME
value: shaping-announce-port-{{ .Release.Name }}
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: MRZCPD_CTRLMSG_LISTEN_ADDR
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: OVERRIDE_SLED_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
{{- if eq .Values.debug.shaping.enable_liveness_probe .Values.define_enable_val_yes }}
livenessProbe:
tcpSocket:
port: 9007
failureThreshold: 1
timeoutSeconds: 10
startupProbe:
tcpSocket:
port: 9007
failureThreshold: 30
periodSeconds: 10
{{- end }}
securityContext:
privileged: true
volumeMounts:
- name: shaping
mountPath: "/opt/tsg/config"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: shaping-minidump
mountPath: /run/shaping/crashreport
- name: shaping-log
mountPath: /opt/tsg/shaping/log
{{ template "traffic-engine.mount.mrzcpd" . }}
{{ template "traffic-engine.mount.localtime" . }}
{{ template "traffic-engine.shaping.mount.prestart" . }}
{{ template "traffic-engine.shaping.mount.hostpath" . }}
- name: telegraf-shaping
image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_shaping.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"]
securityContext:
privileged: true
volumeMounts:
- name: telegraf
mountPath: "/etc/telegraf/telegraf_shaping.conf"
subPath: "telegraf_shaping.conf"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: config-volume
mountPath: "/etc/default/telegraf"
subPath: "etc/default/telegraf"
{{ template "traffic-engine.mount.localtime" . }}
initContainers:
- name: shaping-init
image: "docker.io/library/tsg-init:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command:
- "bash"
- "-ec"
- |
{{ template "traffic-engine.init" . }}
securityContext:
privileged: true
env:
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
volumeMounts:
- name: config-volume
mountPath: /target_config
{{ template "traffic-engine.mount.localtime" . }}
volumes:
- name: telegraf
configMap:
name: telegraf-{{ .Release.Name }}
- name: shaping
configMap:
name: shaping-{{ .Release.Name }}
- name: config-volume
emptyDir: {}
- name: shaping-minidump
hostPath:
path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-shaping:{{ .Chart.AppVersion }}/
- name: shaping-log
hostPath:
path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/shaping/
- name: prestart-dir
hostPath:
path: /etc/tsg-os/{{ .Release.Name }}/
type: DirectoryOrCreate
{{ template "traffic-engine.volume.mrzcpd" . }}
{{ template "traffic-engine.volume.localtime" . }}
{{ template "traffic-engine.shaping.volume.prestart" . }}
{{ template "traffic-engine.volume.hostpath" . }}
{{- end }}

551
ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml
View File

@@ -1,551 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: traffic-engine-{{ .Release.Name }}
labels:
app: traffic-engine-{{ .Release.Name }}
spec:
replicas: 1
selector:
matchLabels:
app: traffic-engine-{{ .Release.Name }}
strategy:
type: Recreate
template:
metadata:
labels:
app: traffic-engine-{{ .Release.Name }}
vsysId: "{{ .Values.vsys_id }}"
serviceFunction: {{ .Values.nic_raw_name }}
annotations:
configHash: "{{ .Values.configHash }}"
prometheus.io/port: "9004"
prometheus.io/scrape: "true"
spec:
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
containers:
- name: firewall
image: "docker.io/library/tsg-firewall:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
workingDir: /opt/tsg/sapp
command:
- "bash"
- "-ec"
- |
{{ template "traffic-engine.firewall.copy-config-to-dest" . }}
{{ template "traffic-engine.firewall.prestart" . }}
{{ template "traffic-engine.firewall.start" . }}
ports:
- containerPort: 9273
env:
- name: MRZCPD_CTRLMSG_LISTEN_ADDR
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: OVERRIDE_SLED_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
securityContext:
privileged: true
{{ template "traffic-engine.firewall.liveness-probe" . }}
volumeMounts:
- name: opt-tsg-mrzcpd
mountPath: /opt/tsg/mrzcpd
readOnly: false
- name: var-run-mrzcpd
mountPath: /var/run/mrzcpd
readOnly: false
- name: var-run-dpdk
mountPath: /var/run/dpdk
readOnly: false
- name: root-sys
mountPath: /root/sys
readOnly: false
- name: sapp
mountPath: "/opt/tsg/config"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: firewall-minidump
mountPath: /run/sapp/crashreport
- name: firewall-log
mountPath: /opt/tsg/sapp/log
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
{{ template "traffic-engine.firewall.mount.prestart" . }}
{{ template "traffic-engine.firewall.mount.hostpath" . }}
{{- if and (eq .Values.proxy.enable .Values.define_enable_val_yes) (ge (len .Values.tfe_affinity) 1) }}
- name: proxy
image: "docker.io/library/tsg-proxy:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
workingDir: /opt/tsg/tfe
command:
- "bash"
- "-ec"
- |
{{ template "traffic-engine.proxy.copy-config-to-dest" . }}
{{ template "traffic-engine.proxy.prestart" . }}
{{ template "traffic-engine.proxy.start" . }}
ports:
- containerPort: 9001
env:
- name: MRZCPD_CTRLMSG_LISTEN_ADDR
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: OVERRIDE_SLED_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
securityContext:
privileged: true
{{ template "traffic-engine.proxy.liveness-probe" . }}
volumeMounts:
- name: tfe
mountPath: "/opt/tsg/config"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: proxy-minidump
mountPath: /run/tfe/crashreport
- name: proxy-log
mountPath: /opt/tsg/tfe/log
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
{{ template "traffic-engine.proxy.mount.prestart" . }}
{{ template "traffic-engine.proxy.mount.hostpath" . }}
{{- end }}
- name: certstore
image: "docker.io/library/tsg-certstore:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
workingDir: /opt/tsg/certstore
command:
- "bash"
- "-ec"
- |
{{ template "traffic-engine.certstore.copy-config-to-dest" . }}
{{ template "traffic-engine.certstore.prestart" . }}
exec /opt/tsg/certstore/bin/certstore
securityContext:
privileged: true
ports:
- containerPort: 9002
volumeMounts:
- name: certstore
mountPath: "/opt/tsg/config"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: certstore-minidump
mountPath: /run/certstore/crashreport
- name: certstore-log
mountPath: /opt/tsg/certstore/logs
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
- name: hotfix-certstore
mountPath: /etc/traffic-engine/hotfix/certstore
- name: cert-redis
image: "docker.io/library/tsg-certstore:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command: ["/usr/bin/redis-server", "/etc/cert-redis.conf"]
securityContext:
privileged: true
volumeMounts:
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
- name: telegraf
image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_statistic.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"]
securityContext:
privileged: true
volumeMounts:
- name: telegraf
mountPath: "/etc/telegraf/telegraf_statistic.conf"
subPath: "telegraf_statistic.conf"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: config-volume
mountPath: "/etc/default/telegraf"
subPath: "etc/default/telegraf"
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
{{- if eq .Values.shaping.enable .Values.define_enable_val_yes }}
- name: shaping
image: "docker.io/library/tsg-shaping:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
workingDir: /opt/tsg/shaping_engine
command:
- "bash"
- "-ec"
- |
{{ template "traffic-engine.shaping.copy-config-to-dest" . }}
{{ template "traffic-engine.shaping.get-service-node-port" . }}
{{ template "traffic-engine.shaping.set-shaping-config" . }}
{{ template "traffic-engine.shaping.prestart" . }}
{{ template "traffic-engine.shaping.start" . }}
ports:
- containerPort: 8551
- containerPort: 8552
- containerPort: 9007
env:
- name: SERVICENAME
value: shaping-announce-port-{{ .Release.Name }}
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: MRZCPD_CTRLMSG_LISTEN_ADDR
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: OVERRIDE_SLED_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
{{ template "traffic-engine.shaping.liveness-probe" . }}
securityContext:
privileged: true
volumeMounts:
- name: opt-tsg-mrzcpd
mountPath: /opt/tsg/mrzcpd
readOnly: false
- name: var-run-mrzcpd
mountPath: /var/run/mrzcpd
readOnly: false
- name: var-run-dpdk
mountPath: /var/run/dpdk
readOnly: false
- name: root-sys
mountPath: /root/sys
readOnly: false
- name: shaping
mountPath: "/opt/tsg/config"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: shaping-minidump
mountPath: /run/shaping/crashreport
- name: shaping-log
mountPath: /opt/tsg/shaping/log
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
{{ template "traffic-engine.shaping.mount.prestart" . }}
{{ template "traffic-engine.shaping.mount.hostpath" . }}
- name: telegraf-shaping
image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_shaping.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"]
securityContext:
privileged: true
volumeMounts:
- name: telegraf
mountPath: "/etc/telegraf/telegraf_shaping.conf"
subPath: "telegraf_shaping.conf"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: config-volume
mountPath: "/etc/default/telegraf"
subPath: "etc/default/telegraf"
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
{{- end }}
- name: merge-exporter
image: "quay.io/rebuy/exporter-merger:v0.2.0"
imagePullPolicy: Never
ports:
- containerPort: 9004
env:
# space-separated list of URLs
- name: MERGER_URLS
{{- include "traffic-engine.merge-exporter.merge-urls" . | nindent 10 }}
- name: MERGER_PORT
value: "9004"
- name: minidump-hook
image: "docker.io/library/tsg-init:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command: ["/bin/sh", "-c", "while true; do touch /run/sapp/crashreport/.minidump; touch /run/tfe/crashreport/.minidump; touch /run/certstore/crashreport/.minidump; sleep 600; done"]
volumeMounts:
- name: firewall-minidump
mountPath: /run/sapp/crashreport
- name: proxy-minidump
mountPath: /run/tfe/crashreport
- name: certstore-minidump
mountPath: /run/certstore/crashreport
{{- if and (eq .Values.service_chaining.enable .Values.define_enable_val_yes) (.Values.sce_config.endpoint_nic) }}
- name: telegraf-sce
image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_sce.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"]
securityContext:
privileged: true
volumeMounts:
- name: telegraf
mountPath: "/etc/telegraf/telegraf_sce.conf"
subPath: "telegraf_sce.conf"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: config-volume
mountPath: "/etc/default/telegraf"
subPath: "etc/default/telegraf"
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
- name: sce
image: "docker.io/library/tsg-sce:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
workingDir: /opt/tsg/sce
command:
- "bash"
- "-ec"
- |
{{ template "traffic-engine.sce.copy-config-to-dest" . }}
{{ template "traffic-engine.service-chaining.prestart" . }}
{{ template "traffic-engine.service-chaining.start" . }}
ports:
- containerPort: 9006
env:
- name: MRZCPD_CTRLMSG_LISTEN_ADDR
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: OVERRIDE_SLED_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
securityContext:
privileged: true
{{ template "traffic-engine.service-chaining.liveness-probe" . }}
volumeMounts:
- name: opt-tsg-mrzcpd
mountPath: /opt/tsg/mrzcpd
readOnly: false
- name: var-run-mrzcpd
mountPath: /var/run/mrzcpd
readOnly: false
- name: var-run-dpdk
mountPath: /var/run/dpdk
readOnly: false
- name: root-sys
mountPath: /root/sys
readOnly: false
- name: sce
mountPath: "/opt/tsg/config"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: sce-minidump
mountPath: /run/sce/crashreport
- name: sce-log
mountPath: /opt/tsg/sce/log
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
- name: bfdd-unix-socket
mountPath: /run/frr
{{ template "traffic-engine.service-chaining.mount.prestart" . }}
{{ template "traffic-engine.service-chaining.mount.hostpath" . }}
- name: bfdd
image: "docker.io/library/tsg-bfdd:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
workingDir: /opt/tsg/bfdd
command:
- "bash"
- "-ec"
- |
{{ template "traffic-engine.bfdd.prestart" . }}
exec /opt/tsg/bfdd/bfdd -u root -g root
env:
- name: MRZCPD_CTRLMSG_LISTEN_ADDR
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: OVERRIDE_SLED_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
securityContext:
privileged: true
volumeMounts:
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: bfdd-minidump
mountPath: /run/bfdd/crashreport
- name: bfdd-log
mountPath: /opt/tsg/bfdd/log
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
- name: hotfix-bfdd
mountPath: /etc/traffic-engine/hotfix/bfdd
- name: bfdd-unix-socket
mountPath: /run/frr
{{- end }}
- name: telegraf-security
image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_security.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"]
securityContext:
privileged: true
volumeMounts:
- name: telegraf
mountPath: "/etc/telegraf/telegraf_security.conf"
subPath: "telegraf_security.conf"
- name: config-volume
mountPath: "/opt/tsg/etc/tsg_sn.json"
subPath: "opt/tsg/etc/tsg_sn.json"
- name: config-volume
mountPath: "/etc/default/telegraf"
subPath: "etc/default/telegraf"
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
initContainers:
- name: tsg-init
image: "docker.io/library/tsg-init:{{ .Chart.AppVersion }}"
imagePullPolicy: Never
command:
- "bash"
- "-ec"
- |
{{ template "traffic-engine.init" . }}
securityContext:
privileged: true
env:
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
volumeMounts:
- name: config-volume
mountPath: /target_config
- name: localtime-node
mountPath: /etc/localtime
readOnly: true
volumes:
- name: opt-tsg-mrzcpd
hostPath:
path: /opt/tsg/mrzcpd
- name: var-run-mrzcpd
hostPath:
path: /var/run/mrzcpd
- name: var-run-dpdk
hostPath:
path: /var/run/dpdk
- name: root-sys
hostPath:
path: /root/sys
- name: telegraf
configMap:
name: telegraf-{{ .Release.Name }}
- name: certstore
configMap:
name: certstore-{{ .Release.Name }}
- name: tfe
configMap:
name: tfe-{{ .Release.Name }}
- name: sapp
configMap:
name: sapp-{{ .Release.Name }}
- name: sce
configMap:
name: sce-{{ .Release.Name }}
- name: shaping
configMap:
name: shaping-{{ .Release.Name }}
- name: config-volume
emptyDir: {}
- name: firewall-minidump
hostPath:
path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-firewall:{{ .Chart.AppVersion }}/
- name: proxy-minidump
hostPath:
path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-proxy:{{ .Chart.AppVersion }}/
- name: sce-minidump
hostPath:
path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-sce:{{ .Chart.AppVersion }}/
- name: bfdd-minidump
hostPath:
path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-bfdd:{{ .Chart.AppVersion }}/
- name: certstore-minidump
hostPath:
path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-certstore:{{ .Chart.AppVersion }}/
- name: shaping-minidump
hostPath:
path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-shaping:{{ .Chart.AppVersion }}/
- name: firewall-log
hostPath:
path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/sapp/
- name: proxy-log
hostPath:
path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/tfe/
- name: sce-log
hostPath:
path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/sce/
- name: bfdd-log
hostPath:
path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/bfdd/
- name: certstore-log
hostPath:
path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/certstore/
- name: shaping-log
hostPath:
path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/shaping/
- name: localtime-node
hostPath:
path: /etc/localtime
- name: hotfix-certstore
hostPath:
path: /etc/traffic-engine/hotfix/certstore
- name: hotfix-bfdd
hostPath:
path: /etc/traffic-engine/hotfix/bfdd
- name: bfdd-unix-socket
emptyDir: {}
- name: prestart-dir
hostPath:
path: /etc/tsg-os/{{ .Release.Name }}/
type: DirectoryOrCreate
{{ template "traffic-engine.firewall.volume.prestart" . }}
{{ template "traffic-engine.proxy.volume.prestart" . }}
{{ template "traffic-engine.service-chaining.volume.prestart" . }}
{{ template "traffic-engine.shaping.volume.prestart" . }}
{{ template "traffic-engine.volume.hostpath" . }}