From dc3cb1939f4e6219fea91bdc3e0d6e56ba481355 Mon Sep 17 00:00:00 2001 From: fumingwei Date: Thu, 20 Apr 2023 19:21:04 +0800 Subject: [PATCH] =?UTF-8?q?feature:TSG-14769:=E5=B0=86traffic-engine=20dep?= =?UTF-8?q?loyment=E6=8B=86=E5=88=86=E4=B8=BAfirewall,proxy,service-chaini?= =?UTF-8?q?ng,shaping=E5=9B=9B=E4=B8=AAdeployment?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../files/helm/templates/_config.tpl | 125 ++-- .../helm/templates/deployment-firewall.yaml | 171 ++++++ .../helm/templates/deployment-proxy.yaml | 198 +++++++ .../deployment-service-chaining.yaml | 198 +++++++ .../helm/templates/deployment-shaping.yaml | 159 +++++ .../files/helm/templates/traffic-engine.yaml | 551 ------------------ 6 files changed, 769 insertions(+), 633 deletions(-) create mode 100644 ansible/roles/traffic-engine/files/helm/templates/deployment-firewall.yaml create mode 100644 ansible/roles/traffic-engine/files/helm/templates/deployment-proxy.yaml create mode 100644 ansible/roles/traffic-engine/files/helm/templates/deployment-service-chaining.yaml create mode 100644 ansible/roles/traffic-engine/files/helm/templates/deployment-shaping.yaml delete mode 100644 ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml diff --git a/ansible/roles/traffic-engine/files/helm/templates/_config.tpl b/ansible/roles/traffic-engine/files/helm/templates/_config.tpl index 4acb0bee..2574a8da 100644 --- a/ansible/roles/traffic-engine/files/helm/templates/_config.tpl +++ b/ansible/roles/traffic-engine/files/helm/templates/_config.tpl @@ -167,27 +167,9 @@ enable_breakpad_upload=0 mkdir -p /target_config/etc/default chmod 0755 /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh /opt/tsg/tsg-os-provision/scripts/obtain_sn.sh -{{ if eq .Values.proxy.enable .Values.define_enable_val_yes }} - ip tuntap add dev tap0 mode tap multi_queue - /usr/sbin/ip link set tap0 address fe:65:b7:03:50:bd - /usr/sbin/ip link set tap0 up - /usr/sbin/ip addr flush dev tap0 - /usr/sbin/ip addr add 172.16.241.2/30 dev tap0 - /usr/sbin/ip neigh flush dev tap0 - /usr/sbin/ip neigh add 172.16.241.1 lladdr 00:0e:c6:d6:72:c1 dev tap0 nud permanent - /usr/sbin/ip6tables -A INPUT -i tap0 -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1 - /usr/sbin/iptables -A INPUT -i tap0 -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1 - /usr/sbin/ip rule add iif tap0 tab 100 - /usr/sbin/ip route add local default dev lo table 100 - /usr/sbin/ip rule add fwmark 0x65 lookup 101 - /usr/sbin/ip route add default dev tap0 via 172.16.241.1 table 101 - /usr/sbin/ip addr add fd00::02/64 dev tap0 - /usr/sbin/ip -6 route add default via fd00::01 - /usr/sbin/ip -6 rule add iif tap0 tab 102 - /usr/sbin/ip -6 route add local default dev lo table 102 - /usr/sbin/ip -6 neigh add fd00::01 lladdr 00:0e:c6:d6:72:c1 dev tap0 nud permanent -{{- end }} - mount -o remount,rw /sys +{{- end -}} + +{{- define "traffic-engine.init.sce" -}} {{ if .Values.sce_config.endpoint_nic }} ip tuntap add dev {{ .Values.sce_config.endpoint_nic }} mode tap ip link set dev {{ .Values.sce_config.endpoint_nic }} up @@ -263,21 +245,6 @@ enable_breakpad_upload=0 {{- end }} {{- end -}} -{{- define "traffic-engine.firewall.liveness-probe" -}} -{{- if eq .Values.debug.firewall.enable_liveness_probe .Values.define_enable_val_yes }} - livenessProbe: - tcpSocket: - port: 9273 - failureThreshold: 1 - timeoutSeconds: 10 - startupProbe: - tcpSocket: - port: 9273 - failureThreshold: 90 - periodSeconds: 10 -{{- end }} -{{- end -}} - {{- define "traffic-engine.firewall.volume.prestart" -}} {{- if eq .Values.debug.firewall.enable_prestart_script .Values.define_enable_val_yes }} - name: firewall-prestart @@ -307,22 +274,6 @@ enable_breakpad_upload=0 {{- end }} {{- end -}} - -{{- define "traffic-engine.proxy.liveness-probe" -}} -{{- if eq .Values.debug.proxy.enable_liveness_probe .Values.define_enable_val_yes }} - livenessProbe: - tcpSocket: - port: 9001 - failureThreshold: 1 - timeoutSeconds: 10 - startupProbe: - tcpSocket: - port: 9001 - failureThreshold: 30 - periodSeconds: 10 -{{- end }} -{{- end -}} - {{- define "traffic-engine.proxy.start" -}} {{- if eq .Values.debug.proxy.enable_interactive_startup .Values.define_enable_val_yes -}} while true; do sleep 10;done @@ -369,21 +320,6 @@ enable_breakpad_upload=0 {{- end -}} -{{- define "traffic-engine.service-chaining.liveness-probe" -}} -{{- if eq .Values.debug.service_chaining.enable_liveness_probe .Values.define_enable_val_yes }} - livenessProbe: - tcpSocket: - port: 9006 - failureThreshold: 1 - timeoutSeconds: 10 - startupProbe: - tcpSocket: - port: 9006 - failureThreshold: 30 - periodSeconds: 10 -{{- end }} -{{- end -}} - {{- define "traffic-engine.service-chaining.start" -}} {{- if eq .Values.debug.service_chaining.enable_interactive_startup .Values.define_enable_val_yes -}} while true; do sleep 10;done @@ -430,21 +366,6 @@ enable_breakpad_upload=0 {{- end -}} -{{- define "traffic-engine.shaping.liveness-probe" -}} -{{- if eq .Values.debug.shaping.enable_liveness_probe .Values.define_enable_val_yes }} - livenessProbe: - tcpSocket: - port: 9007 - failureThreshold: 1 - timeoutSeconds: 10 - startupProbe: - tcpSocket: - port: 9007 - failureThreshold: 30 - periodSeconds: 10 -{{- end }} -{{- end -}} - {{- define "traffic-engine.shaping.start" -}} {{- if eq .Values.debug.shaping.enable_interactive_startup .Values.define_enable_val_yes -}} while true; do sleep 10;done @@ -490,4 +411,44 @@ enable_breakpad_upload=0 {{- end }} {{- end -}} +{{- define "traffic-engine.volume.mrzcpd" -}} + - name: opt-tsg-mrzcpd + hostPath: + path: /opt/tsg/mrzcpd + - name: var-run-mrzcpd + hostPath: + path: /var/run/mrzcpd + - name: var-run-dpdk + hostPath: + path: /var/run/dpdk + - name: root-sys + hostPath: + path: /root/sys +{{- end -}} +{{- define "traffic-engine.mount.mrzcpd" -}} + - name: opt-tsg-mrzcpd + mountPath: /opt/tsg/mrzcpd + readOnly: false + - name: var-run-mrzcpd + mountPath: /var/run/mrzcpd + readOnly: false + - name: var-run-dpdk + mountPath: /var/run/dpdk + readOnly: false + - name: root-sys + mountPath: /root/sys + readOnly: false +{{- end -}} + +{{- define "traffic-engine.volume.localtime" -}} + - name: localtime-node + hostPath: + path: /etc/localtime +{{- end -}} + +{{- define "traffic-engine.mount.localtime" -}} + - name: localtime-node + mountPath: /etc/localtime + readOnly: true +{{- end -}} \ No newline at end of file diff --git a/ansible/roles/traffic-engine/files/helm/templates/deployment-firewall.yaml b/ansible/roles/traffic-engine/files/helm/templates/deployment-firewall.yaml new file mode 100644 index 00000000..84cf32b2 --- /dev/null +++ b/ansible/roles/traffic-engine/files/helm/templates/deployment-firewall.yaml @@ -0,0 +1,171 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-firewall + labels: + app: {{ .Release.Name }} + component: firewall + +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Release.Name }}-firewall + strategy: + type: Recreate + template: + metadata: + labels: + app: {{ .Release.Name }}-firewall + vsysId: "{{ .Values.vsys_id }}" + serviceFunction: {{ .Release.Name }} + annotations: + prometheus.io/port: "9004" + prometheus.io/scrape: "true" + + spec: + tolerations: + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + containers: + - name: firewall + image: "docker.io/library/tsg-firewall:{{ .Chart.AppVersion }}" + imagePullPolicy: Never + workingDir: /opt/tsg/sapp + command: + - "bash" + - "-ec" + - | + {{ template "traffic-engine.firewall.copy-config-to-dest" . }} + {{ template "traffic-engine.firewall.prestart" . }} + {{ template "traffic-engine.firewall.start" . }} + ports: + - containerPort: 9273 + env: + - name: MRZCPD_CTRLMSG_LISTEN_ADDR + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OVERRIDE_SLED_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + securityContext: + privileged: true +{{- if eq .Values.debug.firewall.enable_liveness_probe .Values.define_enable_val_yes }} + livenessProbe: + tcpSocket: + port: 9273 + failureThreshold: 1 + timeoutSeconds: 10 + startupProbe: + tcpSocket: + port: 9273 + failureThreshold: 90 + periodSeconds: 10 +{{- end }} + volumeMounts: + - name: sapp + mountPath: "/opt/tsg/config" + - name: config-volume + mountPath: "/opt/tsg/etc/tsg_sn.json" + subPath: "opt/tsg/etc/tsg_sn.json" + - name: firewall-minidump + mountPath: /run/sapp/crashreport + - name: firewall-log + mountPath: /opt/tsg/sapp/log + {{ template "traffic-engine.mount.mrzcpd" . }} + {{ template "traffic-engine.mount.localtime" . }} + {{ template "traffic-engine.firewall.mount.prestart" . }} + {{ template "traffic-engine.firewall.mount.hostpath" . }} + + - name: telegraf + image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}" + imagePullPolicy: Never + command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_statistic.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"] + securityContext: + privileged: true + volumeMounts: + - name: telegraf + mountPath: "/etc/telegraf/telegraf_statistic.conf" + subPath: "telegraf_statistic.conf" + - name: config-volume + mountPath: "/opt/tsg/etc/tsg_sn.json" + subPath: "opt/tsg/etc/tsg_sn.json" + - name: config-volume + mountPath: "/etc/default/telegraf" + subPath: "etc/default/telegraf" + {{ template "traffic-engine.mount.localtime" . }} + + - name: telegraf-security + image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}" + imagePullPolicy: Never + command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_security.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"] + securityContext: + privileged: true + volumeMounts: + - name: telegraf + mountPath: "/etc/telegraf/telegraf_security.conf" + subPath: "telegraf_security.conf" + - name: config-volume + mountPath: "/opt/tsg/etc/tsg_sn.json" + subPath: "opt/tsg/etc/tsg_sn.json" + - name: config-volume + mountPath: "/etc/default/telegraf" + subPath: "etc/default/telegraf" + {{ template "traffic-engine.mount.localtime" . }} + + initContainers: + - name: firewall-init + image: "docker.io/library/tsg-init:{{ .Chart.AppVersion }}" + imagePullPolicy: Never + command: + - "bash" + - "-ec" + - | + {{ template "traffic-engine.init" . }} + securityContext: + privileged: true + env: + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: config-volume + mountPath: /target_config + - name: localtime-node + mountPath: /etc/localtime + readOnly: true + + volumes: + - name: telegraf + configMap: + name: telegraf-{{ .Release.Name }} + - name: sapp + configMap: + name: sapp-{{ .Release.Name }} + - name: config-volume + emptyDir: {} + - name: firewall-minidump + hostPath: + path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-firewall:{{ .Chart.AppVersion }}/ + - name: firewall-log + hostPath: + path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/sapp/ + - name: prestart-dir + hostPath: + path: /etc/tsg-os/{{ .Release.Name }}/ + type: DirectoryOrCreate + {{ template "traffic-engine.volume.mrzcpd" . }} + {{ template "traffic-engine.volume.localtime" . }} + {{ template "traffic-engine.firewall.volume.prestart" . }} + {{ template "traffic-engine.volume.hostpath" . }} diff --git a/ansible/roles/traffic-engine/files/helm/templates/deployment-proxy.yaml b/ansible/roles/traffic-engine/files/helm/templates/deployment-proxy.yaml new file mode 100644 index 00000000..8ae5c7e5 --- /dev/null +++ b/ansible/roles/traffic-engine/files/helm/templates/deployment-proxy.yaml @@ -0,0 +1,198 @@ +{{- if and (eq .Values.proxy.enable .Values.define_enable_val_yes) (ge (len .Values.tfe_affinity) 1) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-proxy + labels: + app: {{ .Release.Name }} + component: firewall + +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Release.Name }}-proxy + strategy: + type: Recreate + template: + metadata: + labels: + app: {{ .Release.Name }}-proxy + vsysId: "{{ .Values.vsys_id }}" + serviceFunction: {{ .Release.Name }} + annotations: + prometheus.io/port: "9004" + prometheus.io/scrape: "true" + + spec: + tolerations: + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + containers: + - name: proxy + image: "docker.io/library/tsg-proxy:{{ .Chart.AppVersion }}" + imagePullPolicy: Never + workingDir: /opt/tsg/tfe + command: + - "bash" + - "-ec" + - | + {{ template "traffic-engine.proxy.copy-config-to-dest" . }} + {{ template "traffic-engine.proxy.prestart" . }} + {{ template "traffic-engine.proxy.start" . }} + ports: + - containerPort: 9001 + env: + - name: MRZCPD_CTRLMSG_LISTEN_ADDR + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OVERRIDE_SLED_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + securityContext: + privileged: true +{{- if eq .Values.debug.proxy.enable_liveness_probe .Values.define_enable_val_yes }} + livenessProbe: + tcpSocket: + port: 9001 + failureThreshold: 1 + timeoutSeconds: 10 + startupProbe: + tcpSocket: + port: 9001 + failureThreshold: 30 + periodSeconds: 10 +{{- end }} + volumeMounts: + - name: tfe + mountPath: "/opt/tsg/config" + - name: config-volume + mountPath: "/opt/tsg/etc/tsg_sn.json" + subPath: "opt/tsg/etc/tsg_sn.json" + - name: proxy-minidump + mountPath: /run/tfe/crashreport + - name: proxy-log + mountPath: /opt/tsg/tfe/log + {{ template "traffic-engine.mount.mrzcpd" . }} + {{ template "traffic-engine.mount.localtime" . }} + {{ template "traffic-engine.proxy.mount.prestart" . }} + {{ template "traffic-engine.proxy.mount.hostpath" . }} + + - name: certstore + image: "docker.io/library/tsg-certstore:{{ .Chart.AppVersion }}" + imagePullPolicy: Never + workingDir: /opt/tsg/certstore + command: + - "bash" + - "-ec" + - | + {{ template "traffic-engine.certstore.copy-config-to-dest" . }} + {{ template "traffic-engine.certstore.prestart" . }} + exec /opt/tsg/certstore/bin/certstore + securityContext: + privileged: true + ports: + - containerPort: 9002 + volumeMounts: + {{ template "traffic-engine.mount.localtime" . }} + - name: certstore + mountPath: "/opt/tsg/config" + - name: config-volume + mountPath: "/opt/tsg/etc/tsg_sn.json" + subPath: "opt/tsg/etc/tsg_sn.json" + - name: certstore-minidump + mountPath: /run/certstore/crashreport + - name: certstore-log + mountPath: /opt/tsg/certstore/logs + - name: hotfix-certstore + mountPath: /etc/traffic-engine/hotfix/certstore + + - name: cert-redis + image: "docker.io/library/tsg-certstore:{{ .Chart.AppVersion }}" + imagePullPolicy: Never + command: ["/usr/bin/redis-server", "/etc/cert-redis.conf"] + securityContext: + privileged: true + volumeMounts: + {{ template "traffic-engine.mount.localtime" . }} + + initContainers: + - name: proxy-init + image: "docker.io/library/tsg-init:{{ .Chart.AppVersion }}" + imagePullPolicy: Never + command: + - "bash" + - "-ec" + - | + {{ template "traffic-engine.init" . }} + ip tuntap add dev tap0 mode tap multi_queue + /usr/sbin/ip link set tap0 address fe:65:b7:03:50:bd + /usr/sbin/ip link set tap0 up + /usr/sbin/ip addr flush dev tap0 + /usr/sbin/ip addr add 172.16.241.2/30 dev tap0 + /usr/sbin/ip neigh flush dev tap0 + /usr/sbin/ip neigh add 172.16.241.1 lladdr 00:0e:c6:d6:72:c1 dev tap0 nud permanent + /usr/sbin/ip6tables -A INPUT -i tap0 -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1 + /usr/sbin/iptables -A INPUT -i tap0 -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1 + /usr/sbin/ip rule add iif tap0 tab 100 + /usr/sbin/ip route add local default dev lo table 100 + /usr/sbin/ip rule add fwmark 0x65 lookup 101 + /usr/sbin/ip route add default dev tap0 via 172.16.241.1 table 101 + /usr/sbin/ip addr add fd00::02/64 dev tap0 + /usr/sbin/ip -6 route add default via fd00::01 + /usr/sbin/ip -6 rule add iif tap0 tab 102 + /usr/sbin/ip -6 route add local default dev lo table 102 + /usr/sbin/ip -6 neigh add fd00::01 lladdr 00:0e:c6:d6:72:c1 dev tap0 nud permanent + mount -o remount,rw /sys + securityContext: + privileged: true + env: + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: config-volume + mountPath: /target_config + {{ template "traffic-engine.mount.localtime" . }} + + volumes: + - name: certstore + configMap: + name: certstore-{{ .Release.Name }} + - name: tfe + configMap: + name: tfe-{{ .Release.Name }} + - name: config-volume + emptyDir: {} + - name: proxy-minidump + hostPath: + path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-proxy:{{ .Chart.AppVersion }}/ + - name: certstore-minidump + hostPath: + path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-certstore:{{ .Chart.AppVersion }}/ + - name: proxy-log + hostPath: + path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/tfe/ + - name: certstore-log + hostPath: + path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/certstore/ + - name: hotfix-certstore + hostPath: + path: /etc/traffic-engine/hotfix/certstore + - name: prestart-dir + hostPath: + path: /etc/tsg-os/{{ .Release.Name }}/ + type: DirectoryOrCreate + {{ template "traffic-engine.volume.mrzcpd" . }} + {{ template "traffic-engine.volume.localtime" . }} + {{ template "traffic-engine.proxy.volume.prestart" . }} + {{ template "traffic-engine.volume.hostpath" . }} + +{{- end }} \ No newline at end of file diff --git a/ansible/roles/traffic-engine/files/helm/templates/deployment-service-chaining.yaml b/ansible/roles/traffic-engine/files/helm/templates/deployment-service-chaining.yaml new file mode 100644 index 00000000..fb3cfc56 --- /dev/null +++ b/ansible/roles/traffic-engine/files/helm/templates/deployment-service-chaining.yaml @@ -0,0 +1,198 @@ +{{- if and (eq .Values.service_chaining.enable .Values.define_enable_val_yes) (.Values.sce_config.endpoint_nic) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-service-chaining + labels: + app: {{ .Release.Name }} + component: service-chaining + +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Release.Name }}-service-chaining + strategy: + type: Recreate + template: + metadata: + labels: + app: {{ .Release.Name }}-service-chaining + vsysId: "{{ .Values.vsys_id }}" + serviceFunction: {{ .Release.Name }} + annotations: + prometheus.io/port: "9004" + prometheus.io/scrape: "true" + + spec: + tolerations: + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + containers: + - name: telegraf-sce + image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}" + imagePullPolicy: Never + command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_sce.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"] + securityContext: + privileged: true + volumeMounts: + - name: telegraf + mountPath: "/etc/telegraf/telegraf_sce.conf" + subPath: "telegraf_sce.conf" + - name: config-volume + mountPath: "/opt/tsg/etc/tsg_sn.json" + subPath: "opt/tsg/etc/tsg_sn.json" + - name: config-volume + mountPath: "/etc/default/telegraf" + subPath: "etc/default/telegraf" + {{ template "traffic-engine.mount.localtime" . }} + + - name: sce + image: "docker.io/library/tsg-sce:{{ .Chart.AppVersion }}" + imagePullPolicy: Never + workingDir: /opt/tsg/sce + command: + - "bash" + - "-ec" + - | + {{ template "traffic-engine.sce.copy-config-to-dest" . }} + {{ template "traffic-engine.service-chaining.prestart" . }} + {{ template "traffic-engine.service-chaining.start" . }} + ports: + - containerPort: 9006 + env: + - name: MRZCPD_CTRLMSG_LISTEN_ADDR + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OVERRIDE_SLED_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + securityContext: + privileged: true +{{- if eq .Values.debug.service_chaining.enable_liveness_probe .Values.define_enable_val_yes }} + livenessProbe: + tcpSocket: + port: 9006 + failureThreshold: 1 + timeoutSeconds: 10 + startupProbe: + tcpSocket: + port: 9006 + failureThreshold: 30 + periodSeconds: 10 +{{- end }} + volumeMounts: + - name: sce + mountPath: "/opt/tsg/config" + - name: config-volume + mountPath: "/opt/tsg/etc/tsg_sn.json" + subPath: "opt/tsg/etc/tsg_sn.json" + - name: sce-minidump + mountPath: /run/sce/crashreport + - name: sce-log + mountPath: /opt/tsg/sce/log + - name: bfdd-unix-socket + mountPath: /run/frr + {{ template "traffic-engine.mount.mrzcpd" . }} + {{ template "traffic-engine.mount.localtime" . }} + {{ template "traffic-engine.service-chaining.mount.prestart" . }} + {{ template "traffic-engine.service-chaining.mount.hostpath" . }} + + - name: bfdd + image: "docker.io/library/tsg-bfdd:{{ .Chart.AppVersion }}" + imagePullPolicy: Never + workingDir: /opt/tsg/bfdd + command: + - "bash" + - "-ec" + - | + {{ template "traffic-engine.bfdd.prestart" . }} + exec /opt/tsg/bfdd/bfdd -u root -g root + env: + - name: MRZCPD_CTRLMSG_LISTEN_ADDR + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OVERRIDE_SLED_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + securityContext: + privileged: true + volumeMounts: + - name: config-volume + mountPath: "/opt/tsg/etc/tsg_sn.json" + subPath: "opt/tsg/etc/tsg_sn.json" + - name: bfdd-minidump + mountPath: /run/bfdd/crashreport + - name: bfdd-log + mountPath: /opt/tsg/bfdd/log + - name: hotfix-bfdd + mountPath: /etc/traffic-engine/hotfix/bfdd + - name: bfdd-unix-socket + mountPath: /run/frr + {{ template "traffic-engine.mount.localtime" . }} + + initContainers: + - name: service-chaining-init + image: "docker.io/library/tsg-init:{{ .Chart.AppVersion }}" + imagePullPolicy: Never + command: + - "bash" + - "-ec" + - | + {{ template "traffic-engine.init" . }} + {{ template "traffic-engine.init.sce" . }} + securityContext: + privileged: true + env: + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: config-volume + mountPath: /target_config + {{ template "traffic-engine.mount.localtime" . }} + + volumes: + - name: telegraf + configMap: + name: telegraf-{{ .Release.Name }} + - name: sce + configMap: + name: sce-{{ .Release.Name }} + - name: config-volume + emptyDir: {} + - name: sce-minidump + hostPath: + path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-sce:{{ .Chart.AppVersion }}/ + - name: bfdd-minidump + hostPath: + path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-bfdd:{{ .Chart.AppVersion }}/ + - name: sce-log + hostPath: + path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/sce/ + - name: bfdd-log + hostPath: + path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/bfdd/ + - name: hotfix-bfdd + hostPath: + path: /etc/traffic-engine/hotfix/bfdd + - name: bfdd-unix-socket + emptyDir: {} + - name: prestart-dir + hostPath: + path: /etc/tsg-os/{{ .Release.Name }}/ + type: DirectoryOrCreate + {{ template "traffic-engine.volume.mrzcpd" . }} + {{ template "traffic-engine.volume.localtime" . }} + {{ template "traffic-engine.service-chaining.volume.prestart" . }} + {{ template "traffic-engine.volume.hostpath" . }} +{{- end }} \ No newline at end of file diff --git a/ansible/roles/traffic-engine/files/helm/templates/deployment-shaping.yaml b/ansible/roles/traffic-engine/files/helm/templates/deployment-shaping.yaml new file mode 100644 index 00000000..b240eaed --- /dev/null +++ b/ansible/roles/traffic-engine/files/helm/templates/deployment-shaping.yaml @@ -0,0 +1,159 @@ +{{- if eq .Values.shaping.enable .Values.define_enable_val_yes }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-shaping + labels: + app: {{ .Release.Name }} + component: shaping + +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Release.Name }}-shaping + strategy: + type: Recreate + template: + metadata: + labels: + app: {{ .Release.Name }}-shaping + vsysId: "{{ .Values.vsys_id }}" + serviceFunction: {{ .Release.Name }} + annotations: + prometheus.io/port: "9004" + prometheus.io/scrape: "true" + + spec: + tolerations: + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + containers: + - name: shaping + image: "docker.io/library/tsg-shaping:{{ .Chart.AppVersion }}" + imagePullPolicy: Never + workingDir: /opt/tsg/shaping_engine + command: + - "bash" + - "-ec" + - | + {{ template "traffic-engine.shaping.copy-config-to-dest" . }} + {{ template "traffic-engine.shaping.get-service-node-port" . }} + {{ template "traffic-engine.shaping.set-shaping-config" . }} + {{ template "traffic-engine.shaping.prestart" . }} + {{ template "traffic-engine.shaping.start" . }} + ports: + - containerPort: 8551 + - containerPort: 8552 + - containerPort: 9007 + env: + - name: SERVICENAME + value: shaping-announce-port-{{ .Release.Name }} + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: MRZCPD_CTRLMSG_LISTEN_ADDR + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OVERRIDE_SLED_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP +{{- if eq .Values.debug.shaping.enable_liveness_probe .Values.define_enable_val_yes }} + livenessProbe: + tcpSocket: + port: 9007 + failureThreshold: 1 + timeoutSeconds: 10 + startupProbe: + tcpSocket: + port: 9007 + failureThreshold: 30 + periodSeconds: 10 +{{- end }} + securityContext: + privileged: true + volumeMounts: + - name: shaping + mountPath: "/opt/tsg/config" + - name: config-volume + mountPath: "/opt/tsg/etc/tsg_sn.json" + subPath: "opt/tsg/etc/tsg_sn.json" + - name: shaping-minidump + mountPath: /run/shaping/crashreport + - name: shaping-log + mountPath: /opt/tsg/shaping/log + {{ template "traffic-engine.mount.mrzcpd" . }} + {{ template "traffic-engine.mount.localtime" . }} + {{ template "traffic-engine.shaping.mount.prestart" . }} + {{ template "traffic-engine.shaping.mount.hostpath" . }} + + - name: telegraf-shaping + image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}" + imagePullPolicy: Never + command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_shaping.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"] + securityContext: + privileged: true + volumeMounts: + - name: telegraf + mountPath: "/etc/telegraf/telegraf_shaping.conf" + subPath: "telegraf_shaping.conf" + - name: config-volume + mountPath: "/opt/tsg/etc/tsg_sn.json" + subPath: "opt/tsg/etc/tsg_sn.json" + - name: config-volume + mountPath: "/etc/default/telegraf" + subPath: "etc/default/telegraf" + {{ template "traffic-engine.mount.localtime" . }} + + initContainers: + - name: shaping-init + image: "docker.io/library/tsg-init:{{ .Chart.AppVersion }}" + imagePullPolicy: Never + command: + - "bash" + - "-ec" + - | + {{ template "traffic-engine.init" . }} + securityContext: + privileged: true + env: + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - name: config-volume + mountPath: /target_config + {{ template "traffic-engine.mount.localtime" . }} + + volumes: + - name: telegraf + configMap: + name: telegraf-{{ .Release.Name }} + - name: shaping + configMap: + name: shaping-{{ .Release.Name }} + - name: config-volume + emptyDir: {} + - name: shaping-minidump + hostPath: + path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-shaping:{{ .Chart.AppVersion }}/ + - name: shaping-log + hostPath: + path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/shaping/ + - name: prestart-dir + hostPath: + path: /etc/tsg-os/{{ .Release.Name }}/ + type: DirectoryOrCreate + {{ template "traffic-engine.volume.mrzcpd" . }} + {{ template "traffic-engine.volume.localtime" . }} + {{ template "traffic-engine.shaping.volume.prestart" . }} + {{ template "traffic-engine.volume.hostpath" . }} +{{- end }} \ No newline at end of file diff --git a/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml b/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml deleted file mode 100644 index 97a19869..00000000 --- a/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml +++ /dev/null @@ -1,551 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: traffic-engine-{{ .Release.Name }} - labels: - app: traffic-engine-{{ .Release.Name }} - -spec: - replicas: 1 - selector: - matchLabels: - app: traffic-engine-{{ .Release.Name }} - strategy: - type: Recreate - template: - metadata: - labels: - app: traffic-engine-{{ .Release.Name }} - vsysId: "{{ .Values.vsys_id }}" - serviceFunction: {{ .Values.nic_raw_name }} - annotations: - configHash: "{{ .Values.configHash }}" - prometheus.io/port: "9004" - prometheus.io/scrape: "true" - - spec: - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: NoSchedule - - key: node-role.kubernetes.io/master - operator: Exists - effect: NoSchedule - containers: - - name: firewall - image: "docker.io/library/tsg-firewall:{{ .Chart.AppVersion }}" - imagePullPolicy: Never - workingDir: /opt/tsg/sapp - command: - - "bash" - - "-ec" - - | - {{ template "traffic-engine.firewall.copy-config-to-dest" . }} - {{ template "traffic-engine.firewall.prestart" . }} - {{ template "traffic-engine.firewall.start" . }} - ports: - - containerPort: 9273 - env: - - name: MRZCPD_CTRLMSG_LISTEN_ADDR - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: OVERRIDE_SLED_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: NODE_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - securityContext: - privileged: true - {{ template "traffic-engine.firewall.liveness-probe" . }} - volumeMounts: - - name: opt-tsg-mrzcpd - mountPath: /opt/tsg/mrzcpd - readOnly: false - - name: var-run-mrzcpd - mountPath: /var/run/mrzcpd - readOnly: false - - name: var-run-dpdk - mountPath: /var/run/dpdk - readOnly: false - - name: root-sys - mountPath: /root/sys - readOnly: false - - name: sapp - mountPath: "/opt/tsg/config" - - name: config-volume - mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" - - name: firewall-minidump - mountPath: /run/sapp/crashreport - - name: firewall-log - mountPath: /opt/tsg/sapp/log - - name: localtime-node - mountPath: /etc/localtime - readOnly: true - {{ template "traffic-engine.firewall.mount.prestart" . }} - {{ template "traffic-engine.firewall.mount.hostpath" . }} - -{{- if and (eq .Values.proxy.enable .Values.define_enable_val_yes) (ge (len .Values.tfe_affinity) 1) }} - - name: proxy - image: "docker.io/library/tsg-proxy:{{ .Chart.AppVersion }}" - imagePullPolicy: Never - workingDir: /opt/tsg/tfe - command: - - "bash" - - "-ec" - - | - {{ template "traffic-engine.proxy.copy-config-to-dest" . }} - {{ template "traffic-engine.proxy.prestart" . }} - {{ template "traffic-engine.proxy.start" . }} - ports: - - containerPort: 9001 - env: - - name: MRZCPD_CTRLMSG_LISTEN_ADDR - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: OVERRIDE_SLED_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - securityContext: - privileged: true - {{ template "traffic-engine.proxy.liveness-probe" . }} - volumeMounts: - - name: tfe - mountPath: "/opt/tsg/config" - - name: config-volume - mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" - - name: proxy-minidump - mountPath: /run/tfe/crashreport - - name: proxy-log - mountPath: /opt/tsg/tfe/log - - name: localtime-node - mountPath: /etc/localtime - readOnly: true - {{ template "traffic-engine.proxy.mount.prestart" . }} - {{ template "traffic-engine.proxy.mount.hostpath" . }} -{{- end }} - - - name: certstore - image: "docker.io/library/tsg-certstore:{{ .Chart.AppVersion }}" - imagePullPolicy: Never - workingDir: /opt/tsg/certstore - command: - - "bash" - - "-ec" - - | - {{ template "traffic-engine.certstore.copy-config-to-dest" . }} - {{ template "traffic-engine.certstore.prestart" . }} - exec /opt/tsg/certstore/bin/certstore - securityContext: - privileged: true - ports: - - containerPort: 9002 - volumeMounts: - - name: certstore - mountPath: "/opt/tsg/config" - - name: config-volume - mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" - - name: certstore-minidump - mountPath: /run/certstore/crashreport - - name: certstore-log - mountPath: /opt/tsg/certstore/logs - - name: localtime-node - mountPath: /etc/localtime - readOnly: true - - name: hotfix-certstore - mountPath: /etc/traffic-engine/hotfix/certstore - - - name: cert-redis - image: "docker.io/library/tsg-certstore:{{ .Chart.AppVersion }}" - imagePullPolicy: Never - command: ["/usr/bin/redis-server", "/etc/cert-redis.conf"] - securityContext: - privileged: true - volumeMounts: - - name: localtime-node - mountPath: /etc/localtime - readOnly: true - - - name: telegraf - image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}" - imagePullPolicy: Never - command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_statistic.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"] - securityContext: - privileged: true - volumeMounts: - - name: telegraf - mountPath: "/etc/telegraf/telegraf_statistic.conf" - subPath: "telegraf_statistic.conf" - - name: config-volume - mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" - - name: config-volume - mountPath: "/etc/default/telegraf" - subPath: "etc/default/telegraf" - - name: localtime-node - mountPath: /etc/localtime - readOnly: true - -{{- if eq .Values.shaping.enable .Values.define_enable_val_yes }} - - name: shaping - image: "docker.io/library/tsg-shaping:{{ .Chart.AppVersion }}" - imagePullPolicy: Never - workingDir: /opt/tsg/shaping_engine - command: - - "bash" - - "-ec" - - | - {{ template "traffic-engine.shaping.copy-config-to-dest" . }} - {{ template "traffic-engine.shaping.get-service-node-port" . }} - {{ template "traffic-engine.shaping.set-shaping-config" . }} - {{ template "traffic-engine.shaping.prestart" . }} - {{ template "traffic-engine.shaping.start" . }} - ports: - - containerPort: 8551 - - containerPort: 8552 - - containerPort: 9007 - env: - - name: SERVICENAME - value: shaping-announce-port-{{ .Release.Name }} - - name: NODE_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: MRZCPD_CTRLMSG_LISTEN_ADDR - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: OVERRIDE_SLED_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{ template "traffic-engine.shaping.liveness-probe" . }} - securityContext: - privileged: true - volumeMounts: - - name: opt-tsg-mrzcpd - mountPath: /opt/tsg/mrzcpd - readOnly: false - - name: var-run-mrzcpd - mountPath: /var/run/mrzcpd - readOnly: false - - name: var-run-dpdk - mountPath: /var/run/dpdk - readOnly: false - - name: root-sys - mountPath: /root/sys - readOnly: false - - name: shaping - mountPath: "/opt/tsg/config" - - name: config-volume - mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" - - name: shaping-minidump - mountPath: /run/shaping/crashreport - - name: shaping-log - mountPath: /opt/tsg/shaping/log - - name: localtime-node - mountPath: /etc/localtime - readOnly: true - {{ template "traffic-engine.shaping.mount.prestart" . }} - {{ template "traffic-engine.shaping.mount.hostpath" . }} - - - name: telegraf-shaping - image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}" - imagePullPolicy: Never - command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_shaping.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"] - securityContext: - privileged: true - volumeMounts: - - name: telegraf - mountPath: "/etc/telegraf/telegraf_shaping.conf" - subPath: "telegraf_shaping.conf" - - name: config-volume - mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" - - name: config-volume - mountPath: "/etc/default/telegraf" - subPath: "etc/default/telegraf" - - name: localtime-node - mountPath: /etc/localtime - readOnly: true -{{- end }} - - - name: merge-exporter - image: "quay.io/rebuy/exporter-merger:v0.2.0" - imagePullPolicy: Never - ports: - - containerPort: 9004 - env: - # space-separated list of URLs - - name: MERGER_URLS - {{- include "traffic-engine.merge-exporter.merge-urls" . | nindent 10 }} - - name: MERGER_PORT - value: "9004" - - - name: minidump-hook - image: "docker.io/library/tsg-init:{{ .Chart.AppVersion }}" - imagePullPolicy: Never - command: ["/bin/sh", "-c", "while true; do touch /run/sapp/crashreport/.minidump; touch /run/tfe/crashreport/.minidump; touch /run/certstore/crashreport/.minidump; sleep 600; done"] - volumeMounts: - - name: firewall-minidump - mountPath: /run/sapp/crashreport - - name: proxy-minidump - mountPath: /run/tfe/crashreport - - name: certstore-minidump - mountPath: /run/certstore/crashreport - -{{- if and (eq .Values.service_chaining.enable .Values.define_enable_val_yes) (.Values.sce_config.endpoint_nic) }} - - name: telegraf-sce - image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}" - imagePullPolicy: Never - command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_sce.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"] - securityContext: - privileged: true - volumeMounts: - - name: telegraf - mountPath: "/etc/telegraf/telegraf_sce.conf" - subPath: "telegraf_sce.conf" - - name: config-volume - mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" - - name: config-volume - mountPath: "/etc/default/telegraf" - subPath: "etc/default/telegraf" - - name: localtime-node - mountPath: /etc/localtime - readOnly: true - - - name: sce - image: "docker.io/library/tsg-sce:{{ .Chart.AppVersion }}" - imagePullPolicy: Never - workingDir: /opt/tsg/sce - command: - - "bash" - - "-ec" - - | - {{ template "traffic-engine.sce.copy-config-to-dest" . }} - {{ template "traffic-engine.service-chaining.prestart" . }} - {{ template "traffic-engine.service-chaining.start" . }} - ports: - - containerPort: 9006 - env: - - name: MRZCPD_CTRLMSG_LISTEN_ADDR - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: OVERRIDE_SLED_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - securityContext: - privileged: true - {{ template "traffic-engine.service-chaining.liveness-probe" . }} - volumeMounts: - - name: opt-tsg-mrzcpd - mountPath: /opt/tsg/mrzcpd - readOnly: false - - name: var-run-mrzcpd - mountPath: /var/run/mrzcpd - readOnly: false - - name: var-run-dpdk - mountPath: /var/run/dpdk - readOnly: false - - name: root-sys - mountPath: /root/sys - readOnly: false - - name: sce - mountPath: "/opt/tsg/config" - - name: config-volume - mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" - - name: sce-minidump - mountPath: /run/sce/crashreport - - name: sce-log - mountPath: /opt/tsg/sce/log - - name: localtime-node - mountPath: /etc/localtime - readOnly: true - - name: bfdd-unix-socket - mountPath: /run/frr - {{ template "traffic-engine.service-chaining.mount.prestart" . }} - {{ template "traffic-engine.service-chaining.mount.hostpath" . }} - - - name: bfdd - image: "docker.io/library/tsg-bfdd:{{ .Chart.AppVersion }}" - imagePullPolicy: Never - workingDir: /opt/tsg/bfdd - command: - - "bash" - - "-ec" - - | - {{ template "traffic-engine.bfdd.prestart" . }} - exec /opt/tsg/bfdd/bfdd -u root -g root - env: - - name: MRZCPD_CTRLMSG_LISTEN_ADDR - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: OVERRIDE_SLED_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - securityContext: - privileged: true - volumeMounts: - - name: config-volume - mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" - - name: bfdd-minidump - mountPath: /run/bfdd/crashreport - - name: bfdd-log - mountPath: /opt/tsg/bfdd/log - - name: localtime-node - mountPath: /etc/localtime - readOnly: true - - name: hotfix-bfdd - mountPath: /etc/traffic-engine/hotfix/bfdd - - name: bfdd-unix-socket - mountPath: /run/frr -{{- end }} - - - name: telegraf-security - image: "docker.io/library/tsg-telegraf:{{ .Chart.AppVersion }}" - imagePullPolicy: Never - command: ["/usr/bin/telegraf", "-config", "/etc/telegraf/telegraf_security.conf", "-config-directory", "/etc/telegraf/telegraf_statistic.d"] - securityContext: - privileged: true - volumeMounts: - - name: telegraf - mountPath: "/etc/telegraf/telegraf_security.conf" - subPath: "telegraf_security.conf" - - name: config-volume - mountPath: "/opt/tsg/etc/tsg_sn.json" - subPath: "opt/tsg/etc/tsg_sn.json" - - name: config-volume - mountPath: "/etc/default/telegraf" - subPath: "etc/default/telegraf" - - name: localtime-node - mountPath: /etc/localtime - readOnly: true - - initContainers: - - name: tsg-init - image: "docker.io/library/tsg-init:{{ .Chart.AppVersion }}" - imagePullPolicy: Never - command: - - "bash" - - "-ec" - - | - {{ template "traffic-engine.init" . }} - securityContext: - privileged: true - env: - - name: NODE_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - volumeMounts: - - name: config-volume - mountPath: /target_config - - name: localtime-node - mountPath: /etc/localtime - readOnly: true - - volumes: - - name: opt-tsg-mrzcpd - hostPath: - path: /opt/tsg/mrzcpd - - name: var-run-mrzcpd - hostPath: - path: /var/run/mrzcpd - - name: var-run-dpdk - hostPath: - path: /var/run/dpdk - - name: root-sys - hostPath: - path: /root/sys - - name: telegraf - configMap: - name: telegraf-{{ .Release.Name }} - - name: certstore - configMap: - name: certstore-{{ .Release.Name }} - - name: tfe - configMap: - name: tfe-{{ .Release.Name }} - - name: sapp - configMap: - name: sapp-{{ .Release.Name }} - - name: sce - configMap: - name: sce-{{ .Release.Name }} - - name: shaping - configMap: - name: shaping-{{ .Release.Name }} - - name: config-volume - emptyDir: {} - - name: firewall-minidump - hostPath: - path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-firewall:{{ .Chart.AppVersion }}/ - - name: proxy-minidump - hostPath: - path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-proxy:{{ .Chart.AppVersion }}/ - - name: sce-minidump - hostPath: - path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-sce:{{ .Chart.AppVersion }}/ - - name: bfdd-minidump - hostPath: - path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-bfdd:{{ .Chart.AppVersion }}/ - - name: certstore-minidump - hostPath: - path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-certstore:{{ .Chart.AppVersion }}/ - - name: shaping-minidump - hostPath: - path: /var/crashreport/traffic-engine/traffic-engine-{{ .Release.Name }}/tsg-shaping:{{ .Chart.AppVersion }}/ - - name: firewall-log - hostPath: - path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/sapp/ - - name: proxy-log - hostPath: - path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/tfe/ - - name: sce-log - hostPath: - path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/sce/ - - name: bfdd-log - hostPath: - path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/bfdd/ - - name: certstore-log - hostPath: - path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/certstore/ - - name: shaping-log - hostPath: - path: /var/log/traffic-engine/traffic-engine-{{ .Release.Name }}/shaping/ - - name: localtime-node - hostPath: - path: /etc/localtime - - name: hotfix-certstore - hostPath: - path: /etc/traffic-engine/hotfix/certstore - - name: hotfix-bfdd - hostPath: - path: /etc/traffic-engine/hotfix/bfdd - - name: bfdd-unix-socket - emptyDir: {} - - name: prestart-dir - hostPath: - path: /etc/tsg-os/{{ .Release.Name }}/ - type: DirectoryOrCreate - {{ template "traffic-engine.firewall.volume.prestart" . }} - {{ template "traffic-engine.proxy.volume.prestart" . }} - {{ template "traffic-engine.service-chaining.volume.prestart" . }} - {{ template "traffic-engine.shaping.volume.prestart" . }} - {{ template "traffic-engine.volume.hostpath" . }}