sa_8001/dsk-devops-toolchains
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

디렉토리 구조 및 각 서비스 추가

Browse Source
This commit is contained in:
dsk-minchulahn
2024-01-03 17:29:11 +09:00
parent 98de2a7627
commit d601d0f259
1632 changed files with 207616 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
helm/argo-workflows/Lab/steampipe-dashboard/00_Old/test-pod.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Pod
metadata:
name: steampipe
spec:
containers:
- name: steampipe
image: ghcr.io/turbot/steampipe:latest
command: ["/bin/bash"]
args: ["-c", "while true; do sleep 10; done"]

112
helm/argo-workflows/Lab/steampipe-dashboard/00_Old/test-workflow.yaml Normal file
View File

@@ -0,0 +1,112 @@
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
generateName: scripts-bash-
spec:
entrypoint: bash-script-example
volumes:
- name: script-volume
configMap:
name: steampipe-script
- name: kubeconfig
secret:
secretName: my-kubeconfig
volumeClaimTemplates:
- metadata:
name: shared-data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
templates:
- name: bash-script-example
dag:
tasks:
- name: steampipe
template: steampipe
- name: git
template: git
dependencies:
- steampipe
- name: steampipe
script:
image: ghcr.io/turbot/steampipe:latest
command: [bash]
volumeMounts:
- name: shared-data
mountPath: /shared-data
- name: script-volume
mountPath: /scripts
- name: kubeconfig
mountPath: /kubeconfig
env:
- name: AWS_REGION
valueFrom:
secretKeyRef:
name: aws-creds
key: AWS_REGION
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: aws-creds
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: aws-creds
key: AWS_SECRET_ACCESS_KEY
- name: KMS_ARN
valueFrom:
secretKeyRef:
name: aws-creds
key: KMS_ARN
- name: KUBECONFIG
value: /kubeconfig/config
source: |
# 쿼리 결과를 공유 볼륨에 저장
steampipe plugin install aws
steampipe plugin install kubernetes
sleep 1
steampipe service restart --force
sleep 1
cd /shared-data/
sleep 1
bash /scripts/script.sh
- name: git
script:
image: alpine/git:latest
command: [sh]
volumeMounts:
- name: shared-data
mountPath: /shared-data
- name: script-volume
mountPath: /scripts
env:
- name: GIT_USERNAME
valueFrom:
secretKeyRef:
name: git-credentials
key: username
- name: GIT_PASSWORD
valueFrom:
secretKeyRef:
name: git-credentials
key: password
source: |
git config --global credential.helper 'store --file /tmp/credentials'
echo "https://${GIT_USERNAME}:${GIT_PASSWORD}@github.com" > /tmp/credentials
git config --global user.email "havelight@ex-em.com"
git config --global user.name "jaehee-jung"
cd /shared-data # 경로 내의 파일 목록 확인
git clone https://github.com/CloudMOA/dsk-iac.git
# 공유 볼륨에서 쿼리 결과 읽기
cp README2.md dsk-iac/README.md
# 커밋 및 푸시 작업 수행
cd dsk-iac
git add README.md
git commit -m "Update README with query result"
git push

143
helm/argo-workflows/Lab/steampipe-dashboard/cron-steampipe-report.yaml Normal file
View File

@@ -0,0 +1,143 @@
apiVersion: argoproj.io/v1alpha1
kind: CronWorkflow
metadata:
name: steampipe-aws-report
spec:
schedule: "0 8 * * *"
timezone: "Asia/Seoul"
workflowSpec:
entrypoint: bash-script-example
volumes:
- name: script-volume
configMap:
name: steampipe-script
- name: kubeconfig
secret:
secretName: my-kubeconfig
volumeClaimTemplates:
- metadata:
name: shared-data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
templates:
- name: bash-script-example
dag:
tasks:
- name: git-steampipe
template: git-steampipe
- name: steampipe
template: steampipe
dependencies:
- git-steampipe
- name: git-argo-workflows
template: git-argo-workflows
dependencies:
- steampipe
- name: steampipe
script:
image: ghcr.io/turbot/steampipe:latest
command: [bash]
volumeMounts:
- name: shared-data
mountPath: /shared-data
- name: script-volume
mountPath: /scripts
- name: kubeconfig
mountPath: /kubeconfig
env:
- name: AWS_REGION
valueFrom:
secretKeyRef:
name: aws-creds
key: AWS_REGION
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: aws-creds
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: aws-creds
key: AWS_SECRET_ACCESS_KEY
- name: KMS_ARN
valueFrom:
secretKeyRef:
name: aws-creds
key: KMS_ARN
- name: KUBECONFIG
value: /kubeconfig/config
source: |
# 쿼리 결과를 공유 볼륨에 저장
steampipe plugin install aws
sleep 3
steampipe service restart --force
sleep 1
cd /shared-data/steampipe-mod-aws-compliance
steampipe check benchmark.foundational_security --output=md > ../README.md
sleep 1
- name: git-steampipe
script:
image: alpine/git:latest
command: [sh]
volumeMounts:
- name: shared-data
mountPath: /shared-data
- name: script-volume
mountPath: /scripts
env:
- name: GIT_USERNAME
valueFrom:
secretKeyRef:
name: git-credentials
key: username
- name: GIT_PASSWORD
valueFrom:
secretKeyRef:
name: git-credentials
key: password
source: |
cd /shared-data/
git clone https://github.com/turbot/steampipe-mod-aws-compliance.git
- name: git-argo-workflows
script:
image: alpine/git:latest
command: [sh]
volumeMounts:
- name: shared-data
mountPath: /shared-data
- name: script-volume
mountPath: /scripts
env:
- name: GIT_USERNAME
valueFrom:
secretKeyRef:
name: git-credentials
key: username
- name: GIT_PASSWORD
valueFrom:
secretKeyRef:
name: git-credentials
key: password
source: |
cd /shared-data/
git config --global credential.helper 'store --file /tmp/credentials'
echo "https://${GIT_USERNAME}:${GIT_PASSWORD}@github.com" > /tmp/credentials
git config --global user.email "havelight@ex-em.com"
git config --global user.name "jaehee-jung"
git clone https://github.com/CloudMOA/argo-workflows.git
# 공유 볼륨에서 쿼리 결과 읽기
cp README.md argo-workflows/README.md
# 커밋 및 푸시 작업 수행
cd argo-workflows
git add README.md
git commit -m "Update README with query result"
git push

200
helm/argo-workflows/Lab/steampipe-dashboard/steampipe_configmap.yaml Normal file
View File

@@ -0,0 +1,200 @@
kind: ConfigMap
metadata:
annotations:
name: steampipe-script
namespace: argo-workflows
apiVersion: v1
data:
script.sh: |
#!/bin/bash
#------------------------------------------------------------------------------------------------------
__init (){
touch ${origin}
touch ${exec_log}
datetime=`TZ='Asia/Seoul' date "+%Y.%m.%d %H:%M:%S"`
echo -e "*update time : ${datetime}\n" > ${file}
cat ${origin} >> ${file}
}
#------------------------------------------------------------------------------------------------------
__append (){
line_count=`cat ${exec_log} | grep -v -- -- | egrep -v '(name|ri_count)' | wc -l`
echo -e "\n${title} [${line_count}]\n" >> ${file}
cat ${exec_log} >> ${file}
}
#------------------------------------------------------------------------------------------------------
__query_exec (){
steampipe query "${1}" > ${exec_log}
__log_sed
}
#------------------------------------------------------------------------------------------------------
__log_sed (){
sed -i 's/+/|/g' ${exec_log}
sed -i "s/node-role.kubernetes.io\///g" ${exec_log}
sed -i '1d;$d' ${exec_log}
}
#------------------------------------------------------------------------------------------------------
node_query="""
SELECT
name,
annotations ->> 'projectcalico.org/IPv4Address' AS IP,
COALESCE(taints -> 0 ->> 'key', '-') AS Taints_key,
COALESCE(tags ->> 'kops.k8s.io/instancegroup', '-') AS Instance_group,
capacity ->> 'cpu' AS CPU,
CEIL((CAST(regexp_replace(capacity ->> 'memory', 'Ki', '') AS FLOAT) / 1024 / 1024)) AS Memory,
tags ->> 'topology.kubernetes.io/zone' AS Zone,
tags ->> 'beta.kubernetes.io/instance-type' AS Instance_type,
node_info ->> 'osImage' AS OS,
node_info ->> 'kubeletVersion' AS K8S_ver,
node_info ->> 'containerRuntimeVersion' AS Runtime_ver
FROM
kubernetes_node
ORDER BY
Taints_key
"""
resources_query="""
(SELECT
'sts' as kind,
name,
available_replicas as count,
jsonb_array_elements(template -> 'spec' -> 'containers') -> 'resources' -> 'requests' ->> 'cpu' AS request_cpu,
jsonb_array_elements(template -> 'spec' -> 'containers') -> 'resources' -> 'requests' ->> 'memory' AS request_mem,
jsonb_array_elements(template -> 'spec' -> 'containers') -> 'resources' -> 'limits' ->> 'cpu' AS limit_cpu,
jsonb_array_elements(template -> 'spec' -> 'containers') -> 'resources' -> 'limits' ->> 'memory' AS limit_mem,
jsonb_array_elements(template -> 'spec' -> 'containers') ->> 'name' AS c_name,
namespace
FROM
kubernetes_stateful_set
WHERE
name not like 'rel-%')
union
(SELECT
'deploy' as kind,
name,
available_replicas as count,
jsonb_array_elements(template -> 'spec' -> 'containers') -> 'resources' -> 'requests' ->> 'cpu' AS request_cpu,
jsonb_array_elements(template -> 'spec' -> 'containers') -> 'resources' -> 'requests' ->> 'memory' AS request_mem,
jsonb_array_elements(template -> 'spec' -> 'containers') -> 'resources' -> 'limits' ->> 'cpu' AS limit_cpu,
jsonb_array_elements(template -> 'spec' -> 'containers') -> 'resources' -> 'limits' ->> 'memory' AS limit_mem,
jsonb_array_elements(template -> 'spec' -> 'containers') ->> 'name' AS c_name,
namespace
FROM
kubernetes_deployment
WHERE
name not like 'rel-%')
union
(SELECT
'ds' as kind,
name,
number_available as count,
jsonb_array_elements(template -> 'spec' -> 'containers') -> 'resources' -> 'requests' ->> 'cpu' AS request_cpu,
jsonb_array_elements(template -> 'spec' -> 'containers') -> 'resources' -> 'requests' ->> 'memory' AS request_mem,
jsonb_array_elements(template -> 'spec' -> 'containers') -> 'resources' -> 'limits' ->> 'cpu' AS limit_cpu,
jsonb_array_elements(template -> 'spec' -> 'containers') -> 'resources' -> 'limits' ->> 'memory' AS limit_mem,
jsonb_array_elements(template -> 'spec' -> 'containers') ->> 'name' AS c_name,
namespace
FROM
kubernetes_daemonset
WHERE
name not like 'rel-%')
order by kind
"""
service_query="""
SELECT
name,
namespace,
type,
lower(p ->> 'nodePort') as Node_Port,
age(current_timestamp, creation_timestamp)
FROM
kubernetes_service,
jsonb_array_elements(ports) as p
WHERE
type='NodePort'
ORDER BY
Node_Port
"""
#name not like '%rel-%'
aws_ri_query="""
SELECT
COALESCE(a.availability_zone, b.availability_zone, '-') AS availability_zone,
COALESCE(a.instance_type, b.instance_type, c.instance_type, '-') AS instance_type,
COALESCE(c.cpu, 0) AS cpu,
COALESCE(c.memory, 0) AS memory,
COALESCE(a.ri_count, 0) AS ri_count,
COALESCE(b.ec2_count, 0) AS ec2_count,
COALESCE(b.ec2_count, 0) - COALESCE(a.ri_count, 0) AS result
FROM
(SELECT
availability_zone,
instance_type,
SUM(instance_count) AS ri_count
FROM
aws_ec2_reserved_instance
WHERE
instance_state='active'
GROUP BY
availability_zone,
instance_type
) a
FULL OUTER JOIN
(SELECT
placement_availability_zone AS availability_zone,
instance_type,
COUNT(*) AS ec2_count
FROM
aws_ec2_instance
WHERE
instance_state='running' AND
instance_lifecycle!='spot'
GROUP BY
availability_zone,
instance_type
) b
ON
a.availability_zone = b.availability_zone AND
a.instance_type = b.instance_type
INNER JOIN
(SELECT
instance_type,
(CAST(memory_info ->> 'SizeInMiB' AS FLOAT) / 1024) AS memory,
(CAST(v_cpu_info ->> 'DefaultCores' AS FLOAT) * 2) AS cpu
FROM
aws_ec2_instance_type
WHERE
instance_type in (SELECT instance_type FROM aws_ec2_instance WHERE instance_state='running')
GROUP BY
instance_type, memory, cpu
) c
ON
COALESCE(a.instance_type, b.instance_type, '-') = c.instance_type
ORDER BY availability_zone
"""
#instance_type in (SELECT instance_type FROM aws_ec2_instance WHERE instance_state='running' AND instance_lifecycle!='spot')
#------------------------------------------------------------------------------------------------------
origin="/shared-data/org_README.md"
exec_log="/shared-data/query.log"
file="/shared-data/README2.md"
#------------------------------------------------------------------------------------------------------
__init
title="## 노드 목록"
__query_exec "${node_query}"
__append
title="## 리소스 목록"
__query_exec "${resources_query}"
__append
title="## 서비스 목록 (NodePort)"
__query_exec "${service_query}"
__append
title="## 예약 인스턴스 사용 내역"
__query_exec "${aws_ri_query}"
__append
#------------------------------------------------------------------------------------------------------
rm ${exec_log}