rel3.5.6

2024-03-21 10:42:44 +09:00
parent e7f5e332be
commit 49d78dd023
5 changed files with 437 additions and 120 deletions
--- a/cmoa_install.yaml
+++ b/cmoa_install.yaml
@@ -3,9 +3,9 @@
  become: true
  gather_facts: true
  environment:
-    KUBECONFIG: /root/.kube/ansible_config
+    KUBECONFIG: /Users/byeonjunghun/.kube/ansible_config
  vars:
-    REGISTRY: 10.10.43.224:5000/cmoa3
+    REGISTRY: 10.10.43.200:5000/cmoa3
    REPO: "nexus" # dockerhub or nexus
  roles:
    - role: cmoa_install
--- a/6
+++ b/6
@@ -1,11 +1,11 @@
 [master]
-10.10.43.200
+10.10.43.200 ansible_user=root
 [worker1]
-10.10.43.201
+10.10.43.201 ansible_user=root
 [worker2]
-10.10.43.202
+10.10.43.202 ansible_user=root
 [cluster:children]
 master
--- a/roles/cmoa_install/files/03-ddl-dml/postgres/patch/postgres_patch_3.5.6.psql
+++ b/roles/cmoa_install/files/03-ddl-dml/postgres/patch/postgres_patch_3.5.6.psql
@@ -0,0 +1,368 @@
 -- Topology agent와 Metric agent 통합 작업
 UPDATE public.agent_install_file_info
 	SET yaml='---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: cloudmoa-cluster-role
 rules:
  - nonResourceURLs:
      - "*"
    verbs:
      - get
  - apiGroups:
      - metrics.k8s.io
    resources:
      - pods
      - nodes
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - get
      - list
      - watch
      - update
  - apiGroups:
      - ""
    resources:
      - services
    verbs:
      - get
      - list
      - watch
      - update
  - apiGroups:
      - ""
    resources:
      - nodes/stats
      - endpoints
      - namespaces
      - events
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - apps
    resources:
      - daemonsets
      - deployments
      - deployments/scale
      - replicasets
      - replicasets/scale
      - statefulsets
      - statefulsets/scale
    verbs:
      - get
      - list
      - watch
      - update
  - apiGroups:
      - batch
    resources:
      - jobs
    verbs:
      - get
      - list
      - watch
      - update
  - apiGroups:
      - batch
    resources:
      - cronjobs
    verbs:
      - get
      - list
      - update
  - apiGroups:
      - storage.j8s.io
    resources:
      - storageclasses
    verbs:
      - get
      - list
  - apiGroups:
      - networking.k8s.io
    resources:
      - ingresses
    verbs:
      - get
      - list
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
  - apiGroups:
      - policy
    resources:
      - podsecuritypolicies
    verbs:
      - use
    resourceNames:
      - imxc-ps
  - apiGroups:
      - certificates.k8s.io
    resourceNames:
      - kubernetes.io/kube-apiserver-client-kubelet
    resources:
      - signers
    verbs:
      - approve
  - apiGroups:
      - certificates.k8s.io
    resourceNames:
      - kubernetes.io/kubelet-serving
    resources:
      - signers
    verbs:
      - approve
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - get
      - list
      - watch
      - proxy
  - apiGroups:
      - ""
    resources:
      - nodes/log
      - nodes/metrics
      - nodes/proxy
      - nodes/spec
      - nodes/stats
    verbs:
      - ''*''
  - apiGroups:
      - ''*''
    resources:
      - ''*''
    verbs:
      - get
      - list
      - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: cloudmoa-restricted-rb
  namespace: $CLOUDMOA_NAMESPACE
 subjects:
  - kind: ServiceAccount
    name: default
    namespace: $CLOUDMOA_NAMESPACE
 roleRef:
  kind: ClusterRole
  name: cloudmoa-cluster-role
  apiGroup: rbac.authorization.k8s.io
 ---
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
  name: cloudmoa-psp
  namespace: $CLOUDMOA_NAMESPACE
 spec:
  privileged: true
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  runAsUser:
    rule: RunAsAny
  fsGroup:
    rule: RunAsAny
  hostPorts:
    - max: 65535
      min: 0
  hostNetwork: true
  hostPID: true
  volumes:
    - configMap
    - secret
    - emptyDir
    - hostPath
    - projected
    - downwardAPI
    - persistentVolumeClaim
 ---
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
  name: cloudmoa-topology-agent
  namespace: $CLOUDMOA_NAMESPACE
  labels:
    app: cloudmoa-topology-agent
 spec:
  selector:
    matchLabels:
      app: cloudmoa-topology-agent
  template:
    metadata:
      labels:
        app: cloudmoa-topology-agent
    spec:
      hostNetwork: true
      hostPID: true
      tolerations:
      - effect: NoSchedule
        operator: Exists
      - effect: NoExecute
        operator: Exists
      containers:
      - name: metric-agent
        image: $DOCKER_REGISTRY_URL/metric-agent:$IMAGE_TAG
        args:
          - --config.file=/etc/metric-agent/metric-agent.yml
        env:
          - name: CLUSTER_ID
            value: $CLOUDMOA_CLUSTER_ID
          - name: STORAGE_TYPE
            value: datagate
          - name: DATAGATE
            value: $COLLTION_SERVER_DATAGATE_IP:$COLLTION_SERVER_DATAGATE_PORT
          - name: NODE_NAME
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: spec.nodeName
          - name: LOG_LEVEL
            value: "INFO"
        ports:
          - containerPort: 14271
            protocol: TCP
          - containerPort: 14272
            protocol: TCP
        resources:
          limits:
            cpu: 250m
            memory: 180Mi
          requests:
            cpu: 125m
            memory: 90Mi
        volumeMounts:
          - mountPath: /etc/metric-agent/
            name: config-volume
      - image: $DOCKER_REGISTRY_URL/node-exporter
        name: node-agent
        resources:
          limits:
            cpu: 250m
            memory: 180Mi
          requests:
            cpu: 125m
            memory: 90Mi
        ports:
        - containerPort: 9110
          hostPort: 9110
          name: scrape
        args:
        - --path.procfs=/host/proc
        - --path.sysfs=/host/sys
        - --path.rootfs=/host/root
        - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|run|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)
        - --collector.tcpstat
        - --web.listen-address=:9110
        # --log.level=debug
        env:
        - name: GOMAXPROCS
          value: "1"
        volumeMounts:
        - mountPath: /host/proc
          name: proc-volume
          readOnly: false
        - mountPath: /host/sys
          name: sys-volume
          readOnly: false
        - mountPath: /host/root
          mountPropagation: HostToContainer
          name: root-volume
          readOnly: true
      - name: cloudmoa-topology-agent
        image: $DOCKER_REGISTRY_URL/topology-agent:$IMAGE_TAG
        resources:
          requests:
            cpu: 200m
            memory: 512Mi
          limits:
            cpu: 500m
            memory: 600Mi
        securityContext:
          privileged: true
        volumeMounts:
        - mountPath: /host/usr/bin
          name: bin-volume
        - mountPath: /var/run/docker.sock
          name: docker-volume
        - mountPath: /host/proc
          name: proc-volume
        - mountPath: /root
          name: root-volume
        - mountPath: /log
          name: log-volume
        env:
          - name: DATAGATE
            value: $COLLTION_SERVER_DATAGATE_IP:$COLLTION_SERVER_DATAGATE_PORT
          - name: CLUSTER_ID
            value: $CLOUDMOA_CLUSTER_ID
          - name: ROOT_DIRECTORY
            value: /root
          - name: NODE_NAME
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: spec.nodeName
          - name: POD_ID
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: LOG_LEVEL
            value: "INFO"
        livenessProbe:
          httpGet:
            path: /healthz
            port: 18081
          initialDelaySeconds: 30
          timeoutSeconds: 5
      volumes:
      - name: bin-volume
        hostPath:
          path: /usr/bin
          type: Directory
      - name: docker-volume
        hostPath:
          path: /var/run/docker.sock
      - name: proc-volume
        hostPath:
          path: /proc
      - name: root-volume
        hostPath:
          path: /
      - hostPath:
          path: /sys
        name: sys-volume
      - name: log-volume
        hostPath:
          path: /home'
 	WHERE id=2;
 -- Analysis|Log Viewer 에 Container Tab 추가
 INSERT INTO public.auth_resource3 (name, is_deleted, tenant_id) VALUES ('menu|Statistics & Analysis|Log Viewer|Container', false, null);
 INSERT INTO public.menu_meta (id, description, icon, "position", url, auth_resource3_id, scope_level) VALUES (53, 'Log Viewer(Container)', NULL, 13, '', (select id from auth_resource3 where name='menu|Statistics & Analysis|Log Viewer|Container'), 0);
 commit;
--- a/roles/cmoa_install/files/03-ddl-dml/postgres/postgres_insert_ddl.psql
+++ b/roles/cmoa_install/files/03-ddl-dml/postgres/postgres_insert_ddl.psql
@@ -1810,6 +1810,7 @@ CREATE TABLE "cmoa_storageclass_base" (
 	"kind" VARCHAR(30) NOT NULL,
 	"metadata_uid" VARCHAR(40) NOT NULL,
 	"row_index" INTEGER NOT NULL,
 	"metadata_labels" TEXT NULL DEFAULT NULL,
 	"metadata_name" TEXT NULL DEFAULT NULL,
 	"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
 	"metadata_resourceversion" TEXT NULL DEFAULT NULL,
@@ -1853,6 +1854,7 @@ CREATE TABLE "cmoa_clusterrolebinding_base" (
 	"kind" VARCHAR(30) NOT NULL,
 	"metadata_uid" VARCHAR(40) NOT NULL,
 	"row_index" INTEGER NOT NULL,
 	"metadata_labels" TEXT NULL DEFAULT NULL,
 	"metadata_name" TEXT NULL DEFAULT NULL,
 	"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
 	"metadata_resourceversion" TEXT NULL DEFAULT NULL,
@@ -1867,6 +1869,7 @@ CREATE TABLE "cmoa_role_base" (
 	"kind" VARCHAR(30) NOT NULL,
 	"metadata_uid" VARCHAR(40) NOT NULL,
 	"row_index" INTEGER NOT NULL,
 	"metadata_labels" TEXT NULL DEFAULT NULL,
 	"metadata_name" TEXT NULL DEFAULT NULL,
 	"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
 	"metadata_resourceversion" TEXT NULL DEFAULT NULL,
@@ -1881,6 +1884,7 @@ CREATE TABLE "cmoa_rolebinding_base" (
 	"kind" VARCHAR(30) NOT NULL,
 	"metadata_uid" VARCHAR(40) NOT NULL,
 	"row_index" INTEGER NOT NULL,
 	"metadata_labels" TEXT NULL DEFAULT NULL,
 	"metadata_name" TEXT NULL DEFAULT NULL,
 	"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
 	"metadata_resourceversion" TEXT NULL DEFAULT NULL,
@@ -1896,10 +1900,11 @@ CREATE TABLE "cmoa_serviceaccount_base" (
 	"kind" VARCHAR(30) NOT NULL,
 	"metadata_uid" VARCHAR(40) NOT NULL,
 	"row_index" INTEGER NOT NULL,
 	"metadata_labels" TEXT NULL DEFAULT NULL,
 	"metadata_name" TEXT NULL DEFAULT NULL,
 	"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
 	"metadata_resourceversion" TEXT NULL DEFAULT NULL,
 	"metadata_namespace" TEXT NULL DEFAULT NULL,
 	"secrets" TEXT NULL DEFAULT NULL,
 	PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
-);
+);
--- a/roles/cmoa_install/files/03-ddl-dml/postgres/postgres_insert_dml.psql
+++ b/roles/cmoa_install/files/03-ddl-dml/postgres/postgres_insert_dml.psql