rel3.5.6

2024-03-21 10:42:44 +09:00
parent e7f5e332be
commit 49d78dd023
5 changed files with 437 additions and 120 deletions
--- a/cmoa_install.yaml
+++ b/cmoa_install.yaml
@@ -3,9 +3,9 @@
  become: true
  gather_facts: true
  environment:
-    KUBECONFIG: /root/.kube/ansible_config
+    KUBECONFIG: /Users/byeonjunghun/.kube/ansible_config
  vars:
-    REGISTRY: 10.10.43.224:5000/cmoa3
+    REGISTRY: 10.10.43.200:5000/cmoa3
    REPO: "nexus" # dockerhub or nexus
  roles:
    - role: cmoa_install
--- a/6
+++ b/6
@@ -1,11 +1,11 @@
 [master]
-10.10.43.200
+10.10.43.200 ansible_user=root

 [worker1]
-10.10.43.201
+10.10.43.201 ansible_user=root

 [worker2]
-10.10.43.202
+10.10.43.202 ansible_user=root

 [cluster:children]
 master
--- a/roles/cmoa_install/files/03-ddl-dml/postgres/patch/postgres_patch_3.5.6.psql
+++ b/roles/cmoa_install/files/03-ddl-dml/postgres/patch/postgres_patch_3.5.6.psql
@@ -0,0 +1,368 @@
+-- Topology agent와 Metric agent 통합 작업
+UPDATE public.agent_install_file_info
+	SET yaml='---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cloudmoa-cluster-role
+rules:
+  - nonResourceURLs:
+      - "*"
+    verbs:
+      - get
+  - apiGroups:
+      - metrics.k8s.io
+    resources:
+      - pods
+      - nodes
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/stats
+      - endpoints
+      - namespaces
+      - events
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - apps
+    resources:
+      - daemonsets
+      - deployments
+      - deployments/scale
+      - replicasets
+      - replicasets/scale
+      - statefulsets
+      - statefulsets/scale
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+  - apiGroups:
+      - batch
+    resources:
+      - jobs
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+  - apiGroups:
+      - batch
+    resources:
+      - cronjobs
+    verbs:
+      - get
+      - list
+      - update
+  - apiGroups:
+      - storage.j8s.io
+    resources:
+      - storageclasses
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - policy
+    resources:
+      - podsecuritypolicies
+    verbs:
+      - use
+    resourceNames:
+      - imxc-ps
+  - apiGroups:
+      - certificates.k8s.io
+    resourceNames:
+      - kubernetes.io/kube-apiserver-client-kubelet
+    resources:
+      - signers
+    verbs:
+      - approve
+  - apiGroups:
+      - certificates.k8s.io
+    resourceNames:
+      - kubernetes.io/kubelet-serving
+    resources:
+      - signers
+    verbs:
+      - approve
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+      - list
+      - watch
+      - proxy
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/log
+      - nodes/metrics
+      - nodes/proxy
+      - nodes/spec
+      - nodes/stats
+    verbs:
+      - ''*''
+  - apiGroups:
+      - ''*''
+    resources:
+      - ''*''
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cloudmoa-restricted-rb
+  namespace: $CLOUDMOA_NAMESPACE
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: $CLOUDMOA_NAMESPACE
+roleRef:
+  kind: ClusterRole
+  name: cloudmoa-cluster-role
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: cloudmoa-psp
+  namespace: $CLOUDMOA_NAMESPACE
+spec:
+  privileged: true
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  runAsUser:
+    rule: RunAsAny
+  fsGroup:
+    rule: RunAsAny
+  hostPorts:
+    - max: 65535
+      min: 0
+  hostNetwork: true
+  hostPID: true
+  volumes:
+    - configMap
+    - secret
+    - emptyDir
+    - hostPath
+    - projected
+    - downwardAPI
+    - persistentVolumeClaim
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: cloudmoa-topology-agent
+  namespace: $CLOUDMOA_NAMESPACE
+  labels:
+    app: cloudmoa-topology-agent
+spec:
+  selector:
+    matchLabels:
+      app: cloudmoa-topology-agent
+  template:
+    metadata:
+      labels:
+        app: cloudmoa-topology-agent
+    spec:
+      hostNetwork: true
+      hostPID: true
+      tolerations:
+      - effect: NoSchedule
+        operator: Exists
+      - effect: NoExecute
+        operator: Exists
+      containers:
+      - name: metric-agent
+        image: $DOCKER_REGISTRY_URL/metric-agent:$IMAGE_TAG
+        args:
+          - --config.file=/etc/metric-agent/metric-agent.yml
+        env:
+          - name: CLUSTER_ID
+            value: $CLOUDMOA_CLUSTER_ID
+          - name: STORAGE_TYPE
+            value: datagate
+          - name: DATAGATE
+            value: $COLLTION_SERVER_DATAGATE_IP:$COLLTION_SERVER_DATAGATE_PORT
+          - name: NODE_NAME
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: spec.nodeName
+          - name: LOG_LEVEL
+            value: "INFO"
+        ports:
+          - containerPort: 14271
+            protocol: TCP
+          - containerPort: 14272
+            protocol: TCP
+        resources:
+          limits:
+            cpu: 250m
+            memory: 180Mi
+          requests:
+            cpu: 125m
+            memory: 90Mi
+        volumeMounts:
+          - mountPath: /etc/metric-agent/
+            name: config-volume
+      - image: $DOCKER_REGISTRY_URL/node-exporter
+        name: node-agent
+        resources:
+          limits:
+            cpu: 250m
+            memory: 180Mi
+          requests:
+            cpu: 125m
+            memory: 90Mi
+        ports:
+        - containerPort: 9110
+          hostPort: 9110
+          name: scrape
+        args:
+        - --path.procfs=/host/proc
+        - --path.sysfs=/host/sys
+        - --path.rootfs=/host/root
+        - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|run|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)
+        - --collector.tcpstat
+        - --web.listen-address=:9110
+        # --log.level=debug
+        env:
+        - name: GOMAXPROCS
+          value: "1"
+        volumeMounts:
+        - mountPath: /host/proc
+          name: proc-volume
+          readOnly: false
+        - mountPath: /host/sys
+          name: sys-volume
+          readOnly: false
+        - mountPath: /host/root
+          mountPropagation: HostToContainer
+          name: root-volume
+          readOnly: true
+      - name: cloudmoa-topology-agent
+        image: $DOCKER_REGISTRY_URL/topology-agent:$IMAGE_TAG
+        resources:
+          requests:
+            cpu: 200m
+            memory: 512Mi
+          limits:
+            cpu: 500m
+            memory: 600Mi
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - mountPath: /host/usr/bin
+          name: bin-volume
+        - mountPath: /var/run/docker.sock
+          name: docker-volume
+        - mountPath: /host/proc
+          name: proc-volume
+        - mountPath: /root
+          name: root-volume
+        - mountPath: /log
+          name: log-volume
+        env:
+          - name: DATAGATE
+            value: $COLLTION_SERVER_DATAGATE_IP:$COLLTION_SERVER_DATAGATE_PORT
+          - name: CLUSTER_ID
+            value: $CLOUDMOA_CLUSTER_ID
+          - name: ROOT_DIRECTORY
+            value: /root
+          - name: NODE_NAME
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: spec.nodeName
+          - name: POD_ID
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+          - name: NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: LOG_LEVEL
+            value: "INFO"
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 18081
+          initialDelaySeconds: 30
+          timeoutSeconds: 5
+      volumes:
+      - name: bin-volume
+        hostPath:
+          path: /usr/bin
+          type: Directory
+      - name: docker-volume
+        hostPath:
+          path: /var/run/docker.sock
+      - name: proc-volume
+        hostPath:
+          path: /proc
+      - name: root-volume
+        hostPath:
+          path: /
+      - hostPath:
+          path: /sys
+        name: sys-volume
+      - name: log-volume
+        hostPath:
+          path: /home'
+	WHERE id=2;
+
+
+-- Analysis|Log Viewer 에 Container Tab 추가
+INSERT INTO public.auth_resource3 (name, is_deleted, tenant_id) VALUES ('menu|Statistics & Analysis|Log Viewer|Container', false, null);
+INSERT INTO public.menu_meta (id, description, icon, "position", url, auth_resource3_id, scope_level) VALUES (53, 'Log Viewer(Container)', NULL, 13, '', (select id from auth_resource3 where name='menu|Statistics & Analysis|Log Viewer|Container'), 0);
+commit;
+
--- a/roles/cmoa_install/files/03-ddl-dml/postgres/postgres_insert_ddl.psql
+++ b/roles/cmoa_install/files/03-ddl-dml/postgres/postgres_insert_ddl.psql
@@ -1810,6 +1810,7 @@ CREATE TABLE "cmoa_storageclass_base" (
 	"kind" VARCHAR(30) NOT NULL,
 	"metadata_uid" VARCHAR(40) NOT NULL,
 	"row_index" INTEGER NOT NULL,
+	"metadata_labels" TEXT NULL DEFAULT NULL,
 	"metadata_name" TEXT NULL DEFAULT NULL,
 	"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
 	"metadata_resourceversion" TEXT NULL DEFAULT NULL,
@@ -1853,6 +1854,7 @@ CREATE TABLE "cmoa_clusterrolebinding_base" (
 	"kind" VARCHAR(30) NOT NULL,
 	"metadata_uid" VARCHAR(40) NOT NULL,
 	"row_index" INTEGER NOT NULL,
+	"metadata_labels" TEXT NULL DEFAULT NULL,
 	"metadata_name" TEXT NULL DEFAULT NULL,
 	"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
 	"metadata_resourceversion" TEXT NULL DEFAULT NULL,
@@ -1867,6 +1869,7 @@ CREATE TABLE "cmoa_role_base" (
 	"kind" VARCHAR(30) NOT NULL,
 	"metadata_uid" VARCHAR(40) NOT NULL,
 	"row_index" INTEGER NOT NULL,
+	"metadata_labels" TEXT NULL DEFAULT NULL,
 	"metadata_name" TEXT NULL DEFAULT NULL,
 	"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
 	"metadata_resourceversion" TEXT NULL DEFAULT NULL,
@@ -1881,6 +1884,7 @@ CREATE TABLE "cmoa_rolebinding_base" (
 	"kind" VARCHAR(30) NOT NULL,
 	"metadata_uid" VARCHAR(40) NOT NULL,
 	"row_index" INTEGER NOT NULL,
+	"metadata_labels" TEXT NULL DEFAULT NULL,
 	"metadata_name" TEXT NULL DEFAULT NULL,
 	"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
 	"metadata_resourceversion" TEXT NULL DEFAULT NULL,
@@ -1896,6 +1900,7 @@ CREATE TABLE "cmoa_serviceaccount_base" (
 	"kind" VARCHAR(30) NOT NULL,
 	"metadata_uid" VARCHAR(40) NOT NULL,
 	"row_index" INTEGER NOT NULL,
+	"metadata_labels" TEXT NULL DEFAULT NULL,
 	"metadata_name" TEXT NULL DEFAULT NULL,
 	"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
 	"metadata_resourceversion" TEXT NULL DEFAULT NULL,
--- a/roles/cmoa_install/files/03-ddl-dml/postgres/postgres_insert_dml.psql
+++ b/roles/cmoa_install/files/03-ddl-dml/postgres/postgres_insert_dml.psql