From 54a95adf4dd4b5a7c551abc4cc8b7822977c6e2d Mon Sep 17 00:00:00 2001 From: Blues Yu Date: Thu, 30 Dec 2021 20:37:26 +0800 Subject: [PATCH 1/8] =?UTF-8?q?refactor:=20=E9=87=8D=E6=9E=84=20bk-user=20?= =?UTF-8?q?Helm=20Chart?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 4 +- deploy/helm/api/Chart.yaml | 6 - deploy/helm/api/values.yaml | 241 ------------------ deploy/helm/bk-user-stack/Chart.lock | 18 -- deploy/helm/bk-user-stack/README.md | 204 --------------- deploy/helm/bk-user-stack/templates/NOTES.txt | 15 -- .../templates/mariadb-env-configmap.yaml | 49 ---- .../templates/mariadb-init-configmap.yaml | 20 -- .../templates/redis-env-configmap.yaml | 15 -- deploy/helm/bk-user-stack/values.yaml | 106 -------- deploy/helm/{api => bk-user}/.helmignore | 0 deploy/helm/bk-user/Chart.lock | 9 + .../{bk-user-stack => bk-user}/Chart.yaml | 18 +- deploy/helm/bk-user/README.md | 0 .../charts/api}/.helmignore | 0 deploy/helm/bk-user/charts/api/Chart.yaml | 6 + .../bk-user/charts/api/templates/NOTES.txt | 22 ++ .../bk-user/charts/api/templates/_helpers.tpl | 62 +++++ .../charts/api/templates/beat-deployment.yaml | 68 +++++ .../charts/api/templates/bklogconfig.yaml | 15 ++ .../templates/external-storage-configmap.yaml | 20 ++ .../api/templates/general-envs-configmap.yaml | 32 +++ .../bk-user/charts/api/templates/hpa.yaml | 28 ++ .../bk-user/charts/api/templates/ingress.yaml | 61 +++++ .../charts/api/templates/migrate-job.yaml | 48 ++++ .../bk-user/charts/api/templates/service.yaml | 15 ++ .../charts/api/templates/serviceaccount.yaml | 39 +++ .../charts/api/templates/servicemonitor.yaml | 31 +++ .../charts/api/templates/web-deployment.yaml | 80 ++++++ .../api/templates/worker-deployment.yaml | 68 +++++ deploy/helm/bk-user/charts/api/values.yaml | 232 +++++++++++++++++ .../{ => bk-user/charts}/login/.helmignore | 0 deploy/helm/bk-user/charts/login/Chart.yaml | 6 + .../bk-user/charts/login/templates/NOTES.txt | 22 ++ .../charts/login/templates/_helpers.tpl | 62 +++++ .../charts/login/templates/bklogconfig.yaml | 15 ++ .../charts/login/templates/deployment.yaml | 75 ++++++ .../templates/external-storage-configmap.yaml | 14 + .../templates/general-envs-configmap.yaml | 16 ++ .../bk-user/charts/login/templates/hpa.yaml | 28 ++ .../charts/login/templates/ingress.yaml | 61 +++++ .../charts/login/templates/migrate-job.yaml | 48 ++++ .../charts/login/templates/service.yaml | 15 ++ .../login/templates/serviceaccount.yaml | 39 +++ .../login/templates/servicemonitor.yaml | 31 +++ deploy/helm/bk-user/charts/login/values.yaml | 226 ++++++++++++++++ .../{ => bk-user/charts}/saas/.helmignore | 0 deploy/helm/bk-user/charts/saas/Chart.yaml | 6 + .../bk-user/charts/saas/templates/NOTES.txt | 22 ++ .../charts/saas/templates/_helpers.tpl | 62 +++++ .../charts/saas/templates/bklogconfig.yaml | 15 ++ .../charts/saas/templates/deployment.yaml | 76 ++++++ .../templates/external-storage-configmap.yaml | 14 + .../templates/general-envs-configmap.yaml | 30 +++ .../bk-user/charts/saas/templates/hpa.yaml | 28 ++ .../charts/saas/templates/ingress.yaml | 61 +++++ .../charts/saas/templates/migrate-job.yaml | 48 ++++ .../charts/saas/templates/service.yaml | 15 ++ .../charts/saas/templates/serviceaccount.yaml | 39 +++ .../charts/saas/templates/servicemonitor.yaml | 31 +++ deploy/helm/bk-user/charts/saas/values.yaml | 222 ++++++++++++++++ deploy/helm/bk-user/templates/NOTES.txt | 14 + deploy/helm/bk-user/templates/_helpers.tpl | 62 +++++ .../templates/mariadb-env-configmap.yaml | 62 +++++ .../templates/mariadb-init-configmap.yaml | 21 ++ .../templates/redis-env-configmap.yaml | 16 ++ deploy/helm/bk-user/values.yaml | 86 +++++++ deploy/helm/chartty/c_base.tpl | 83 ------ deploy/helm/chartty/c_bklogconfig.yaml | 16 -- deploy/helm/chartty/c_capabilities.tpl | 114 --------- deploy/helm/chartty/c_configmap.yaml | 23 -- deploy/helm/chartty/c_cronjob.yaml | 65 ----- deploy/helm/chartty/c_deployment.yaml | 97 ------- deploy/helm/chartty/c_env.tpl | 30 --- deploy/helm/chartty/c_image.tpl | 6 - deploy/helm/chartty/c_ingress.yaml | 40 --- deploy/helm/chartty/c_labels.tpl | 24 -- deploy/helm/chartty/c_pre-run-hooks.yaml | 48 ---- deploy/helm/chartty/c_secret.yaml | 14 - deploy/helm/chartty/c_service.yaml | 22 -- deploy/helm/chartty/c_serviceaccount.yaml | 14 - deploy/helm/chartty/c_servicemonitor.yaml | 38 --- deploy/helm/chartty/c_validate_env.yaml | 21 -- deploy/helm/login/Chart.yaml | 6 - deploy/helm/login/values.yaml | 208 --------------- deploy/helm/saas/Chart.yaml | 6 - deploy/helm/saas/values.yaml | 214 ---------------- 87 files changed, 2429 insertions(+), 1780 deletions(-) delete mode 100644 deploy/helm/api/Chart.yaml delete mode 100644 deploy/helm/api/values.yaml delete mode 100644 deploy/helm/bk-user-stack/Chart.lock delete mode 100644 deploy/helm/bk-user-stack/README.md delete mode 100644 deploy/helm/bk-user-stack/templates/NOTES.txt delete mode 100644 deploy/helm/bk-user-stack/templates/mariadb-env-configmap.yaml delete mode 100644 deploy/helm/bk-user-stack/templates/mariadb-init-configmap.yaml delete mode 100644 deploy/helm/bk-user-stack/templates/redis-env-configmap.yaml delete mode 100644 deploy/helm/bk-user-stack/values.yaml rename deploy/helm/{api => bk-user}/.helmignore (100%) create mode 100644 deploy/helm/bk-user/Chart.lock rename deploy/helm/{bk-user-stack => bk-user}/Chart.yaml (50%) create mode 100644 deploy/helm/bk-user/README.md rename deploy/helm/{bk-user-stack => bk-user/charts/api}/.helmignore (100%) create mode 100644 deploy/helm/bk-user/charts/api/Chart.yaml create mode 100644 deploy/helm/bk-user/charts/api/templates/NOTES.txt create mode 100644 deploy/helm/bk-user/charts/api/templates/_helpers.tpl create mode 100644 deploy/helm/bk-user/charts/api/templates/beat-deployment.yaml create mode 100644 deploy/helm/bk-user/charts/api/templates/bklogconfig.yaml create mode 100644 deploy/helm/bk-user/charts/api/templates/external-storage-configmap.yaml create mode 100644 deploy/helm/bk-user/charts/api/templates/general-envs-configmap.yaml create mode 100644 deploy/helm/bk-user/charts/api/templates/hpa.yaml create mode 100644 deploy/helm/bk-user/charts/api/templates/ingress.yaml create mode 100644 deploy/helm/bk-user/charts/api/templates/migrate-job.yaml create mode 100644 deploy/helm/bk-user/charts/api/templates/service.yaml create mode 100644 deploy/helm/bk-user/charts/api/templates/serviceaccount.yaml create mode 100644 deploy/helm/bk-user/charts/api/templates/servicemonitor.yaml create mode 100644 deploy/helm/bk-user/charts/api/templates/web-deployment.yaml create mode 100644 deploy/helm/bk-user/charts/api/templates/worker-deployment.yaml create mode 100644 deploy/helm/bk-user/charts/api/values.yaml rename deploy/helm/{ => bk-user/charts}/login/.helmignore (100%) create mode 100644 deploy/helm/bk-user/charts/login/Chart.yaml create mode 100644 deploy/helm/bk-user/charts/login/templates/NOTES.txt create mode 100644 deploy/helm/bk-user/charts/login/templates/_helpers.tpl create mode 100644 deploy/helm/bk-user/charts/login/templates/bklogconfig.yaml create mode 100644 deploy/helm/bk-user/charts/login/templates/deployment.yaml create mode 100644 deploy/helm/bk-user/charts/login/templates/external-storage-configmap.yaml create mode 100644 deploy/helm/bk-user/charts/login/templates/general-envs-configmap.yaml create mode 100644 deploy/helm/bk-user/charts/login/templates/hpa.yaml create mode 100644 deploy/helm/bk-user/charts/login/templates/ingress.yaml create mode 100644 deploy/helm/bk-user/charts/login/templates/migrate-job.yaml create mode 100644 deploy/helm/bk-user/charts/login/templates/service.yaml create mode 100644 deploy/helm/bk-user/charts/login/templates/serviceaccount.yaml create mode 100644 deploy/helm/bk-user/charts/login/templates/servicemonitor.yaml create mode 100644 deploy/helm/bk-user/charts/login/values.yaml rename deploy/helm/{ => bk-user/charts}/saas/.helmignore (100%) create mode 100644 deploy/helm/bk-user/charts/saas/Chart.yaml create mode 100644 deploy/helm/bk-user/charts/saas/templates/NOTES.txt create mode 100644 deploy/helm/bk-user/charts/saas/templates/_helpers.tpl create mode 100644 deploy/helm/bk-user/charts/saas/templates/bklogconfig.yaml create mode 100644 deploy/helm/bk-user/charts/saas/templates/deployment.yaml create mode 100644 deploy/helm/bk-user/charts/saas/templates/external-storage-configmap.yaml create mode 100644 deploy/helm/bk-user/charts/saas/templates/general-envs-configmap.yaml create mode 100644 deploy/helm/bk-user/charts/saas/templates/hpa.yaml create mode 100644 deploy/helm/bk-user/charts/saas/templates/ingress.yaml create mode 100644 deploy/helm/bk-user/charts/saas/templates/migrate-job.yaml create mode 100644 deploy/helm/bk-user/charts/saas/templates/service.yaml create mode 100644 deploy/helm/bk-user/charts/saas/templates/serviceaccount.yaml create mode 100644 deploy/helm/bk-user/charts/saas/templates/servicemonitor.yaml create mode 100644 deploy/helm/bk-user/charts/saas/values.yaml create mode 100644 deploy/helm/bk-user/templates/NOTES.txt create mode 100644 deploy/helm/bk-user/templates/_helpers.tpl create mode 100644 deploy/helm/bk-user/templates/mariadb-env-configmap.yaml create mode 100644 deploy/helm/bk-user/templates/mariadb-init-configmap.yaml create mode 100644 deploy/helm/bk-user/templates/redis-env-configmap.yaml create mode 100644 deploy/helm/bk-user/values.yaml delete mode 100644 deploy/helm/chartty/c_base.tpl delete mode 100644 deploy/helm/chartty/c_bklogconfig.yaml delete mode 100644 deploy/helm/chartty/c_capabilities.tpl delete mode 100644 deploy/helm/chartty/c_configmap.yaml delete mode 100644 deploy/helm/chartty/c_cronjob.yaml delete mode 100644 deploy/helm/chartty/c_deployment.yaml delete mode 100644 deploy/helm/chartty/c_env.tpl delete mode 100644 deploy/helm/chartty/c_image.tpl delete mode 100644 deploy/helm/chartty/c_ingress.yaml delete mode 100644 deploy/helm/chartty/c_labels.tpl delete mode 100644 deploy/helm/chartty/c_pre-run-hooks.yaml delete mode 100644 deploy/helm/chartty/c_secret.yaml delete mode 100644 deploy/helm/chartty/c_service.yaml delete mode 100644 deploy/helm/chartty/c_serviceaccount.yaml delete mode 100644 deploy/helm/chartty/c_servicemonitor.yaml delete mode 100644 deploy/helm/chartty/c_validate_env.yaml delete mode 100644 deploy/helm/login/Chart.yaml delete mode 100644 deploy/helm/login/values.yaml delete mode 100644 deploy/helm/saas/Chart.yaml delete mode 100644 deploy/helm/saas/values.yaml diff --git a/.gitignore b/.gitignore index a33992508..efc0ac5f9 100644 --- a/.gitignore +++ b/.gitignore @@ -221,7 +221,9 @@ src/pages/dist/ /poetry.lock # helm -deploy/helm/*/charts/ +deploy/helm/bk-user/charts/api/charts/ +deploy/helm/bk-user/charts/saas/charts/ +deploy/helm/bk-user/charts/login/charts/ deploy/helm/local_values.yaml deploy/helm/dist/ diff --git a/deploy/helm/api/Chart.yaml b/deploy/helm/api/Chart.yaml deleted file mode 100644 index ab9e4a49b..000000000 --- a/deploy/helm/api/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -appVersion: v2.3.1 -description: A Helm chart for bk user api -name: bkuserapi -type: application -version: 1.0.0 diff --git a/deploy/helm/api/values.yaml b/deploy/helm/api/values.yaml deleted file mode 100644 index 83c2b4598..000000000 --- a/deploy/helm/api/values.yaml +++ /dev/null @@ -1,241 +0,0 @@ -# 全局变量,通常用于多个 Chart 之间共享 -global: - imagePullSecrets: [] - # imagePullSecrets, 预先创建的 imagePullSecrets, 将直接被添加到 chartty.imagePullSecretNames 中. - # - name: "secret-a" - # - name: "secret-b" - - # credential, 用于创建独享的 Secret 资源 - imageCredentials: - # 当且仅当 enabled 为 true 时,会生成 dockerconfigjson 类型的 Secret 资源, 并在 chartty.imagePullSecretNames 添加该名称. - enabled: false - password: "" - registry: "" - username: "" - name: "" - - # 全局镜像配置 - image: - registry: "ccr.ccs.tencentyun.com/bk.io" - pullPolicy: Always - - # 全局环境变量,当 `env` 指定时,`global.env` 内相同 key 值变量将被覆盖 - env: {} - - # 默认的全局根域 - sharedDomain: "" - -# 缺省实例数 -replicaCount: 1 - -image: - name: bk-user-api - tag: v2.3.0 - -# 用来覆盖 Chart 名 -nameOverride: "" -# 用来覆盖 fullName (通常是 release-chart 拼接) -fullnameOverride: "" - -# 是否自动创建 serviceAccount -serviceAccount: - create: true - annotations: {} - name: "" - -podAnnotations: {} - -podSecurityContext: {} - -# 支持定义 labels -podLabels: {} - -securityContext: {} - -service: - type: ClusterIP - port: 80 - -#--------------- -# 调度 -#--------------- -nodeSelector: {} - -tolerations: [] - -affinity: {} - -#--------------- -# 环境变量 -# 除 global.env 和 env 外 -# 其余变量定义均不去重,请手动确保无变量名冲突 -#--------------- - -# key-value 结构渲染 -env: - # ------------- - # 默认配置,不了解详情时请不要修改 - # ------------- - BK_APP_CODE: "bk_usermgr" - DJANGO_SETTINGS_MODULE: "bkuser_core.config.overlays.prod" - # ------------- - # 权限中心相关配置 - # ------------- - BK_IAM_SYSTEM_ID: "bk_usermgr" - # 权限中心后台访问地址 - BK_IAM_V3_INNER_HOST: "http://bkiam-web" - # 默认我们会按照 BK_PAAS_URL/o/bk_iam 拼接权限中心 SaaS 访问地址,可以通过以下值覆盖 - # BK_IAM_SAAS_HOST: "http://apps.bktencent-example.com/bkapp-bk-iam-saas-prod/" - -envFrom: [] - -# 提供原生的 env 写法 -extrasEnv: [] - -# 额外提供一种基于 sharedDomain 自动生成的 URL 类型环境变量 -sharedUrlEnvMap: - BK_USER_SAAS_URL: "http://bkuser.{{ .Values.global.sharedDomain }}" - # 使容器可以自我感知访问地址 - BK_USER_API_URL: "http://bkuser-api.{{ .Values.global.sharedDomain }}" - -# 标识必填的环境变量列表 -requiredEnvList: [] - -#--------------- -# 进程定义 -#-------------- -httpPort: 8000 -database: - preferName: bk-user-api - -# 定义应用内的多个进程 -processes: - web: - ingress: - enabled: false - host: "bkuser-api.{{ .Values.global.sharedDomain }}" - paths: ["/"] - replicas: 1 - resources: - limits: - cpu: 1024m - memory: 1024Mi - requests: - cpu: 200m - memory: 128Mi - readinessProbe: - tcpSocket: - port: 8000 - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - httpGet: - path: /ping - port: http - initialDelaySeconds: 5 - periodSeconds: 30 - celery: - replicas: 1 - resources: - limits: - cpu: 1024m - memory: 1024Mi - requests: - cpu: 200m - memory: 128Mi - command: - - bash - args: - - /app/start_celery.sh - beat: - replicas: 1 - resources: - limits: - cpu: 1024m - memory: 512Mi - requests: - cpu: 100m - memory: 128Mi - command: - - bash - args: - - /app/start_beat.sh - - -# 部署前钩子 -preRunHooks: - db-migrate: - weight: 1 - enabled: true - position: "pre-install,pre-upgrade" - command: - - bash - args: - - -c - - python manage.py migrate - bkiam-migrate: - weight: 2 - enabled: false - position: "pre-install,pre-upgrade" - command: - - bash - args: - - /app/migrate_iam.sh - -# 支持定义多个 cronJobs -cronJobs: - jobs: [] - -# 挂载配置 -volumes: [] -volumeMounts: [] - -# 支持定义 configmaps -configMaps: [] - -# 当 Chart 独立部署时,默认关闭内建存储 -mariadb: - enabled: false - -## ServiceMonitor configuration -## -serviceMonitor: - ## @param serviceMonitor.enabled Creates a ServiceMonitor to monitor kube-state-metrics - ## - enabled: false - ## @param serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. - ## - jobLabel: "" - ## @param serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## interval: 10s - ## - interval: "" - ## @param serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## scrapeTimeout: 10s - ## - scrapeTimeout: "" - ## @param serviceMonitor.selector ServiceMonitor selector labels - ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration - ## e.g: - ## selector: - ## prometheus: my-prometheus - ## - selector: {} - ## @param serviceMonitor.honorLabels Honor metrics labels - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## honorLabels: false - ## - honorLabels: false - ## @param serviceMonitor.relabelings ServiceMonitor relabelings - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - ## - relabelings: [] - ## @param serviceMonitor.metricRelabelings ServiceMonitor metricRelabelings - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] diff --git a/deploy/helm/bk-user-stack/Chart.lock b/deploy/helm/bk-user-stack/Chart.lock deleted file mode 100644 index af24e2d83..000000000 --- a/deploy/helm/bk-user-stack/Chart.lock +++ /dev/null @@ -1,18 +0,0 @@ -dependencies: -- name: bkuserapi - repository: file://../api - version: 1.0.0 -- name: bkusersaas - repository: file://../saas - version: 1.0.0 -- name: bklogin - repository: file://../login - version: 1.0.0 -- name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.4.0 -- name: redis - repository: https://charts.bitnami.com/bitnami - version: 14.8.7 -digest: sha256:99ff256f34c2ba1d182fe765219129482f7e90be72cb986cd514a6283f0151ab -generated: "2021-11-08T14:35:43.662782+08:00" diff --git a/deploy/helm/bk-user-stack/README.md b/deploy/helm/bk-user-stack/README.md deleted file mode 100644 index 91c7ab6da..000000000 --- a/deploy/helm/bk-user-stack/README.md +++ /dev/null @@ -1,204 +0,0 @@ -# Bk-User-Helm-Stack - -Bk-User-Helm-Stack 是一个旨在快速部署用户管理部署工具,它在 Helm Chart 的基础上开发,旨在为用户管理产品提供方便快捷的部署能力。 - -## 准备依赖服务 - -要部署蓝鲸用户管理,首先需要准备 1 个 Kubernetes 集群(版本 1.12 或更高),并安装 Helm 命令行工具(版本 3.0 或更高)。 - -我们使用 `Ingress` 对外提供服务访问,所以请在集群中至少安装一个可用的 [Ingress Controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) - -### 配置 Helm 仓库地址 -```bash -# 请将 `` 替换为 Chart 所在的 Helm 仓库地址 -helm repo add bk-paas3 `` -helm repo update -``` - -### 其他服务 -由于蓝鲸用户管理 SaaS 是需要校验用户身份的服务,所以在能够正常访问前,请确认以下服务已就绪: - -- [蓝鲸登录](https://github.com/Tencent/bk-PaaS/tree/master/paas-ce/paas/login) -- [蓝鲸权限中心](https://github.com/TencentBlueKing/bk-iam) - - -## 快速安装 - -### 准备 `values.yaml` - -#### 1. 获取蓝鲸平台访问地址 -首先,你需要获取到蓝鲸平台的访问地址,例如 `https://paas.example.com`,确保 `https://paas.example.com/login` 可以访问蓝鲸登录,然后将该值的内容填入全局环境变量中。 - -配置示例: -```yaml -global: - env: - # 蓝鲸平台域名 - BK_PAAS_URL: "https://paas.example.com" -``` - -#### 2. 确定用户管理访问地址 - -你需要为用户管理提供一个访问根域,类似 `example.com`,配置示例: -```yaml -global: - sharedDomain: "example.com" -``` - -默认地,我们会为 `Api` & `SaaS` 分别创建两个访问入口(Ingress): -- `bkuser.example.com` SaaS 页面访问入口 -- `bkuser-api.example.com` Api 访问入口 - -#### 3. 准备用户管理镜像 - -用户管理官方提供了两个镜像: -```text -ccr.ccs.tencentyun.com/bk.io/bk-user-api:${version} -ccr.ccs.tencentyun.com/bk.io/bk-user-saas:${version} -``` -我们会在每次发布用户管理新版时,会同步更新 Chart 中的镜像版本,所以如果你只是想使用最新版本的官方镜像,可以跳过此节,不用关注镜像的填写。 - -如果你想使用官方其他版本或者自己构建的镜像,也可以在 `values.yaml` 中修改,配置示例: -```yaml -global: - image: - # 修改镜像地址,我们会按照 {registry}/{repository} 方式拼接 - registry: any-mirrors-you-want.com/any-group -``` - -#### 4. 数据库依赖 - -我们为**功能快速验证**提供了内嵌的 `mariadb` 组件,但我们并不保证该数据库的高可用性,所以***不建议在生产环境中直接使用***。 - -如果你没有数据库方面的特殊要求,那么不需要关注以下 `mariadb` 的默认配置。 - -```yaml -mariadb: - enabled: true - architecture: standalone - auth: - rootPassword: "root" - username: "bk-user" - password: "root" - primary: - # 默认我们未开启持久化,如有需求可以参考: https://kubernetes.io/docs/user-guide/persistent-volumes/ - persistence: - enabled: false - initdbScriptsConfigMap: "bk-user-mariadb-init -``` - -如果你想要在生产环境中使用其他外部数据库,那么可以通过环境变量来指定,并禁用 `mariadb`,配置示例: - -```yaml -bkuserapi: - enabeld: true - env: - # 手动指定外部 DB ,仅支持 MySQL/MariaDB - DB_NAME: "your-db-name" - DB_USER: "your-db-user" - DB_PASSWORD: "your-db-password" - DB_HOST: "your-db-host" - DB_PORT: "your-db-port" - # 外部 Celery Broker,任意符合要求的 Broker 存储均可 - CELERY_BROKER_URL: "your-broker-url" - CELERY_RESULT_BACKEND: "your-broker-url" - # 手动取消内建存储挂载 - envFrom: [] - -bkusersaas: - enabled: true - env: - DB_NAME: "your-db-name" - DB_USER: "your-db-user" - DB_PASSWORD: "your-db-password" - DB_HOST: "your-db-host" - DB_PORT: "your-db-port" - # 手动取消内建存储挂载 - envFrom: [] - -mariadb: - enabled: false - -redis: - enabled: false -``` - -#### 5. 权限中心 -默认地,我们未开启权限中心,如果在权限中心已经就绪之后,想体验用户管理功能,那么你可以手动向权限中心注册模型: -```yaml -global: - env: - ENABLE_IAM: true - -bkuserapi: - env: - # 填充权限中心相关变量 - BK_IAM_V3_INNER_HOST: "https://iam.example.com" - # 打开权限中心模型注册,每次重新部署即会运行 - preRunHooks: - bkiam-migrate: - enabled: true -``` - -#### 6. 账号密码 -我们需要为 `admin` 账户添加用户名密码,虽然我们给定了默认值,但是为了安全,请手动修改: -```yaml -bkuserapi: - env: - # !!!请修改初始账号密码!!! - INITIAL_ADMIN_USERNAME: "your-user-name" - INITIAL_ADMIN_PASSWORD: "your-super-strong-password" -``` - -#### 7. 如何扩容 -我们支持对任意进程进行扩容,就像这样: -```yaml -bkuserapi: - processes: - web: - replicas: 3 - celery: - replicas: 2 - beat: - replicas: 1 (切记,beat 进程只能存在一个副本,否则后台任务会重复执行) - -bkusersaas: - processes: - web: - replicas: 2 -``` - -### 安装 - -如果你已经准备好了 `values.yaml`,就可以直接进行安装操作了 - -```bash -# 假定你想在 bk-user 命名空间安装 -kubectl create namespace bk-user -helm install bk-user bk-user-stack -n bk-user -f values.yaml -``` -安装过程中,命令行会预期**阻塞等待**数据库进行 `migrate` 操作: -- 首次安装时,会多次提示 `Pod api-on-migrate pending` 类似字样,原因是 `mariadb` 等待就绪耗时较长, `migrate` 容器会不断失败重试,请耐心等待。 -- 升级安装时,会出现 `Pod api-on-migrate running` 类似字样,表示正在执行 `migrate` 操作,耗时一般在 10s 以内,具体视 migrate 内容而定,请耐心等待。 - -如果确认此次安装或更新无须变更数据库,可以临时手动关闭: -```bash -helm install bk-user bk-user-stack -n bk-user -f values.yaml \ - --set api.preRunHooks.db-migrate.enabled=false \ - --set saas.preRunHooks.db-migrate.enabled=false -``` - -如果在安装完成之后,访问 SaaS 地址出现 `503`,可以检查一下 `saas-web` 容器是否完全就绪,静候就绪后刷新页面即可。 - -## 卸载 -```bash -# 卸载资源 -helm uninstall bk-user -n bk-user - -# 已安装的 mariadb & redis 并不会被删除,防止没有开启持久化期间产生的数据被销毁 -# 如果确认已不再需要相关内容,可以手动删除命名空间内的资源 -# 独立命名空间时 -kubectl delete ns bk-user -# 非独立命名空间时 -kubectl delete deploy,sts,cronjob,pod,svc,ingress,secret,cm,sa,role,rolebinding,pvc -l app.kubernetes.io/instance=bk-user -n bk-user -``` diff --git a/deploy/helm/bk-user-stack/templates/NOTES.txt b/deploy/helm/bk-user-stack/templates/NOTES.txt deleted file mode 100644 index fd9ed0094..000000000 --- a/deploy/helm/bk-user-stack/templates/NOTES.txt +++ /dev/null @@ -1,15 +0,0 @@ -恭喜,你已经成功安装了蓝鲸用户管理 ! - -如果集群中已经安装了 IngressController,那么可以通过以下地址访问用户管理: -- SaaS: http://bkuser.{{ .Values.global.sharedDomain }} -- Api: http://bkuser-api.{{ .Values.global.sharedDomain }}/ping - -也可以通过 http://{{ .Values.bklogin.env.BK_LOGIN_PUBLIC_ADDR }}/login 访问蓝鲸登录: - - -登录账户名密码: -{{ .Values.bkuserapi.env.INITIAL_ADMIN_USERNAME }}/{{ .Values.bkuserapi.env.INITIAL_ADMIN_PASSWORD }} - -查看更多信息: - $ helm status {{ .Release.Name }} - $ helm get all {{ .Release.Name }} \ No newline at end of file diff --git a/deploy/helm/bk-user-stack/templates/mariadb-env-configmap.yaml b/deploy/helm/bk-user-stack/templates/mariadb-env-configmap.yaml deleted file mode 100644 index bacb1dadc..000000000 --- a/deploy/helm/bk-user-stack/templates/mariadb-env-configmap.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if .Values.mariadb.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: bk-user-api-mariadb-env - labels: - {{- include "chartty.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-1" -data: - DB_NAME: "{{ .Values.bkuserapi.database.preferName }}" - DB_USER: "{{ .Values.mariadb.auth.username }}" - DB_PASSWORD: "{{ .Values.mariadb.auth.password }}" - DB_HOST: "{{ .Release.Name }}-mariadb" - DB_PORT: "3306" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: bk-user-saas-mariadb-env - labels: - {{- include "chartty.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-1" -data: - DB_NAME: "{{ .Values.bkusersaas.database.preferName }}" - DB_USER: "{{ .Values.mariadb.auth.username }}" - DB_PASSWORD: "{{ .Values.mariadb.auth.password }}" - DB_HOST: "{{ .Release.Name }}-mariadb" - DB_PORT: "3306" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: bk-login-mariadb-env - labels: - {{- include "chartty.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": "pre-install,pre-upgrade" - "helm.sh/hook-weight": "-1" -data: - DATABASE_NAME: "{{ .Values.bklogin.database.preferName }}" - DATABASE_USER: "{{ .Values.mariadb.auth.username }}" - DATABASE_PASSWORD: "{{ .Values.mariadb.auth.password }}" - DATABASE_HOST: "{{ .Release.Name }}-mariadb" - DATABASE_PORT: "3306" -{{- end -}} diff --git a/deploy/helm/bk-user-stack/templates/mariadb-init-configmap.yaml b/deploy/helm/bk-user-stack/templates/mariadb-init-configmap.yaml deleted file mode 100644 index e576d9497..000000000 --- a/deploy/helm/bk-user-stack/templates/mariadb-init-configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.mariadb.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: bk-user-mariadb-init - labels: - {{- include "chartty.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": "pre-install,pre-upgrade" - "helm.sh/hook-weight": "-1" -data: - init.sql: | - CREATE DATABASE IF NOT EXISTS `{{ .Values.bkuserapi.database.preferName }}` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; - CREATE DATABASE IF NOT EXISTS `{{ .Values.bkusersaas.database.preferName }}` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; - CREATE DATABASE IF NOT EXISTS `{{ .Values.bklogin.database.preferName }}` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; - GRANT ALL PRIVILEGES ON `{{ .Values.bkuserapi.database.preferName }}`.* TO `{{ .Values.mariadb.auth.username }}`@'%'; - GRANT ALL PRIVILEGES ON `{{ .Values.bkusersaas.database.preferName }}`.* TO `{{ .Values.mariadb.auth.username }}`@'%'; - GRANT ALL PRIVILEGES ON `{{ .Values.bklogin.database.preferName }}`.* TO `{{ .Values.mariadb.auth.username }}`@'%'; -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/bk-user-stack/templates/redis-env-configmap.yaml b/deploy/helm/bk-user-stack/templates/redis-env-configmap.yaml deleted file mode 100644 index 2487e111d..000000000 --- a/deploy/helm/bk-user-stack/templates/redis-env-configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.redis.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: bk-user-api-redis-env - labels: - {{- include "chartty.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-1" -data: - {{- $redis_url := printf "redis://:%s@%s-redis-master:%s/0" $.Values.redis.auth.password $.Release.Name ($.Values.redis.master.service.port | toString )}} - CELERY_BROKER_URL: {{ $redis_url }} - CELERY_RESULT_BACKEND: {{ $redis_url }} -{{- end }} diff --git a/deploy/helm/bk-user-stack/values.yaml b/deploy/helm/bk-user-stack/values.yaml deleted file mode 100644 index 3e6d75064..000000000 --- a/deploy/helm/bk-user-stack/values.yaml +++ /dev/null @@ -1,106 +0,0 @@ -global: - # 用户管理产品对外暴露访问根域 - sharedDomain: "example.com" - # 全局镜像配置 - image: - registry: "ccr.ccs.tencentyun.com/bk.io" - pullPolicy: Always - - # 日志采集,默认关闭,当日志采集就绪时,手动开启 - bkLogConfig: - enabled: false - dataId: "" - - env: - # 请在 PaaS 产品就绪后,查询 secret 并填入,否则影响用户管理调用 ESB 的相关功能(邮件通知等) - BK_APP_SECRET: "your-own-secret" - # 默认采用集群内 Service 访问 PaaS 平台和蓝鲸产品,如果有其他部署方式,请手动覆盖相关地址 - # PaaS 平台访问地址 - BK_PAAS_URL: "http://paas.example.com" - # ESB Api 访问地址 - BK_COMPONENT_API_URL: "http://bkapi.example.com" - # 由于用户管理先于权限中心拉起,所以默认禁用,后期所有产品就绪后,可手动开启 - ENABLE_IAM: false - -bkuserapi: - enabeld: true - env: - # !!!安全:请修改初始账号密码!!! - INITIAL_ADMIN_USERNAME: "admin" - INITIAL_ADMIN_PASSWORD: "Blueking@2019" - envFrom: - # 挂载内建 DB 变量 - - configMapRef: - name: bk-user-api-mariadb-env - - configMapRef: - name: bk-user-api-redis-env - - # 默认我们关闭了监控采集,当监控就绪时,请手动开启 - # serviceMonitor: - # enabled: true - -bkusersaas: - enabled: true - envFrom: - # 挂载内建 DB 变量 - - configMapRef: - name: bk-user-saas-mariadb-env - - # 默认我们关闭了监控采集,当监控就绪时,请手动开启 - # serviceMonitor: - # enabled: true - -bklogin: - enabled: true - env: - # 指定 bk_token 加密 secret key, 可通过 `tr -dc A-Za-z0-9 =1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "bk-user.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: bkuserapi-web + port: + number: {{ $svcPort }} + {{- else }} + serviceName: bkuserapi-web + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/deploy/helm/bk-user/charts/api/templates/migrate-job.yaml b/deploy/helm/bk-user/charts/api/templates/migrate-job.yaml new file mode 100644 index 000000000..a9d743e66 --- /dev/null +++ b/deploy/helm/bk-user/charts/api/templates/migrate-job.yaml @@ -0,0 +1,48 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: bk-user-api-migrate-db-{{ .Release.Revision }} + labels: + {{- include "bk-user.labels" . | nindent 4 }} +spec: + backoffLimit: 10 + template: + metadata: + labels: + {{- include "bk-user.labels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + restartPolicy: OnFailure + initContainers: + - name: check-database-ready + image: "{{ .Values.migration.images.busybox.registry }}/{{ .Values.migration.images.busybox.repository }}:{{ .Values.migration.images.busybox.tag }}" + imagePullPolicy: IfNotPresent + command: + - sh + - -c + args: + - "echo Start check database: $(DB_HOST):$(DB_PORT); until telnet $(DB_HOST) $(DB_PORT); do echo waiting for db $(DB_NAME); sleep 2; done;" + envFrom: + {{- toYaml .Values.envFrom | nindent 12 }} + containers: + - name: api-db-migrate + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - /bin/bash + - -c + args: + - python manage.py migrate --no-input + {{- with .Values.env }} + env: + {{- toYaml . | nindent 12}} + {{- end }} + {{- with .Values.envFrom }} + envFrom: + {{- toYaml . | nindent 12}} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} diff --git a/deploy/helm/bk-user/charts/api/templates/service.yaml b/deploy/helm/bk-user/charts/api/templates/service.yaml new file mode 100644 index 000000000..ad7a7ca94 --- /dev/null +++ b/deploy/helm/bk-user/charts/api/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: bkuserapi-web + labels: + {{- include "bk-user.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "bk-user.selectorLabels" . | nindent 4 }} diff --git a/deploy/helm/bk-user/charts/api/templates/serviceaccount.yaml b/deploy/helm/bk-user/charts/api/templates/serviceaccount.yaml new file mode 100644 index 000000000..df874bffe --- /dev/null +++ b/deploy/helm/bk-user/charts/api/templates/serviceaccount.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: bk-user-api + labels: + {{- include "bk-user.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: bk-user-api-role +rules: +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: bk-user-api-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: bk-user-api-role +subjects: +- kind: ServiceAccount + name: bk-user-api + namespace: {{ default "default" .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/deploy/helm/bk-user/charts/api/templates/servicemonitor.yaml b/deploy/helm/bk-user/charts/api/templates/servicemonitor.yaml new file mode 100644 index 000000000..ab1a4722b --- /dev/null +++ b/deploy/helm/bk-user/charts/api/templates/servicemonitor.yaml @@ -0,0 +1,31 @@ +{{- if .Values.global.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "bk-user.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "bk-user.labels" . | nindent 4 }} +spec: + {{- if .Values.global.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.global.serviceMonitor.jobLabel }} + {{- end }} + selector: + matchLabels: + {{- include "bk-user.selectorLabels" . | nindent 6 }} + endpoints: + - port: http + path: "/metrics" + {{- if .Values.global.serviceMonitor.interval }} + interval: {{ .Values.global.serviceMonitor.interval }} + {{- end }} + {{- if .Values.global.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.global.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if hasKey .Values.global.serviceMonitor "honorLabels" }} + honorLabels: {{ .Values.global.serviceMonitor.honorLabels }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/deploy/helm/bk-user/charts/api/templates/web-deployment.yaml b/deploy/helm/bk-user/charts/api/templates/web-deployment.yaml new file mode 100644 index 000000000..0a21bf164 --- /dev/null +++ b/deploy/helm/bk-user/charts/api/templates/web-deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bk-user-api-web + labels: + {{- include "bk-user.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "bk-user.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "bk-user.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: bk-user-api + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + - name: check-migrate-db + image: "{{ .Values.migration.images.k8sWaitFor.registry }}/{{ .Values.migration.images.k8sWaitFor.repository }}:{{ .Values.migration.images.k8sWaitFor.tag }}" + imagePullPolicy: IfNotPresent + args: + - job + - "bk-user-api-migrate-db-{{ .Release.Revision }}" + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - bash + args: + - /app/start.sh + {{- with .Values.env }} + env: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.envFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: 8000 + protocol: TCP + livenessProbe: + httpGet: + path: /ping + port: http + readinessProbe: + httpGet: + path: /ping + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/deploy/helm/bk-user/charts/api/templates/worker-deployment.yaml b/deploy/helm/bk-user/charts/api/templates/worker-deployment.yaml new file mode 100644 index 000000000..01532c24b --- /dev/null +++ b/deploy/helm/bk-user/charts/api/templates/worker-deployment.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bk-user-api-worker + labels: + {{- include "bk-user.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "bk-user.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "bk-user.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: bk-user-api + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + - name: check-migrate-db + image: "{{ .Values.migration.images.k8sWaitFor.registry }}/{{ .Values.migration.images.k8sWaitFor.repository }}:{{ .Values.migration.images.k8sWaitFor.tag }}" + imagePullPolicy: IfNotPresent + args: + - job + - "bk-user-api-migrate-db-{{ .Release.Revision }}" + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - bash + args: + - /app/start_celery.sh + {{- with .Values.env }} + env: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.envFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/deploy/helm/bk-user/charts/api/values.yaml b/deploy/helm/bk-user/charts/api/values.yaml new file mode 100644 index 000000000..600d61b82 --- /dev/null +++ b/deploy/helm/bk-user/charts/api/values.yaml @@ -0,0 +1,232 @@ +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + imagePullSecrets: [] + storageClass: "" + + ## 蓝鲸产品统一根域 + bkDomain: "example.com" + + ## 是否开启权限中心 + enableIAM: false + + ## -------------- + ## 蓝鲸监控 + ## -------------- + serviceMonitor: + ## @param serviceMonitor.enabled Creates a ServiceMonitor to monitor kube-state-metrics + ## + enabled: false + ## @param serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + ## @param serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param serviceMonitor.selector ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## e.g: + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + ## @param serviceMonitor.honorLabels Honor metrics labels + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## honorLabels: false + ## + honorLabels: false + ## @param serviceMonitor.relabelings ServiceMonitor relabelings + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## + relabelings: [] + ## @param serviceMonitor.metricRelabelings ServiceMonitor metricRelabelings + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + + ## -------------- + ## 蓝鲸日志采集 + ## -------------- + bkLogConfig: + enabled: false + dataId: 1 + +## web deployment 副本数 +replicaCount: 1 +## celery deployment 副本数 +celeryReplicaCount: 1 + +appCode: "bk_usermgr" +appSecret: "" + +## !!!安全:请修改初始账号密码!!! +initialAdminUsername: "admin" +initialAdminPassword: "Blueking@2019" + +image: + registry: mirrors.tencent.com + repository: blueking/bk-user-api + pullPolicy: IfNotPresent + tag: "v2.3.1" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + ## Specifies whether a service account should be created + create: true + ## Annotations to add to the service account + annotations: {} + ## The name of the service account to use. + ## If not set and create is true, a name is generated using the fullname template + name: "" + +## 蓝鲸 PaaS url(浏览器访问蓝鲸入口) +bkPaasUrl: http://paas.example.com +## 蓝鲸 ESB/APIGATEWAY url,注意集群内外都是统一域名。集群内可以配置域名解析到内网ip +bkComponentApiUrl: http://bkapi.paas.example.com +## 蓝鲸 Login url(浏览器跳转登录用的URL前缀) +bkLoginUrl: http://paas.example.com/login/ +## 蓝鲸登录后台的内部服务地址(一般用于校验登录token) +bkLoginApiUrl: http://bk-login-web +## 蓝鲸用户管理 SaaS地址 +bkUserUrl: http://bkuser.paas.example.com +bkUserAddr: bkuser.paas.example.com +## 蓝鲸用户管理后台 API 地址 +bkUserApiUrl: http://bkuserapi-web +## 蓝鲸权限中心 SaaS 地址 +bkIamUrl: http://bkiam.paas.example.com +## 蓝鲸权限中心后台 API 地址 +bkIamApiUrl: http://bkiam-web + + +## --------------- +## 环境变量 +## --------------- +## 请按照原生 env 格式填写 +## env 优先级高于 envFrom,你可以用它来覆盖内置环境变量 +# env: +# - key: "FOO" +# value: "BAR" + +envFrom: + - configMapRef: + name: bk-user-api-general-envs + - configMapRef: + name: bk-user-api-external-storage + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + ## 由于默认 API 没有开启任何鉴权,为了保证数据安全关闭 ingress + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: bk-user-api.{{ .Values.global.bkDomain }} + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + limits: + cpu: 1024m + memory: 2048Mi + requests: + cpu: 100m + memory: 128Mi + +celeryResource: + limits: + cpu: 1024m + memory: 2048Mi + requests: + cpu: 100m + memory: 128Mi + +## --------------- +## 调度 +## --------------- +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +## -------------- +## 外部数据库配置 +## -------------- +preferDBName: "bk_user_api" +externalDatabase: + default: + host: "" + password: "" + port: 3306 + user: "" + name: "bk_user_api" + +## --------------- +## 外部 Redis +## --------------- +externalRedis: + default: + host: "" + port: 6379 + password: "blueking" + +## -------------- +## 检查 DB 变更 +## -------------- +migration: + images: + busybox: + registry: "mirrors.tencent.com" + repository: blueking/busybox + tag: "1.34.0" + k8sWaitFor: + registry: "mirrors.tencent.com" + repository: blueking/k8s-wait-for + tag: "v1.5.1" + + diff --git a/deploy/helm/login/.helmignore b/deploy/helm/bk-user/charts/login/.helmignore similarity index 100% rename from deploy/helm/login/.helmignore rename to deploy/helm/bk-user/charts/login/.helmignore diff --git a/deploy/helm/bk-user/charts/login/Chart.yaml b/deploy/helm/bk-user/charts/login/Chart.yaml new file mode 100644 index 000000000..1114a5dd4 --- /dev/null +++ b/deploy/helm/bk-user/charts/login/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: login +description: login module for blueking +type: application +version: 1.0.0 +appVersion: "2.3.1" diff --git a/deploy/helm/bk-user/charts/login/templates/NOTES.txt b/deploy/helm/bk-user/charts/login/templates/NOTES.txt new file mode 100644 index 000000000..3dadaeedf --- /dev/null +++ b/deploy/helm/bk-user/charts/login/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "bk-user.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "bk-user.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "bk-user.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "bk-user.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/deploy/helm/bk-user/charts/login/templates/_helpers.tpl b/deploy/helm/bk-user/charts/login/templates/_helpers.tpl new file mode 100644 index 000000000..645b58786 --- /dev/null +++ b/deploy/helm/bk-user/charts/login/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "bk-user.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "bk-user.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "bk-user.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "bk-user.labels" -}} +helm.sh/chart: {{ include "bk-user.chart" . }} +{{ include "bk-user.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "bk-user.selectorLabels" -}} +app.kubernetes.io/name: {{ include "bk-user.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "bk-user.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "bk-user.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/deploy/helm/bk-user/charts/login/templates/bklogconfig.yaml b/deploy/helm/bk-user/charts/login/templates/bklogconfig.yaml new file mode 100644 index 000000000..da4b98924 --- /dev/null +++ b/deploy/helm/bk-user/charts/login/templates/bklogconfig.yaml @@ -0,0 +1,15 @@ +{{- $namePrefix := include "bk-user.name" . -}} +{{- if .Values.global.bkLogConfig.enabled }} +apiVersion: bk.tencent.com/v1alpha1 +kind: BkLogConfig +metadata: + name: bk-login-stdout-log + labels: + {{- include "bk-user.labels" . | nindent 4 }} +spec: + dataId: {{ .Values.global.bkLogConfig.dataId }} + logConfigType: "std_log_config" + namespace: {{ .Release.Namespace | quote }} + labelSelector: + matchLabels: {{- include "bk-user.labels" . | nindent 6 }} +{{- end }} \ No newline at end of file diff --git a/deploy/helm/bk-user/charts/login/templates/deployment.yaml b/deploy/helm/bk-user/charts/login/templates/deployment.yaml new file mode 100644 index 000000000..fd39890ae --- /dev/null +++ b/deploy/helm/bk-user/charts/login/templates/deployment.yaml @@ -0,0 +1,75 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "bk-user.fullname" . }} + labels: + {{- include "bk-user.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "bk-user.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "bk-user.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: bk-login + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + - name: check-migrate-db + image: "{{ .Values.migration.images.k8sWaitFor.registry }}/{{ .Values.migration.images.k8sWaitFor.repository }}:{{ .Values.migration.images.k8sWaitFor.tag }}" + imagePullPolicy: IfNotPresent + args: + - job + - "bk-login-migrate-db-{{ .Release.Revision }}" + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["./start.sh"] + {{- with .Values.env }} + env: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.envFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: 5000 + protocol: TCP + livenessProbe: + tcpSocket: + port: http + readinessProbe: + tcpSocket: + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/deploy/helm/bk-user/charts/login/templates/external-storage-configmap.yaml b/deploy/helm/bk-user/charts/login/templates/external-storage-configmap.yaml new file mode 100644 index 000000000..7f1b42a6b --- /dev/null +++ b/deploy/helm/bk-user/charts/login/templates/external-storage-configmap.yaml @@ -0,0 +1,14 @@ +{{- $namePrefix := include "bk-user.name" . -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: bk-login-external-storage +data: + # --------------- + # 数据库 + # --------------- + DB_NAME: "{{ .Values.externalDatabase.default.name | default .Values.preferDBName }}" + DB_USER: "{{ .Values.externalDatabase.default.user }}" + DB_PASSWORD: "{{ .Values.externalDatabase.default.password }}" + DB_HOST: "{{ .Values.externalDatabase.default.host }}" + DB_PORT: "{{ .Values.externalDatabase.default.port }}" diff --git a/deploy/helm/bk-user/charts/login/templates/general-envs-configmap.yaml b/deploy/helm/bk-user/charts/login/templates/general-envs-configmap.yaml new file mode 100644 index 000000000..2e08ef351 --- /dev/null +++ b/deploy/helm/bk-user/charts/login/templates/general-envs-configmap.yaml @@ -0,0 +1,16 @@ +{{- $namePrefix := include "bk-user.name" . -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: bk-login-general-envs +data: + # 登录态 Cookie 写入的域名 + BK_DOMAIN: {{ .Values.global.bkDomain }} + # 统一登录的外部访问域名 + BK_LOGIN_PUBLIC_ADDR: {{ .Values.bkLoginUrl }} + # 用户管理后台API访问地址 + BK_USERMGR_API_URL: {{ .Values.bkUserApiUrl }} + # 与 ESB 的通信凭证,应用(bk_paas) 对应的 bk_app_secret + BK_PAAS_SECRET_KEY: {{ .Values.bkPaasSerectKey }} + # 32位随机字符串,用于加密登录态票据(bk_token) + ENCRYPT_SECRET_KEY: {{ .Values.encryptSecretKey }} \ No newline at end of file diff --git a/deploy/helm/bk-user/charts/login/templates/hpa.yaml b/deploy/helm/bk-user/charts/login/templates/hpa.yaml new file mode 100644 index 000000000..26edac84e --- /dev/null +++ b/deploy/helm/bk-user/charts/login/templates/hpa.yaml @@ -0,0 +1,28 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "bk-user.fullname" . }} + labels: + {{- include "bk-user.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "bk-user.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/deploy/helm/bk-user/charts/login/templates/ingress.yaml b/deploy/helm/bk-user/charts/login/templates/ingress.yaml new file mode 100644 index 000000000..5324650d4 --- /dev/null +++ b/deploy/helm/bk-user/charts/login/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "bk-user.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: bk-login + labels: + {{- include "bk-user.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: bk-login-web + port: + number: {{ $svcPort }} + {{- else }} + serviceName: bk-login-web + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/deploy/helm/bk-user/charts/login/templates/migrate-job.yaml b/deploy/helm/bk-user/charts/login/templates/migrate-job.yaml new file mode 100644 index 000000000..d6c01ccc2 --- /dev/null +++ b/deploy/helm/bk-user/charts/login/templates/migrate-job.yaml @@ -0,0 +1,48 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: bk-login-migrate-db-{{ .Release.Revision }} + labels: + {{- include "bk-user.labels" . | nindent 4 }} +spec: + backoffLimit: 10 + template: + metadata: + labels: + {{- include "bk-user.labels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + restartPolicy: OnFailure + initContainers: + - name: check-database-ready + image: "{{ .Values.migration.images.busybox.registry }}/{{ .Values.migration.images.busybox.repository }}:{{ .Values.migration.images.busybox.tag }}" + imagePullPolicy: IfNotPresent + command: + - sh + - -c + args: + - "echo Start check database: $(DATABASE_HOST):$(DATABASE_PORT); until telnet $(DATABASE_HOST) $(DATABASE_PORT); do echo waiting for db $(DATABASE_NAME); sleep 2; done;" + envFrom: + {{- toYaml .Values.envFrom | nindent 12 }} + containers: + - name: login-db-migrate + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - /bin/bash + - -c + args: + - python manage.py migrate --no-input + {{- with .Values.env }} + env: + {{- toYaml . | nindent 12}} + {{- end }} + {{- with .Values.envFrom }} + envFrom: + {{- toYaml . | nindent 12}} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} diff --git a/deploy/helm/bk-user/charts/login/templates/service.yaml b/deploy/helm/bk-user/charts/login/templates/service.yaml new file mode 100644 index 000000000..931f97462 --- /dev/null +++ b/deploy/helm/bk-user/charts/login/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: bk-login-web + labels: + {{- include "bk-user.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "bk-user.selectorLabels" . | nindent 4 }} diff --git a/deploy/helm/bk-user/charts/login/templates/serviceaccount.yaml b/deploy/helm/bk-user/charts/login/templates/serviceaccount.yaml new file mode 100644 index 000000000..60d3b5f73 --- /dev/null +++ b/deploy/helm/bk-user/charts/login/templates/serviceaccount.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: bk-login + labels: + {{- include "bk-user.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: bk-login-role +rules: +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: bk-login-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: bk-login-role +subjects: +- kind: ServiceAccount + name: bk-login + namespace: {{ default "default" .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/deploy/helm/bk-user/charts/login/templates/servicemonitor.yaml b/deploy/helm/bk-user/charts/login/templates/servicemonitor.yaml new file mode 100644 index 000000000..ab1a4722b --- /dev/null +++ b/deploy/helm/bk-user/charts/login/templates/servicemonitor.yaml @@ -0,0 +1,31 @@ +{{- if .Values.global.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "bk-user.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "bk-user.labels" . | nindent 4 }} +spec: + {{- if .Values.global.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.global.serviceMonitor.jobLabel }} + {{- end }} + selector: + matchLabels: + {{- include "bk-user.selectorLabels" . | nindent 6 }} + endpoints: + - port: http + path: "/metrics" + {{- if .Values.global.serviceMonitor.interval }} + interval: {{ .Values.global.serviceMonitor.interval }} + {{- end }} + {{- if .Values.global.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.global.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if hasKey .Values.global.serviceMonitor "honorLabels" }} + honorLabels: {{ .Values.global.serviceMonitor.honorLabels }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/deploy/helm/bk-user/charts/login/values.yaml b/deploy/helm/bk-user/charts/login/values.yaml new file mode 100644 index 000000000..042d912b2 --- /dev/null +++ b/deploy/helm/bk-user/charts/login/values.yaml @@ -0,0 +1,226 @@ +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + imagePullSecrets: [] + storageClass: "" + + ## 蓝鲸产品统一根域 + bkDomain: "example.com" + + ## 是否开启权限中心 + enableIAM: false + + ## -------------- + ## 蓝鲸监控 + ## -------------- + serviceMonitor: + ## @param serviceMonitor.enabled Creates a ServiceMonitor to monitor kube-state-metrics + ## + enabled: false + ## @param serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + ## @param serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param serviceMonitor.selector ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## e.g: + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + ## @param serviceMonitor.honorLabels Honor metrics labels + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## honorLabels: false + ## + honorLabels: false + ## @param serviceMonitor.relabelings ServiceMonitor relabelings + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## + relabelings: [] + ## @param serviceMonitor.metricRelabelings ServiceMonitor metricRelabelings + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + + ## -------------- + ## 蓝鲸日志采集 + ## -------------- + bkLogConfig: + enabled: false + dataId: 1 + +## web deployment 副本数 +replicaCount: 1 +## celery deployment 副本数 +celeryReplicaCount: 1 + +appCode: "bk_login" +appSecret: "" + +# 与 ESB 的通信凭证,应用(bk_paas) 对应的 bk_app_secret +bkPaasSerectKey: "" +# 32位随机字符串,用于加密登录态票据(bk_token) +encryptSecretKey: "" +bkDomainScheme: "http" + +image: + registry: mirrors.tencent.com + repository: blueking/bk-login + pullPolicy: IfNotPresent + tag: "1.0.0-beta.4" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + ## Specifies whether a service account should be created + create: true + ## Annotations to add to the service account + annotations: {} + ## The name of the service account to use. + ## If not set and create is true, a name is generated using the fullname template + name: "" + +## 蓝鲸 PaaS url(浏览器访问蓝鲸入口) +bkPaasUrl: http://paas.example.com +## 蓝鲸 ESB/APIGATEWAY url,注意集群内外都是统一域名。集群内可以配置域名解析到内网ip +bkComponentApiUrl: http://bkapi.paas.example.com +## 蓝鲸 Login url(浏览器跳转登录用的URL前缀) +bkLoginUrl: http://paas.example.com/login/ +## 蓝鲸登录后台的内部服务地址(一般用于校验登录token) +bkLoginApiUrl: http://bk-login-web +## 蓝鲸用户管理 SaaS地址 +bkUserUrl: http://bkuser.paas.example.com +bkUserAddr: bkuser.paas.example.com +## 蓝鲸用户管理后台 API 地址 +bkUserApiUrl: http://bkuserapi-web + +## --------------- +## 环境变量 +## --------------- +## 请按照原生 env 格式填写 +## env 优先级高于 envFrom,你可以用它来覆盖内置环境变量 +# env: +# - key: "FOO" +# value: "BAR" + +envFrom: + - configMapRef: + name: bk-login-general-envs + - configMapRef: + name: bk-login-external-storage + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + hosts: + - host: "{{ .Values.bkLoginUrl }}" + paths: + - path: "/login(/|$)(.*)" + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + limits: + cpu: 200m + memory: 1024Mi + requests: + cpu: 200m + memory: 512Mi + +celeryResource: + limits: + cpu: 1024m + memory: 2048Mi + requests: + cpu: 100m + memory: 128Mi + +## --------------- +## 调度 +## --------------- +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +## -------------- +## 外部数据库配置 +## -------------- +preferDBName: "bk_login" +externalDatabase: + default: + host: "" + password: "" + port: 3306 + user: "" + name: "bk_login" + +## --------------- +## 外部 Redis +## --------------- +externalRedis: + default: + host: "" + port: 6379 + password: "" + +## -------------- +## 检查 DB 变更 +## -------------- +migration: + images: + busybox: + registry: "mirrors.tencent.com" + repository: blueking/busybox + tag: "1.34.0" + k8sWaitFor: + registry: "mirrors.tencent.com" + repository: blueking/k8s-wait-for + tag: "v1.5.1" diff --git a/deploy/helm/saas/.helmignore b/deploy/helm/bk-user/charts/saas/.helmignore similarity index 100% rename from deploy/helm/saas/.helmignore rename to deploy/helm/bk-user/charts/saas/.helmignore diff --git a/deploy/helm/bk-user/charts/saas/Chart.yaml b/deploy/helm/bk-user/charts/saas/Chart.yaml new file mode 100644 index 000000000..4c0990fc4 --- /dev/null +++ b/deploy/helm/bk-user/charts/saas/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: saas +description: SaaS module for bk-user +type: application +version: 1.0.0 +appVersion: "2.3.1" diff --git a/deploy/helm/bk-user/charts/saas/templates/NOTES.txt b/deploy/helm/bk-user/charts/saas/templates/NOTES.txt new file mode 100644 index 000000000..3dadaeedf --- /dev/null +++ b/deploy/helm/bk-user/charts/saas/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "bk-user.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "bk-user.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "bk-user.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "bk-user.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/deploy/helm/bk-user/charts/saas/templates/_helpers.tpl b/deploy/helm/bk-user/charts/saas/templates/_helpers.tpl new file mode 100644 index 000000000..645b58786 --- /dev/null +++ b/deploy/helm/bk-user/charts/saas/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "bk-user.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "bk-user.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "bk-user.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "bk-user.labels" -}} +helm.sh/chart: {{ include "bk-user.chart" . }} +{{ include "bk-user.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "bk-user.selectorLabels" -}} +app.kubernetes.io/name: {{ include "bk-user.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "bk-user.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "bk-user.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/deploy/helm/bk-user/charts/saas/templates/bklogconfig.yaml b/deploy/helm/bk-user/charts/saas/templates/bklogconfig.yaml new file mode 100644 index 000000000..98ef234ad --- /dev/null +++ b/deploy/helm/bk-user/charts/saas/templates/bklogconfig.yaml @@ -0,0 +1,15 @@ +{{- $namePrefix := include "bk-user.name" . -}} +{{- if .Values.global.bkLogConfig.enabled }} +apiVersion: bk.tencent.com/v1alpha1 +kind: BkLogConfig +metadata: + name: bk-user-saas-stdout-log + labels: + {{- include "bk-user.labels" . | nindent 4 }} +spec: + dataId: {{ .Values.global.bkLogConfig.dataId }} + logConfigType: "std_log_config" + namespace: {{ .Release.Namespace | quote }} + labelSelector: + matchLabels: {{- include "bk-user.labels" . | nindent 6 }} +{{- end }} \ No newline at end of file diff --git a/deploy/helm/bk-user/charts/saas/templates/deployment.yaml b/deploy/helm/bk-user/charts/saas/templates/deployment.yaml new file mode 100644 index 000000000..9fd3c848b --- /dev/null +++ b/deploy/helm/bk-user/charts/saas/templates/deployment.yaml @@ -0,0 +1,76 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "bk-user.fullname" . }} + labels: + {{- include "bk-user.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "bk-user.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "bk-user.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: bk-user-saas + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + - name: check-migrate-db + image: "{{ .Values.migration.images.k8sWaitFor.registry }}/{{ .Values.migration.images.k8sWaitFor.repository }}:{{ .Values.migration.images.k8sWaitFor.tag }}" + imagePullPolicy: IfNotPresent + args: + - job + - "bk-user-saas-migrate-db-{{ .Release.Revision }}" + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.env }} + env: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.envFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: 8000 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/deploy/helm/bk-user/charts/saas/templates/external-storage-configmap.yaml b/deploy/helm/bk-user/charts/saas/templates/external-storage-configmap.yaml new file mode 100644 index 000000000..d06a7438b --- /dev/null +++ b/deploy/helm/bk-user/charts/saas/templates/external-storage-configmap.yaml @@ -0,0 +1,14 @@ +{{- $namePrefix := include "bk-user.name" . -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: bk-user-saas-external-storage +data: + # --------------- + # 数据库 + # --------------- + DB_NAME: "{{ .Values.externalDatabase.default.name | default .Values.preferDBName }}" + DB_USER: "{{ .Values.externalDatabase.default.user }}" + DB_PASSWORD: "{{ .Values.externalDatabase.default.password }}" + DB_HOST: "{{ .Values.externalDatabase.default.host }}" + DB_PORT: "{{ .Values.externalDatabase.default.port }}" diff --git a/deploy/helm/bk-user/charts/saas/templates/general-envs-configmap.yaml b/deploy/helm/bk-user/charts/saas/templates/general-envs-configmap.yaml new file mode 100644 index 000000000..6a27e130a --- /dev/null +++ b/deploy/helm/bk-user/charts/saas/templates/general-envs-configmap.yaml @@ -0,0 +1,30 @@ +{{- $namePrefix := include "bk-user.name" . -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: bk-user-saas-general-envs +data: + # ------------- + # 默认配置,不了解详情时请不要修改 + # ------------- + BK_APP_CODE: "{{ .Values.appCode }}" + BK_APP_SECRET: "{{ .Values.appSecret }}" + DJANGO_SETTINGS_MODULE: "bkuser_shell.config.overlays.prod" + # ------------- + # 权限中心相关配置 + # ------------- + BK_IAM_SYSTEM_ID: "bk_usermgr" + # 权限中心后台访问地址 + BK_IAM_V3_INNER_HOST: "http://bkiam-web" + # 默认我们会按照 BK_PAAS_URL/o/bk_iam 拼接权限中心 SaaS 访问地址,可以通过以下值覆盖 + # BK_IAM_SAAS_HOST: "http://apps.bktencent-example.com/bkapp-bk-iam-saas-prod/" + BKAPP_BK_USER_CORE_API_HOST: "{{ .Values.bkUserApiUrl }}" + # 容器化版本默认采用子域名形式暴露服务 + BK_LOGIN_API_URL: "{{ .Values.bkLoginApiUrl }}" + SITE_URL: "/" + # PaaS 平台访问地址 + BK_PAAS_URL: "{{ .Values.bkPaasUrl }}" + # ESB Api 访问地址 + BK_COMPONENT_API_URL: "{{ .Values.bkComponentApiUrl }}" + # 由于用户管理先于权限中心拉起,所以默认禁用,后期所有产品就绪后,可手动开启 + ENABLE_IAM: "{{ .Values.global.enableIAM }}" \ No newline at end of file diff --git a/deploy/helm/bk-user/charts/saas/templates/hpa.yaml b/deploy/helm/bk-user/charts/saas/templates/hpa.yaml new file mode 100644 index 000000000..26edac84e --- /dev/null +++ b/deploy/helm/bk-user/charts/saas/templates/hpa.yaml @@ -0,0 +1,28 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "bk-user.fullname" . }} + labels: + {{- include "bk-user.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "bk-user.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/deploy/helm/bk-user/charts/saas/templates/ingress.yaml b/deploy/helm/bk-user/charts/saas/templates/ingress.yaml new file mode 100644 index 000000000..e1de38c9f --- /dev/null +++ b/deploy/helm/bk-user/charts/saas/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "bk-user.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "bk-user.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: bkusersaas-web + port: + number: {{ $svcPort }} + {{- else }} + serviceName: bkusersaas-web + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/deploy/helm/bk-user/charts/saas/templates/migrate-job.yaml b/deploy/helm/bk-user/charts/saas/templates/migrate-job.yaml new file mode 100644 index 000000000..84a49b3cb --- /dev/null +++ b/deploy/helm/bk-user/charts/saas/templates/migrate-job.yaml @@ -0,0 +1,48 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: bk-user-saas-migrate-db-{{ .Release.Revision }} + labels: + {{- include "bk-user.labels" . | nindent 4 }} +spec: + backoffLimit: 10 + template: + metadata: + labels: + {{- include "bk-user.labels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + restartPolicy: OnFailure + initContainers: + - name: check-database-ready + image: "{{ .Values.migration.images.busybox.registry }}/{{ .Values.migration.images.busybox.repository }}:{{ .Values.migration.images.busybox.tag }}" + imagePullPolicy: IfNotPresent + command: + - sh + - -c + args: + - "echo Start check database: $(DB_HOST):$(DB_PORT); until telnet $(DB_HOST) $(DB_PORT); do echo waiting for db $(DB_NAME); sleep 2; done;" + envFrom: + {{- toYaml .Values.envFrom | nindent 12 }} + containers: + - name: saas-db-migrate + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - /bin/bash + - -c + args: + - python manage.py migrate --no-input + {{- with .Values.env }} + env: + {{- toYaml . | nindent 12}} + {{- end }} + {{- with .Values.envFrom }} + envFrom: + {{- toYaml . | nindent 12}} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} diff --git a/deploy/helm/bk-user/charts/saas/templates/service.yaml b/deploy/helm/bk-user/charts/saas/templates/service.yaml new file mode 100644 index 000000000..53fd8ad85 --- /dev/null +++ b/deploy/helm/bk-user/charts/saas/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: bkusersaas-web + labels: + {{- include "bk-user.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "bk-user.selectorLabels" . | nindent 4 }} diff --git a/deploy/helm/bk-user/charts/saas/templates/serviceaccount.yaml b/deploy/helm/bk-user/charts/saas/templates/serviceaccount.yaml new file mode 100644 index 000000000..09c462054 --- /dev/null +++ b/deploy/helm/bk-user/charts/saas/templates/serviceaccount.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: bk-user-saas + labels: + {{- include "bk-user.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: bk-user-saas-role +rules: +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: bk-user-saas-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: bk-user-saas-role +subjects: +- kind: ServiceAccount + name: bk-user-saas + namespace: {{ default "default" .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/deploy/helm/bk-user/charts/saas/templates/servicemonitor.yaml b/deploy/helm/bk-user/charts/saas/templates/servicemonitor.yaml new file mode 100644 index 000000000..ab1a4722b --- /dev/null +++ b/deploy/helm/bk-user/charts/saas/templates/servicemonitor.yaml @@ -0,0 +1,31 @@ +{{- if .Values.global.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "bk-user.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "bk-user.labels" . | nindent 4 }} +spec: + {{- if .Values.global.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.global.serviceMonitor.jobLabel }} + {{- end }} + selector: + matchLabels: + {{- include "bk-user.selectorLabels" . | nindent 6 }} + endpoints: + - port: http + path: "/metrics" + {{- if .Values.global.serviceMonitor.interval }} + interval: {{ .Values.global.serviceMonitor.interval }} + {{- end }} + {{- if .Values.global.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.global.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if hasKey .Values.global.serviceMonitor "honorLabels" }} + honorLabels: {{ .Values.global.serviceMonitor.honorLabels }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/deploy/helm/bk-user/charts/saas/values.yaml b/deploy/helm/bk-user/charts/saas/values.yaml new file mode 100644 index 000000000..fcaa2ba94 --- /dev/null +++ b/deploy/helm/bk-user/charts/saas/values.yaml @@ -0,0 +1,222 @@ +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + imagePullSecrets: [] + storageClass: "" + + ## 蓝鲸产品统一根域 + bkDomain: "example.com" + + ## 是否开启权限中心 + enableIAM: false + + ## -------------- + ## 蓝鲸监控 + ## -------------- + serviceMonitor: + ## @param serviceMonitor.enabled Creates a ServiceMonitor to monitor kube-state-metrics + ## + enabled: false + ## @param serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + ## @param serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param serviceMonitor.selector ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## e.g: + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + ## @param serviceMonitor.honorLabels Honor metrics labels + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## honorLabels: false + ## + honorLabels: false + ## @param serviceMonitor.relabelings ServiceMonitor relabelings + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## + relabelings: [] + ## @param serviceMonitor.metricRelabelings ServiceMonitor metricRelabelings + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + + ## -------------- + ## 蓝鲸日志采集 + ## -------------- + bkLogConfig: + enabled: false + dataId: 1 + +## web deployment 副本数 +replicaCount: 1 +## celery deployment 副本数 +celeryReplicaCount: 1 + +appCode: "bk_usermgr" +appSecret: "" + +image: + registry: mirrors.tencent.com + repository: blueking/bk-user-saas + pullPolicy: IfNotPresent + tag: "v2.3.1" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + ## Specifies whether a service account should be created + create: true + ## Annotations to add to the service account + annotations: {} + ## The name of the service account to use. + ## If not set and create is true, a name is generated using the fullname template + name: "" + +## 蓝鲸 PaaS url(浏览器访问蓝鲸入口) +bkPaasUrl: http://paas.example.com +## 蓝鲸 ESB/APIGATEWAY url,注意集群内外都是统一域名。集群内可以配置域名解析到内网ip +bkComponentApiUrl: http://bkapi.paas.example.com +## 蓝鲸 Login url(浏览器跳转登录用的URL前缀) +bkLoginUrl: http://paas.example.com/login/ +## 蓝鲸登录后台的内部服务地址(一般用于校验登录token) +bkLoginApiUrl: http://bk-login-web +## 蓝鲸用户管理 SaaS地址 +bkUserUrl: http://bkuser.paas.example.com +bkUserAddr: bkuser.paas.example.com +## 蓝鲸用户管理后台 API 地址 +bkUserApiUrl: http://bkuserapi-web + +## --------------- +## 环境变量 +## --------------- +## 请按照原生 env 格式填写 +## env 优先级高于 envFrom,你可以用它来覆盖内置环境变量 +# env: +# - key: "FOO" +# value: "BAR" + +envFrom: + - configMapRef: + name: bk-user-saas-general-envs + - configMapRef: + name: bk-user-saas-external-storage + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: true + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: bkuser.{{ .Values.global.bkDomain }} + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + limits: + cpu: 1024m + memory: 2048Mi + requests: + cpu: 100m + memory: 128Mi + +celeryResource: + limits: + cpu: 1024m + memory: 2048Mi + requests: + cpu: 100m + memory: 128Mi + +## --------------- +## 调度 +## --------------- +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +## -------------- +## 外部数据库配置 +## -------------- +preferDBName: "bk_user_saas" +externalDatabase: + default: + host: "" + password: "" + port: 3306 + user: "" + name: "bk_user_saas" + +## --------------- +## 外部 Redis +## --------------- +externalRedis: + default: + host: "" + port: 6379 + password: "" + +## -------------- +## 检查 DB 变更 +## -------------- +migration: + images: + busybox: + registry: "mirrors.tencent.com" + repository: blueking/busybox + tag: "1.34.0" + k8sWaitFor: + registry: "mirrors.tencent.com" + repository: blueking/k8s-wait-for + tag: "v1.5.1" + + diff --git a/deploy/helm/bk-user/templates/NOTES.txt b/deploy/helm/bk-user/templates/NOTES.txt new file mode 100644 index 000000000..003e2b2e9 --- /dev/null +++ b/deploy/helm/bk-user/templates/NOTES.txt @@ -0,0 +1,14 @@ +恭喜,你已经成功安装了蓝鲸用户管理 ! + +如果集群中已经安装了 IngressController,那么可以通过以下地址访问用户管理: +- SaaS: {{ .Values.saas.bkUserUrl }} +- Api: {{ .Values.api.bkUserApiUrl }} + +也可以通过 {{ .Values.login.bkLoginUrl }} 访问蓝鲸登录。 + +登录账户名密码: +{{ .Values.api.initialAdminUsername }}/{{ .Values.api.initialAdminPassword }} + +查看更多信息: + $ helm status {{ .Release.Name }} + $ helm get all {{ .Release.Name }} \ No newline at end of file diff --git a/deploy/helm/bk-user/templates/_helpers.tpl b/deploy/helm/bk-user/templates/_helpers.tpl new file mode 100644 index 000000000..645b58786 --- /dev/null +++ b/deploy/helm/bk-user/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "bk-user.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "bk-user.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "bk-user.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "bk-user.labels" -}} +helm.sh/chart: {{ include "bk-user.chart" . }} +{{ include "bk-user.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "bk-user.selectorLabels" -}} +app.kubernetes.io/name: {{ include "bk-user.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "bk-user.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "bk-user.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/deploy/helm/bk-user/templates/mariadb-env-configmap.yaml b/deploy/helm/bk-user/templates/mariadb-env-configmap.yaml new file mode 100644 index 000000000..51d3a7e21 --- /dev/null +++ b/deploy/helm/bk-user/templates/mariadb-env-configmap.yaml @@ -0,0 +1,62 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: bk-user-api-mariadb-env + labels: + {{- include "bk-user.labels" . | nindent 4 }} +data: + {{- if .Values.mariadb.enabled }} + DB_NAME: "{{ .Values.api.preferDBName }}" + DB_USER: "{{ .Values.mariadb.auth.username }}" + DB_PASSWORD: "{{ .Values.mariadb.auth.password }}" + DB_HOST: "{{ .Release.Name }}-mariadb" + DB_PORT: "3306" + {{- else -}} + DB_NAME: "{{ .Values.api.externalDatabase.default.name | default .Values.api.preferDBName }}" + DB_USER: "{{ .Values.api.externalDatabase.default.user }}" + DB_PASSWORD: "{{ .Values.api.externalDatabase.default.password }}" + DB_HOST: "{{ .Values.api.externalDatabase.default.host }}" + DB_PORT: "{{ .Values.api.externalDatabase.default.port }}" + {{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: bk-user-saas-mariadb-env + labels: + {{- include "bk-user.labels" . | nindent 4 }} +data: + {{- if .Values.mariadb.enabled }} + DB_NAME: "{{ .Values.saas.preferDBName }}" + DB_USER: "{{ .Values.mariadb.auth.username }}" + DB_PASSWORD: "{{ .Values.mariadb.auth.password }}" + DB_HOST: "{{ .Release.Name }}-mariadb" + DB_PORT: "3306" + {{- else -}} + DB_NAME: "{{ .Values.saas.externalDatabase.default.name | default .Values.saas.preferDBName }}" + DB_USER: "{{ .Values.saas.externalDatabase.default.user }}" + DB_PASSWORD: "{{ .Values.saas.externalDatabase.default.password }}" + DB_HOST: "{{ .Values.saas.externalDatabase.default.host }}" + DB_PORT: "{{ .Values.saas.externalDatabase.default.port }}" + {{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: bk-login-mariadb-env + labels: + {{- include "bk-user.labels" . | nindent 4 }} +data: + {{- if .Values.mariadb.enabled }} + DATABASE_NAME: "{{ .Values.login.preferDBName }}" + DATABASE_USER: "{{ .Values.mariadb.auth.username }}" + DATABASE_PASSWORD: "{{ .Values.mariadb.auth.password }}" + DATABASE_HOST: "{{ .Release.Name }}-mariadb" + DATABASE_PORT: "3306" + {{- else -}} + DATABASE_NAME: "{{ .Values.login.externalDatabase.default.name | default .Values.login.preferDBName }}" + DATABASE_USER: "{{ .Values.login.externalDatabase.default.user }}" + DATABASE_PASSWORD: "{{ .Values.login.externalDatabase.default.password }}" + DATABASE_HOST: "{{ .Values.login.externalDatabase.default.host }}" + DATABASE_PORT: "{{ .Values.login.externalDatabase.default.port }}" + {{- end -}} \ No newline at end of file diff --git a/deploy/helm/bk-user/templates/mariadb-init-configmap.yaml b/deploy/helm/bk-user/templates/mariadb-init-configmap.yaml new file mode 100644 index 000000000..f1c2c2d14 --- /dev/null +++ b/deploy/helm/bk-user/templates/mariadb-init-configmap.yaml @@ -0,0 +1,21 @@ +{{- if .Values.mariadb.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: bk-user-mariadb-init + labels: + {{- include "bk-user.labels" . | nindent 4 }} +data: + init.sql: | + GRANT ALL PRIVILEGES ON *.* TO `{{ .Values.mariadb.auth.username }}`@'%' WITH GRANT OPTION; + + CREATE DATABASE IF NOT EXISTS `{{ .Values.api.preferDBName }}` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; + GRANT ALL PRIVILEGES ON `{{ .Values.api.preferDBName }}`.* TO `{{ .Values.mariadb.auth.username }}`@'%' WITH GRANT OPTION; + + CREATE DATABASE IF NOT EXISTS `{{ .Values.saas.preferDBName }}` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; + GRANT ALL PRIVILEGES ON `{{ .Values.saas.preferDBName }}`.* TO `{{ .Values.mariadb.auth.username }}`@'%' WITH GRANT OPTION; + + CREATE DATABASE IF NOT EXISTS `{{ .Values.login.preferDBName }}` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; + GRANT ALL PRIVILEGES ON `{{ .Values.login.preferDBName }}`.* TO `{{ .Values.mariadb.auth.username }}`@'%' WITH GRANT OPTION; + {{- end -}} \ No newline at end of file diff --git a/deploy/helm/bk-user/templates/redis-env-configmap.yaml b/deploy/helm/bk-user/templates/redis-env-configmap.yaml new file mode 100644 index 000000000..c2f22d63a --- /dev/null +++ b/deploy/helm/bk-user/templates/redis-env-configmap.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: bk-user-api-redis-env + labels: + {{- include "bk-user.labels" . | nindent 4 }} +data: + {{- if .Values.redis.enabled }} + {{- $redis_url := printf "redis://:%s@%s-redis-master:%s/0" .Values.redis.auth.password .Release.Name (.Values.redis.master.service.port | toString )}} + CELERY_BROKER_URL: {{ $redis_url }} + CELERY_RESULT_BACKEND: {{ $redis_url }} + {{- else -}} + {{- $redis_url := printf "redis://:%s@%s-redis-master:%s/0" .Values.api.externalRedis.default.password .Release.Name (.Values.api.externalRedis.default.port | toString )}} + CELERY_BROKER_URL: {{ $redis_url }} + CELERY_RESULT_BACKEND: {{ $redis_url }} + {{- end -}} diff --git a/deploy/helm/bk-user/values.yaml b/deploy/helm/bk-user/values.yaml new file mode 100644 index 000000000..6c5bfb9e5 --- /dev/null +++ b/deploy/helm/bk-user/values.yaml @@ -0,0 +1,86 @@ +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + imagePullSecrets: [] + storageClass: "" + + ## 蓝鲸产品统一根域 + bkDomain: "example.com" + + ## -------------- + ## 蓝鲸监控 + ## -------------- + serviceMonitor: + enabled: false + + ## -------------- + ## 蓝鲸日志采集 + ## -------------- + bkLogConfig: + enabled: false + dataId: 1 + +api: + enabled: true + + envFrom: + - configMapRef: + name: bk-user-api-general-envs + - configMapRef: + name: bk-user-api-mariadb-env + - configMapRef: + name: bk-user-api-redis-env + +saas: + enabled: true + + envFrom: + - configMapRef: + name: bk-user-saas-general-envs + - configMapRef: + name: bk-user-saas-mariadb-env + +login: + enabled: true + + envFrom: + - configMapRef: + name: bk-login-general-envs + - configMapRef: + name: bk-login-mariadb-env + +# ------------- +# 内建存储配置 +# 默认通过 .Release.Name 拼接访问,请不要配置 nameOverride 或 fullnameOverride +# 否则会出现无法访问存储的异常 +# ------------- +mariadb: + enabled: true + architecture: standalone + auth: + username: "bk-user" + password: "maybe_a_strong_passwd" + primary: + # 默认我们未开启持久化,如有需求可以参考: + # - https://kubernetes.io/docs/user-guide/persistent-volumes/ + # - https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml#L360 + # 当同时请注意,当开启 PVC 可能会导致首次安装部署时间延长 + persistence: + enabled: false + initdbScriptsConfigMap: "bk-user-mariadb-init" + +redis: + enabled: true + sentinel: + enabled: false + auth: + password: "maybe_another_strong_passwd" + master: + persistence: + enabled: false + replica: + replicaCount: 1 + persistence: + enabled: false \ No newline at end of file diff --git a/deploy/helm/chartty/c_base.tpl b/deploy/helm/chartty/c_base.tpl deleted file mode 100644 index 07da37b7f..000000000 --- a/deploy/helm/chartty/c_base.tpl +++ /dev/null @@ -1,83 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "chartty.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "chartty.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "chartty.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - - - -{{/* -Create the name of the service account to use -*/}} -{{- define "chartty.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "chartty.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* Create the docker config json for image pull secret */}} -{{- define "chartty.dockerconfigjson" -}} -{{- with .Values.global.imageCredentials }} -{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password (printf "%s:%s" .username .password | b64enc) | b64enc }} -{{- end }} -{{- end }} - -{{/* Create imageSerect fields */}} -{{- define "chartty.imagePullSecretNames" -}} -{{- if .Values.global.imageCredentials.enabled -}} -- name: {{ include "chartty.name" . }}-{{ default "dockerconfigjson" .Values.global.imageCredentials.name }} -{{- range $value := .Values.global.imagePullSecrets }} -- name: {{ $value }} -{{- end }} -{{- else }} -{{- if .Values.global.imagePullSecrets }} -{{- range $value := .Values.global.imagePullSecrets }} -- name: {{ $value }} -{{- end }} -{{- else }}[] -{{- end }} -{{- end }} -{{- end }} - -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "chartty.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "chartty.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/chartty/c_bklogconfig.yaml b/deploy/helm/chartty/c_bklogconfig.yaml deleted file mode 100644 index dd23f3ff5..000000000 --- a/deploy/helm/chartty/c_bklogconfig.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- $global := . }} -{{- $namePrefix := include "chartty.name" . -}} -{{- if .Values.global.bkLogConfig.enabled }} -apiVersion: bk.tencent.com/v1alpha1 -kind: BkLogConfig -metadata: - name: {{ $namePrefix }}-stdout-log -spec: - dataId: {{ .Values.global.bkLogConfig.dataId }} - logConfigType: std_log_config - namespace: {{ .Release.Namespace | quote }} - containerNameMatch: - - {{ $namePrefix }} - labelSelector: - matchLabels: {{- include "chartty.labels" $global | nindent 6 }} -{{- end }} \ No newline at end of file diff --git a/deploy/helm/chartty/c_capabilities.tpl b/deploy/helm/chartty/c_capabilities.tpl deleted file mode 100644 index 0dae416e4..000000000 --- a/deploy/helm/chartty/c_capabilities.tpl +++ /dev/null @@ -1,114 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "chartty.capabilities.kubeVersion" -}} -{{- .Values.global.kubeVersion | default .Capabilities.KubeVersion.Version -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for policy. -*/}} -{{- define "chartty.capabilities.policy.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "chartty.capabilities.kubeVersion" .) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "chartty.capabilities.cronjob.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "chartty.capabilities.kubeVersion" .) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "chartty.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "chartty.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "chartty.capabilities.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "chartty.capabilities.kubeVersion" .) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "chartty.capabilities.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "chartty.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "chartty.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- end -}} - -{{- define "chartty.capabilities.ingress.backendService" -}} -{{- if semverCompare "<1.19-0" (include "chartty.capabilities.kubeVersion" .global) -}} -backend: - serviceName: {{ .chartName }}-{{ .processType }} - servicePort: {{ .svcPort }} -{{- else -}} -pathType: "Prefix" -backend: - service: - name: {{ .chartName }}-{{ .processType }} - port: - number: {{ .svcPort }} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "chartty.capabilities.rbac.apiVersion" -}} -{{- if semverCompare "<1.17-0" (include "chartty.capabilities.kubeVersion" .) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "chartty.capabilities.crd.apiVersion" -}} -{{- if semverCompare "<1.19-0" (include "chartty.capabilities.kubeVersion" .) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "chartty.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/deploy/helm/chartty/c_configmap.yaml b/deploy/helm/chartty/c_configmap.yaml deleted file mode 100644 index 882418b6c..000000000 --- a/deploy/helm/chartty/c_configmap.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- $global := . }} -{{- $namePrefix := include "chartty.name" . -}} -{{- range $map := .Values.configMaps }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $namePrefix }}-{{ $map.name }} - labels: - {{- include "chartty.labels" $global | nindent 4 }} - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-1" -data: - {{- range $file := $map.files }} - {{ $file.name }}: |- - {{- if eq (default "plain" $file.format) "yaml" }} - {{- $file.data | toYaml | toString | nindent 6 }} - {{ else }} - {{- $file.data | toString | nindent 6 }} - {{- end }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/deploy/helm/chartty/c_cronjob.yaml b/deploy/helm/chartty/c_cronjob.yaml deleted file mode 100644 index e69778466..000000000 --- a/deploy/helm/chartty/c_cronjob.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{- $global := . }} -{{- $chart_version := .Chart.Version | replace "+" "_" }} -{{- range $job := .Values.cronJobs.jobs }} -{{ if $job.enabled }} ---- -apiVersion: {{ template "chartty.capabilities.cronjob.apiVersion" $global }} -kind: CronJob -metadata: - name: {{ $.Chart.Name }}-{{ $job.name }} - labels: - {{- include "chartty.labels" $global | nindent 4 }} -spec: - schedule: {{ $job.schedule | quote }} - successfulJobsHistoryLimit: {{ $job.successfulJobsHistoryLimit }} - concurrencyPolicy: {{ $job.concurrencyPolicy }} - failedJobsHistoryLimit: {{ $job.failedJobsHistoryLimit }} - jobTemplate: - spec: - template: - metadata: - labels: - app: {{ $.Release.Name }} - cron: {{ $job.name }} - {{- include "chartty.labels" $global | nindent 12 }} - spec: - restartPolicy: OnFailure - {{- with $.Values.global.hostAliases }} - hostAliases: - {{- toYaml $.Values.global.hostAliases | nindent 12 }} - {{- end }} - imagePullSecrets: - {{- include "chartty.imagePullSecretNames" $global | nindent 12 }} - containers: - - image: {{ include "chartty.image" $global }} - imagePullPolicy: {{ $.Values.global.image.pullPolicy }} - env: - {{- include "chartty.envs" $global | nindent 14 }} - {{- with $.Values.envFrom }} - envFrom: - {{- toYaml . | nindent 14}} - {{- end }} - name: {{ $job.name }} - command: - {{- toYaml $job.command | nindent 14 }} - args: - {{- toYaml $job.args | nindent 14 }} - {{- with $job.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 14 }} - {{- end }} - {{- with $job.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 14 }} - {{- end }} - {{- with $.Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with $.Values.affinity }} - affinity: - {{- toYaml . | nindent 12 }} - {{- end }} -{{- end }} - -{{- end }} diff --git a/deploy/helm/chartty/c_deployment.yaml b/deploy/helm/chartty/c_deployment.yaml deleted file mode 100644 index 7c96e5da6..000000000 --- a/deploy/helm/chartty/c_deployment.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- $global := . }} -{{- $chart_version := .Chart.Version | replace "+" "_" }} -{{- range $processType, $processInfo := .Values.processes }} ---- -apiVersion: {{ template "chartty.capabilities.deployment.apiVersion" $global }} -kind: Deployment -metadata: - name: {{ $.Chart.Name }}-{{ $processType }} - labels: - process_type: {{ $processType }} - {{- include "chartty.labels" $global | nindent 4 }} -spec: - replicas: {{ $processInfo.replicas | default $.Values.replicaCount }} - selector: - matchLabels: - process_type: {{ $processType }} - {{- include "chartty.selectorLabels" $global | nindent 6 }} - template: - metadata: - {{- with $.Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - process_type: {{ $processType }} - {{- include "chartty.labels" $global | nindent 8 }} - spec: - imagePullSecrets: - {{- include "chartty.imagePullSecretNames" $global | nindent 8 }} - serviceAccountName: {{ include "chartty.serviceAccountName" $global }} - securityContext: - {{- toYaml $.Values.podSecurityContext | nindent 8 }} - {{- with $.Values.global.hostAliases }} - hostAliases: - {{- toYaml $.Values.global.hostAliases | nindent 8 }} - {{- end }} - containers: - - name: {{ $.Chart.Name }}-{{ $processType }} - securityContext: - {{- toYaml $.Values.securityContext | nindent 12 }} - image: {{ include "chartty.image" $global }} - {{- if hasKey $processInfo "command" }} - command: - {{- range $idx, $value := $processInfo.command }} - - "{{ $value }}" - {{- end }} - {{- end }} - {{- if hasKey $processInfo "args" }} - args: - {{- range $idx, $value := $processInfo.args }} - - "{{ $value }}" - {{- end }} - {{- end }} - {{- with $.Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - imagePullPolicy: {{ $.Values.global.image.pullPolicy }} - env: - {{- include "chartty.envs" $global | nindent 12 }} - {{- with $.Values.envFrom }} - envFrom: - {{- toYaml . | nindent 12}} - {{- end }} - ports: - - name: http - containerPort: {{ $.Values.httpPort }} - protocol: TCP - {{- with $processInfo.resources }} - resources: - {{- toYaml $processInfo.resources | nindent 12 }} - {{- end }} - {{- with $processInfo.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 14 }} - {{- end }} - {{- with $processInfo.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 14 }} - {{- end }} - {{- with $.Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $.Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $.Values.volumes }} - volumes: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $.Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/deploy/helm/chartty/c_env.tpl b/deploy/helm/chartty/c_env.tpl deleted file mode 100644 index 8e578707c..000000000 --- a/deploy/helm/chartty/c_env.tpl +++ /dev/null @@ -1,30 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* Create envs */}} -{{- define "chartty.envs" -}} -{{- with .Values.extrasEnv }} -{{- /* 直接渲染 extrasEnv */ -}} -{{- toYaml . }} -{{- end }} -{{- /* 渲染 sharedUrlEnvMap */ -}} -{{- range $k, $v := .Values.sharedUrlEnvMap }} -{{- if hasKey $.Values.env $k }} -{{- else }} -- name: {{ $k }} - value: "{{ tpl $v $ }}" -{{- end }} -{{- end }} -{{- /* 渲染 global 环境变量时,如果模块已指定直接跳过 */ -}} -{{- range $k, $v := .Values.global.env }} -{{- if hasKey $.Values.env $k }} -{{- else }} -- name: {{ $k }} - value: "{{ $v }}" -{{- end }} -{{- end }} -{{- /* 高优先级渲染 .Values.env */ -}} -{{- range $k, $v := .Values.env }} -- name: {{ $k }} - value: "{{ $v }}" -{{- end }} -{{- end }} \ No newline at end of file diff --git a/deploy/helm/chartty/c_image.tpl b/deploy/helm/chartty/c_image.tpl deleted file mode 100644 index 1880ac171..000000000 --- a/deploy/helm/chartty/c_image.tpl +++ /dev/null @@ -1,6 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* Create image */}} -{{- define "chartty.image" -}} -"{{ .Values.global.image.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }}" -{{- end }} \ No newline at end of file diff --git a/deploy/helm/chartty/c_ingress.yaml b/deploy/helm/chartty/c_ingress.yaml deleted file mode 100644 index a001a4c64..000000000 --- a/deploy/helm/chartty/c_ingress.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- $global := . }} -{{- $chartName := include "chartty.name" . -}} -{{- $svcPort := .Values.service.port -}} -{{- range $processType, $processInfo := .Values.processes -}} -{{- with $processInfo.ingress }} -{{- if (default false $processInfo.ingress.enabled) }} ---- -apiVersion: {{ template "chartty.capabilities.ingress.apiVersion" $global }} -kind: Ingress -metadata: - name: {{ $chartName }}-{{ $processType }} - labels: - process_type: {{ $processType }} - {{- include "chartty.labels" $global | nindent 4 }} - {{- with $processInfo.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if $processInfo.ingress.tls }} - tls: - {{- range $processInfo.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - - host: {{ tpl $processInfo.ingress.host $ | quote }} - http: - paths: - {{- range $processInfo.ingress.paths }} - - path: {{ . }} - {{- include "chartty.capabilities.ingress.backendService" (dict "global" $global "chartName" $chartName "processType" $processType "svcPort" $svcPort ) | nindent 12 }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/deploy/helm/chartty/c_labels.tpl b/deploy/helm/chartty/c_labels.tpl deleted file mode 100644 index d1015ab9b..000000000 --- a/deploy/helm/chartty/c_labels.tpl +++ /dev/null @@ -1,24 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Common labels -*/}} -{{- define "chartty.labels" -}} -helm.sh/chart: {{ include "chartty.chart" . }} -{{- with .Values.podLabels }} -{{ toYaml . }} -{{- end }} -{{ include "chartty.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "chartty.selectorLabels" -}} -app.kubernetes.io/name: {{ include "chartty.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} \ No newline at end of file diff --git a/deploy/helm/chartty/c_pre-run-hooks.yaml b/deploy/helm/chartty/c_pre-run-hooks.yaml deleted file mode 100644 index 3f834759b..000000000 --- a/deploy/helm/chartty/c_pre-run-hooks.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- $global := . }} -{{- $chart_version := .Chart.Version | replace "+" "_" }} -{{- range $name, $hook := .Values.preRunHooks }} -{{- if $hook.enabled }} ---- -apiVersion: v1 -kind: Pod -metadata: - name: {{ $.Chart.Name }}-{{ $name }} - labels: - {{- include "chartty.labels" $global | nindent 4 }} - annotations: - "helm.sh/hook": {{ default "pre-upgrade,pre-install" $hook.position }} - "helm.sh/hook-weight": "{{ $hook.weight }}" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - imagePullSecrets: - {{- include "chartty.imagePullSecretNames" $global | nindent 4 }} - restartPolicy: OnFailure - {{- with $.Values.volumes }} - volumes: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with $.Values.global.hostAliases }} - hostAliases: - {{- toYaml $.Values.global.hostAliases | nindent 4 }} - {{- end }} - containers: - - name: {{ $.Release.Name }}-{{ $name }} - image: {{ include "chartty.image" $global }} - imagePullPolicy: {{ $.Values.global.image.pullPolicy }} - env: - {{- include "chartty.envs" $global | nindent 8 }} - {{- with $.Values.envFrom }} - envFrom: - {{- toYaml . | nindent 8 }} - {{- end }} - command: - {{- toYaml $hook.command | nindent 8 }} - args: - {{- toYaml $hook.args | nindent 8 }} - {{- with $.Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} -{{- end }} - diff --git a/deploy/helm/chartty/c_secret.yaml b/deploy/helm/chartty/c_secret.yaml deleted file mode 100644 index 5a6c6f619..000000000 --- a/deploy/helm/chartty/c_secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- $namePrefix := include "chartty.name" . -}} -{{- $enabled := default false .Values.global.imageCredentials.enabled -}} -{{- if $enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $namePrefix }}-{{ .Values.global.imageCredentials.name }} - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-2" -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ template "chartty.dockerconfigjson" . }} -{{- end }} diff --git a/deploy/helm/chartty/c_service.yaml b/deploy/helm/chartty/c_service.yaml deleted file mode 100644 index 7f1c72f5c..000000000 --- a/deploy/helm/chartty/c_service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- $global := . }} -{{- $chartName := include "chartty.name" . -}} -{{- range $processType, $proccesInfo := .Values.processes }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ $chartName }}-{{ $processType }} - labels: - process_type: {{ $processType }} - {{- include "chartty.labels" $global | nindent 4 }} -spec: - type: {{ $.Values.service.type }} - ports: - - port: {{ $.Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - process_type: {{ $processType }} - {{- include "chartty.selectorLabels" $global | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/deploy/helm/chartty/c_serviceaccount.yaml b/deploy/helm/chartty/c_serviceaccount.yaml deleted file mode 100644 index e57794398..000000000 --- a/deploy/helm/chartty/c_serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "chartty.serviceAccountName" . }} - labels: - {{- include "chartty.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-3" - {{- end }} -{{- end }} diff --git a/deploy/helm/chartty/c_servicemonitor.yaml b/deploy/helm/chartty/c_servicemonitor.yaml deleted file mode 100644 index 3d8098b84..000000000 --- a/deploy/helm/chartty/c_servicemonitor.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- $global := . }} -{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "chartty.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "chartty.labels" $global | nindent 4 }} -spec: - {{- if .Values.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.serviceMonitor.jobLabel }} - {{- end }} - selector: - matchLabels: - {{- include "chartty.selectorLabels" $global | nindent 6 }} - endpoints: - - port: http - path: "/metrics" - {{- if .Values.serviceMonitor.interval }} - interval: {{ .Values.serviceMonitor.interval }} - {{- end }} - {{- if .Values.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if hasKey .Values.serviceMonitor "honorLabels" }} - honorLabels: {{ .Values.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.serviceMonitor.relabelings }} - relabelings: {{- include "chartty.tplvalues.render" ( dict "value" .Values.serviceMonitor.relabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "chartty.tplvalues.render" ( dict "value" .Values.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/deploy/helm/chartty/c_validate_env.yaml b/deploy/helm/chartty/c_validate_env.yaml deleted file mode 100644 index b5d34d69b..000000000 --- a/deploy/helm/chartty/c_validate_env.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{/* 检查必填环境变量 */}} -{{- define "chartty.envs.check" -}} -{{- if .Values.requiredEnvList -}} - -{{- $envs := dict -}} - -{{- range $env := fromYamlArray (include "chartty.envs" .) -}} - {{- if $env.value -}} - {{- $_ := set $envs $env.name $env.value -}} - {{- end -}} -{{- end -}} - -{{- range $key := .Values.requiredEnvList -}} -{{- $_ := required (printf "env.%s is required" $key) (index $envs $key) -}} -{{- end -}} - -{{- end -}} - -{{- end }} - -{{ $_ := include "chartty.envs.check" . }} \ No newline at end of file diff --git a/deploy/helm/login/Chart.yaml b/deploy/helm/login/Chart.yaml deleted file mode 100644 index 1a9c67504..000000000 --- a/deploy/helm/login/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -appVersion: v2.3.0 -description: A Helm chart for bk login -name: bklogin -type: application -version: 1.0.0 diff --git a/deploy/helm/login/values.yaml b/deploy/helm/login/values.yaml deleted file mode 100644 index cae10f1ac..000000000 --- a/deploy/helm/login/values.yaml +++ /dev/null @@ -1,208 +0,0 @@ -global: - # 全局变量,通常用于多个 Chart 之间共享 - imagePullSecrets: [] - # imagePullSecrets, 预先创建的 imagePullSecrets, 将直接被添加到 chartty.imagePullSecretNames 中. - # - name: "secret-a" - # - name: "secret-b" - - # credential, 用于创建独享的 Secret 资源 - imageCredentials: - # 当且仅当 enabled 为 true 时,会生成 dockerconfigjson 类型的 Secret 资源, 并在 chartty.imagePullSecretNames 添加该名称. - enabled: false - password: "" - registry: "" - username: "" - name: "" - - # 全局镜像配置 - image: - registry: "ccr.ccs.tencentyun.com/bk.io" - pullPolicy: Always - - # 全局环境变量,当 `env` 指定时,`global.env` 内相同 key 值变量将被覆盖 - env: - # 登录态 Cookie 写入的域名 - BK_DOMAIN: "example.com" - # 统一登录的外部访问域名 - BK_LOGIN_PUBLIC_ADDR: "paas.example.com" - # 用户管理后台API访问地址 - BK_USERMGR_API_URL: "http://bkuserapi-web" - # 与 ESB 的通信凭证,应用(bk_paas) 对应的 bk_app_secret - BK_PAAS_SECRET_KEY: "" - # 32位随机字符串,用于加密登录态票据(bk_token) - ENCRYPT_SECRET_KEY: "" - DJANGO_SETTINGS_MODULE: "bklogin.config.overlays.prod" - # 全局 hosts - hostAliases: [] - -# 缺省实例数 -replicaCount: 1 - -image: - name: bk-login - tag: "1.0.0-beta.3" - -# 用来覆盖 Chart 名 -nameOverride: "bk-login" -# 用来覆盖 fullName (通常是 release-chart 拼接) -fullnameOverride: "" - -# 是否自动创建 serviceAccount -serviceAccount: - create: true - annotations: {} - name: "" - -podAnnotations: {} - -podSecurityContext: {} - -# 支持定义 labels -podLabels: {} - -securityContext: {} - -service: - type: ClusterIP - port: 80 - -#--------------- -# 调度 -#--------------- -nodeSelector: {} - -tolerations: [] - -affinity: {} - -#--------------- -# 环境变量 -# 除 global.env 和 env 外 -# 其余变量定义均不去重,请手动确保无变量名冲突 -#--------------- - -# key-value 结构渲染 -env: {} - -envFrom: [] - -# 提供原生的 env 写法, -extrasEnv: [] - -# 额外提供一种基于 sharedDomain 自动生成的 URL 类型环境变量 -sharedUrlEnvMap: {} - -# 标识必填的环境变量列表 -requiredEnvList: - - BK_DOMAIN - - BK_LOGIN_PUBLIC_ADDR - - BK_USERMGR_API_URL - - ENCRYPT_SECRET_KEY - -#--------------- -# 进程定义 -#-------------- -httpPort: 5000 -database: - preferName: bk-login - -# 定义应用内的多个进程 -processes: - web: - ingress: - enabled: true - annotations: - nginx.ingress.kubernetes.io/rewrite-target: /$2 - paths: ["/login(/|$)(.*)"] - host: "{{ .Values.global.env.BK_LOGIN_PUBLIC_ADDR }}" - resources: - limits: - cpu: 1024m - memory: 1024Mi - requests: - cpu: 200m - memory: 512Mi - readinessProbe: - failureThreshold: 15 - periodSeconds: 10 - timeoutSeconds: 10 - httpGet: - path: /ping/ - port: http - livenessProbe: - initialDelaySeconds: 90 - failureThreshold: 15 - periodSeconds: 10 - timeoutSeconds: 10 - tcpSocket: - port: 5000 - command: ["./start.sh"] - args: [] - hostAliases: [] - -# 部署前钩子 -preRunHooks: - # 变更表结构,仅在初始化或升级时执行 - on-migrate: - weight: 1 - enabled: true - position: "pre-install,pre-upgrade" - command: - - bash - args: - - -c - - python manage.py migrate - -# 支持定义多个 cronJobs -cronJobs: - jobs: [] - -# 挂载配置 -volumes: [] -volumeMounts: [] - -# 支持定义 configmaps -configMaps: [] - -## ServiceMonitor configuration -## -serviceMonitor: - ## @param serviceMonitor.enabled Creates a ServiceMonitor to monitor kube-state-metrics - ## - enabled: false - ## @param serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. - ## - jobLabel: "" - ## @param serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## interval: 10s - ## - interval: "" - ## @param serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## scrapeTimeout: 10s - ## - scrapeTimeout: "" - ## @param serviceMonitor.selector ServiceMonitor selector labels - ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration - ## e.g: - ## selector: - ## prometheus: my-prometheus - ## - selector: {} - ## @param serviceMonitor.honorLabels Honor metrics labels - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## honorLabels: false - ## - honorLabels: false - ## @param serviceMonitor.relabelings ServiceMonitor relabelings - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - ## - relabelings: [] - ## @param serviceMonitor.metricRelabelings ServiceMonitor metricRelabelings - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] diff --git a/deploy/helm/saas/Chart.yaml b/deploy/helm/saas/Chart.yaml deleted file mode 100644 index 6c6f51fc0..000000000 --- a/deploy/helm/saas/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -appVersion: v2.3.1 -description: A Helm chart for bk user saas -name: bkusersaas -type: application -version: 1.0.0 diff --git a/deploy/helm/saas/values.yaml b/deploy/helm/saas/values.yaml deleted file mode 100644 index b65fe30b8..000000000 --- a/deploy/helm/saas/values.yaml +++ /dev/null @@ -1,214 +0,0 @@ -# 全局变量,通常用于多个 Chart 之间共享 -global: - imagePullSecrets: [] - # imagePullSecrets, 预先创建的 imagePullSecrets, 将直接被添加到 chartty.imagePullSecretNames 中. - # - name: "secret-a" - # - name: "secret-b" - - # credential, 用于创建独享的 Secret 资源 - imageCredentials: - # 当且仅当 enabled 为 true 时,会生成 dockerconfigjson 类型的 Secret 资源, 并在 chartty.imagePullSecretNames 添加该名称. - enabled: false - password: "" - registry: "" - username: "" - name: "" - - # 全局镜像配置 - image: - registry: "ccr.ccs.tencentyun.com/bk.io" - pullPolicy: Always - - # 全局环境变量,当 `env` 指定时,`global.env` 内相同 key 值变量将被覆盖 - env: {} - - # 默认的全局根域 - sharedDomain: "" - -# 缺省实例数 -replicaCount: 1 - -image: - name: bk-user-saas - tag: v2.3.0 - -# 用来覆盖 Chart 名 -nameOverride: "" -# 用来覆盖 fullName (通常是 release-chart 拼接) -fullnameOverride: "" - -# 是否自动创建 serviceAccount -serviceAccount: - create: true - annotations: {} - name: "" - -podAnnotations: {} - -podSecurityContext: {} - -# 支持定义 labels -podLabels: {} - -securityContext: {} - -service: - type: ClusterIP - port: 80 - -#--------------- -# 调度 -#--------------- -nodeSelector: {} - -tolerations: [] - -affinity: {} - -#--------------- -# 环境变量 -# 除 global.env 和 env 外 -# 其余变量定义均不去重,请手动确保无变量名冲突 -#--------------- - -# key-value 结构渲染 -env: - # ------------- - # 默认配置,不了解详情时请不要修改 - # ------------- - BK_APP_CODE: "bk_usermgr" - DJANGO_SETTINGS_MODULE: "bkuser_shell.config.overlays.prod" - BKAPP_BK_USER_CORE_API_HOST: "http://bkuserapi-web" - BK_LOGIN_API_URL: "http://bk-login-web" - # 容器化版本默认采用子域名形式暴露服务 - SITE_URL: "/" - -envFrom: [] - -# 提供原生的 env 写法 -extrasEnv: [] - -# 额外提供一种基于 sharedDomain 自动生成的 URL 类型环境变量 -sharedUrlEnvMap: {} - # BK_JOB_HOST: "jobee-test" - -# 标识必填的环境变量列表 -requiredEnvList: [] - -#--------------- -# 进程定义 -#-------------- -httpPort: 8000 -database: - preferName: bk-user-saas - -# 定义应用内的多个进程 -processes: - web: - ingress: - enabled: true - host: "bkuser.{{ .Values.global.sharedDomain }}" - paths: ["/"] - replicas: 1 - resources: - limits: - cpu: 1024m - memory: 1024Mi - requests: - cpu: 200m - memory: 128Mi - readinessProbe: - tcpSocket: - port: 8000 - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - tcpSocket: - port: 8000 - initialDelaySeconds: 5 - periodSeconds: 30 - -# 部署前钩子 -preRunHooks: - db-migrate: - weight: 1 - enabled: true - position: "pre-install,pre-upgrade" - command: - - bash - args: - - -c - - python manage.py migrate - -# 支持定义多个 cronJobs -cronJobs: - jobs: [] - # - name: example-script - # enabled: false - # schedule: "*/30 * * * *" - # command: ["echo"] - # args: - # - "hello" - # failedJobsHistoryLimit: 1 - # successfulJobsHistoryLimit: 3 - # concurrencyPolicy: Forbid - -# 挂载配置 -volumes: [] -volumeMounts: [] - -# 支持定义 configmaps -configMaps: [] - # - name: - # files: - # - name: "test.yaml" - # format: "yaml" - # data: - # debug: true - -# 当 Chart 独立部署时,默认关闭内建存储 -mariadb: - enabled: false - -## ServiceMonitor configuration -## -serviceMonitor: - ## @param serviceMonitor.enabled Creates a ServiceMonitor to monitor kube-state-metrics - ## - enabled: false - ## @param serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. - ## - jobLabel: "" - ## @param serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## interval: 10s - ## - interval: "" - ## @param serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## scrapeTimeout: 10s - ## - scrapeTimeout: "" - ## @param serviceMonitor.selector ServiceMonitor selector labels - ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration - ## e.g: - ## selector: - ## prometheus: my-prometheus - ## - selector: {} - ## @param serviceMonitor.honorLabels Honor metrics labels - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## honorLabels: false - ## - honorLabels: false - ## @param serviceMonitor.relabelings ServiceMonitor relabelings - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - ## - relabelings: [] - ## @param serviceMonitor.metricRelabelings ServiceMonitor metricRelabelings - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] \ No newline at end of file From f176cf1c86adb5c1422fc49974badcf7e87a2b3a Mon Sep 17 00:00:00 2001 From: jiayuan Date: Fri, 31 Dec 2021 15:16:51 +0800 Subject: [PATCH 2/8] add bkDomainScheme\README.md --- deploy/helm/bk-user/Chart.lock | 8 +- deploy/helm/bk-user/Chart.yaml | 2 +- deploy/helm/bk-user/README.md | 224 ++++++++++++++++++ .../api/templates/general-envs-configmap.yaml | 2 +- deploy/helm/bk-user/charts/api/values.yaml | 3 +- .../templates/general-envs-configmap.yaml | 3 +- deploy/helm/bk-user/charts/login/values.yaml | 26 +- deploy/helm/bk-user/charts/saas/values.yaml | 6 +- deploy/helm/bk-user/templates/NOTES.txt | 4 +- deploy/helm/bk-user/values.yaml | 3 + 10 files changed, 247 insertions(+), 34 deletions(-) diff --git a/deploy/helm/bk-user/Chart.lock b/deploy/helm/bk-user/Chart.lock index 914e31882..b9a545cbd 100644 --- a/deploy/helm/bk-user/Chart.lock +++ b/deploy/helm/bk-user/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: mariadb repository: https://charts.bitnami.com/bitnami - version: 9.8.1 + version: 9.x.x - name: redis repository: https://charts.bitnami.com/bitnami - version: 14.8.11 -digest: sha256:cf46f8dd91e004963b2312552d346bee5ec084e2b0ea85ae55c1514fd7c122a2 -generated: "2021-12-30T15:40:27.28743+08:00" + version: 14.x.x +digest: sha256:05ed321cfe49fe6467229fffeb743526add322b0e723e5e04967525cdccfb652 +generated: "2021-12-31T12:47:27.826091+08:00" diff --git a/deploy/helm/bk-user/Chart.yaml b/deploy/helm/bk-user/Chart.yaml index c810fa6f2..1caae73eb 100644 --- a/deploy/helm/bk-user/Chart.yaml +++ b/deploy/helm/bk-user/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: bk-user description: A Helm chart for bk-user type: application -version: 1.0.0 +version: 1.0.1 appVersion: v2.3.1 dependencies: diff --git a/deploy/helm/bk-user/README.md b/deploy/helm/bk-user/README.md index e69de29bb..fe2503b18 100644 --- a/deploy/helm/bk-user/README.md +++ b/deploy/helm/bk-user/README.md @@ -0,0 +1,224 @@ +# Bk-User-Helm-Stack + +Bk-User-Helm-Stack 是一个旨在快速部署用户管理部署工具,它在 Helm Chart 的基础上开发,旨在为用户管理产品提供方便快捷的部署能力。 + +## 准备依赖服务 + +要部署蓝鲸用户管理,首先需要准备 1 个 Kubernetes 集群(版本 1.12 或更高),并安装 Helm 命令行工具(版本 3.0 或更高)。 + +我们使用 `Ingress` 对外提供服务访问,所以请在集群中至少安装一个可用的 [Ingress Controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) + +### 配置 Helm 仓库地址 +```bash +# 请将 `` 替换为 Chart 所在的 Helm 仓库地址 +helm repo add bk-paas3 `` +helm repo update +``` + +### 其他服务 +由于蓝鲸用户管理 SaaS 是需要校验用户身份的服务,所以在能够正常访问前,请确认以下服务已就绪: + +- [蓝鲸登录](https://github.com/Tencent/bk-PaaS/tree/master/paas-ce/paas/login) +- [蓝鲸权限中心](https://github.com/TencentBlueKing/bk-iam) + + +## 快速安装 + +### 准备 `values.yaml` + +#### 1. 获取蓝鲸平台访问地址 +首先,你需要获取到蓝鲸平台的访问地址,例如 `https://paas.example.com`,确保 `https://paas.example.com/login` 可以访问蓝鲸登录,然后将该值的内容填入全局环境变量中。 + +配置示例: +```yaml +global: + bkDomain: "example.com" + bkDomainScheme: "http" + +api: + enabeld: true + bkIamUrl: "http://apps.example.com/bk--iam" + bkPaasUrl: "http://paas.example.com" + bkComponentApiUrl: "http://bkapi.example.com" + +saas: + enabled: true + bkIamUrl: "http://apps.example.com/bk--iam" + bkPaasUrl: "http://paas.example.comm" + bkComponentApiUrl: "http://bkapi.example.comm" + +login: + enabled: true + bkPaas3Addr: "paas.bk8s.woa.com" +``` + +#### 2. 确定应用鉴权信息 + +需要以下 3 类鉴权信息: +- 用户管理应用 code (bk_user) 对应的 bk_app_secret +- 统一登录服务: bk_paas 对应的 bk_app_secret +- 统一登录服务: 32位随机字符串,用于加密登录态票据(bk_token) + +你需要为用户管理提供一个访问根域,类似 `example.com`,配置示例: +```yaml +api: + appCode: "bk-user" + appSecret: "2cd2188d-88be-46c0-95bb-f7d105737757" + +saas: + appCode: "bk-user" + appSecret: "2cd2188d-88be-46c0-95bb-f7d105737757" + +login: + # bk_paas 对应的 bk_app_secret 信息 + bkPaasSerectKey: "9de9e906-5fa0-477d-b08c-73fdfa768ce3" + # 32位随机字符串,用于加密登录态票据(bk_token) + encryptSecretKey: "qyIBEoRhwus48cvPS066iE1rqGnTBv" +``` + +#### 3. 准备用户管理镜像 + +我们会在每次发布用户管理新版时,会同步更新 Chart 中的镜像版本,所以如果你只是想使用最新版本的官方镜像,可以跳过此节,不用关注镜像的填写。 + +如果你想使用官方其他版本或者自己构建的镜像,也可以在 `values.yaml` 中修改,配置示例: +```yaml +api: + image: + registry: mirrors.tencent.com + repository: blueking/bk-user-api + tag: "v2.3.1" + +saas: + image: + registry: mirrors.tencent.com + repository: blueking/bk-user-saas + tag: "v2.3.1" + +login: + image: + registry: mirrors.tencent.com + repository: blueking/bk-login + tag: "1.0.0-beta.4" +``` + +#### 4. 数据库依赖 + +我们为**功能快速验证**提供了内嵌的 `mariadb` 组件,但我们并不保证该数据库的高可用性,所以***不建议在生产环境中直接使用***。 + +如果你没有数据库方面的特殊要求,那么不需要关注以下 `mariadb` 的默认配置。 + +```yaml +mariadb: + enabled: true + architecture: standalone + auth: + rootPassword: "root" + username: "bk-user" + password: "root" + primary: + # 默认我们未开启持久化,如有需求可以参考: https://kubernetes.io/docs/user-guide/persistent-volumes/ + persistence: + enabled: false + initdbScriptsConfigMap: "bk-user-mariadb-init +``` + +如果你想要在生产环境中使用其他外部数据库,那么可以通过环境变量来指定,并禁用 `mariadb`,配置示例: + +```yaml +api: + externalDatabase: + default: + host: "" + password: "" + port: 3306 + user: "" + name: "bk_user_api" + +saas: + externalDatabase: + default: + host: "" + password: "" + port: 3306 + user: "" + name: "bk_user_saas" + +login: + externalDatabase: + default: + host: "" + password: "" + port: 3306 + user: "" + name: "bk_login" + +mariadb: + enabled: false + +redis: + enabled: false +``` + +#### 5. 权限中心 +默认地,我们未开启权限中心,如果在权限中心已经就绪之后,想体验用户管理功能,那么你可以手动向权限中心注册模型: +```yaml +global: + enableIAM: true +``` + +#### 6. 账号密码 +我们需要为 `admin` 账户添加用户名密码,虽然我们给定了默认值,但是为了安全,请手动修改: +```yaml +api: + initialAdminUsername: "admin" + initialAdminPassword: "Blueking@2019" +``` + +### 7. 蓝鲸日志采集配置 + +用于将容器日志和标准输出日志采集到蓝鲸日志平台。默认未开启,如需开启请将 `global.bkLogConfig.enabled` 设置为 true。 + +##### `values.yaml` 配置示例: +```yaml +global: + bkLogConfig: + enabled: true + dataId: 1 +``` + +### 8. 容器监控 Service Monitor + +默认未开启,如需开启请将 `global.serviceMonitor.enabled` 设置为 true。 + +##### `values.yaml` 配置示例: +```yaml +global: + serviceMonitor: + enabled: true +``` + +### 安装 + +如果你已经准备好了 `values.yaml`,就可以直接进行安装操作了 + +```bash +# 假定你想在 bk-user 命名空间安装 +kubectl create namespace bk-user +helm install bk-user bk-user-stack -n bk-user -f values.yaml +``` + + +如果在安装完成之后,访问 SaaS 地址出现 `503`,可以检查一下 `saas-web` 容器是否完全就绪,静候就绪后刷新页面即可。 + +## 卸载 +```bash +# 卸载资源 +helm uninstall bk-user -n bk-user + +# 已安装的 mariadb & redis 并不会被删除,防止没有开启持久化期间产生的数据被销毁 +# 如果确认已不再需要相关内容,可以手动删除命名空间内的资源 +# 独立命名空间时 +kubectl delete ns bk-user +# 非独立命名空间时 +kubectl delete deploy,sts,cronjob,pod,svc,ingress,secret,cm,sa,role,rolebinding,pvc -l app.kubernetes.io/instance=bk-user -n bk-user +``` diff --git a/deploy/helm/bk-user/charts/api/templates/general-envs-configmap.yaml b/deploy/helm/bk-user/charts/api/templates/general-envs-configmap.yaml index 57b75b4f0..ec929c447 100644 --- a/deploy/helm/bk-user/charts/api/templates/general-envs-configmap.yaml +++ b/deploy/helm/bk-user/charts/api/templates/general-envs-configmap.yaml @@ -21,7 +21,7 @@ data: # !!!安全:请修改初始账号密码!!! INITIAL_ADMIN_USERNAME: "{{ .Values.initialAdminUsername }}" INITIAL_ADMIN_PASSWORD: "{{ .Values.initialAdminPassword }}" - BK_USER_SAAS_URL: "{{ .Values.bkUserUrl }}" + BK_USER_SAAS_URL: "{{ .Values.global.bkDomainScheme }}://{{ .Values.bkUserAddr }}" # 使容器可以自我感知访问地址 BK_USER_API_URL: "{{ .Values.bkUserApiUrl }}" # PaaS 平台访问地址 diff --git a/deploy/helm/bk-user/charts/api/values.yaml b/deploy/helm/bk-user/charts/api/values.yaml index 600d61b82..005e07e5d 100644 --- a/deploy/helm/bk-user/charts/api/values.yaml +++ b/deploy/helm/bk-user/charts/api/values.yaml @@ -8,7 +8,7 @@ global: ## 蓝鲸产品统一根域 bkDomain: "example.com" - + bkDomainScheme: "http" ## 是否开启权限中心 enableIAM: false @@ -103,7 +103,6 @@ bkLoginUrl: http://paas.example.com/login/ ## 蓝鲸登录后台的内部服务地址(一般用于校验登录token) bkLoginApiUrl: http://bk-login-web ## 蓝鲸用户管理 SaaS地址 -bkUserUrl: http://bkuser.paas.example.com bkUserAddr: bkuser.paas.example.com ## 蓝鲸用户管理后台 API 地址 bkUserApiUrl: http://bkuserapi-web diff --git a/deploy/helm/bk-user/charts/login/templates/general-envs-configmap.yaml b/deploy/helm/bk-user/charts/login/templates/general-envs-configmap.yaml index 2e08ef351..14e1f8870 100644 --- a/deploy/helm/bk-user/charts/login/templates/general-envs-configmap.yaml +++ b/deploy/helm/bk-user/charts/login/templates/general-envs-configmap.yaml @@ -6,8 +6,9 @@ metadata: data: # 登录态 Cookie 写入的域名 BK_DOMAIN: {{ .Values.global.bkDomain }} + BK_LOGIN_HTTP_SCHEMA: {{ .Values.global.bkDomainScheme }} # 统一登录的外部访问域名 - BK_LOGIN_PUBLIC_ADDR: {{ .Values.bkLoginUrl }} + BK_LOGIN_PUBLIC_ADDR: {{ .Values.bkPaas3Addr }} # 用户管理后台API访问地址 BK_USERMGR_API_URL: {{ .Values.bkUserApiUrl }} # 与 ESB 的通信凭证,应用(bk_paas) 对应的 bk_app_secret diff --git a/deploy/helm/bk-user/charts/login/values.yaml b/deploy/helm/bk-user/charts/login/values.yaml index 042d912b2..83f3172e1 100644 --- a/deploy/helm/bk-user/charts/login/values.yaml +++ b/deploy/helm/bk-user/charts/login/values.yaml @@ -8,10 +8,7 @@ global: ## 蓝鲸产品统一根域 bkDomain: "example.com" - - ## 是否开启权限中心 - enableIAM: false - + bkDomainScheme: "http" ## -------------- ## 蓝鲸监控 ## -------------- @@ -75,7 +72,10 @@ appSecret: "" bkPaasSerectKey: "" # 32位随机字符串,用于加密登录态票据(bk_token) encryptSecretKey: "" -bkDomainScheme: "http" +## 统一登录的外部访问域名 +bkPaas3Addr: paas.example.com +## 蓝鲸用户管理后台 API 地址 +bkUserApiUrl: http://bkuserapi-web image: registry: mirrors.tencent.com @@ -96,20 +96,6 @@ serviceAccount: ## If not set and create is true, a name is generated using the fullname template name: "" -## 蓝鲸 PaaS url(浏览器访问蓝鲸入口) -bkPaasUrl: http://paas.example.com -## 蓝鲸 ESB/APIGATEWAY url,注意集群内外都是统一域名。集群内可以配置域名解析到内网ip -bkComponentApiUrl: http://bkapi.paas.example.com -## 蓝鲸 Login url(浏览器跳转登录用的URL前缀) -bkLoginUrl: http://paas.example.com/login/ -## 蓝鲸登录后台的内部服务地址(一般用于校验登录token) -bkLoginApiUrl: http://bk-login-web -## 蓝鲸用户管理 SaaS地址 -bkUserUrl: http://bkuser.paas.example.com -bkUserAddr: bkuser.paas.example.com -## 蓝鲸用户管理后台 API 地址 -bkUserApiUrl: http://bkuserapi-web - ## --------------- ## 环境变量 ## --------------- @@ -149,7 +135,7 @@ ingress: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: /$2 hosts: - - host: "{{ .Values.bkLoginUrl }}" + - host: "{{ .Values.bkPaas3Addr }}" paths: - path: "/login(/|$)(.*)" pathType: ImplementationSpecific diff --git a/deploy/helm/bk-user/charts/saas/values.yaml b/deploy/helm/bk-user/charts/saas/values.yaml index fcaa2ba94..3bc407bc4 100644 --- a/deploy/helm/bk-user/charts/saas/values.yaml +++ b/deploy/helm/bk-user/charts/saas/values.yaml @@ -8,6 +8,7 @@ global: ## 蓝鲸产品统一根域 bkDomain: "example.com" + bkDomainScheme: "http" ## 是否开启权限中心 enableIAM: false @@ -98,8 +99,7 @@ bkComponentApiUrl: http://bkapi.paas.example.com bkLoginUrl: http://paas.example.com/login/ ## 蓝鲸登录后台的内部服务地址(一般用于校验登录token) bkLoginApiUrl: http://bk-login-web -## 蓝鲸用户管理 SaaS地址 -bkUserUrl: http://bkuser.paas.example.com +## 蓝鲸用户管理 SaaS 地址 bkUserAddr: bkuser.paas.example.com ## 蓝鲸用户管理后台 API 地址 bkUserApiUrl: http://bkuserapi-web @@ -143,7 +143,7 @@ ingress: # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - - host: bkuser.{{ .Values.global.bkDomain }} + - host: "{{ .Values.bkUserAddr }}" paths: - path: / pathType: ImplementationSpecific diff --git a/deploy/helm/bk-user/templates/NOTES.txt b/deploy/helm/bk-user/templates/NOTES.txt index 003e2b2e9..e56a5ce42 100644 --- a/deploy/helm/bk-user/templates/NOTES.txt +++ b/deploy/helm/bk-user/templates/NOTES.txt @@ -1,10 +1,10 @@ 恭喜,你已经成功安装了蓝鲸用户管理 ! 如果集群中已经安装了 IngressController,那么可以通过以下地址访问用户管理: -- SaaS: {{ .Values.saas.bkUserUrl }} +- SaaS: {{ .Values.global.bkDomainScheme }}://{{ .Values.saas.bkUserAddr } - Api: {{ .Values.api.bkUserApiUrl }} -也可以通过 {{ .Values.login.bkLoginUrl }} 访问蓝鲸登录。 +也可以通过 {{ .Values.global.bkDomainScheme }}://{{ .Values.login.bkPaas3Addr } 访问蓝鲸登录。 登录账户名密码: {{ .Values.api.initialAdminUsername }}/{{ .Values.api.initialAdminPassword }} diff --git a/deploy/helm/bk-user/values.yaml b/deploy/helm/bk-user/values.yaml index 6c5bfb9e5..425ea52b7 100644 --- a/deploy/helm/bk-user/values.yaml +++ b/deploy/helm/bk-user/values.yaml @@ -8,6 +8,9 @@ global: ## 蓝鲸产品统一根域 bkDomain: "example.com" + bkDomainScheme: "http" + ## 是否开启权限中心 + enableIAM: false ## -------------- ## 蓝鲸监控 From 33fd56e96a6ed915b2168ae8dbaf36e24707351e Mon Sep 17 00:00:00 2001 From: jiayuan Date: Fri, 31 Dec 2021 15:39:07 +0800 Subject: [PATCH 3/8] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E5=9F=9F=E5=90=8D?= =?UTF-8?q?=E7=9A=84=E9=BB=98=E8=AE=A4=E5=80=BC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- deploy/helm/bk-user/README.md | 5 +++-- deploy/helm/bk-user/charts/api/values.yaml | 6 +++--- .../charts/saas/templates/general-envs-configmap.yaml | 2 +- deploy/helm/bk-user/charts/saas/values.yaml | 4 ++-- deploy/helm/bk-user/templates/NOTES.txt | 4 +--- 5 files changed, 10 insertions(+), 11 deletions(-) diff --git a/deploy/helm/bk-user/README.md b/deploy/helm/bk-user/README.md index fe2503b18..3287d7783 100644 --- a/deploy/helm/bk-user/README.md +++ b/deploy/helm/bk-user/README.md @@ -37,13 +37,14 @@ global: api: enabeld: true - bkIamUrl: "http://apps.example.com/bk--iam" + bkIamUrl: "http://bkiam.example.com" bkPaasUrl: "http://paas.example.com" bkComponentApiUrl: "http://bkapi.example.com" saas: enabled: true - bkIamUrl: "http://apps.example.com/bk--iam" + bkUserAddr: bkuser.example.com + bkIamUrl: "http://bkiam.example.com" bkPaasUrl: "http://paas.example.comm" bkComponentApiUrl: "http://bkapi.example.comm" diff --git a/deploy/helm/bk-user/charts/api/values.yaml b/deploy/helm/bk-user/charts/api/values.yaml index 005e07e5d..2ce6b1c41 100644 --- a/deploy/helm/bk-user/charts/api/values.yaml +++ b/deploy/helm/bk-user/charts/api/values.yaml @@ -97,17 +97,17 @@ serviceAccount: ## 蓝鲸 PaaS url(浏览器访问蓝鲸入口) bkPaasUrl: http://paas.example.com ## 蓝鲸 ESB/APIGATEWAY url,注意集群内外都是统一域名。集群内可以配置域名解析到内网ip -bkComponentApiUrl: http://bkapi.paas.example.com +bkComponentApiUrl: http://bkapi.example.com ## 蓝鲸 Login url(浏览器跳转登录用的URL前缀) bkLoginUrl: http://paas.example.com/login/ ## 蓝鲸登录后台的内部服务地址(一般用于校验登录token) bkLoginApiUrl: http://bk-login-web ## 蓝鲸用户管理 SaaS地址 -bkUserAddr: bkuser.paas.example.com +bkUserAddr: bkuser.example.com ## 蓝鲸用户管理后台 API 地址 bkUserApiUrl: http://bkuserapi-web ## 蓝鲸权限中心 SaaS 地址 -bkIamUrl: http://bkiam.paas.example.com +bkIamUrl: http://bkiam.example.com ## 蓝鲸权限中心后台 API 地址 bkIamApiUrl: http://bkiam-web diff --git a/deploy/helm/bk-user/charts/saas/templates/general-envs-configmap.yaml b/deploy/helm/bk-user/charts/saas/templates/general-envs-configmap.yaml index 6a27e130a..76043980e 100644 --- a/deploy/helm/bk-user/charts/saas/templates/general-envs-configmap.yaml +++ b/deploy/helm/bk-user/charts/saas/templates/general-envs-configmap.yaml @@ -17,7 +17,7 @@ data: # 权限中心后台访问地址 BK_IAM_V3_INNER_HOST: "http://bkiam-web" # 默认我们会按照 BK_PAAS_URL/o/bk_iam 拼接权限中心 SaaS 访问地址,可以通过以下值覆盖 - # BK_IAM_SAAS_HOST: "http://apps.bktencent-example.com/bkapp-bk-iam-saas-prod/" + # BK_IAM_SAAS_HOST: "http://bkiam.example.com" BKAPP_BK_USER_CORE_API_HOST: "{{ .Values.bkUserApiUrl }}" # 容器化版本默认采用子域名形式暴露服务 BK_LOGIN_API_URL: "{{ .Values.bkLoginApiUrl }}" diff --git a/deploy/helm/bk-user/charts/saas/values.yaml b/deploy/helm/bk-user/charts/saas/values.yaml index 3bc407bc4..617bcfff5 100644 --- a/deploy/helm/bk-user/charts/saas/values.yaml +++ b/deploy/helm/bk-user/charts/saas/values.yaml @@ -94,13 +94,13 @@ serviceAccount: ## 蓝鲸 PaaS url(浏览器访问蓝鲸入口) bkPaasUrl: http://paas.example.com ## 蓝鲸 ESB/APIGATEWAY url,注意集群内外都是统一域名。集群内可以配置域名解析到内网ip -bkComponentApiUrl: http://bkapi.paas.example.com +bkComponentApiUrl: http://bkapi.example.com ## 蓝鲸 Login url(浏览器跳转登录用的URL前缀) bkLoginUrl: http://paas.example.com/login/ ## 蓝鲸登录后台的内部服务地址(一般用于校验登录token) bkLoginApiUrl: http://bk-login-web ## 蓝鲸用户管理 SaaS 地址 -bkUserAddr: bkuser.paas.example.com +bkUserAddr: bkuser.example.com ## 蓝鲸用户管理后台 API 地址 bkUserApiUrl: http://bkuserapi-web diff --git a/deploy/helm/bk-user/templates/NOTES.txt b/deploy/helm/bk-user/templates/NOTES.txt index e56a5ce42..25caf9354 100644 --- a/deploy/helm/bk-user/templates/NOTES.txt +++ b/deploy/helm/bk-user/templates/NOTES.txt @@ -1,11 +1,9 @@ 恭喜,你已经成功安装了蓝鲸用户管理 ! 如果集群中已经安装了 IngressController,那么可以通过以下地址访问用户管理: -- SaaS: {{ .Values.global.bkDomainScheme }}://{{ .Values.saas.bkUserAddr } +- SaaS: {{ .Values.global.bkDomainScheme }}://{{ .Values.saas.bkUserAddr }} - Api: {{ .Values.api.bkUserApiUrl }} -也可以通过 {{ .Values.global.bkDomainScheme }}://{{ .Values.login.bkPaas3Addr } 访问蓝鲸登录。 - 登录账户名密码: {{ .Values.api.initialAdminUsername }}/{{ .Values.api.initialAdminPassword }} From 8bbaee3c7ac0195ade0eb429b7b48b354d3d82f7 Mon Sep 17 00:00:00 2001 From: jiayuan Date: Fri, 31 Dec 2021 17:17:44 +0800 Subject: [PATCH 4/8] minor fix --- deploy/helm/bk-user/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/helm/bk-user/README.md b/deploy/helm/bk-user/README.md index 3287d7783..630d0c90d 100644 --- a/deploy/helm/bk-user/README.md +++ b/deploy/helm/bk-user/README.md @@ -45,12 +45,12 @@ saas: enabled: true bkUserAddr: bkuser.example.com bkIamUrl: "http://bkiam.example.com" - bkPaasUrl: "http://paas.example.comm" + bkPaasUrl: "http://paas.example.com" bkComponentApiUrl: "http://bkapi.example.comm" login: enabled: true - bkPaas3Addr: "paas.bk8s.woa.com" + bkPaas3Addr: "paas.example.com" ``` #### 2. 确定应用鉴权信息 From 3672e61ea43c4f8869841f4b584aa88a1b2c6471 Mon Sep 17 00:00:00 2001 From: Blues Yu Date: Wed, 5 Jan 2022 18:08:05 +0800 Subject: [PATCH 5/8] fix: minor change according to review --- deploy/helm/bk-user/charts/api/values.yaml | 2 +- deploy/helm/bk-user/charts/login/values.yaml | 3 --- deploy/helm/bk-user/charts/saas/values.yaml | 2 +- deploy/helm/bk-user/values.yaml | 6 +++--- 4 files changed, 5 insertions(+), 8 deletions(-) diff --git a/deploy/helm/bk-user/charts/api/values.yaml b/deploy/helm/bk-user/charts/api/values.yaml index 600d61b82..4188b8a4b 100644 --- a/deploy/helm/bk-user/charts/api/values.yaml +++ b/deploy/helm/bk-user/charts/api/values.yaml @@ -10,7 +10,7 @@ global: bkDomain: "example.com" ## 是否开启权限中心 - enableIAM: false + enableIAM: true ## -------------- ## 蓝鲸监控 diff --git a/deploy/helm/bk-user/charts/login/values.yaml b/deploy/helm/bk-user/charts/login/values.yaml index 042d912b2..0ff6b19b6 100644 --- a/deploy/helm/bk-user/charts/login/values.yaml +++ b/deploy/helm/bk-user/charts/login/values.yaml @@ -9,9 +9,6 @@ global: ## 蓝鲸产品统一根域 bkDomain: "example.com" - ## 是否开启权限中心 - enableIAM: false - ## -------------- ## 蓝鲸监控 ## -------------- diff --git a/deploy/helm/bk-user/charts/saas/values.yaml b/deploy/helm/bk-user/charts/saas/values.yaml index fcaa2ba94..56842767d 100644 --- a/deploy/helm/bk-user/charts/saas/values.yaml +++ b/deploy/helm/bk-user/charts/saas/values.yaml @@ -10,7 +10,7 @@ global: bkDomain: "example.com" ## 是否开启权限中心 - enableIAM: false + enableIAM: true ## -------------- ## 蓝鲸监控 diff --git a/deploy/helm/bk-user/values.yaml b/deploy/helm/bk-user/values.yaml index 6c5bfb9e5..2018023c4 100644 --- a/deploy/helm/bk-user/values.yaml +++ b/deploy/helm/bk-user/values.yaml @@ -60,8 +60,8 @@ mariadb: enabled: true architecture: standalone auth: - username: "bk-user" - password: "maybe_a_strong_passwd" + username: "admin" + password: "blueking" primary: # 默认我们未开启持久化,如有需求可以参考: # - https://kubernetes.io/docs/user-guide/persistent-volumes/ @@ -76,7 +76,7 @@ redis: sentinel: enabled: false auth: - password: "maybe_another_strong_passwd" + password: "blueking" master: persistence: enabled: false From 66f51e7aa30e35ce3d42239183ac8588d3a184d4 Mon Sep 17 00:00:00 2001 From: Blues Yu Date: Thu, 6 Jan 2022 20:40:23 +0800 Subject: [PATCH 6/8] =?UTF-8?q?refactor:=20=E9=87=8D=E6=9E=84=20bk-user=20?= =?UTF-8?q?Helm=20Chart?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../bk-user/charts/api/templates/_storage.tpl | 6 +++ .../charts/api/templates/beat-deployment.yaml | 2 +- .../templates/external-storage-configmap.yaml | 5 +-- .../charts/api/templates/migrate-job.yaml | 2 +- .../charts/api/templates/web-deployment.yaml | 2 +- .../api/templates/worker-deployment.yaml | 2 +- deploy/helm/bk-user/charts/api/values.yaml | 37 +++++++++++-------- .../templates/general-envs-configmap.yaml | 6 ++- deploy/helm/bk-user/charts/login/values.yaml | 18 ++------- deploy/helm/bk-user/charts/saas/values.yaml | 10 +---- deploy/helm/bk-user/templates/_storage.tpl | 10 +++++ .../templates/mariadb-env-configmap.yaml | 6 +-- .../templates/redis-env-configmap.yaml | 12 +++--- 13 files changed, 60 insertions(+), 58 deletions(-) create mode 100644 deploy/helm/bk-user/charts/api/templates/_storage.tpl create mode 100644 deploy/helm/bk-user/templates/_storage.tpl diff --git a/deploy/helm/bk-user/charts/api/templates/_storage.tpl b/deploy/helm/bk-user/charts/api/templates/_storage.tpl new file mode 100644 index 000000000..8db2eb4dc --- /dev/null +++ b/deploy/helm/bk-user/charts/api/templates/_storage.tpl @@ -0,0 +1,6 @@ +{{/* +Shortcuts for redis +*/}} +{{- define "bk-user.externalRedisBrokerUrl" -}} +{{- printf "redis://:%s@%s:%s/0" .Values.externalRedis.default.password .Values.externalRedis.default.host (.Values.externalRedis.default.port | toString )}} +{{- end }} \ No newline at end of file diff --git a/deploy/helm/bk-user/charts/api/templates/beat-deployment.yaml b/deploy/helm/bk-user/charts/api/templates/beat-deployment.yaml index 90a34e3a4..6e30b689f 100644 --- a/deploy/helm/bk-user/charts/api/templates/beat-deployment.yaml +++ b/deploy/helm/bk-user/charts/api/templates/beat-deployment.yaml @@ -53,7 +53,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.resources.beat | nindent 12 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/deploy/helm/bk-user/charts/api/templates/external-storage-configmap.yaml b/deploy/helm/bk-user/charts/api/templates/external-storage-configmap.yaml index fe822cf19..ee20426ea 100644 --- a/deploy/helm/bk-user/charts/api/templates/external-storage-configmap.yaml +++ b/deploy/helm/bk-user/charts/api/templates/external-storage-configmap.yaml @@ -15,6 +15,5 @@ data: # --------------- # Redis Related # --------------- - {{- $redis_url := printf "redis://:%s@%s-redis-master:%s/0" .Values.externalRedis.default.password .Release.Name (.Values.externalRedis.default.port | toString )}} - CELERY_BROKER_URL: {{ $redis_url }} - CELERY_RESULT_BACKEND: {{ $redis_url }} + CELERY_BROKER_URL: {{ include "bk-user.externalRedisBrokerUrl" . }} + CELERY_RESULT_BACKEND: {{ include "bk-user.externalRedisBrokerUrl" . }} diff --git a/deploy/helm/bk-user/charts/api/templates/migrate-job.yaml b/deploy/helm/bk-user/charts/api/templates/migrate-job.yaml index a9d743e66..e6e13ec5e 100644 --- a/deploy/helm/bk-user/charts/api/templates/migrate-job.yaml +++ b/deploy/helm/bk-user/charts/api/templates/migrate-job.yaml @@ -45,4 +45,4 @@ spec: {{- toYaml . | nindent 12}} {{- end }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.resources.web | nindent 12 }} diff --git a/deploy/helm/bk-user/charts/api/templates/web-deployment.yaml b/deploy/helm/bk-user/charts/api/templates/web-deployment.yaml index 0a21bf164..2ca64989a 100644 --- a/deploy/helm/bk-user/charts/api/templates/web-deployment.yaml +++ b/deploy/helm/bk-user/charts/api/templates/web-deployment.yaml @@ -65,7 +65,7 @@ spec: path: /ping port: http resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.resources.web | nindent 12 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/deploy/helm/bk-user/charts/api/templates/worker-deployment.yaml b/deploy/helm/bk-user/charts/api/templates/worker-deployment.yaml index 01532c24b..ec23c0f96 100644 --- a/deploy/helm/bk-user/charts/api/templates/worker-deployment.yaml +++ b/deploy/helm/bk-user/charts/api/templates/worker-deployment.yaml @@ -53,7 +53,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.resources.worker | nindent 12 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/deploy/helm/bk-user/charts/api/values.yaml b/deploy/helm/bk-user/charts/api/values.yaml index 4188b8a4b..70fe9baf4 100644 --- a/deploy/helm/bk-user/charts/api/values.yaml +++ b/deploy/helm/bk-user/charts/api/values.yaml @@ -119,7 +119,7 @@ bkIamApiUrl: http://bkiam-web ## 请按照原生 env 格式填写 ## env 优先级高于 envFrom,你可以用它来覆盖内置环境变量 # env: -# - key: "FOO" +# - name: "FOO" # value: "BAR" envFrom: @@ -163,20 +163,27 @@ ingress: # - chart-example.local resources: - limits: - cpu: 1024m - memory: 2048Mi - requests: - cpu: 100m - memory: 128Mi - -celeryResource: - limits: - cpu: 1024m - memory: 2048Mi - requests: - cpu: 100m - memory: 128Mi + web: + requests: + cpu: "100m" + memory: "128Mi" + limits: + cpu: "1024m" + memory: "2048Mi" + worker: + requests: + cpu: "100m" + memory: "128Mi" + limits: + cpu: "1024m" + memory: "2048Mi" + beat: + requests: + cpu: "100m" + memory: "128Mi" + limits: + cpu: "1024m" + memory: "1024Mi" ## --------------- ## 调度 diff --git a/deploy/helm/bk-user/charts/login/templates/general-envs-configmap.yaml b/deploy/helm/bk-user/charts/login/templates/general-envs-configmap.yaml index 2e08ef351..09ff841a4 100644 --- a/deploy/helm/bk-user/charts/login/templates/general-envs-configmap.yaml +++ b/deploy/helm/bk-user/charts/login/templates/general-envs-configmap.yaml @@ -7,10 +7,12 @@ data: # 登录态 Cookie 写入的域名 BK_DOMAIN: {{ .Values.global.bkDomain }} # 统一登录的外部访问域名 - BK_LOGIN_PUBLIC_ADDR: {{ .Values.bkLoginUrl }} + BK_LOGIN_PUBLIC_ADDR: {{ .Values.bkLoginAddr }} # 用户管理后台API访问地址 BK_USERMGR_API_URL: {{ .Values.bkUserApiUrl }} # 与 ESB 的通信凭证,应用(bk_paas) 对应的 bk_app_secret BK_PAAS_SECRET_KEY: {{ .Values.bkPaasSerectKey }} # 32位随机字符串,用于加密登录态票据(bk_token) - ENCRYPT_SECRET_KEY: {{ .Values.encryptSecretKey }} \ No newline at end of file + ENCRYPT_SECRET_KEY: {{ .Values.encryptSecretKey }} + # 登录服务 Http Schema + BK_LOGIN_HTTP_SCHEMA: {{ .Values.bkDomainScheme }} \ No newline at end of file diff --git a/deploy/helm/bk-user/charts/login/values.yaml b/deploy/helm/bk-user/charts/login/values.yaml index 0ff6b19b6..f681c2154 100644 --- a/deploy/helm/bk-user/charts/login/values.yaml +++ b/deploy/helm/bk-user/charts/login/values.yaml @@ -65,9 +65,6 @@ replicaCount: 1 ## celery deployment 副本数 celeryReplicaCount: 1 -appCode: "bk_login" -appSecret: "" - # 与 ESB 的通信凭证,应用(bk_paas) 对应的 bk_app_secret bkPaasSerectKey: "" # 32位随机字符串,用于加密登录态票据(bk_token) @@ -99,8 +96,7 @@ bkPaasUrl: http://paas.example.com bkComponentApiUrl: http://bkapi.paas.example.com ## 蓝鲸 Login url(浏览器跳转登录用的URL前缀) bkLoginUrl: http://paas.example.com/login/ -## 蓝鲸登录后台的内部服务地址(一般用于校验登录token) -bkLoginApiUrl: http://bk-login-web +bkLoginAddr: paas.example.com ## 蓝鲸用户管理 SaaS地址 bkUserUrl: http://bkuser.paas.example.com bkUserAddr: bkuser.paas.example.com @@ -113,7 +109,7 @@ bkUserApiUrl: http://bkuserapi-web ## 请按照原生 env 格式填写 ## env 优先级高于 envFrom,你可以用它来覆盖内置环境变量 # env: -# - key: "FOO" +# - name: "FOO" # value: "BAR" envFrom: @@ -146,7 +142,7 @@ ingress: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: /$2 hosts: - - host: "{{ .Values.bkLoginUrl }}" + - host: "{{ .Values.bkLoginAddr }}" paths: - path: "/login(/|$)(.*)" pathType: ImplementationSpecific @@ -163,14 +159,6 @@ resources: cpu: 200m memory: 512Mi -celeryResource: - limits: - cpu: 1024m - memory: 2048Mi - requests: - cpu: 100m - memory: 128Mi - ## --------------- ## 调度 ## --------------- diff --git a/deploy/helm/bk-user/charts/saas/values.yaml b/deploy/helm/bk-user/charts/saas/values.yaml index 56842767d..3880a6bd1 100644 --- a/deploy/helm/bk-user/charts/saas/values.yaml +++ b/deploy/helm/bk-user/charts/saas/values.yaml @@ -110,7 +110,7 @@ bkUserApiUrl: http://bkuserapi-web ## 请按照原生 env 格式填写 ## env 优先级高于 envFrom,你可以用它来覆盖内置环境变量 # env: -# - key: "FOO" +# - name: "FOO" # value: "BAR" envFrom: @@ -160,14 +160,6 @@ resources: cpu: 100m memory: 128Mi -celeryResource: - limits: - cpu: 1024m - memory: 2048Mi - requests: - cpu: 100m - memory: 128Mi - ## --------------- ## 调度 ## --------------- diff --git a/deploy/helm/bk-user/templates/_storage.tpl b/deploy/helm/bk-user/templates/_storage.tpl new file mode 100644 index 000000000..65d58ca6b --- /dev/null +++ b/deploy/helm/bk-user/templates/_storage.tpl @@ -0,0 +1,10 @@ +{{/* +Shortcuts for redis +*/}} +{{- define "bk-user.apiExternalRedisBrokerUrl" -}} +{{- printf "redis://:%s@%s-redis-master:%s/0" .Values.api.externalRedis.default.password .Release.Name (.Values.api.externalRedis.default.port | toString )}} +{{- end }} + +{{- define "bk-user.builtinRedisBrokerUrl" -}} +{{- printf "redis://:%s@%s-redis-master:%s/0" .Values.redis.auth.password .Release.Name (.Values.redis.master.service.port | toString )}} +{{- end }} \ No newline at end of file diff --git a/deploy/helm/bk-user/templates/mariadb-env-configmap.yaml b/deploy/helm/bk-user/templates/mariadb-env-configmap.yaml index 51d3a7e21..a93da17e4 100644 --- a/deploy/helm/bk-user/templates/mariadb-env-configmap.yaml +++ b/deploy/helm/bk-user/templates/mariadb-env-configmap.yaml @@ -11,7 +11,7 @@ data: DB_PASSWORD: "{{ .Values.mariadb.auth.password }}" DB_HOST: "{{ .Release.Name }}-mariadb" DB_PORT: "3306" - {{- else -}} + {{- else }} DB_NAME: "{{ .Values.api.externalDatabase.default.name | default .Values.api.preferDBName }}" DB_USER: "{{ .Values.api.externalDatabase.default.user }}" DB_PASSWORD: "{{ .Values.api.externalDatabase.default.password }}" @@ -32,7 +32,7 @@ data: DB_PASSWORD: "{{ .Values.mariadb.auth.password }}" DB_HOST: "{{ .Release.Name }}-mariadb" DB_PORT: "3306" - {{- else -}} + {{- else }} DB_NAME: "{{ .Values.saas.externalDatabase.default.name | default .Values.saas.preferDBName }}" DB_USER: "{{ .Values.saas.externalDatabase.default.user }}" DB_PASSWORD: "{{ .Values.saas.externalDatabase.default.password }}" @@ -53,7 +53,7 @@ data: DATABASE_PASSWORD: "{{ .Values.mariadb.auth.password }}" DATABASE_HOST: "{{ .Release.Name }}-mariadb" DATABASE_PORT: "3306" - {{- else -}} + {{- else }} DATABASE_NAME: "{{ .Values.login.externalDatabase.default.name | default .Values.login.preferDBName }}" DATABASE_USER: "{{ .Values.login.externalDatabase.default.user }}" DATABASE_PASSWORD: "{{ .Values.login.externalDatabase.default.password }}" diff --git a/deploy/helm/bk-user/templates/redis-env-configmap.yaml b/deploy/helm/bk-user/templates/redis-env-configmap.yaml index c2f22d63a..fbf83895e 100644 --- a/deploy/helm/bk-user/templates/redis-env-configmap.yaml +++ b/deploy/helm/bk-user/templates/redis-env-configmap.yaml @@ -6,11 +6,9 @@ metadata: {{- include "bk-user.labels" . | nindent 4 }} data: {{- if .Values.redis.enabled }} - {{- $redis_url := printf "redis://:%s@%s-redis-master:%s/0" .Values.redis.auth.password .Release.Name (.Values.redis.master.service.port | toString )}} - CELERY_BROKER_URL: {{ $redis_url }} - CELERY_RESULT_BACKEND: {{ $redis_url }} - {{- else -}} - {{- $redis_url := printf "redis://:%s@%s-redis-master:%s/0" .Values.api.externalRedis.default.password .Release.Name (.Values.api.externalRedis.default.port | toString )}} - CELERY_BROKER_URL: {{ $redis_url }} - CELERY_RESULT_BACKEND: {{ $redis_url }} + CELERY_BROKER_URL: {{ include "bk-user.builtinRedisBrokerUrl" . }} + CELERY_RESULT_BACKEND: {{ include "bk-user.builtinRedisBrokerUrl" . }} + {{- else }} + CELERY_BROKER_URL: {{ include "bk-user.apiExternalRedisBrokerUrl" . }} + CELERY_RESULT_BACKEND: {{ include "bk-user.apiExternalRedisBrokerUrl" . }} {{- end -}} From c0f5b244ac2a29de3322b19ecbf0b30fe4ce7564 Mon Sep 17 00:00:00 2001 From: Blues Yu Date: Tue, 11 Jan 2022 10:43:58 +0800 Subject: [PATCH 7/8] feat: support global image registry --- deploy/helm/bk-user/Chart.yaml | 2 +- deploy/helm/bk-user/README.md | 36 ++++++++------- .../charts/api/templates/beat-deployment.yaml | 4 +- .../charts/api/templates/migrate-iam.yaml | 46 +++++++++++++++++++ .../charts/api/templates/migrate-job.yaml | 4 +- .../charts/api/templates/web-deployment.yaml | 4 +- .../api/templates/worker-deployment.yaml | 4 +- .../charts/login/templates/deployment.yaml | 4 +- .../charts/login/templates/migrate-job.yaml | 4 +- .../charts/saas/templates/deployment.yaml | 4 +- .../charts/saas/templates/migrate-job.yaml | 4 +- 11 files changed, 82 insertions(+), 34 deletions(-) create mode 100644 deploy/helm/bk-user/charts/api/templates/migrate-iam.yaml diff --git a/deploy/helm/bk-user/Chart.yaml b/deploy/helm/bk-user/Chart.yaml index 1caae73eb..02dd1ae0f 100644 --- a/deploy/helm/bk-user/Chart.yaml +++ b/deploy/helm/bk-user/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: bk-user description: A Helm chart for bk-user type: application -version: 1.0.1 +version: 1.1.2 appVersion: v2.3.1 dependencies: diff --git a/deploy/helm/bk-user/README.md b/deploy/helm/bk-user/README.md index 630d0c90d..b185a16ef 100644 --- a/deploy/helm/bk-user/README.md +++ b/deploy/helm/bk-user/README.md @@ -63,18 +63,19 @@ login: 你需要为用户管理提供一个访问根域,类似 `example.com`,配置示例: ```yaml api: - appCode: "bk-user" - appSecret: "2cd2188d-88be-46c0-95bb-f7d105737757" + appCode: "bk_usermgr" + appSecret: "some-app-secret" saas: - appCode: "bk-user" - appSecret: "2cd2188d-88be-46c0-95bb-f7d105737757" + appCode: "bk_usermgr" + appSecret: "some-app-secret" login: # bk_paas 对应的 bk_app_secret 信息 - bkPaasSerectKey: "9de9e906-5fa0-477d-b08c-73fdfa768ce3" + bkPaasSerectKey: "enter-paas-secret-key" # 32位随机字符串,用于加密登录态票据(bk_token) - encryptSecretKey: "qyIBEoRhwus48cvPS066iE1rqGnTBv" + # tr -dc A-Za-z0-9 注意这里同时也会修改 bitnami 内建存储的 Registry + #### 4. 数据库依赖 我们为**功能快速验证**提供了内嵌的 `mariadb` 组件,但我们并不保证该数据库的高可用性,所以***不建议在生产环境中直接使用***。 @@ -161,10 +171,10 @@ redis: ``` #### 5. 权限中心 -默认地,我们未开启权限中心,如果在权限中心已经就绪之后,想体验用户管理功能,那么你可以手动向权限中心注册模型: +默认地,我们已开启权限中心,如果功能验证时想跳过权限中心,可以手动关闭 ```yaml global: - enableIAM: true + enableIAM: false ``` #### 6. 账号密码 @@ -205,7 +215,7 @@ global: ```bash # 假定你想在 bk-user 命名空间安装 kubectl create namespace bk-user -helm install bk-user bk-user-stack -n bk-user -f values.yaml +helm install bk-user bk-user -n bk-user -f values.yaml ``` @@ -213,13 +223,5 @@ helm install bk-user bk-user-stack -n bk-user -f values.yaml ## 卸载 ```bash -# 卸载资源 helm uninstall bk-user -n bk-user - -# 已安装的 mariadb & redis 并不会被删除,防止没有开启持久化期间产生的数据被销毁 -# 如果确认已不再需要相关内容,可以手动删除命名空间内的资源 -# 独立命名空间时 -kubectl delete ns bk-user -# 非独立命名空间时 -kubectl delete deploy,sts,cronjob,pod,svc,ingress,secret,cm,sa,role,rolebinding,pvc -l app.kubernetes.io/instance=bk-user -n bk-user ``` diff --git a/deploy/helm/bk-user/charts/api/templates/beat-deployment.yaml b/deploy/helm/bk-user/charts/api/templates/beat-deployment.yaml index 6e30b689f..1527f71ae 100644 --- a/deploy/helm/bk-user/charts/api/templates/beat-deployment.yaml +++ b/deploy/helm/bk-user/charts/api/templates/beat-deployment.yaml @@ -29,7 +29,7 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} initContainers: - name: check-migrate-db - image: "{{ .Values.migration.images.k8sWaitFor.registry }}/{{ .Values.migration.images.k8sWaitFor.repository }}:{{ .Values.migration.images.k8sWaitFor.tag }}" + image: "{{ .Values.global.imageRegistry | default .Values.migration.images.k8sWaitFor.registry }}/{{ .Values.migration.images.k8sWaitFor.repository }}:{{ .Values.migration.images.k8sWaitFor.tag }}" imagePullPolicy: IfNotPresent args: - job @@ -38,7 +38,7 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - bash diff --git a/deploy/helm/bk-user/charts/api/templates/migrate-iam.yaml b/deploy/helm/bk-user/charts/api/templates/migrate-iam.yaml new file mode 100644 index 000000000..dcc26d77a --- /dev/null +++ b/deploy/helm/bk-user/charts/api/templates/migrate-iam.yaml @@ -0,0 +1,46 @@ +{{- if .Values.global.enableIAM }} +apiVersion: batch/v1 +kind: Job +metadata: + name: bk-user-api-migrate-iam-{{ .Release.Revision }} + labels: + {{- include "bk-user.labels" . | nindent 4 }} +spec: + backoffLimit: 10 + template: + metadata: + labels: + {{- include "bk-user.labels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: bk-user-api + restartPolicy: OnFailure + initContainers: + - name: check-migrate-db + image: "{{ .Values.global.imageRegistry | default .Values.migration.images.k8sWaitFor.registry }}/{{ .Values.migration.images.k8sWaitFor.repository }}:{{ .Values.migration.images.k8sWaitFor.tag }}" + imagePullPolicy: IfNotPresent + args: + - job + - "bk-user-api-migrate-db-{{ .Release.Revision }}" + containers: + - name: api-db-migrate + image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - bash + args: + - /app/migrate_iam.sh + {{- with .Values.env }} + env: + {{- toYaml . | nindent 12}} + {{- end }} + {{- with .Values.envFrom }} + envFrom: + {{- toYaml . | nindent 12}} + {{- end }} + resources: + {{- toYaml .Values.resources.web | nindent 12 }} +{{- end }} \ No newline at end of file diff --git a/deploy/helm/bk-user/charts/api/templates/migrate-job.yaml b/deploy/helm/bk-user/charts/api/templates/migrate-job.yaml index e6e13ec5e..c573c3d55 100644 --- a/deploy/helm/bk-user/charts/api/templates/migrate-job.yaml +++ b/deploy/helm/bk-user/charts/api/templates/migrate-job.yaml @@ -18,7 +18,7 @@ spec: restartPolicy: OnFailure initContainers: - name: check-database-ready - image: "{{ .Values.migration.images.busybox.registry }}/{{ .Values.migration.images.busybox.repository }}:{{ .Values.migration.images.busybox.tag }}" + image: "{{ .Values.global.imageRegistry | default .Values.migration.images.busybox.registry }}/{{ .Values.migration.images.busybox.repository }}:{{ .Values.migration.images.busybox.tag }}" imagePullPolicy: IfNotPresent command: - sh @@ -29,7 +29,7 @@ spec: {{- toYaml .Values.envFrom | nindent 12 }} containers: - name: api-db-migrate - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - /bin/bash diff --git a/deploy/helm/bk-user/charts/api/templates/web-deployment.yaml b/deploy/helm/bk-user/charts/api/templates/web-deployment.yaml index 2ca64989a..08189f084 100644 --- a/deploy/helm/bk-user/charts/api/templates/web-deployment.yaml +++ b/deploy/helm/bk-user/charts/api/templates/web-deployment.yaml @@ -29,7 +29,7 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} initContainers: - name: check-migrate-db - image: "{{ .Values.migration.images.k8sWaitFor.registry }}/{{ .Values.migration.images.k8sWaitFor.repository }}:{{ .Values.migration.images.k8sWaitFor.tag }}" + image: "{{ .Values.global.imageRegistry | default .Values.migration.images.k8sWaitFor.registry }}/{{ .Values.migration.images.k8sWaitFor.repository }}:{{ .Values.migration.images.k8sWaitFor.tag }}" imagePullPolicy: IfNotPresent args: - job @@ -38,7 +38,7 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - bash diff --git a/deploy/helm/bk-user/charts/api/templates/worker-deployment.yaml b/deploy/helm/bk-user/charts/api/templates/worker-deployment.yaml index ec23c0f96..32c1e0127 100644 --- a/deploy/helm/bk-user/charts/api/templates/worker-deployment.yaml +++ b/deploy/helm/bk-user/charts/api/templates/worker-deployment.yaml @@ -29,7 +29,7 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} initContainers: - name: check-migrate-db - image: "{{ .Values.migration.images.k8sWaitFor.registry }}/{{ .Values.migration.images.k8sWaitFor.repository }}:{{ .Values.migration.images.k8sWaitFor.tag }}" + image: "{{ .Values.global.imageRegistry | default .Values.migration.images.k8sWaitFor.registry }}/{{ .Values.migration.images.k8sWaitFor.repository }}:{{ .Values.migration.images.k8sWaitFor.tag }}" imagePullPolicy: IfNotPresent args: - job @@ -38,7 +38,7 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - bash diff --git a/deploy/helm/bk-user/charts/login/templates/deployment.yaml b/deploy/helm/bk-user/charts/login/templates/deployment.yaml index fd39890ae..316919103 100644 --- a/deploy/helm/bk-user/charts/login/templates/deployment.yaml +++ b/deploy/helm/bk-user/charts/login/templates/deployment.yaml @@ -29,7 +29,7 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} initContainers: - name: check-migrate-db - image: "{{ .Values.migration.images.k8sWaitFor.registry }}/{{ .Values.migration.images.k8sWaitFor.repository }}:{{ .Values.migration.images.k8sWaitFor.tag }}" + image: "{{ .Values.global.imageRegistry | default .Values.migration.images.k8sWaitFor.registry }}/{{ .Values.migration.images.k8sWaitFor.repository }}:{{ .Values.migration.images.k8sWaitFor.tag }}" imagePullPolicy: IfNotPresent args: - job @@ -38,7 +38,7 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["./start.sh"] {{- with .Values.env }} diff --git a/deploy/helm/bk-user/charts/login/templates/migrate-job.yaml b/deploy/helm/bk-user/charts/login/templates/migrate-job.yaml index d6c01ccc2..a5aa0d076 100644 --- a/deploy/helm/bk-user/charts/login/templates/migrate-job.yaml +++ b/deploy/helm/bk-user/charts/login/templates/migrate-job.yaml @@ -18,7 +18,7 @@ spec: restartPolicy: OnFailure initContainers: - name: check-database-ready - image: "{{ .Values.migration.images.busybox.registry }}/{{ .Values.migration.images.busybox.repository }}:{{ .Values.migration.images.busybox.tag }}" + image: "{{ .Values.global.imageRegistry | default .Values.migration.images.busybox.registry }}/{{ .Values.migration.images.busybox.repository }}:{{ .Values.migration.images.busybox.tag }}" imagePullPolicy: IfNotPresent command: - sh @@ -29,7 +29,7 @@ spec: {{- toYaml .Values.envFrom | nindent 12 }} containers: - name: login-db-migrate - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - /bin/bash diff --git a/deploy/helm/bk-user/charts/saas/templates/deployment.yaml b/deploy/helm/bk-user/charts/saas/templates/deployment.yaml index 9fd3c848b..21de4034d 100644 --- a/deploy/helm/bk-user/charts/saas/templates/deployment.yaml +++ b/deploy/helm/bk-user/charts/saas/templates/deployment.yaml @@ -29,7 +29,7 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} initContainers: - name: check-migrate-db - image: "{{ .Values.migration.images.k8sWaitFor.registry }}/{{ .Values.migration.images.k8sWaitFor.repository }}:{{ .Values.migration.images.k8sWaitFor.tag }}" + image: "{{ .Values.global.imageRegistry | default .Values.migration.images.k8sWaitFor.registry }}/{{ .Values.migration.images.k8sWaitFor.repository }}:{{ .Values.migration.images.k8sWaitFor.tag }}" imagePullPolicy: IfNotPresent args: - job @@ -38,7 +38,7 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.env }} env: diff --git a/deploy/helm/bk-user/charts/saas/templates/migrate-job.yaml b/deploy/helm/bk-user/charts/saas/templates/migrate-job.yaml index 84a49b3cb..6778bb398 100644 --- a/deploy/helm/bk-user/charts/saas/templates/migrate-job.yaml +++ b/deploy/helm/bk-user/charts/saas/templates/migrate-job.yaml @@ -18,7 +18,7 @@ spec: restartPolicy: OnFailure initContainers: - name: check-database-ready - image: "{{ .Values.migration.images.busybox.registry }}/{{ .Values.migration.images.busybox.repository }}:{{ .Values.migration.images.busybox.tag }}" + image: "{{ .Values.global.imageRegistry | default .Values.migration.images.busybox.registry }}/{{ .Values.migration.images.busybox.repository }}:{{ .Values.migration.images.busybox.tag }}" imagePullPolicy: IfNotPresent command: - sh @@ -29,7 +29,7 @@ spec: {{- toYaml .Values.envFrom | nindent 12 }} containers: - name: saas-db-migrate - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.global.imageRegistry | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - /bin/bash From 71c6f5698aaa2625f492a4fbbe1ea73fa501052e Mon Sep 17 00:00:00 2001 From: Blues Yu Date: Tue, 11 Jan 2022 15:28:43 +0800 Subject: [PATCH 8/8] =?UTF-8?q?fix:=20=E4=BF=AE=E6=AD=A3=E4=BA=86=20Chart?= =?UTF-8?q?=20readme=20&&=20=E4=BF=AE=E6=AD=A3=E4=BA=86=20bk-login=20?= =?UTF-8?q?=E9=83=A8=E7=BD=B2=20pod=20=E5=90=8D=20&&=20resolve=20mypy=20?= =?UTF-8?q?=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- deploy/helm/bk-user/README.md | 32 +++++++++++++++++-- .../charts/login/templates/deployment.yaml | 2 +- src/api/bkuser_core/esb_sdk/client.py | 11 +------ 3 files changed, 31 insertions(+), 14 deletions(-) diff --git a/deploy/helm/bk-user/README.md b/deploy/helm/bk-user/README.md index b185a16ef..0df56f81d 100644 --- a/deploy/helm/bk-user/README.md +++ b/deploy/helm/bk-user/README.md @@ -1,6 +1,6 @@ -# Bk-User-Helm-Stack +# bk-user Chart 安装说明 -Bk-User-Helm-Stack 是一个旨在快速部署用户管理部署工具,它在 Helm Chart 的基础上开发,旨在为用户管理产品提供方便快捷的部署能力。 +bk-user 是一个旨在快速部署用户管理部署工具,它在 Helm Chart 的基础上开发,旨在为用户管理产品提供方便快捷的部署能力。 ## 准备依赖服务 @@ -208,7 +208,7 @@ global: enabled: true ``` -### 安装 +### 9. 安装 如果你已经准备好了 `values.yaml`,就可以直接进行安装操作了 @@ -221,6 +221,32 @@ helm install bk-user bk-user -n bk-user -f values.yaml 如果在安装完成之后,访问 SaaS 地址出现 `503`,可以检查一下 `saas-web` 容器是否完全就绪,静候就绪后刷新页面即可。 +## 资源释义 +你可以通过 kubectl 获取安装详情: +```bash +# 获取所有 controller +kubectl get deploy,job,sts -l app.kubernetes.io/instance=bk-user +# 获取所有 Pod +kubectl get pod -l app.kubernetes.io/instance=bk-user +# 获取访问入口 +kubectl get svc,ingress -l app.kubernetes.io/instance=bk-user +``` + +通常在安装后,我们会看到这些 Pod + +| Pod 前缀 | 所属模块 | 作用 | +|-------------------------|-----------|-------------| +| bk-login-web | 蓝鲸登录 | 主进程 | +| bk-login-migrate-db | 蓝鲸登录 | 初始化数据库作业 | +| bk-user-saas | 用户管理 SaaS | 主进程 | +| bk-user-saas-migrate-db | 用户管理 SaaS | 初始化数据库作业 | +| bk-user-api-web | 用户管理 API | 主进程 | +| bk-user-api-worker | 用户管理 API | 后台任务进程 | +| bk-user-api-beat | 用户管理 API | 周期任务 | +| bk-user-api-migrate-db | 用户管理 API | 初始化数据库作业 | +| bk-user-api-migrate-db | 用户管理 API | 初始化数据库作业 | +| bk-user-api-migrate-iam | 用户管理 API | 初始化权限中心模型作业 | + ## 卸载 ```bash helm uninstall bk-user -n bk-user diff --git a/deploy/helm/bk-user/charts/login/templates/deployment.yaml b/deploy/helm/bk-user/charts/login/templates/deployment.yaml index 316919103..b6c284871 100644 --- a/deploy/helm/bk-user/charts/login/templates/deployment.yaml +++ b/deploy/helm/bk-user/charts/login/templates/deployment.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "bk-user.fullname" . }} + name: bk-login-web labels: {{- include "bk-user.labels" . | nindent 4 }} spec: diff --git a/src/api/bkuser_core/esb_sdk/client.py b/src/api/bkuser_core/esb_sdk/client.py index a0434c851..9e2ca3291 100644 --- a/src/api/bkuser_core/esb_sdk/client.py +++ b/src/api/bkuser_core/esb_sdk/client.py @@ -8,8 +8,6 @@ an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. """ -"""Component API Client -""" import json import logging import random @@ -22,13 +20,6 @@ from . import collections, conf from .utils import get_signature -# shutdown urllib3's warning -try: - requests.packages.urllib3.disable_warnings() -except ImportError: - pass - - logger = logging.getLogger("component") @@ -148,7 +139,7 @@ def request(self, method, url, params=None, data=None, **kwargs): if method == "POST": params = {} - url_path = urlparse.urlparse(url).path + url_path = urlparse(url).path # signature always in GET params params.update( {