sa_8001/cmoa_installer_ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: sa_8001:CLOUD-20785
Branches Tags
sa_8001:main sa_8001:CLOUD-20785
...
pull from: sa_8001:main
Branches Tags
sa_8001:main sa_8001:CLOUD-20785

18 Commits
CLOUD-2078 ... main

Author SHA1 Message Date
정훈 변
ca9b7cbac8 Update postgres_insert_dml.psql 2024-03-28 12:10:40 +09:00
정훈 변
43cfdd66a3 Update postgres_insert_ddl.psql 2024-03-28 12:10:21 +09:00
ByeonJungHun
49d78dd023 rel3.5.6 2024-03-21 10:42:44 +09:00
김동우
e7f5e332be Update values.yaml 2024-02-14 18:14:47 +09:00
김동우
6fb4f2b316 cortex fake user 설정값 추가 
:What/Why:
- metric 별 시리즈 제한 해제
- user 별 시리즈 제한 해제

:Tasks:
[CLOUD-23129] [더존] Cortex 설정 변경 후 재기동 사내 테스트
<https://app.clickup.com/t/25540965/CLOUD-23129>
 2024-02-13 14:40:19 +09:00
ByeonJungHun
259511f683 리소스 변경 2023-11-21 17:41:40 +09:00
ByeonJungHun
970022b3b2 리소스 변경 2023-11-20 16:44:44 +09:00
변정훈
4aa10aad33 release 3.5.5 2023-11-14 16:48:01 +09:00
ByeonJungHun
fde65db790 kube-exporter cm add 2023-11-14 14:41:47 +09:00
ByeonJungHun
9d70b3fcef kube-exporter cm 추가 2023-11-14 14:39:37 +09:00
변정훈
648cd26933 디폴트 값 변경 2023-11-13 16:36:49 +09:00
변정훈
c3c4771635 Merge pull request #3 from CloudMOA/CLOUD-20785 
Cloud 20785
 2023-11-13 16:34:43 +09:00
ByeonJungHun
cbbc194d67 release 3.5.5 2023-11-13 16:33:38 +09:00
ByeonJungHun
fab5fb32c9 imxc / imxc-ui affinity 추가 2023-11-09 17:30:57 +09:00
변정훈
5a00cd9ae4 Update cmoa_pgpatch.yaml 2023-11-03 10:06:09 +09:00
변정훈
de2077fca5 Update cmoa_pgpatch.yaml 2023-11-02 17:25:02 +09:00
변정훈
594c698a15 Update ansible.cfg 2023-11-02 17:17:40 +09:00
dongwoo
a23aef7dcc [fix] zookeeper max client connection 설정 
:Why/What:
- broker 동시 재기동 상태에 있을시 경쟁 조건에 빠지는 이슈 대응

:Tasks:
[CLOUD-21364] 씨젠 의료재단 이슈 처리 건
<https://app.clickup.com/t/25540965/CLOUD-21364>
 2023-10-20 13:38:57 +09:00
44 changed files with 2395 additions and 196 deletions
Expand all files Collapse all files

8
README.md
View File

@@ -82,14 +82,10 @@ ansible-playbook -i inventory cmoa_install.yaml
- hosts: cluster - hosts: cluster
become: true become: true
gather_facts: true gather_facts: true
environment:
KUBECONFIG: /root/.kube/ansible_config
vars: vars:
cmoa_namespace: imxc cmoa_namespace: imxc
pg_version: pg_version:
- 3.5.2 - 3.5.5
- 3.5.3
- 3.5.4
roles: roles:
- role: cmoa_pgpatch - role: cmoa_pgpatch
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
@@ -97,4 +93,4 @@ ansible-playbook -i inventory cmoa_install.yaml
|변수|설명|default| |변수|설명|default|
|-----|-----|-----| |-----|-----|-----|
|cmoa_namespace|CMOA가 설치 되어 있는 네임스페이스|imxc| |cmoa_namespace|CMOA가 설치 되어 있는 네임스페이스|imxc|
|pg_version|패치하고자 하는 버전|3.5.2<br>3.5.3<br>3.5.4| |pg_version|패치하고자 하는 버전|3.5.5|

1
ansible.cfg
View File

@@ -5,3 +5,4 @@ deprecation_warnings = False
display_skipped_hosts = no display_skipped_hosts = no
ansible_home = . ansible_home = .
stdout_callback = debug stdout_callback = debug
host_key_checking = False

8
cmoa_infra.yaml Executable file
View File

@@ -0,0 +1,8 @@
---
- hosts: cluster
become: true
gather_facts: true
environment:
KUBECONFIG: /root/.kube/ansible_config
roles:
- role: cmoa_os_setting

4
cmoa_install.yaml
View File

@@ -3,9 +3,9 @@
become: true become: true
gather_facts: true gather_facts: true
environment: environment:
KUBECONFIG: /root/.kube/ansible_config KUBECONFIG: /Users/byeonjunghun/.kube/ansible_config
vars: vars:
REGISTRY: 10.10.31.243:5000/cmoa3 REGISTRY: 10.10.43.200:5000/cmoa3
REPO: "nexus" # dockerhub or nexus REPO: "nexus" # dockerhub or nexus
roles: roles:
- role: cmoa_install - role: cmoa_install

4
cmoa_pgpatch.yaml
View File

@@ -7,9 +7,7 @@
vars: vars:
cmoa_namespace: imxc cmoa_namespace: imxc
pg_version: pg_version:
- 3.5.2 - 3.5.5
- 3.5.3
- 3.5.4
roles: roles:
- role: cmoa_pgpatch - role: cmoa_pgpatch
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1

9
installer.sh
View File

@@ -1,5 +1,7 @@
#!/bin/bash #!/bin/bash
clear
ESC=`printf "\033"`; ESC=`printf "\033"`;
input_key() { input_key() {
@@ -26,7 +28,7 @@ select_menu() {
do do
printf "$ESC[2K$(check_selected $i $SELECTED) $i. ${!i}\n"; printf "$ESC[2K$(check_selected $i $SELECTED) $i. ${!i}\n";
done done
printf "\n$ESC[2KCMOA\nVersion: 3.5.4\n"; printf "\n$ESC[2KCMOA\nVersion: 3.5.5\n";
INPUT=$(input_key); INPUT=$(input_key);
if [[ $INPUT = "" ]]; if [[ $INPUT = "" ]];
then break; then break;
@@ -50,7 +52,7 @@ select_menu() {
} }
select_test() { select_test() {
arr_params=("CMOA INSTALL" "CMOA PG Patch"); arr_params=("CMOA INSTALL" "CMOA PG Patch" "Kubernetes Install (Online Only)");
echo -e "\n"; echo -e "\n";
echo ' ______ __ __ ______ ______ __ __ __ ______ ______ ______ __ __ ______ ______ '; echo ' ______ __ __ ______ ______ __ __ __ ______ ______ ______ __ __ ______ ______ ';
echo '/\ ___\ /\ "-./ \ /\ __ \ /\ __ \ /\ \ /\ "-.\ \ /\ ___\ /\__ _\ /\ __ \ /\ \ /\ \ /\ ___\ /\ == \ '; echo '/\ ___\ /\ "-./ \ /\ __ \ /\ __ \ /\ \ /\ "-.\ \ /\ ___\ /\__ _\ /\ __ \ /\ \ /\ \ /\ ___\ /\ == \ ';
@@ -71,6 +73,9 @@ main() {
elif [ $SELECTED -eq 2 ] elif [ $SELECTED -eq 2 ]
then then
ansible-playbook -i inventory cmoa_pgpatch.yaml ansible-playbook -i inventory cmoa_pgpatch.yaml
elif [ $SELECTED -eq 3 ]
then
ansible-playbook -i inventory cmoa_infra.yaml
fi fi
} }
main main

6
inventory
View File

@@ -1,11 +1,11 @@
[master] [master]
10.10.43.210 10.10.43.200 ansible_user=root
[worker1] [worker1]
10.10.43.211 10.10.43.201 ansible_user=root
[worker2] [worker2]
10.10.43.212 10.10.43.202 ansible_user=root
[cluster:children] [cluster:children]
master master

4
roles/cmoa_install/defaults/main.yml
View File

@@ -4,7 +4,7 @@ helm_version: v3.10.3
# cmoa info # cmoa info
cmoa_namespace: imxc cmoa_namespace: imxc
cmoa_version: rel3.5.4 cmoa_version: rel3.5.5
# files/00-default in role # files/00-default in role
docker_secret_file: secret_nexus.yaml docker_secret_file: secret_nexus.yaml
@@ -49,7 +49,7 @@ keycloak_realm: exem
# Keycloak administration console user # Keycloak administration console user
keycloak_admin_user: admin keycloak_admin_user: admin
keycloak_admin_password: cmoaA13!# keycloak_admin_password: admin
keycloak_auth_realm: master keycloak_auth_realm: master
keycloak_auth_client: admin-cli keycloak_auth_client: admin-cli
keycloak_context: /auth keycloak_context: /auth

2
roles/cmoa_install/files/02-base/base/charts/analysis/templates/imxc-metric-analyzer-worker.yaml
View File

@@ -6,7 +6,7 @@ metadata:
name: metric-analyzer-worker name: metric-analyzer-worker
namespace: imxc namespace: imxc
spec: spec:
replicas: 10 replicas: 3
selector: selector:
matchLabels: matchLabels:
app: metric-analyzer-worker app: metric-analyzer-worker

12
roles/cmoa_install/files/02-base/base/charts/cortex/values.yaml
View File

@@ -202,7 +202,11 @@ runtimeconfigmap:
annotations: {} annotations: {}
# -- https://cortexmetrics.io/docs/configuration/arguments/#runtime-configuration-file # -- https://cortexmetrics.io/docs/configuration/arguments/#runtime-configuration-file
# 설정부 # 설정부
runtime_config: {} runtime_config:
overrides:
"fake":
max_series_per_metric: 0
max_series_per_user: 0
alertmanager: alertmanager:
enabled: true enabled: true
replicas: 1 replicas: 1
@@ -737,7 +741,7 @@ ruler:
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
querier: querier:
replicas: 2 replicas: 3
service: service:
annotations: {} annotations: {}
@@ -839,7 +843,7 @@ querier:
lifecycle: {} lifecycle: {}
query_frontend: query_frontend:
replicas: 2 replicas: 3
service: service:
annotations: {} annotations: {}
@@ -1087,7 +1091,7 @@ configs:
nginx: nginx:
enabled: true enabled: true
replicas: 2 replicas: 1
http_listen_port: 80 http_listen_port: 80
config: config:
dnsResolver: coredns.kube-system.svc.cluster.local dnsResolver: coredns.kube-system.svc.cluster.local

1
roles/cmoa_install/files/02-base/base/charts/zookeeper/templates/0.config.yaml
View File

@@ -19,7 +19,6 @@ data:
dataDir=/var/lib/zookeeper/data dataDir=/var/lib/zookeeper/data
dataLogDir=/var/lib/zookeeper/log dataLogDir=/var/lib/zookeeper/log
clientPort=2181 clientPort=2181
maxClientCnxns=1
initLimit=5 initLimit=5
syncLimit=2 syncLimit=2
server.1=zookeeper-0.zookeeper-headless.imxc.svc.cluster.local:2888:3888:participant server.1=zookeeper-0.zookeeper-headless.imxc.svc.cluster.local:2888:3888:participant

673
roles/cmoa_install/files/03-ddl-dml/postgres/patch/postgres_patch_3.5.5.psql Normal file
View File

@@ -0,0 +1,673 @@
-- CLOUD-20862 | Topology Agent | 리더 선출 로직 개선
-- Auto-generated SQL script #202310121749
UPDATE public.agent_install_file_info
SET yaml='---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cloudmoa-cluster-role
rules:
- nonResourceURLs:
- "*"
verbs:
- get
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- nodes/stats
- endpoints
- namespaces
- events
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- deployments/scale
- replicasets
- replicasets/scale
- statefulsets
- statefulsets/scale
verbs:
- get
- list
- watch
- update
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- list
- watch
- update
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- get
- list
- update
- apiGroups:
- storage.j8s.io
resources:
- storageclasses
verbs:
- get
- list
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- imxc-ps
- apiGroups:
- certificates.k8s.io
resourceNames:
- kubernetes.io/kube-apiserver-client-kubelet
resources:
- signers
verbs:
- approve
- apiGroups:
- certificates.k8s.io
resourceNames:
- kubernetes.io/kubelet-serving
resources:
- signers
verbs:
- approve
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- proxy
- apiGroups:
- ""
resources:
- nodes/log
- nodes/metrics
- nodes/proxy
- nodes/spec
- nodes/stats
verbs:
- ''*''
- apiGroups:
- ''*''
resources:
- ''*''
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cloudmoa-restricted-rb
namespace: $CLOUDMOA_NAMESPACE
subjects:
- kind: ServiceAccount
name: default
namespace: $CLOUDMOA_NAMESPACE
roleRef:
kind: ClusterRole
name: cloudmoa-cluster-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: cloudmoa-psp
namespace: $CLOUDMOA_NAMESPACE
spec:
privileged: true
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
hostPorts:
- max: 65535
min: 0
hostNetwork: true
hostPID: true
volumes:
- configMap
- secret
- emptyDir
- hostPath
- projected
- downwardAPI
- persistentVolumeClaim
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: cloudmoa-topology-agent
namespace: $CLOUDMOA_NAMESPACE
labels:
app: cloudmoa-topology-agent
spec:
selector:
matchLabels:
app: cloudmoa-topology-agent
template:
metadata:
labels:
app: cloudmoa-topology-agent
spec:
hostNetwork: true
hostPID: true
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
containers:
- image: $DOCKER_REGISTRY_URL/node-exporter
name: node-agent
resources:
limits:
cpu: 250m
memory: 180Mi
requests:
cpu: 125m
memory: 90Mi
ports:
- containerPort: 9110
hostPort: 9110
name: scrape
args:
- --path.procfs=/host/proc
- --path.sysfs=/host/sys
- --path.rootfs=/host/root
- --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|run|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)
- --collector.tcpstat
- --web.listen-address=:9110
# --log.level=debug
env:
- name: GOMAXPROCS
value: "1"
volumeMounts:
- mountPath: /host/proc
name: proc-volume
readOnly: false
- mountPath: /host/sys
name: sys-volume
readOnly: false
- mountPath: /host/root
mountPropagation: HostToContainer
name: root-volume
readOnly: true
- name: cloudmoa-topology-agent
image: $DOCKER_REGISTRY_URL/topology-agent:$IMAGE_TAG
resources:
requests:
cpu: 200m
memory: 512Mi
limits:
cpu: 500m
memory: 600Mi
securityContext:
privileged: true
volumeMounts:
- mountPath: /host/usr/bin
name: bin-volume
- mountPath: /var/run/docker.sock
name: docker-volume
- mountPath: /host/proc
name: proc-volume
- mountPath: /root
name: root-volume
- mountPath: /log
name: log-volume
env:
- name: DATAGATE
value: $COLLTION_SERVER_DATAGATE_IP:$COLLTION_SERVER_DATAGATE_PORT
- name: CLUSTER_ID
value: $CLOUDMOA_CLUSTER_ID
- name: ROOT_DIRECTORY
value: /root
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: POD_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LOG_LEVEL
value: "INFO"
livenessProbe:
httpGet:
path: /healthz
port: 18081
initialDelaySeconds: 30
timeoutSeconds: 5
volumes:
- name: bin-volume
hostPath:
path: /usr/bin
type: Directory
- name: docker-volume
hostPath:
path: /var/run/docker.sock
- name: proc-volume
hostPath:
path: /proc
- name: root-volume
hostPath:
path: /
- hostPath:
path: /sys
name: sys-volume
- name: log-volume
hostPath:
path: /home'
WHERE id=2;
-- CLOUD-18687 otel-trace agent 추가
INSERT INTO public.agent_install_file_info (id, name, type, description, version, yaml, use_yn, created_date,
modified_date)
VALUES (8, 'otel-trace', 'agent',
'CloudMOA에서는 고객사에서 운영 중인 application의 TPS, 서비스 연관관계 등의 데이터를 얻기 위해서 Opentelemetry를 사용하며, Opentelemetry 사용을 위해 애플리케이션의 instrumentation이 필요합니다.',
null, '---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: otel-trace-agent
namespace: $CLOUDMOA_NAMESPACE
labels:
app: otel-trace-agent
spec:
selector:
matchLabels:
app: otel-trace-agent
template:
metadata:
labels:
app: otel-trace-agent
spec:
containers:
- image: $DOCKER_REGISTRY_URL/otel-trace-agent:$IMAGE_TAG
imagePullPolicy: Always
name: otel-trace-agent
resources:
requests:
cpu: 100m
memory: 50Mi
limits:
cpu: 200m
memory: 100Mi
ports:
- containerPort: 4317
protocol: TCP
env:
- name: CMOA_LOG_LEVEL
value: "INFO"
- name: CMOA_CLUSTER_ID
value: $CLOUDMOA_CLUSTER_ID
- name: CMOA_DATAGATE
value: $COLLTION_SERVER_DATAGATE_IP:$COLLTION_SERVER_DATAGATE_PORT
volumeMounts:
- name: config
mountPath: /CloudMOA/default_config.yaml
subPath: default_config.yaml
volumes:
- name: config
configMap:
name: otel-trace-agent-config
items:
- key: config.yaml
path: default_config.yaml
---
apiVersion: v1
kind: Service
metadata:
name: otel-trace-agent
namespace: $CLOUDMOA_NAMESPACE
labels:
app: otel-trace-agent
spec:
ports:
- name: otel-port
port: 4317
protocol: TCP
targetPort: 4317
selector:
app: otel-trace-agent
type: ClusterIP
---
apiVersion: v1
kind: ConfigMap
metadata:
name: otel-trace-agent-config
namespace: $CLOUDMOA_NAMESPACE
data:
config.yaml: |
receivers:
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
processors:
batch:
probabilistic_sampler:
hash_seed: 22
sampling_percentage: 100
exporters:
# cmoaexporter 설정
cmoaexporter:
api:
endpoint: "127.0.0.1:7070"
traces:
endpoint: "127.0.0.1:7070"
tls:
enable: false
skip_host_verify: true
ca_file: ""
cert_file: ""
key_file: ""
queue:
enabled: true
service:
pipelines:
traces:
receivers: [otlp]
processors: [batch, probabilistic_sampler]
exporters: [cmoaexporter]');
-- CLOUD-21306 | Redis Metric Meta 패치
-- Auto-generated SQL script #202310171617
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_keyspace_misses_total{{filter}}[5m]))'
WHERE id='redis_keyspace_misses';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_keyspace_hits_total{{filter}}[5m]))'
WHERE id='redis_keyspace_hits';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_connections_received_total{{filter}}[5m]))'
WHERE id='redis_connections_received';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_cpu_sys_children_seconds_total{{filter}}[5m]))'
WHERE id='redis_used_cpu_sys_children';
UPDATE public.metric_meta2
SET expr='sum by (data_type, xm_clst_id, xm_namespace, xm_node_id, instance) (
label_replace(rate(redis_cpu_sys_seconds_total{{filter}}[5m]), "data_type", "system", "", "") or
label_replace(rate(redis_cpu_user_seconds_total{{filter}}[5m]), "data_type", "user", "", "") )'
WHERE id='redis_cpu_usage';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_cpu_user_seconds_total{{filter}}[5m]))'
WHERE id='redis_used_cpu_user';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (redis_connected_slaves{{filter}})'
WHERE id='redis_connected_slaves';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance, cmd) (rate(redis_commands_total{{filter}}[5m]))'
WHERE id='redis_commands_total';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (redis_memory_used_bytes{{filter}}) / 1048576'
WHERE id='redis_memory_used_size';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (redis_allocator_resident_bytes{{filter}}) / 1048576'
WHERE id='redis_allocator_resident_size';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_cpu_sys_seconds_total{{filter}}[5m]))'
WHERE id='redis_used_cpu_sys';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_cpu_user_children_seconds_total{{filter}} [5m]))'
WHERE id='redis_used_cpu_user_children';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (redis_up{{filter}})'
WHERE id='redis_up';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (redis_allocator_allocated_bytes{{filter}}) / 1048576'
WHERE id='redis_allocator_allocated_size';
UPDATE public.metric_meta2
SET expr='sum by (data_type, xm_clst_id, xm_namespace, xm_node_id, instance) (
label_replace(rate(redis_connections_received_total{{filter}} [5m]), "data_type", "received connections", "", "") or
label_replace(rate(redis_rejected_connections_total{{filter}} [5m]), "data_type", "rejected connections", "", "") or
label_replace(redis_connected_clients{{filter}}, "data_type", "connected clients", "", "") or
label_replace(redis_blocked_clients{{filter}}, "data_type", "blocked clients", "", "") )'
WHERE id='count_by_connection_type';
UPDATE public.metric_meta2
SET expr='sum by (data_type, xm_clst_id, xm_namespace, xm_node_id, instance) (
label_replace(redis_allocator_active_bytes{{filter}} / 1048576, "data_type", "active", "" , "") or
label_replace(redis_memory_used_bytes{{filter}} / 1048576, "data_type", "used", "" , "") or
label_replace(redis_allocator_allocated_bytes{{filter}} / 1048576, "data_type", "allocated", "" , "") or
label_replace(redis_allocator_resident_bytes{{filter}} / 1048576, "data_type", "resident", "" , "") )'
WHERE id='redis_memory_total';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance, cmd) (rate(redis_commands_duration_seconds_total{{filter}}[5m]) * 1000)'
WHERE id='redis_commands_duration_seconds';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_rejected_connections_total{{filter}}[5m]))'
WHERE id='redis_rejected_connections';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (redis_blocked_clients{{filter}})'
WHERE id='redis_blocked_clients';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance, slave_ip, slave_port) (rate(redis_connected_slave_offset_bytes{{filter}}[5m]))'
WHERE id='redis_connected_slave_offset_bytes';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance, db) (redis_db_keys_expiring{{filter}})'
WHERE id='redis_db_keys_expiring';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_evicted_keys_total{{filter}}[5m]))'
WHERE id='redis_evicted_keys';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (redis_connected_clients{{filter}})'
WHERE id='redis_connected_clients';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance, slave_ip, slave_port) (rate(redis_connected_slave_lag_seconds{{filter}}[5m]))'
WHERE id='redis_connected_slave_lag_seconds';
UPDATE public.metric_meta2
SET expr='sum by (data_type, xm_clst_id, xm_namespace, xm_node_id, instance) (
label_replace(rate(redis_keyspace_hits_total{{filter}} [5m]), "data_type", "hits", "" , "") or
label_replace(rate(redis_keyspace_misses_total{{filter}} [5m]), "data_type", "misses", "" , "") )'
WHERE id='redis_key_hit_raito';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_commands_processed_total{{filter}}[5m]))'
WHERE id='redis_commands_processed';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_expired_keys_total{{filter}}[5m]))'
WHERE id='redis_expired_keys';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance, db) (redis_db_keys{{filter}})'
WHERE id='redis_db_keys';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (redis_allocator_active_bytes{{filter}}) / 1048576'
WHERE id='redis_allocator_active_size';
-- Reason OOMKilled
INSERT INTO public.metric_meta2 (id,meta_name,description,expr,resource_type,entity_type,groupby_keys,in_use,message)
VALUES ('count_pod_oomkilled','OOMKilled of Pods By Workload','OOMKilled of Pods By Workload','count by (xm_clst_id, xm_pod_id, xm_cont_name, xm_namespace) (imxc_pod_container_status_terminated_reason_oom{{filter}})','State','Workload','xm_clst_id, xm_namespace, xm_pod_id',TRUE,'CLST:{{$labels.xm_clst_id}} POD:{{$labels.xm_pod_id}} NS:{{$labels.xm_namespace}}.');
-- Last Reason OOMKilled
INSERT INTO public.metric_meta2 (id,meta_name,description,expr,resource_type,entity_type,groupby_keys,in_use,message)
VALUES ('count_pod_last_oomkilled','Last OOMKilled of Pods By Workload','Last OOMKilled of Pods By Workload','count by (xm_clst_id, xm_pod_id, xm_cont_name, xm_namespace) (imxc_pod_container_status_last_terminated_reason_oom{{filter}})','State','Workload','xm_clst_id, xm_namespace, xm_pod_id', TRUE,'CLST:{{$labels.xm_clst_id}} POD:{{$labels.xm_pod_id}} NS:{{$labels.xm_namespace}}.');
-- Configuration Menu 추가
INSERT INTO public.auth_resource2 (access_type, name, parent_id, type) VALUES (4, 'Configuration', (select id from auth_resource2 where type='menu' and name='Workloads'), 'menu');
INSERT INTO public.auth_resource3 (name, is_deleted, tenant_id) VALUES ('menu|Workloads|Configuration', false, null);
INSERT INTO public.menu_meta (id, description, icon, "position", url, auth_resource3_id, scope_level) VALUES (16, 'Pods', NULL, 9, 'configurationWorkloads', (select id from auth_resource3 where name='menu|Workloads|Configuration'), 3);
-- log parsing 관련 metric meta rate연산 삭제
UPDATE metric_meta2 SET expr = 'count by (xm_clst_id, xm_node_id, xm_namespace, xm_pod_id, xm_regex) (log_metric_counter_cmoa_metric{{filter}})' WHERE id = 'count_pod_log_parsing';
CREATE TABLE "intermax" (
"cluster_id" VARCHAR(128) NOT NULL,
"namespace" VARCHAR(128) NOT NULL,
"url" VARCHAR(256) NULL DEFAULT NULL,
"service_name" VARCHAR(128) NULL DEFAULT NULL,
PRIMARY KEY ("cluster_id", "namespace")
);
-- Configuration Table 생성
CREATE TABLE "cmoa_storageclass_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"provisioner" TEXT NULL DEFAULT NULL,
"reclaimpolicy" TEXT NULL DEFAULT NULL,
"volumebindingmode" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
CREATE TABLE "cmoa_ingress_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"metadata_namespace" TEXT NULL DEFAULT NULL,
"spec_rules" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
CREATE TABLE "cmoa_clusterrole_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"metadata_labels" TEXT NULL DEFAULT NULL,
"rules" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
CREATE TABLE "cmoa_clusterrolebinding_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"subjects" TEXT NULL DEFAULT NULL,
"roleref" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
CREATE TABLE "cmoa_role_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"metadata_namespace" TEXT NULL DEFAULT NULL,
"rules" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
CREATE TABLE "cmoa_rolebinding_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"metadata_namespace" TEXT NULL DEFAULT NULL,
"subjects" TEXT NULL DEFAULT NULL,
"roleref" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
CREATE TABLE "cmoa_serviceaccount_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"metadata_namespace" TEXT NULL DEFAULT NULL,
"secrets" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
commit;

368
roles/cmoa_install/files/03-ddl-dml/postgres/patch/postgres_patch_3.5.6.psql Normal file
View File

@@ -0,0 +1,368 @@
-- Topology agent와 Metric agent 통합 작업
UPDATE public.agent_install_file_info
SET yaml='---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cloudmoa-cluster-role
rules:
- nonResourceURLs:
- "*"
verbs:
- get
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- nodes/stats
- endpoints
- namespaces
- events
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- deployments/scale
- replicasets
- replicasets/scale
- statefulsets
- statefulsets/scale
verbs:
- get
- list
- watch
- update
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- list
- watch
- update
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- get
- list
- update
- apiGroups:
- storage.j8s.io
resources:
- storageclasses
verbs:
- get
- list
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- imxc-ps
- apiGroups:
- certificates.k8s.io
resourceNames:
- kubernetes.io/kube-apiserver-client-kubelet
resources:
- signers
verbs:
- approve
- apiGroups:
- certificates.k8s.io
resourceNames:
- kubernetes.io/kubelet-serving
resources:
- signers
verbs:
- approve
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- proxy
- apiGroups:
- ""
resources:
- nodes/log
- nodes/metrics
- nodes/proxy
- nodes/spec
- nodes/stats
verbs:
- ''*''
- apiGroups:
- ''*''
resources:
- ''*''
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cloudmoa-restricted-rb
namespace: $CLOUDMOA_NAMESPACE
subjects:
- kind: ServiceAccount
name: default
namespace: $CLOUDMOA_NAMESPACE
roleRef:
kind: ClusterRole
name: cloudmoa-cluster-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: cloudmoa-psp
namespace: $CLOUDMOA_NAMESPACE
spec:
privileged: true
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
hostPorts:
- max: 65535
min: 0
hostNetwork: true
hostPID: true
volumes:
- configMap
- secret
- emptyDir
- hostPath
- projected
- downwardAPI
- persistentVolumeClaim
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: cloudmoa-topology-agent
namespace: $CLOUDMOA_NAMESPACE
labels:
app: cloudmoa-topology-agent
spec:
selector:
matchLabels:
app: cloudmoa-topology-agent
template:
metadata:
labels:
app: cloudmoa-topology-agent
spec:
hostNetwork: true
hostPID: true
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
containers:
- name: metric-agent
image: $DOCKER_REGISTRY_URL/metric-agent:$IMAGE_TAG
args:
- --config.file=/etc/metric-agent/metric-agent.yml
env:
- name: CLUSTER_ID
value: $CLOUDMOA_CLUSTER_ID
- name: STORAGE_TYPE
value: datagate
- name: DATAGATE
value: $COLLTION_SERVER_DATAGATE_IP:$COLLTION_SERVER_DATAGATE_PORT
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: LOG_LEVEL
value: "INFO"
ports:
- containerPort: 14271
protocol: TCP
- containerPort: 14272
protocol: TCP
resources:
limits:
cpu: 250m
memory: 180Mi
requests:
cpu: 125m
memory: 90Mi
volumeMounts:
- mountPath: /etc/metric-agent/
name: config-volume
- image: $DOCKER_REGISTRY_URL/node-exporter
name: node-agent
resources:
limits:
cpu: 250m
memory: 180Mi
requests:
cpu: 125m
memory: 90Mi
ports:
- containerPort: 9110
hostPort: 9110
name: scrape
args:
- --path.procfs=/host/proc
- --path.sysfs=/host/sys
- --path.rootfs=/host/root
- --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|run|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)
- --collector.tcpstat
- --web.listen-address=:9110
# --log.level=debug
env:
- name: GOMAXPROCS
value: "1"
volumeMounts:
- mountPath: /host/proc
name: proc-volume
readOnly: false
- mountPath: /host/sys
name: sys-volume
readOnly: false
- mountPath: /host/root
mountPropagation: HostToContainer
name: root-volume
readOnly: true
- name: cloudmoa-topology-agent
image: $DOCKER_REGISTRY_URL/topology-agent:$IMAGE_TAG
resources:
requests:
cpu: 200m
memory: 512Mi
limits:
cpu: 500m
memory: 600Mi
securityContext:
privileged: true
volumeMounts:
- mountPath: /host/usr/bin
name: bin-volume
- mountPath: /var/run/docker.sock
name: docker-volume
- mountPath: /host/proc
name: proc-volume
- mountPath: /root
name: root-volume
- mountPath: /log
name: log-volume
env:
- name: DATAGATE
value: $COLLTION_SERVER_DATAGATE_IP:$COLLTION_SERVER_DATAGATE_PORT
- name: CLUSTER_ID
value: $CLOUDMOA_CLUSTER_ID
- name: ROOT_DIRECTORY
value: /root
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: POD_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LOG_LEVEL
value: "INFO"
livenessProbe:
httpGet:
path: /healthz
port: 18081
initialDelaySeconds: 30
timeoutSeconds: 5
volumes:
- name: bin-volume
hostPath:
path: /usr/bin
type: Directory
- name: docker-volume
hostPath:
path: /var/run/docker.sock
- name: proc-volume
hostPath:
path: /proc
- name: root-volume
hostPath:
path: /
- hostPath:
path: /sys
name: sys-volume
- name: log-volume
hostPath:
path: /home'
WHERE id=2;
-- Analysis|Log Viewer 에 Container Tab 추가
INSERT INTO public.auth_resource3 (name, is_deleted, tenant_id) VALUES ('menu|Statistics & Analysis|Log Viewer|Container', false, null);
INSERT INTO public.menu_meta (id, description, icon, "position", url, auth_resource3_id, scope_level) VALUES (53, 'Log Viewer(Container)', NULL, 13, '', (select id from auth_resource3 where name='menu|Statistics & Analysis|Log Viewer|Container'), 0);
commit;

116
roles/cmoa_install/files/03-ddl-dml/postgres/postgres_insert_ddl.psql
View File

@@ -1792,3 +1792,119 @@ create table public.audit_log
target jsonb target jsonb
); );
create table public.intermax
(
cluster_id varchar(128) not null,
namespace varchar(128) not null,
url varchar(256),
service_name varchar(128),
constraint intermax_pk
primary key (cluster_id, namespace)
);
-- Configuration Table 생성
CREATE TABLE "cmoa_storageclass_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_labels" TEXT NULL DEFAULT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"provisioner" TEXT NULL DEFAULT NULL,
"reclaimpolicy" TEXT NULL DEFAULT NULL,
"volumebindingmode" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
CREATE TABLE "cmoa_ingress_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"metadata_namespace" TEXT NULL DEFAULT NULL,
"spec_rules" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
CREATE TABLE "cmoa_clusterrole_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"metadata_labels" TEXT NULL DEFAULT NULL,
"rules" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
CREATE TABLE "cmoa_clusterrolebinding_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_labels" TEXT NULL DEFAULT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"subjects" TEXT NULL DEFAULT NULL,
"roleref" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
CREATE TABLE "cmoa_role_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_labels" TEXT NULL DEFAULT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"metadata_namespace" TEXT NULL DEFAULT NULL,
"rules" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
CREATE TABLE "cmoa_rolebinding_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_labels" TEXT NULL DEFAULT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"metadata_namespace" TEXT NULL DEFAULT NULL,
"subjects" TEXT NULL DEFAULT NULL,
"roleref" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
CREATE TABLE "cmoa_serviceaccount_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_labels" TEXT NULL DEFAULT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"metadata_namespace" TEXT NULL DEFAULT NULL,
"secrets" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);

455
roles/cmoa_install/files/03-ddl-dml/postgres/postgres_insert_dml.psql
View File

File diff suppressed because one or more lines are too long

2
roles/cmoa_install/files/04-keycloak/templates/statefulset.yaml
View File

@@ -91,7 +91,7 @@ spec:
# name: keycloak-secret # name: keycloak-secret
# key: KEYCLOAK_MASTER_USERNAME # key: KEYCLOAK_MASTER_USERNAME
- name: KEYCLOAK_PASSWORD - name: KEYCLOAK_PASSWORD
value: "cmoaA13!#" value: "admin"
#valueFrom: #valueFrom:
# secretKeyRef: # secretKeyRef:
# name: keycloak-secret # name: keycloak-secret

2
roles/cmoa_install/files/04-keycloak/values.yaml
View File

@@ -5,7 +5,7 @@ fullnameOverride: "imxc-keycloak"
nameOverride: "" nameOverride: ""
# The number of replicas to create (has no effect if autoscaling enabled) # The number of replicas to create (has no effect if autoscaling enabled)
replicas: 2 replicas: 1
image: image:
# The Keycloak image repository # The Keycloak image repository

9
roles/cmoa_install/files/05-imxc/cmoa-manual.yaml
View File

@@ -13,6 +13,15 @@ spec:
labels: labels:
app: manual app: manual
spec: spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker2
containers: containers:
- name: manual - name: manual
image: {{ .Values.global.IMXC_IN_REGISTRY }}/manual:{{ .Values.global.CMOA_MANUAL_VERSION }} image: {{ .Values.global.IMXC_IN_REGISTRY }}/manual:{{ .Values.global.CMOA_MANUAL_VERSION }}

2
roles/cmoa_install/files/05-imxc/scripts/init-auth-server.sh
View File

@@ -6,7 +6,7 @@
STATUS_CODE="$(curl -s -o /dev/null -w '%{http_code}' http://imxc-keycloak-http/auth/realms/exem)" STATUS_CODE="$(curl -s -o /dev/null -w '%{http_code}' http://imxc-keycloak-http/auth/realms/exem)"
if [ $STATUS_CODE -eq 404 ]; then if [ $STATUS_CODE -eq 404 ]; then
TOKEN="$(curl -s -d "client_id=admin-cli" -d "username=admin" -d "password=cmoaA13!#" -d "grant_type=password" http://imxc-keycloak-http/auth/realms/master/protocol/openid-connect/token | jq -r '.access_token')" TOKEN="$(curl -s -d "client_id=admin-cli" -d "username=admin" -d "password=admin" -d "grant_type=password" http://imxc-keycloak-http/auth/realms/master/protocol/openid-connect/token | jq -r '.access_token')"
echo $TOKEN echo $TOKEN

11
roles/cmoa_install/files/05-imxc/templates/auth-server.yaml
View File

@@ -13,6 +13,15 @@ spec:
labels: labels:
app: auth app: auth
spec: spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker1
initContainers: initContainers:
- name: init-resource - name: init-resource
image: {{ .Values.global.IMXC_IN_REGISTRY }}/init-resource:latest image: {{ .Values.global.IMXC_IN_REGISTRY }}/init-resource:latest
@@ -54,6 +63,8 @@ spec:
# 현대카드는 커스텀으로 해당 값 추가. keycloak만 사용(true), keycloak+내부db 사용(false) # 현대카드는 커스텀으로 해당 값 추가. keycloak만 사용(true), keycloak+내부db 사용(false)
- name: IMXC_KEYCLOAK_ENABLED - name: IMXC_KEYCLOAK_ENABLED
value: "true" value: "true"
- name: IMXC_KEYCLOAK_MASTER_PASSWORD
value: admin
volumeMounts: volumeMounts:
- name: init - name: init

9
roles/cmoa_install/files/05-imxc/templates/cloudmoa-datagate.yaml
View File

@@ -15,6 +15,15 @@ spec:
labels: labels:
app: datagate app: datagate
spec: spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker1
containers: containers:
- image: {{ .Values.global.IMXC_IN_REGISTRY }}/datagate:{{ .Values.global.DATAGATE_VERSION }} - image: {{ .Values.global.IMXC_IN_REGISTRY }}/datagate:{{ .Values.global.DATAGATE_VERSION }}
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent

20
roles/cmoa_install/files/05-imxc/templates/cloudmoa-metric-agent.yaml
View File

@@ -17,6 +17,15 @@ spec:
labels: labels:
app: metric-agent app: metric-agent
spec: spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker1
containers: containers:
- name: metric-agent - name: metric-agent
image: {{ .Values.global.IMXC_IN_REGISTRY }}/metric-agent:{{ .Values.global.METRIC_AGENT_VERSION }} image: {{ .Values.global.IMXC_IN_REGISTRY }}/metric-agent:{{ .Values.global.METRIC_AGENT_VERSION }}
@@ -80,6 +89,17 @@ data:
evaluation_interval: 5s # Evaluate rules every 15 seconds. The default is every 1 minute. evaluation_interval: 5s # Evaluate rules every 15 seconds. The default is every 1 minute.
scrape_configs: scrape_configs:
# modified by dongwoo 2023-11-14
- job_name: 'cmoa-kube-exporter'
kubernetes_sd_configs:
- role: pod
namespaces:
names:
- imxc
relabel_configs:
- source_labels: [__meta_kubernetes_pod_label_app]
action: keep
regex: cmoa-kube-exporter
- job_name: 'kubernetes-kubelet' - job_name: 'kubernetes-kubelet'
scheme: https scheme: https
tls_config: tls_config:

9
roles/cmoa_install/files/05-imxc/templates/cloudmoa-metric-collector.yaml
View File

@@ -15,6 +15,15 @@ spec:
labels: labels:
app: metric-collector app: metric-collector
spec: spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker1
containers: containers:
- name: metric-collector - name: metric-collector
image: {{ .Values.global.IMXC_IN_REGISTRY }}/metric-collector:{{ .Values.global.METRIC_COLLECTOR_VERSION }} image: {{ .Values.global.IMXC_IN_REGISTRY }}/metric-collector:{{ .Values.global.METRIC_COLLECTOR_VERSION }}

12
roles/cmoa_install/files/05-imxc/templates/cmoa-kube-exporter.yaml Normal file → Executable file
View File

@@ -2,22 +2,22 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
labels: labels:
app: cmoa-pod-exporter app: cmoa-kube-exporter
name: cmoa-pod-exporter name: cmoa-kube-exporter
namespace: imxc namespace: imxc
spec: spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: cmoa-pod-exporter app: cmoa-kube-exporter
template: template:
metadata: metadata:
labels: labels:
app: cmoa-pod-exporter app: cmoa-kube-exporter
spec: spec:
containers: containers:
- image: {{ .Values.global.IMXC_IN_REGISTRY }}/cmoa-pod-exporter:{{ .Values.global.KUBE_EXPORTER_VERSION }} - image: {{ .Values.global.IMXC_IN_REGISTRY }}/cmoa-kube-exporter:{{ .Values.global.KUBE_EXPORTER_VERSION }}
name: cmoa-pod-exporter name: cmoa-kube-exporter
ports: ports:
- containerPort: 8080 - containerPort: 8080
livenessProbe: livenessProbe:

9
roles/cmoa_install/files/05-imxc/templates/cmoa-kube-info-batch.yaml
View File

@@ -15,6 +15,15 @@ spec:
labels: labels:
app: cmoa-kube-info-batch app: cmoa-kube-info-batch
spec: spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker1
containers: containers:
- name: cmoa-kube-info-batch - name: cmoa-kube-info-batch
image: {{ .Values.global.IMXC_IN_REGISTRY }}/kube-info-batch:{{ .Values.global.KUBE_INFO_BATCH_VERSION }} image: {{ .Values.global.IMXC_IN_REGISTRY }}/kube-info-batch:{{ .Values.global.KUBE_INFO_BATCH_VERSION }}

9
roles/cmoa_install/files/05-imxc/templates/cmoa-kube-info-connector.yaml
View File

@@ -15,6 +15,15 @@ spec:
labels: labels:
app: cmoa-kube-info-connector app: cmoa-kube-info-connector
spec: spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker1
containers: containers:
- name: cmoa-kube-info-connector - name: cmoa-kube-info-connector
image: {{ .Values.global.IMXC_IN_REGISTRY }}/kube-info-connector:{{ .Values.global.KUBE_INFO_CONNECTOR_VERSION }} image: {{ .Values.global.IMXC_IN_REGISTRY }}/kube-info-connector:{{ .Values.global.KUBE_INFO_CONNECTOR_VERSION }}

13
roles/cmoa_install/files/05-imxc/templates/cmoa-kube-info-flat.yaml
View File

@@ -15,6 +15,15 @@ spec:
labels: labels:
app: cmoa-kube-info-flat app: cmoa-kube-info-flat
spec: spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker1
containers: containers:
- name: cmoa-kube-info-flat - name: cmoa-kube-info-flat
image: {{ .Values.global.IMXC_IN_REGISTRY }}/kube-info-flat:{{ .Values.global.KUBE_INFO_FLAT_VERSION }} image: {{ .Values.global.IMXC_IN_REGISTRY }}/kube-info-flat:{{ .Values.global.KUBE_INFO_FLAT_VERSION }}
@@ -30,6 +39,6 @@ spec:
value: {{ .Values.global.BLACK_LIST_FALT }} value: {{ .Values.global.BLACK_LIST_FALT }}
resources: resources:
limits: limits:
memory: 1Gi memory: 2Gi
requests: requests:
memory: 200Mi memory: 500Mi

9
roles/cmoa_install/files/05-imxc/templates/cmoa-manual.yaml
View File

@@ -13,6 +13,15 @@ spec:
labels: labels:
app: manual app: manual
spec: spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker1
containers: containers:
- name: manual - name: manual
image: {{ .Values.global.IMXC_IN_REGISTRY }}/manual:{{ .Values.global.CMOA_MANUAL_VERSION }} image: {{ .Values.global.IMXC_IN_REGISTRY }}/manual:{{ .Values.global.CMOA_MANUAL_VERSION }}

9
roles/cmoa_install/files/05-imxc/templates/eureka-server.yaml
View File

@@ -31,6 +31,15 @@ spec:
labels: labels:
app: eureka app: eureka
spec: spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker2
containers: containers:
- name: eureka - name: eureka
image: {{ .Values.global.IMXC_IN_REGISTRY }}/eureka-server:{{ .Values.global.EUREKA_SERVER_VERSION }} image: {{ .Values.global.IMXC_IN_REGISTRY }}/eureka-server:{{ .Values.global.EUREKA_SERVER_VERSION }}

9
roles/cmoa_install/files/05-imxc/templates/imxc-api-server.yaml
View File

@@ -39,6 +39,15 @@ spec:
app: imxc-api app: imxc-api
build: develop build: develop
spec: spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker2
securityContext: securityContext:
#runAsNonRoot: true #runAsNonRoot: true
runAsUser: 1577 runAsUser: 1577

9
roles/cmoa_install/files/05-imxc/templates/imxc-collector.yaml
View File

@@ -18,6 +18,15 @@ items:
labels: labels:
app: cmoa-collector app: cmoa-collector
spec: spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker2
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
runAsUser: 65534 runAsUser: 65534

9
roles/cmoa_install/files/05-imxc/templates/noti-server.yaml
View File

@@ -13,6 +13,15 @@ spec:
labels: labels:
app: noti app: noti
spec: spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker2
containers: containers:
- name: noti-server - name: noti-server
image: {{ .Values.global.IMXC_IN_REGISTRY }}/notification-server:{{ .Values.global.NOTI_SERVER_VERSION }} image: {{ .Values.global.IMXC_IN_REGISTRY }}/notification-server:{{ .Values.global.NOTI_SERVER_VERSION }}

9
roles/cmoa_install/files/05-imxc/templates/streams-depl.yaml
View File

@@ -15,6 +15,15 @@ spec:
labels: labels:
app: kafka-stream-txntrend app: kafka-stream-txntrend
spec: spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker2
containers: containers:
- name: kafka-stream-txntrend - name: kafka-stream-txntrend
image: {{ .Values.global.IMXC_IN_REGISTRY }}/kafka-stream-txntrend:{{ .Values.global.KAFKA_STREAM_VERSION }} image: {{ .Values.global.IMXC_IN_REGISTRY }}/kafka-stream-txntrend:{{ .Values.global.KAFKA_STREAM_VERSION }}

9
roles/cmoa_install/files/05-imxc/templates/zuul-server.yaml
View File

@@ -15,6 +15,15 @@ spec:
labels: labels:
app: cloud app: cloud
spec: spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker2
containers: containers:
- env: - env:
- name: SPRING_PROFILES_ACTIVE - name: SPRING_PROFILES_ACTIVE

2
roles/cmoa_install/files/05-imxc/values.yaml
View File

@@ -86,7 +86,7 @@ global:
KEYCLOAK_AUTH_SERVER_URL: http://111.111.111.111:31082/auth KEYCLOAK_AUTH_SERVER_URL: http://111.111.111.111:31082/auth
KEYCLOAK_RESOURCE: authorization_server KEYCLOAK_RESOURCE: authorization_server
KEYCLOAK_MASTER_USERNAME: admin KEYCLOAK_MASTER_USERNAME: admin
KEYCLOAK_MASTER_PASSWORD: cmoaA13!# KEYCLOAK_MASTER_PASSWORD: admin
IMXC_PORTAL_INFO_URL: IMXC_PORTAL_INFO_URL:
KEYCLOAK_REALM: exem KEYCLOAK_REALM: exem
# added by EunHye Kim 2021-08-25 # added by EunHye Kim 2021-08-25

2
roles/cmoa_install/files/06-imxc-ui/imxc-ui/scripts/init-auth-server.sh
View File

@@ -6,7 +6,7 @@
STATUS_CODE="$(curl -s -o /dev/null -w '%{http_code}' http://imxc-keycloak-http/auth/realms/exem)" STATUS_CODE="$(curl -s -o /dev/null -w '%{http_code}' http://imxc-keycloak-http/auth/realms/exem)"
if [ $STATUS_CODE -eq 404 ]; then if [ $STATUS_CODE -eq 404 ]; then
TOKEN="$(curl -s -d "client_id=admin-cli" -d "username=admin" -d "password=cmoaA13!#" -d "grant_type=password" http://imxc-keycloak-http/auth/realms/master/protocol/openid-connect/token | jq -r '.access_token')" TOKEN="$(curl -s -d "client_id=admin-cli" -d "username=admin" -d "password=admin" -d "grant_type=password" http://imxc-keycloak-http/auth/realms/master/protocol/openid-connect/token | jq -r '.access_token')"
echo $TOKEN echo $TOKEN

10
roles/cmoa_install/files/06-imxc-ui/imxc-ui/templates/imxc-ui-server.yaml
View File

@@ -33,6 +33,16 @@ spec:
labels: labels:
app: imxc-ui app: imxc-ui
spec: spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: cmoa
operator: In
values:
- worker2
containers: containers:
- name: imxc-ui - name: imxc-ui
image: {{ .Values.global.IMXC_IN_REGISTRY }}/ui-server:{{ .Values.global.UI_SERVER_VERSION }} image: {{ .Values.global.IMXC_IN_REGISTRY }}/ui-server:{{ .Values.global.UI_SERVER_VERSION }}

2
roles/cmoa_install/files/values/imxc.j2
View File

@@ -86,7 +86,7 @@ global:
KEYCLOAK_AUTH_SERVER_URL: http://111.111.111.111:31082/auth KEYCLOAK_AUTH_SERVER_URL: http://111.111.111.111:31082/auth
KEYCLOAK_RESOURCE: authorization_server KEYCLOAK_RESOURCE: authorization_server
KEYCLOAK_MASTER_USERNAME: admin KEYCLOAK_MASTER_USERNAME: admin
KEYCLOAK_MASTER_PASSWORD: cmoaA13!# KEYCLOAK_MASTER_PASSWORD: admin
IMXC_PORTAL_INFO_URL: IMXC_PORTAL_INFO_URL:
KEYCLOAK_REALM: exem KEYCLOAK_REALM: exem
# added by EunHye Kim 2021-08-25 # added by EunHye Kim 2021-08-25

6
roles/cmoa_os_setting/defaults/main.yml
View File

@@ -107,16 +107,16 @@ containerd_config:
conf_template: "" conf_template: ""
registry: registry:
configs: configs:
"10.10.31.243:5000": "10.10.43.224:5000":
tls: tls:
insecure_skip_verify: true insecure_skip_verify: true
mirrors: mirrors:
"docker.io": "docker.io":
endpoint: endpoint:
- https://registry-1.docker.io - https://registry-1.docker.io
"10.10.31.243:5000": "10.10.43.224:5000":
endpoint: endpoint:
- "http://10.10.31.243:5000" - "http://10.10.43.224:5000"
x509_key_pair_streaming: x509_key_pair_streaming:
tls_cert_file: "" tls_cert_file: ""
tls_key_file: "" tls_key_file: ""

4
roles/cmoa_password/defaults/main.yml Normal file
View File

@@ -0,0 +1,4 @@
---
cmoa_namespace: imxc
pg_version:
- 3.5.5

7
roles/cmoa_password/files/password.sh Executable file
View File

@@ -0,0 +1,7 @@
KEYCLOAK_HOST=http://10.10.43.210:31082
ADMIN_USER_OLD_PASSWORD="cmoaA13!#"
ADMIN_USER_NEW_PASSWORD=admin
TOKEN=$(curl -s -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d "username=admin&password=$ADMIN_USER_OLD_PASSWORD&client_id=admin-cli&grant_type=password" "$KEYCLOAK_HOST/auth/realms/master/exem/openid-connect/token" | jq -r ".access_token" ;)
curl -s -X PUT -H "Authorization: Bearer $TOKEN" -H "Content-type: application/json;charset=UTF-8" -H 'Accept: application/json' "$KEYCLOAK_HOST/auth/admin/realms/exem/users/admin/reset-password" -d "{\"type\":\"password\",\"value\":\"$ADMIN_USER_NEW_PASSWORD\",\"temporary\":false}"

37
roles/cmoa_password/tasks/main.yml Normal file
View File

@@ -0,0 +1,37 @@
---
- name: 1. Get a list of all pods from the namespace
shell: kubectl -n "{{ cmoa_namespace }}" get pods --no-headers -o custom-columns=":metadata.name" |grep postgres
register: pod_list
when: kubernetes_role == 'master'
- debug:
msg: "{{ pod_list.stdout_lines }}"
when: kubernetes_role == 'master'
- name: 2. Copy psql file in postgres
kubernetes.core.k8s_cp:
namespace: "{{ cmoa_namespace }}"
pod: "{{ pod_list.stdout }}"
remote_path: /tmp/postgres_patch_{{ item }}.psql
local_path: "{{ role_path }}/files/pg-patch/postgres_patch_{{ item }}.psql"
with_items: "{{ pg_version }}"
when: kubernetes_role == 'master'
- name: 3. Execute a command in postgres
kubernetes.core.k8s_exec:
namespace: "{{ cmoa_namespace }}"
pod: "{{ pod_list.stdout }}"
command: bash -c "PGPASSWORD='eorbahrhkswp' && /usr/bin/psql -h 'localhost' -U 'admin' -d 'postgresdb' -f /tmp/postgres_patch_{{ item }}.psql"
register: execute_register
with_items: "{{ pg_version }}"
when: kubernetes_role == 'master'
- debug:
msg: |
______ _ _ _ _____ ___ ___ _____ ___
| ___ \| | | | | | / __ \| \/ || _ | / _ \
| |_/ /| | ___ __ _ ___ ___ _ __ ___ ___ | |_ __ _ _ __ | |_ | / \/| . . || | | |/ /_\ \
| __/ | | / _ \ / _` |/ __| / _ \ | '__| / _ \/ __|| __| / _` || '__|| __| | | | |\/| || | | || _ |
| | | || __/| (_| |\__ \| __/ | | | __/\__ \| |_ | (_| || | | |_ | \__/\| | | |\ \_/ /| | | |
\_| |_| \___| \__,_||___/ \___| |_| \___||___/ \__| \__,_||_| \__| \____/\_| |_/ \___/ \_| |_/
when: kubernetes_role == 'master'

5
roles/cmoa_pgpatch/defaults/main.yml
View File

@@ -1,7 +1,4 @@
--- ---
cmoa_namespace: imxc cmoa_namespace: imxc
pg_version: pg_version:
- 3.5.1 - 3.5.5
- 3.5.2
- 3.5.3
- 3.5.4

673
roles/cmoa_pgpatch/files/pg-patch/postgres_patch_3.5.5.psql Normal file
View File

@@ -0,0 +1,673 @@
-- CLOUD-20862 | Topology Agent | 리더 선출 로직 개선
-- Auto-generated SQL script #202310121749
UPDATE public.agent_install_file_info
SET yaml='---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cloudmoa-cluster-role
rules:
- nonResourceURLs:
- "*"
verbs:
- get
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- nodes/stats
- endpoints
- namespaces
- events
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- deployments/scale
- replicasets
- replicasets/scale
- statefulsets
- statefulsets/scale
verbs:
- get
- list
- watch
- update
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- list
- watch
- update
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- get
- list
- update
- apiGroups:
- storage.j8s.io
resources:
- storageclasses
verbs:
- get
- list
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- imxc-ps
- apiGroups:
- certificates.k8s.io
resourceNames:
- kubernetes.io/kube-apiserver-client-kubelet
resources:
- signers
verbs:
- approve
- apiGroups:
- certificates.k8s.io
resourceNames:
- kubernetes.io/kubelet-serving
resources:
- signers
verbs:
- approve
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- proxy
- apiGroups:
- ""
resources:
- nodes/log
- nodes/metrics
- nodes/proxy
- nodes/spec
- nodes/stats
verbs:
- ''*''
- apiGroups:
- ''*''
resources:
- ''*''
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cloudmoa-restricted-rb
namespace: $CLOUDMOA_NAMESPACE
subjects:
- kind: ServiceAccount
name: default
namespace: $CLOUDMOA_NAMESPACE
roleRef:
kind: ClusterRole
name: cloudmoa-cluster-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: cloudmoa-psp
namespace: $CLOUDMOA_NAMESPACE
spec:
privileged: true
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
hostPorts:
- max: 65535
min: 0
hostNetwork: true
hostPID: true
volumes:
- configMap
- secret
- emptyDir
- hostPath
- projected
- downwardAPI
- persistentVolumeClaim
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: cloudmoa-topology-agent
namespace: $CLOUDMOA_NAMESPACE
labels:
app: cloudmoa-topology-agent
spec:
selector:
matchLabels:
app: cloudmoa-topology-agent
template:
metadata:
labels:
app: cloudmoa-topology-agent
spec:
hostNetwork: true
hostPID: true
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
containers:
- image: $DOCKER_REGISTRY_URL/node-exporter
name: node-agent
resources:
limits:
cpu: 250m
memory: 180Mi
requests:
cpu: 125m
memory: 90Mi
ports:
- containerPort: 9110
hostPort: 9110
name: scrape
args:
- --path.procfs=/host/proc
- --path.sysfs=/host/sys
- --path.rootfs=/host/root
- --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|run|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)
- --collector.tcpstat
- --web.listen-address=:9110
# --log.level=debug
env:
- name: GOMAXPROCS
value: "1"
volumeMounts:
- mountPath: /host/proc
name: proc-volume
readOnly: false
- mountPath: /host/sys
name: sys-volume
readOnly: false
- mountPath: /host/root
mountPropagation: HostToContainer
name: root-volume
readOnly: true
- name: cloudmoa-topology-agent
image: $DOCKER_REGISTRY_URL/topology-agent:$IMAGE_TAG
resources:
requests:
cpu: 200m
memory: 512Mi
limits:
cpu: 500m
memory: 600Mi
securityContext:
privileged: true
volumeMounts:
- mountPath: /host/usr/bin
name: bin-volume
- mountPath: /var/run/docker.sock
name: docker-volume
- mountPath: /host/proc
name: proc-volume
- mountPath: /root
name: root-volume
- mountPath: /log
name: log-volume
env:
- name: DATAGATE
value: $COLLTION_SERVER_DATAGATE_IP:$COLLTION_SERVER_DATAGATE_PORT
- name: CLUSTER_ID
value: $CLOUDMOA_CLUSTER_ID
- name: ROOT_DIRECTORY
value: /root
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: POD_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LOG_LEVEL
value: "INFO"
livenessProbe:
httpGet:
path: /healthz
port: 18081
initialDelaySeconds: 30
timeoutSeconds: 5
volumes:
- name: bin-volume
hostPath:
path: /usr/bin
type: Directory
- name: docker-volume
hostPath:
path: /var/run/docker.sock
- name: proc-volume
hostPath:
path: /proc
- name: root-volume
hostPath:
path: /
- hostPath:
path: /sys
name: sys-volume
- name: log-volume
hostPath:
path: /home'
WHERE id=2;
-- CLOUD-18687 otel-trace agent 추가
INSERT INTO public.agent_install_file_info (id, name, type, description, version, yaml, use_yn, created_date,
modified_date)
VALUES (8, 'otel-trace', 'agent',
'CloudMOA에서는 고객사에서 운영 중인 application의 TPS, 서비스 연관관계 등의 데이터를 얻기 위해서 Opentelemetry를 사용하며, Opentelemetry 사용을 위해 애플리케이션의 instrumentation이 필요합니다.',
null, '---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: otel-trace-agent
namespace: $CLOUDMOA_NAMESPACE
labels:
app: otel-trace-agent
spec:
selector:
matchLabels:
app: otel-trace-agent
template:
metadata:
labels:
app: otel-trace-agent
spec:
containers:
- image: $DOCKER_REGISTRY_URL/otel-trace-agent:$IMAGE_TAG
imagePullPolicy: Always
name: otel-trace-agent
resources:
requests:
cpu: 100m
memory: 50Mi
limits:
cpu: 200m
memory: 100Mi
ports:
- containerPort: 4317
protocol: TCP
env:
- name: CMOA_LOG_LEVEL
value: "INFO"
- name: CMOA_CLUSTER_ID
value: $CLOUDMOA_CLUSTER_ID
- name: CMOA_DATAGATE
value: $COLLTION_SERVER_DATAGATE_IP:$COLLTION_SERVER_DATAGATE_PORT
volumeMounts:
- name: config
mountPath: /CloudMOA/default_config.yaml
subPath: default_config.yaml
volumes:
- name: config
configMap:
name: otel-trace-agent-config
items:
- key: config.yaml
path: default_config.yaml
---
apiVersion: v1
kind: Service
metadata:
name: otel-trace-agent
namespace: $CLOUDMOA_NAMESPACE
labels:
app: otel-trace-agent
spec:
ports:
- name: otel-port
port: 4317
protocol: TCP
targetPort: 4317
selector:
app: otel-trace-agent
type: ClusterIP
---
apiVersion: v1
kind: ConfigMap
metadata:
name: otel-trace-agent-config
namespace: $CLOUDMOA_NAMESPACE
data:
config.yaml: |
receivers:
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
processors:
batch:
probabilistic_sampler:
hash_seed: 22
sampling_percentage: 100
exporters:
# cmoaexporter 설정
cmoaexporter:
api:
endpoint: "127.0.0.1:7070"
traces:
endpoint: "127.0.0.1:7070"
tls:
enable: false
skip_host_verify: true
ca_file: ""
cert_file: ""
key_file: ""
queue:
enabled: true
service:
pipelines:
traces:
receivers: [otlp]
processors: [batch, probabilistic_sampler]
exporters: [cmoaexporter]');
-- CLOUD-21306 | Redis Metric Meta 패치
-- Auto-generated SQL script #202310171617
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_keyspace_misses_total{{filter}}[5m]))'
WHERE id='redis_keyspace_misses';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_keyspace_hits_total{{filter}}[5m]))'
WHERE id='redis_keyspace_hits';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_connections_received_total{{filter}}[5m]))'
WHERE id='redis_connections_received';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_cpu_sys_children_seconds_total{{filter}}[5m]))'
WHERE id='redis_used_cpu_sys_children';
UPDATE public.metric_meta2
SET expr='sum by (data_type, xm_clst_id, xm_namespace, xm_node_id, instance) (
label_replace(rate(redis_cpu_sys_seconds_total{{filter}}[5m]), "data_type", "system", "", "") or
label_replace(rate(redis_cpu_user_seconds_total{{filter}}[5m]), "data_type", "user", "", "") )'
WHERE id='redis_cpu_usage';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_cpu_user_seconds_total{{filter}}[5m]))'
WHERE id='redis_used_cpu_user';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (redis_connected_slaves{{filter}})'
WHERE id='redis_connected_slaves';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance, cmd) (rate(redis_commands_total{{filter}}[5m]))'
WHERE id='redis_commands_total';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (redis_memory_used_bytes{{filter}}) / 1048576'
WHERE id='redis_memory_used_size';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (redis_allocator_resident_bytes{{filter}}) / 1048576'
WHERE id='redis_allocator_resident_size';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_cpu_sys_seconds_total{{filter}}[5m]))'
WHERE id='redis_used_cpu_sys';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_cpu_user_children_seconds_total{{filter}} [5m]))'
WHERE id='redis_used_cpu_user_children';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (redis_up{{filter}})'
WHERE id='redis_up';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (redis_allocator_allocated_bytes{{filter}}) / 1048576'
WHERE id='redis_allocator_allocated_size';
UPDATE public.metric_meta2
SET expr='sum by (data_type, xm_clst_id, xm_namespace, xm_node_id, instance) (
label_replace(rate(redis_connections_received_total{{filter}} [5m]), "data_type", "received connections", "", "") or
label_replace(rate(redis_rejected_connections_total{{filter}} [5m]), "data_type", "rejected connections", "", "") or
label_replace(redis_connected_clients{{filter}}, "data_type", "connected clients", "", "") or
label_replace(redis_blocked_clients{{filter}}, "data_type", "blocked clients", "", "") )'
WHERE id='count_by_connection_type';
UPDATE public.metric_meta2
SET expr='sum by (data_type, xm_clst_id, xm_namespace, xm_node_id, instance) (
label_replace(redis_allocator_active_bytes{{filter}} / 1048576, "data_type", "active", "" , "") or
label_replace(redis_memory_used_bytes{{filter}} / 1048576, "data_type", "used", "" , "") or
label_replace(redis_allocator_allocated_bytes{{filter}} / 1048576, "data_type", "allocated", "" , "") or
label_replace(redis_allocator_resident_bytes{{filter}} / 1048576, "data_type", "resident", "" , "") )'
WHERE id='redis_memory_total';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance, cmd) (rate(redis_commands_duration_seconds_total{{filter}}[5m]) * 1000)'
WHERE id='redis_commands_duration_seconds';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_rejected_connections_total{{filter}}[5m]))'
WHERE id='redis_rejected_connections';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (redis_blocked_clients{{filter}})'
WHERE id='redis_blocked_clients';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance, slave_ip, slave_port) (rate(redis_connected_slave_offset_bytes{{filter}}[5m]))'
WHERE id='redis_connected_slave_offset_bytes';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance, db) (redis_db_keys_expiring{{filter}})'
WHERE id='redis_db_keys_expiring';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_evicted_keys_total{{filter}}[5m]))'
WHERE id='redis_evicted_keys';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (redis_connected_clients{{filter}})'
WHERE id='redis_connected_clients';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance, slave_ip, slave_port) (rate(redis_connected_slave_lag_seconds{{filter}}[5m]))'
WHERE id='redis_connected_slave_lag_seconds';
UPDATE public.metric_meta2
SET expr='sum by (data_type, xm_clst_id, xm_namespace, xm_node_id, instance) (
label_replace(rate(redis_keyspace_hits_total{{filter}} [5m]), "data_type", "hits", "" , "") or
label_replace(rate(redis_keyspace_misses_total{{filter}} [5m]), "data_type", "misses", "" , "") )'
WHERE id='redis_key_hit_raito';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_commands_processed_total{{filter}}[5m]))'
WHERE id='redis_commands_processed';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (rate(redis_expired_keys_total{{filter}}[5m]))'
WHERE id='redis_expired_keys';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance, db) (redis_db_keys{{filter}})'
WHERE id='redis_db_keys';
UPDATE public.metric_meta2
SET expr='sum by (xm_clst_id, xm_namespace, xm_node_id, instance) (redis_allocator_active_bytes{{filter}}) / 1048576'
WHERE id='redis_allocator_active_size';
-- Reason OOMKilled
INSERT INTO public.metric_meta2 (id,meta_name,description,expr,resource_type,entity_type,groupby_keys,in_use,message)
VALUES ('count_pod_oomkilled','OOMKilled of Pods By Workload','OOMKilled of Pods By Workload','count by (xm_clst_id, xm_pod_id, xm_cont_name, xm_namespace) (imxc_pod_container_status_terminated_reason_oom{{filter}})','State','Workload','xm_clst_id, xm_namespace, xm_pod_id',TRUE,'CLST:{{$labels.xm_clst_id}} POD:{{$labels.xm_pod_id}} NS:{{$labels.xm_namespace}}.');
-- Last Reason OOMKilled
INSERT INTO public.metric_meta2 (id,meta_name,description,expr,resource_type,entity_type,groupby_keys,in_use,message)
VALUES ('count_pod_last_oomkilled','Last OOMKilled of Pods By Workload','Last OOMKilled of Pods By Workload','count by (xm_clst_id, xm_pod_id, xm_cont_name, xm_namespace) (imxc_pod_container_status_last_terminated_reason_oom{{filter}})','State','Workload','xm_clst_id, xm_namespace, xm_pod_id', TRUE,'CLST:{{$labels.xm_clst_id}} POD:{{$labels.xm_pod_id}} NS:{{$labels.xm_namespace}}.');
-- Configuration Menu 추가
INSERT INTO public.auth_resource2 (access_type, name, parent_id, type) VALUES (4, 'Configuration', (select id from auth_resource2 where type='menu' and name='Workloads'), 'menu');
INSERT INTO public.auth_resource3 (name, is_deleted, tenant_id) VALUES ('menu|Workloads|Configuration', false, null);
INSERT INTO public.menu_meta (id, description, icon, "position", url, auth_resource3_id, scope_level) VALUES (16, 'Pods', NULL, 9, 'configurationWorkloads', (select id from auth_resource3 where name='menu|Workloads|Configuration'), 3);
-- log parsing 관련 metric meta rate연산 삭제
UPDATE metric_meta2 SET expr = 'count by (xm_clst_id, xm_node_id, xm_namespace, xm_pod_id, xm_regex) (log_metric_counter_cmoa_metric{{filter}})' WHERE id = 'count_pod_log_parsing';
CREATE TABLE "intermax" (
"cluster_id" VARCHAR(128) NOT NULL,
"namespace" VARCHAR(128) NOT NULL,
"url" VARCHAR(256) NULL DEFAULT NULL,
"service_name" VARCHAR(128) NULL DEFAULT NULL,
PRIMARY KEY ("cluster_id", "namespace")
);
-- Configuration Table 생성
CREATE TABLE "cmoa_storageclass_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"provisioner" TEXT NULL DEFAULT NULL,
"reclaimpolicy" TEXT NULL DEFAULT NULL,
"volumebindingmode" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
CREATE TABLE "cmoa_ingress_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"metadata_namespace" TEXT NULL DEFAULT NULL,
"spec_rules" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
CREATE TABLE "cmoa_clusterrole_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"metadata_labels" TEXT NULL DEFAULT NULL,
"rules" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
CREATE TABLE "cmoa_clusterrolebinding_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"subjects" TEXT NULL DEFAULT NULL,
"roleref" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
CREATE TABLE "cmoa_role_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"metadata_namespace" TEXT NULL DEFAULT NULL,
"rules" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
CREATE TABLE "cmoa_rolebinding_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"metadata_namespace" TEXT NULL DEFAULT NULL,
"subjects" TEXT NULL DEFAULT NULL,
"roleref" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
CREATE TABLE "cmoa_serviceaccount_base" (
"kube_flatting_time" BIGINT NOT NULL,
"cluster_id" VARCHAR(255) NOT NULL,
"kind" VARCHAR(30) NOT NULL,
"metadata_uid" VARCHAR(40) NOT NULL,
"row_index" INTEGER NOT NULL,
"metadata_name" TEXT NULL DEFAULT NULL,
"metadata_creationtimestamp" VARCHAR(25) NULL DEFAULT NULL,
"metadata_resourceversion" TEXT NULL DEFAULT NULL,
"metadata_namespace" TEXT NULL DEFAULT NULL,
"secrets" TEXT NULL DEFAULT NULL,
PRIMARY KEY ("kube_flatting_time", "cluster_id", "kind", "metadata_uid", "row_index")
);
commit;