From 59385dbf2260b4cb1f370dc94843e57fe89adb8f Mon Sep 17 00:00:00 2001 From: Lingghh Date: Wed, 30 Nov 2022 00:35:58 +0800 Subject: [PATCH] =?UTF-8?q?:sparkles:=E6=94=AF=E6=8C=81Helm=20charts?= =?UTF-8?q?=E9=83=A8=E7=BD=B2TCA=E6=9C=8D=E5=8A=A1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- helm-charts/README.md | 10 + helm-charts/tca/.helmignore | 23 + helm-charts/tca/Chart.lock | 10 + helm-charts/tca/Chart.yaml | 29 + helm-charts/tca/README.md | 317 ++++++++ helm-charts/tca/templates/_helpers.tpl | 147 ++++ .../tca/templates/analysis/configmap.yaml | 32 + .../tca/templates/analysis/initdata-job.yaml | 53 ++ .../templates/analysis/server-deployment.yaml | 118 +++ .../tca/templates/analysis/service.yaml | 25 + .../templates/analysis/servicemonitor.yaml | 14 + .../templates/analysis/worker-deployment.yaml | 120 +++ .../tca/templates/client/configmap-conf.yaml | 45 ++ .../tca/templates/client/configmap-env.yaml | 9 + .../tca/templates/client/deployment.yaml | 110 +++ .../tca/templates/db/configmap-initdb.yaml | 10 + helm-charts/tca/templates/db/initdb-job.yaml | 70 ++ helm-charts/tca/templates/db/waitdb-job.yaml | 58 ++ .../tca/templates/file/configmap-env.yaml | 38 + .../tca/templates/file/configmap-nginx.yaml | 266 +++++++ .../tca/templates/file/initdata-job.yaml | 54 ++ .../tca/templates/file/server-deployment.yaml | 131 ++++ helm-charts/tca/templates/file/service.yaml | 25 + .../tca/templates/file/servicemonitor.yaml | 14 + .../tca/templates/gateway/configmap.yaml | 95 +++ .../tca/templates/gateway/deployment.yaml | 124 +++ .../tca/templates/gateway/service.yaml | 48 ++ helm-charts/tca/templates/ingress.yml | 23 + .../tca/templates/login/configmap.yaml | 25 + .../tca/templates/login/initdata-job.yaml | 54 ++ .../templates/login/server-deployment.yaml | 100 +++ helm-charts/tca/templates/login/service.yaml | 27 + .../tca/templates/login/servicemonitor.yaml | 16 + .../tca/templates/main/beat-deployment.yaml | 84 ++ helm-charts/tca/templates/main/configmap.yaml | 40 + .../tca/templates/main/initdata-job.yaml | 54 ++ .../tca/templates/main/server-deployment.yaml | 118 +++ helm-charts/tca/templates/main/service.yaml | 25 + .../tca/templates/main/servicemonitor.yaml | 14 + .../tca/templates/main/worker-deployment.yaml | 125 +++ .../tca/templates/scmproxy/configmap.yaml | 7 + .../templates/scmproxy/server-deployment.yaml | 98 +++ .../tca/templates/scmproxy/service.yaml | 25 + helm-charts/tca/templates/web/configmap.yaml | 12 + helm-charts/tca/templates/web/deployment.yaml | 118 +++ helm-charts/tca/templates/web/service.yaml | 28 + helm-charts/tca/values.yaml | 715 ++++++++++++++++++ 47 files changed, 3703 insertions(+) create mode 100644 helm-charts/README.md create mode 100644 helm-charts/tca/.helmignore create mode 100644 helm-charts/tca/Chart.lock create mode 100644 helm-charts/tca/Chart.yaml create mode 100644 helm-charts/tca/README.md create mode 100644 helm-charts/tca/templates/_helpers.tpl create mode 100644 helm-charts/tca/templates/analysis/configmap.yaml create mode 100644 helm-charts/tca/templates/analysis/initdata-job.yaml create mode 100644 helm-charts/tca/templates/analysis/server-deployment.yaml create mode 100644 helm-charts/tca/templates/analysis/service.yaml create mode 100644 helm-charts/tca/templates/analysis/servicemonitor.yaml create mode 100644 helm-charts/tca/templates/analysis/worker-deployment.yaml create mode 100644 helm-charts/tca/templates/client/configmap-conf.yaml create mode 100644 helm-charts/tca/templates/client/configmap-env.yaml create mode 100644 helm-charts/tca/templates/client/deployment.yaml create mode 100644 helm-charts/tca/templates/db/configmap-initdb.yaml create mode 100644 helm-charts/tca/templates/db/initdb-job.yaml create mode 100644 helm-charts/tca/templates/db/waitdb-job.yaml create mode 100644 helm-charts/tca/templates/file/configmap-env.yaml create mode 100644 helm-charts/tca/templates/file/configmap-nginx.yaml create mode 100644 helm-charts/tca/templates/file/initdata-job.yaml create mode 100644 helm-charts/tca/templates/file/server-deployment.yaml create mode 100644 helm-charts/tca/templates/file/service.yaml create mode 100644 helm-charts/tca/templates/file/servicemonitor.yaml create mode 100644 helm-charts/tca/templates/gateway/configmap.yaml create mode 100644 helm-charts/tca/templates/gateway/deployment.yaml create mode 100644 helm-charts/tca/templates/gateway/service.yaml create mode 100644 helm-charts/tca/templates/ingress.yml create mode 100644 helm-charts/tca/templates/login/configmap.yaml create mode 100644 helm-charts/tca/templates/login/initdata-job.yaml create mode 100644 helm-charts/tca/templates/login/server-deployment.yaml create mode 100644 helm-charts/tca/templates/login/service.yaml create mode 100644 helm-charts/tca/templates/login/servicemonitor.yaml create mode 100644 helm-charts/tca/templates/main/beat-deployment.yaml create mode 100644 helm-charts/tca/templates/main/configmap.yaml create mode 100644 helm-charts/tca/templates/main/initdata-job.yaml create mode 100644 helm-charts/tca/templates/main/server-deployment.yaml create mode 100644 helm-charts/tca/templates/main/service.yaml create mode 100644 helm-charts/tca/templates/main/servicemonitor.yaml create mode 100644 helm-charts/tca/templates/main/worker-deployment.yaml create mode 100644 helm-charts/tca/templates/scmproxy/configmap.yaml create mode 100644 helm-charts/tca/templates/scmproxy/server-deployment.yaml create mode 100644 helm-charts/tca/templates/scmproxy/service.yaml create mode 100644 helm-charts/tca/templates/web/configmap.yaml create mode 100644 helm-charts/tca/templates/web/deployment.yaml create mode 100644 helm-charts/tca/templates/web/service.yaml create mode 100644 helm-charts/tca/values.yaml diff --git a/helm-charts/README.md b/helm-charts/README.md new file mode 100644 index 000000000..0b1d9826b --- /dev/null +++ b/helm-charts/README.md @@ -0,0 +1,10 @@ +# TCA + +**欢迎体验 TCA Charts,期待您的反馈或PR~** + +> 注意: +> +> - 请根据`Prerequisites`小节确认好版本好,使用默认的`values.yaml`即可部署 +> - 可以根据业务情况调整`values.yaml`配置,比如默认的`passwordKey`、账号密码等敏感配置信息 +> - TCA服务metrics方案正在完善,即将支持 + diff --git a/helm-charts/tca/.helmignore b/helm-charts/tca/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/helm-charts/tca/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm-charts/tca/Chart.lock b/helm-charts/tca/Chart.lock new file mode 100644 index 000000000..9ac887f46 --- /dev/null +++ b/helm-charts/tca/Chart.lock @@ -0,0 +1,10 @@ +dependencies: +- name: mariadb + repository: https://charts.bitnami.com/bitnami + version: 11.1.8 +- name: redis + repository: https://charts.bitnami.com/bitnami + version: 17.0.6 +- name: nginx-ingress-controller + repository: https://charts.bitnami.com/bitnami + version: 9.3.2 diff --git a/helm-charts/tca/Chart.yaml b/helm-charts/tca/Chart.yaml new file mode 100644 index 000000000..c3178d60e --- /dev/null +++ b/helm-charts/tca/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +appVersion: 1.0.0 +name: tca +description: Tencent Cloud Code Analysis (TCA for short, code-named CodeDog inside the company early) is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It integrates of a number of self-developed tools, and also supports dynamic integration of code analysis tools in various programming languages. +home: https://github.com/Tencent/CodeAnalysis +icon: https://github.com/Tencent/CodeAnalysis/blob/main/media/Logo.png +dependencies: + - name: mariadb + repository: https://charts.bitnami.com/bitnami + version: 11.1.8 + condition: mariadb.enabled + - name: redis + repository: https://charts.bitnami.com/bitnami + version: 17.0.6 + condition: redis.enabled + - name: nginx-ingress-controller + version: 9.3.2 + repository: https://charts.bitnami.com/bitnami + condition: nginx-ingress-controller.enabled +keywords: + - code-analysis + - code-quality + - code-review + - static-analysis + - code-quality-analyzer +sources: + - https://github.com/Tencent/CodeAnalysis +type: application +version: 0.1.0 diff --git a/helm-charts/tca/README.md b/helm-charts/tca/README.md new file mode 100644 index 000000000..46ef79a4d --- /dev/null +++ b/helm-charts/tca/README.md @@ -0,0 +1,317 @@ +# TCA + +**欢迎体验 TCA Charts,期待您的反馈或PR~** + +> 注意: +> +> - 请根据`Prerequisites`小节确认好版本好,使用默认的`values.yaml`即可部署 +> - 可以根据业务情况调整`values.yaml`配置,比如默认的`passwordKey`、账号密码等敏感配置信息 +> - TCA服务metrics方案正在完善,即将支持 + +## Introduction +This chart bootstraps a [TCA](https://github.com/Tencent/CodeAnalysis) deployment on a Kubernetes cluster using the [Helm](https://helm.sh/) package manager. + +## **Prerequisites** +- Kubernetes 1.19+ +- Helm 3.0.0+ +- PV provisioner support in the underlying infrastructure + +> Notice: +> +> - check Kubernetes version: `kubectl version` +> - check Helm version: `helm version` + +## Installing the Chart +To install the chart with the release name `tca`: + +```Bash +$ cd helm-charts +$ export RELEASE=tca +$ export NAMESPACE=tca +$ helm dependency update tca +$ helm install $RELEASE --namespace $NAMESPACE --create-namespace tca/ --timeout 10m0s +``` + +The command deploys TCA on the Kubernetes cluster in the default configuration. The ``Parameters`` section lists the parameters that can be configured during installation. + +## Uninstalling the Chart +To uninstall/delete the `tca` deployment: + +```Bash +$ helm delete tca -n tca +``` +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters +### Global parameters +| Name | Description | Value | +| ------------------------------------------------------- | ------------------------------------------------------- | -------------- | +| `global.imagePullPolicy` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | + +### TCA Metric parameters +| Name | Description | Value | +| ------------------------------------------------------- | ------------------------------------------------------- | -------------- | +| `metrics.enable` | provide endpoint to expose metrics | `false` | + + +### TCA Ingress parameters + +| Name | Description | Value | +| ------------------------------------------------------- | ------------------------------------------------------- | -------------- | +| `ingress.enable` | Enable ingress record generation for TCA | `true` | +| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{kubernetes.io/ingress.class: "nginx", nginx.ingress.kubernetes.io/proxy-body-size: "10240m"}` | + + +### TCA Nginx-ingress-controller parameters + +Helm will deploy `nginx-ingress-controller` by default. Reference: [bitnami/nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) + +| Name | Description | Value | +| ------------------------------------------------------- | ------------------------------------------------------- | -------------- | +| `nginx-ingress-controller.enabled` | Enable nginx-ingress-controller for TCA | `true` | +| `nginx-ingress-controller.defaultBackend.enabled` | Enable nginx-ingress-controller default backend | `true` | + + +### TCA Internal Redis parameters +Helm will deploy `redis` by default. Reference: [bitnami/redis](https://github.com/bitnami/charts/tree/main/bitnami/redis) +> Notice: If you need to customize the Redis® configuration, you can supplement the variable configuration from above reference. + +| Name | Description | Value | +| -------------------------------------- | ------------------------------------------------------------------------ | ---------------- | +| `redis.enable` | Deploy internal Redis® for TCA | `true` | +| `redis.auth.enabled` | Enable password authentication | `true` | +| `redis.auth.password` | Redis® auth password | `tca2022` | + + +### TCA External Redis parameters +> Notice: If using externalRedis, please disable deploying internal redis with helm: set `redis.enabled: false`. + +| Name | Description | Value | +| -------------------------------------- | ------------------------------------------------------------------------ | ---------------- | +| `externalRedis.host` | External Redis® server host | `""` | +| `externalRedis.port` | External Redis® server port | `""` | +| `externalRedis.password` | External Redis® server auth password | `""` | + + +### TCA Internal Mariadb parameters +Helm will deploy `mariadb` by default. Reference: [bitnami/mariadb](https://github.com/bitnami/charts/tree/main/bitnami/mariadb) +> Notice: If you need to customize the Mariadb configuration, you can supplement the variable configuration from above reference. + +| Name | Description | Value | +| -------------------------------------- | ------------------------------------------------------------------------ | ---------------- | +| `mariadb.enable` | Deploy internal Mariadb for TCA | `true` | +| `mariadb.auth.rootPassword` | Password for the root user. Ignored if existing secret is provided. | `Tca@2022` | +| `mariadb.auth.database` | Name for a custom database to create | `codedog_main` | +| `mariadb.primary.persistence.size` | MariaDB primary persistent volume size | `100Gi` | +| `mariadb.initdbScriptsConfigMap` | ConfigMap with the initdb scripts | `tca-db-init` | + + +### TCA External MySQL parameters +> Notice: If using externalMySQL, please disable deploying internal mariadb with helm: set `mariadb.enable: false` +> Notice: ExternalMySQL parameters will override internal mariadb parameters with helm. + +| Name | Description | Value | +| -------------------------------------- | ------------------------------------------------------------------------ | ---------------- | +| `externalMySQL.host` | External Mysql server host | `""` | +| `externalMySQL.port` | External Mysql server port | `""` | +| `externalMySQL.username` | External Mysql server username | `""` | +| `externalMySQL.password` | External Mysql server password | `""` | + +### TCA Common configuration parameters + +| Name | Description | Value | +| -------------------------------------- | ------------------------------------------------------------------------ | ------------------------------------------------------ | +| `tca.commonConfig.publicUrl` | TCA web public url | `dev.tca.com` | +| `tca.commonConfig.daemonFlag` | TCA server debug mode | `False` | +| `tca.commonConfig.accessLogPath` | TCA server access log path, using "-" will print access log with STDOUT | `-` | +| `tca.commonConfig.errorLogPath` | TCA server error log path, using "-" will print access log with STDOUT | `-` | +| `tca.commonConfig.apiTicketSalt` | TCA server internal api ticket salt | `a6x4c7esudcv396w` | +| `tca.commonConfig.apiTicketToken` | TCA server internal api ticket token | `tca@public@2021` | +| `tca.commonConfig.passwordKey` | TCA server internal encryption key for sensitive data | `a6x4c7esudcv396w` | +| `tca.commonConfig.nodeTicketSalt` | TCA server internal encryption key for node connection | `a6x4c7esudcv396w` | +| `tca.commonConfig.secretdKey` | TCA server django secert key | `25n=e*_e=4q!ert$4u#9v&^2n+)_#mi7&7ll@x29@j=w=k^q@^` | +| `tca.commonConfig.defaultAdmin` | TCA server default user username, use any 16 ascii characters. | `CodeDog` | +| `tca.commonConfig.defaultPassword` | TCA server default user password, use any 16 ascii characters. | `admin` | +| `tca.commonConfig.defaultToken` | TCA server default user token, use any 40 ascii characters. | `0712b895f30c5e958ec71a7c22e1b1a2ad1d5c6b` | +| `tca.commonConfig.sentryDsn` | TCA server sentry url config | `""` | +| `tca.commonConfig.useLocalTool` | Using local tools prepared in advance. | `"false"` | +| `tca.commonConfig.toolLoadUsername` | Tencent Git Username for TCA client pulling analysis tools | `""` | +| `tca.commonConfig.toolLoadPassword` | Tencent Git Password for TCA client pulling analysis tools | `""` | +| `tca.commonConfig.clsServerUrl` | CLS server url | `""` | +| `tca.commonConfig.clsServerLicense` | CLS server license | `""` | + +>Notice: +>- apiTicketSalt, passwordKey and nodeTicketSalt generation way: use any 16 or 32 ascii characters. The three values ​​can be kept the same. +>- api ticket token generation way: use any ascii characters. +> +> Generating a django key: +> ```Python +> # importing the function from utils +> from django.core.management.utils import get_random_secret_key +> # generating and printing the SECRET_KEY +> print(get_random_secret_key()) +> ``` +> Generating specify length key: +> ```Python +> import random, string +> length=16 +> print(''.join(random.sample(string.ascii_lowercase + string.digits, length))) +> ``` + +### TCA Service configuration parameters +| Name | Value | +| ------------------------------------ | --------------------------------- | +|`web` | `tca.web.service` | +|`main` | `tca.main.server.service` | +|`analysis` | `tca.analysis.server.service` | +|`login` | `tca.login.server.service` | +|`file` | `tca.file.server.service` | +|`scmproxy` | `tca.scmproxy.server.service` | +|`gateway` | `tca.gateway.server.service` | + +- Default TCA Service Configuraion + +| Name | Value | +| ------------------------------------ | --------------------------------- | +| `service.type` | `NodePort` | +| `service.ports.http` | `80` | +| `service.nodeport.http` | `""` | + +- TCA Web Service HTTPS configuration + +| Name | Value | +| ------------------------------------ | --------------------------------- | +| `tca.web.service.ports.https` | `""` | +| `tca.web.service.nodeport.https` | `""` | + +- TCA Gateway Service HTTPS configuration + +| Name | Value | +| ------------------------------------ | --------------------------------- | +| `tca.gateway.service.ports.https` | `""` | +| `tca.gateway.service.nodeport.https` | `""` | + +### TCA Web configuration parameters + +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------ | ------------------------- | +| `tca.web.image.repository` | TCA Web image repository | `tencenttca/tca-web` | +| `tca.web.image.tag` | TCA Web image tag | `latest` | +| `tca.web.logPath` | TCA Web nginx log path | `/var/log/nginx` | + +### TCA Main configuration parameters +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------ | ------------------------- | +| `tca.main.image.repository` | TCA Main image repository | `tencenttca/tca-main` | +| `tca.main.image.tag` | TCA Main image tag | `latest` | +| `tca.main.server.processnum` | TCA Main server process num | `8` | +| `tca.main.worker.num` | TCA Main worker num for async starting analysis and handle periodic task | `2` | + +#### TCA Main setting configuration +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------ | ------------------------- | +| `tca.main.settings.base.debugMode` | TCA Main debug mode | `"true"` | +| `tca.main.settings.base.httpsCloneFlag` | TCA Main dispatch scm url with https | `"true"` | +| `tca.main.settings.dbName` | TCA Main database name | `"codedog_main"` | +| `tca.main.settings.redisDBId` | TCA Main redis database id | `"1"` | +| `tca.main.settings.customDB.host` | TCA Main custom mysql server host | `""` | +| `tca.main.settings.customDB.port` | TCA Main custom mysql server port | `""` | +| `tca.main.settings.customDB.user` | TCA Main custom mysql server user | `""` | +| `tca.main.settings.customDB.password` | TCA Main custom mysql server password | `""` | +| `tca.main.settings.customRedis.host` | TCA Main custom redis server host | `""` | +| `tca.main.settings.customRedis.port` | TCA Main custom redis server port | `""` | +| `tca.main.settings.customRedis.password` | TCA Main custom redis server password | `""` | + + + +### TCA Analysis Configuration parameters +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------ | ------------------------- | +| `tca.analysis.image.repository` | TCA Analysis image repository | `tencenttca/tca-analysis` | +| `tca.analysis.image.tag` | TCA Analysis image tag | `latest` | +| `tca.analysis.server.processnum` | TCA Analysis server process num | `8` | +| `tca.analysis.worker.num` | TCA Analysis worker num for async saving lint and metric data | `2` | + +#### TCA Analysis setting configuration +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------ | ------------------------- | +| `tca.analysis.settings.base.debugMode` | TCA Analysis debug mode | `"true"` | +| `tca.analysis.settings.dbName` | TCA Analysis database name | `"codedog_analysis"` | +| `tca.analysis.settings.redisDBId` | TCA Analysis redis database id | `"0"` | +| `tca.analysis.settings.customDB.host` | TCA Analysis custom mysql server host | `""` | +| `tca.analysis.settings.customDB.port` | TCA Analysis custom mysql server port | `""` | +| `tca.analysis.settings.customDB.user` | TCA Analysis custom mysql server user | `""` | +| `tca.analysis.settings.customDB.password` | TCA Analysis custom mysql server password | `""` | +| `tca.analysis.settings.customRedis.host` | TCA Analysis custom redis server host | `""` | +| `tca.analysis.settings.customRedis.port` | TCA Analysis custom redis server port | `""` | +| `tca.analysis.settings.customRedis.password` | TCA Analysis custom redis server password | `""` | + + +### TCA Login Configuration parameters +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------ | ------------------------- | +| `tca.login.image.repository` | TCA Login image repository | `tencenttca/tca-login` | +| `tca.login.image.tag` | TCA Login image tag | `latest` | +| `tca.login.server.processnum` | TCA Login server process num | `8` | + + +#### TCA Login setting configuration +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------ | ------------------------- | +| `tca.login.settings.base.debugMode` | TCA Login debug mode | `"true"` | +| `tca.login.settings.dbName` | TCA Login database name | `"codedog_login"` | +| `tca.login.settings.customDB.host` | TCA Login custom mysql server host | `""` | +| `tca.login.settings.customDB.port` | TCA Login custom mysql server port | `""` | +| `tca.login.settings.customDB.user` | TCA Login custom mysql server user | `""` | + +### TCA File Configuration parameters +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------ | ------------------------- | +| `tca.file.image.repository` | TCA file image repository | `tencenttca/tca-file` | +| `tca.file.image.tag` | TCA file image tag | `latest` | + +#### TCA File setting configuration +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------ | ------------------------- | +| `tca.file.settings.base.debugMode` | TCA File debug mode | `"true"` | +| `tca.file.settings.dbName` | TCA File database name | `"codedog_file"` | +| `tca.file.settings.customDB.host` | TCA File custom mysql server host | `""` | +| `tca.file.settings.customDB.port` | TCA File custom mysql server port | `""` | +| `tca.file.settings.customDB.user` | TCA File custom mysql server user | `""` | +| `tca.file.settings.storageClient` | TCA File storage client mode, support modes: local/cos/minio | `"local"` | +| `tca.file.settings.local.dirPath` | TCA File saving files path | `"/data/file"` | +| `tca.file.settings.local.volumes.nfsServer` | TCA File NFS server for saving files | `` | +| `tca.file.settings.local.volumes.nfsPath` | TCA File NFS server path for saving files | `` | +| `tca.file.settings.tencentcos.enabled` | Enabled Tencent COS for TCA File saving files | `"false"` | +| `tca.file.settings.tencentcos.appId` | Tencent COS appId value | `""` | +| `tca.file.settings.tencentcos.secretId` | Tencent COS secretId value | `""` | +| `tca.file.settings.tencentcos.secretKey` | Tencent COS secretKey value | `""` | +| `tca.file.settings.tencentcos.region` | Tencent COS region value | `""` | +| `tca.file.settings.tencentcos.rootBucket` | Tencent COS root Bucket name value | `""` | +| `tca.file.settings.minio.enabled` | Enabled MinIO for TCA File saving files | `"false"` | +| `tca.file.settings.minio.entrypoint` | MinIO server url | `""` | +| `tca.file.settings.minio.accessKey` | MinIO server access key | `""` | +| `tca.file.settings.minio.secretKey` | MinIO server secret key | `""` | + + +### TCA Scmproxy Configuration parameters +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------ | ------------------------- | +| `tca.scmproxy.image.repository` | TCA scmproxy image repository | `tencenttca/tca-scmproxy` | +| `tca.scmproxy.image.tag` | TCA scmproxy image tag | `latest` | +| `tca.scmproxy.privateScmUrl` | TCA scmproxy private scm url | `""` | + + +### TCA Client Configuration parameters +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------ | ------------------------- | +| `tca.client.image.repository` | TCA client image repository | `tencenttca/tca-client` | +| `tca.client.image.repository` | TCA client image tag | `latest` | +| `tca.client.enabeld` | Enabled starting TCA client with helm | `true` | + +### TCA Gateway Configuration parameters +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------ | ------------------------- | +| `tca.gateway.image.repository` | TCA gateway image repository | `nginx` | +| `tca.gateway.image.repository` | TCA gateway image tag | `1.13.7` | diff --git a/helm-charts/tca/templates/_helpers.tpl b/helm-charts/tca/templates/_helpers.tpl new file mode 100644 index 000000000..26e17fb83 --- /dev/null +++ b/helm-charts/tca/templates/_helpers.tpl @@ -0,0 +1,147 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "tca.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tca.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "tca.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "tca.labels" -}} +helm.sh/chart: {{ include "tca.chart" . }} +{{ include "tca.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "tca.selectorLabels" -}} +app.kubernetes.io/name: {{ include "tca.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "tca.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} + {{- default (include "tca.fullname" .) .Values.serviceAccount.name }} +{{- else }} + {{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Create a default fully qualified mongodb subchart. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "tca.mariadb.fullname" -}} +{{- if .Values.mariadb.fullnameOverride -}} + {{- .Values.mariadb.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} + {{- $name := default "mariadb" .Values.mariadb.nameOverride -}} + {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{- define "tca.redis.fullname" -}} +{{- if .Values.redis.fullnameOverride -}} + {{ $name := .Values.redis.fullnameOverride | trunc 63 | trimSuffix "-"}} + {{- list $name "master" | join "-" -}} +{{- else -}} + {{- $name := default "redis" .Values.redis.nameOverride -}} + {{- printf "%s-%s-master" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Redis config +*/}} +{{- define "tca.redis.host" -}} +{{- if eq .Values.redis.enabled true -}} + {{- ( include "tca.redis.fullname" . ) -}} +{{- else -}} + {{- .Values.externalRedis.host -}} +{{- end -}} +{{- end -}} + +{{- define "tca.redis.port" -}} +{{- if eq .Values.redis.enabled true -}} + {{- printf "6379" -}} +{{- else -}} + {{- printf "%d" ( .Values.externalRedis.port | int ) -}} +{{- end -}} +{{- end -}} + +{{- define "tca.redis.password" -}} +{{- if eq .Values.redis.enabled true -}} + {{- .Values.redis.auth.password -}} +{{- else -}} + {{- .Values.externalRedis.password -}} +{{- end -}} +{{- end -}} + +{{/* +DB config +*/}} +{{- define "tca.database.host" -}} +{{- if eq .Values.mariadb.enabled true -}} + {{- ( include "tca.mariadb.fullname" . ) -}} +{{- else -}} + {{- .Values.externalMySQL.host -}} +{{- end -}} +{{- end -}} + +{{- define "tca.database.port" -}} +{{- if eq .Values.mariadb.enabled true -}} + {{- printf "3306" -}} +{{- else -}} + {{- printf "%d" (.Values.externalMySQL.port | int ) -}} +{{- end -}} +{{- end -}} + +{{- define "tca.database.username" -}} +{{- if eq .Values.mariadb.enabled true -}} + {{- printf "root" -}} +{{- else -}} + {{- .Values.externalMySQL.username -}} +{{- end -}} +{{- end -}} + +{{- define "tca.database.password" -}} +{{- if eq .Values.mariadb.enabled true -}} + {{- .Values.mariadb.auth.rootPassword -}} +{{- else -}} + {{- .Values.externalMySQL.password -}} +{{- end -}} +{{- end -}} diff --git a/helm-charts/tca/templates/analysis/configmap.yaml b/helm-charts/tca/templates/analysis/configmap.yaml new file mode 100644 index 000000000..ba3fdbdd7 --- /dev/null +++ b/helm-charts/tca/templates/analysis/configmap.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: analysis-env +data: + DAEMON: {{ .Values.tca.commonConfig.daemonFlag | quote}} + SERVER_ACCESS_LOG: {{ .Values.tca.commonConfig.accessLogPath | quote }} + SERVER_ERROR_LOG: {{ .Values.tca.commonConfig.errorLogPath | quote }} + API_TICKET_SALT: {{ .Values.tca.commonConfig.apiTicketSalt }} + API_TICKET_TOKEN: {{ .Values.tca.commonConfig.apiTicketToken }} + LOCAL_DOMAIN: {{ .Values.tca.commonConfig.publicUrl }} + ANALYSIS_SENTRY_DSN: {{ .Values.tca.commonConfig.sentryDsn | quote }} + ANALYSIS_SECRET_KEY: {{ .Values.tca.commonConfig.secretKey }} + CELERY_WORKER_NUM: {{ .Values.tca.analysis.worker.num | quote }} + ANALYSIS_SERVER_PORT: {{ .Values.tca.analysis.server.port | quote }} + ANALYSIS_SERVER_PROCESS_NUM: {{ .Values.tca.analysis.server.processNum | quote }} + DJANGO_SETTINGS_MODULE: {{ .Values.tca.analysis.settings.base.module }} + ANALYSIS_DEBUG_MODE: {{ .Values.tca.analysis.settings.base.debugMode | quote }} + ANALYSIS_DB_NAME: {{ .Values.tca.analysis.settings.dbName }} + ANALYSIS_REDIS_DBID: {{ .Values.tca.analysis.settings.redisDBId | quote }} + # DB相关配置,优先使用 Values.tca.analysis.settings.customDB 配置,默认使用 tca.database + ANALYSIS_DB_USER: {{ .Values.tca.analysis.settings.customDB.user | default ( include "tca.database.username" . ) }} + ANALYSIS_DB_PASSWORD: {{ .Values.tca.analysis.settings.customDB.password | default ( include "tca.database.password" . ) }} + ANALYSIS_DB_HOST: {{ .Values.tca.analysis.settings.customDB.host | default ( include "tca.database.host" . ) }} + ANALYSIS_DB_PORT: {{ .Values.tca.analysis.settings.customDB.port | default ( include "tca.database.port" . ) | quote }} + # Redis相关配置,优先使用 Values.tca.analysis.settings.customRedis 配置,默认使用 tca.redis + ANALYSIS_REDIS_HOST: {{ .Values.tca.analysis.settings.customRedis.host | default ( include "tca.redis.host" . ) | quote }} + ANALYSIS_REDIS_PORT: {{ .Values.tca.analysis.settings.customRedis.port | default ( include "tca.redis.port" . ) | quote }} + ANALYSIS_REDIS_PASSWD: {{ .Values.tca.analysis.settings.customRedis.password | default ( include "tca.redis.password" . ) }} + # 内部服务通信配置 + MAIN_SERVER_URL: http://{{ template "tca.fullname" . }}-main + FILE_SERVER_URL: http://{{ template "tca.fullname" . }}-gateway/files/ diff --git a/helm-charts/tca/templates/analysis/initdata-job.yaml b/helm-charts/tca/templates/analysis/initdata-job.yaml new file mode 100644 index 000000000..3e41c9fbc --- /dev/null +++ b/helm-charts/tca/templates/analysis/initdata-job.yaml @@ -0,0 +1,53 @@ +apiVersion: batch/v1 +kind: Job +metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-analysis-init-job + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "tca.fullname" . }}-analysis-init-job + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "5" +spec: + ttlSecondsAfterFinished: 100 + template: + metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-analysis-init-job + release: {{ .Release.Name }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.tca.podAntiAffinity.enable }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ .Values.tca.podAntiAffinity.topologyKey }}" + labelSelector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-analysis-init-job + release: {{ .Release.Name }} + {{- end }} + containers: + - name: {{ template "tca.fullname" . }}-analysis-init-job + image: "{{ .Values.tca.analysis.image.repository }}:{{ .Values.tca.analysis.image.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["bash"] + args: ["./bin/init.sh"] + envFrom: + - configMapRef: + name: analysis-env + env: + - name: _HASH_CONFIG_ + value: {{ include (print $.Template.BasePath "/analysis/configmap.yaml") . | sha256sum }} + resources: +{{ toYaml .Values.tca.analysis.server.resources | indent 12 }} + restartPolicy: Never + backoffLimit: 2 diff --git a/helm-charts/tca/templates/analysis/server-deployment.yaml b/helm-charts/tca/templates/analysis/server-deployment.yaml new file mode 100644 index 000000000..0a2853e59 --- /dev/null +++ b/helm-charts/tca/templates/analysis/server-deployment.yaml @@ -0,0 +1,118 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-analysis-server + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "tca.fullname" . }}-analysis-server +spec: + selector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-analysis-server + release: {{ .Release.Name }} + template: + metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-analysis-server + release: {{ .Release.Name }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.tca.podAntiAffinity.enable }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ .Values.tca.podAntiAffinity.topologyKey }}" + labelSelector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-analysis-server + release: {{ .Release.Name }} + {{- end }} + containers: + - name: {{ template "tca.fullname" . }}-analysis-server + image: "{{ .Values.tca.analysis.image.repository }}:{{ .Values.tca.analysis.image.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["gunicorn"] + args: ["codedog.wsgi", "-c", "analysis.gunicorn.conf.py"] + envFrom: + - configMapRef: + name: analysis-env + env: + - name: _HASH_CONFIG_ + value: {{ include (print $.Template.BasePath "/analysis/configmap.yaml") . | sha256sum }} + ports: + - name: http + containerPort: {{ .Values.tca.analysis.server.port }} + protocol: TCP + lifecycle: + preStop: + exec: + command: + - sleep + - '20' + livenessProbe: + failureThreshold: 10 + httpGet: + path: / + port: {{ .Values.tca.analysis.server.port }} + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 20 + successThreshold: 1 + timeoutSeconds: 2 + readinessProbe: + failureThreshold: 5 + httpGet: + path: / + port: {{ .Values.tca.analysis.server.port }} + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + resources: +{{ toYaml .Values.tca.analysis.resources | indent 12 }} +--- +{{- if .Values.tca.analysis.server.autoscaling.enabled }} +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "tca.fullname" . }}-analysis-server + labels: + k8s-app: {{ template "tca.fullname" . }}-analysis-server + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "tca.fullname" . }}-analysis-server + minReplicas: {{ .Values.tca.analysis.server.autoscaling.minReplicas }} + maxReplicas: {{ .Values.tca.analysis.server.autoscaling.maxReplicas }} + metrics: + {{- if .Values.tca.analysis.server.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.tca.analysis.server.autoscaling.targetMemory }} + {{- end }} + {{- if .Values.tca.analysis.server.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.tca.analysis.server.autoscaling.targetCPU }} + {{- end }} +{{- end }} diff --git a/helm-charts/tca/templates/analysis/service.yaml b/helm-charts/tca/templates/analysis/service.yaml new file mode 100644 index 000000000..7cf9adcd4 --- /dev/null +++ b/helm-charts/tca/templates/analysis/service.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "tca.fullname" . }}-analysis + labels: + k8s-app: {{ template "tca.fullname" . }}-analysis-server + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.tca.analysis.server.service.type }} + ports: + - name: http + port: {{ .Values.tca.analysis.server.service.ports.http }} + protocol: TCP + targetPort: http + {{- if (and (or (eq .Values.tca.analysis.server.service.type "NodePort") (eq .Values.tca.analysis.server.service.type "LoadBalancer")) (not (empty .Values.tca.analysis.server.service.nodePorts.http))) }} + nodePort: {{ .Values.tca.analysis.server.service.nodePorts.http }} + {{- else if eq .Values.tca.analysis.server.service.type "ClusterIP" }} + nodePort: null + {{- end }} + selector: + k8s-app: {{ template "tca.fullname" . }}-analysis-server + release: {{ .Release.Name }} diff --git a/helm-charts/tca/templates/analysis/servicemonitor.yaml b/helm-charts/tca/templates/analysis/servicemonitor.yaml new file mode 100644 index 000000000..c6e6a158e --- /dev/null +++ b/helm-charts/tca/templates/analysis/servicemonitor.yaml @@ -0,0 +1,14 @@ +{{- if .Values.metrics.enable }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "tca.fullname" . }}-analysis-server +spec: + selector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-analysis-server + endpoints: + - port: http + path: /prometheus/metrics + interval: 30s +{{- end }} diff --git a/helm-charts/tca/templates/analysis/worker-deployment.yaml b/helm-charts/tca/templates/analysis/worker-deployment.yaml new file mode 100644 index 000000000..9d8ee2863 --- /dev/null +++ b/helm-charts/tca/templates/analysis/worker-deployment.yaml @@ -0,0 +1,120 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-analysis-worker + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "tca.fullname" . }}-analysis-worker +spec: + selector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-analysis-worker + release: {{ .Release.Name }} + template: + metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-analysis-worker + release: {{.Release.Name}} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.tca.podAntiAffinity.enable }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ .Values.tca.podAntiAffinity.topologyKey }}" + labelSelector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-analysis-worker + release: {{ .Release.Name }} + {{- end }} + containers: + - name: {{ template "tca.fullname" . }}-analysis-worker + image: "{{ .Values.tca.analysis.image.repository }}:{{ .Values.tca.analysis.image.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["celery"] + args: ["-A", "codedog", "worker", "--concurrency=$(CELERY_WORKER_NUM)", "-l", "INFO"] + envFrom: + - configMapRef: + name: analysis-env + env: + - name: _HASH_CONFIG_ + value: {{ include (print $.Template.BasePath "/analysis/configmap.yaml") . | sha256sum }} + lifecycle: + preStop: + exec: + command: + - sleep + - '70' + livenessProbe: + exec: + command: + - /bin/sh + - '-c' + - >- + bash -c "celery -A codedog inspect ping + -d celery@$HOSTNAME" + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 60 + successThreshold: 1 + timeoutSeconds: 10 + readinessProbe: + exec: + command: + - /bin/sh + - '-c' + - >- + bash -c "celery -A codedog inspect ping + -d celery@$HOSTNAME" + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 40 + successThreshold: 1 + timeoutSeconds: 10 + resources: +{{ toYaml .Values.tca.analysis.worker.resources | indent 12 }} +--- +{{- if .Values.tca.analysis.worker.autoscaling.enabled }} +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "tca.fullname" . }}-analysis-worker + labels: + k8s-app: {{ template "tca.fullname" . }}-analysis-worker + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "tca.fullname" . }}-analysis-worker + minReplicas: {{ .Values.tca.analysis.worker.autoscaling.minReplicas }} + maxReplicas: {{ .Values.tca.analysis.worker.autoscaling.maxReplicas }} + metrics: + {{- if .Values.tca.analysis.worker.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.tca.analysis.worker.autoscaling.targetMemory }} + {{- end }} + {{- if .Values.tca.analysis.worker.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.tca.analysis.worker.autoscaling.targetCPU }} + {{- end }} +{{- end }} diff --git a/helm-charts/tca/templates/client/configmap-conf.yaml b/helm-charts/tca/templates/client/configmap-conf.yaml new file mode 100644 index 000000000..425a6fac2 --- /dev/null +++ b/helm-charts/tca/templates/client/configmap-conf.yaml @@ -0,0 +1,45 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "tca.fullname" . }}-client-config +data: + config.ini: | + ; --------------------------------------------------------------------------- + ; 自定义配置项,可以根据实际情况设置 + ; --------------------------------------------------------------------------- + + [COMMON] + ; [必填]工具配置库git地址 + ; 如果github网络慢,建议修改为腾讯工蜂地址:https://git.code.tencent.com/TCA/tca-tools/puppy-tools-config.git + TOOL_CONFIG_URL=https://git.code.tencent.com/TCA/tca-tools/puppy-tools-config.git + ; NOCA:hardcode-password([必填]scm加解密秘钥,工具代码库是开源代码库,任何人可以访问,该密钥可以公开,不存在泄露风险。) + PASSWORD_KEY={{ .Values.tca.commonConfig.passwordKey }} + ; [可选]日志级别,默认为info级别,设置为True则调整为debug级别 + DEBUG= + ; [可选]是否使用本地工具目录,默认为False,如果设置为True,不从git拉取(需要事先准备好工具,存放到tools目录下) + USE_LOCAL_TOOL={{ .Values.tca.commonConfig.useLocalTool }} + + + [SERVER_URL] + ; [必填]请将替换为实际的tca server地址 + URL=http://{{ template "tca.fullname" . }}-gateway/main/ + + [FILE_SERVER] + ; [必填]文件服务器地址,请将替换为实际的tca server地址 + URL=http://{{ template "tca.fullname" . }}-gateway/files/ + ; [必填]文件服务器token + TOKEN={{ .Values.tca.commonConfig.defaultToken }} + + [TOOL_LOAD_ACCOUNT] + ; [可选]拉取工具库的账号密码 + ; 如果TOOL_CONFIG_URL使用的是腾讯工蜂,账号密码必填(如果没有,可以先去https://git.code.tencent.com注册) + USERNAME={{ .Values.tca.commonConfig.toolLoadUsername }} + PASSWORD={{ .Values.tca.commonConfig.toolLoadPassword }} + + [LICENSE_CONFIG] + ; [可选]使用自研工具时,需要填写,默认不需要 + ; license服务器url, base_path, license + URL= + BASE_PATH= + LICENSE= + \ No newline at end of file diff --git a/helm-charts/tca/templates/client/configmap-env.yaml b/helm-charts/tca/templates/client/configmap-env.yaml new file mode 100644 index 000000000..c2c88e3b4 --- /dev/null +++ b/helm-charts/tca/templates/client/configmap-env.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: client-env +data: + CODEDOG_TOKEN: {{ .Values.tca.commonConfig.defaultToken | quote}} + # # 内部服务通信配置 + # CODEDOG_SERVER: http://{{ template "tca.fullname" . }}-gateway/main/ + # FILE_SERVER_URL: http://{{ template "tca.fullname" . }}-gateway/files/ diff --git a/helm-charts/tca/templates/client/deployment.yaml b/helm-charts/tca/templates/client/deployment.yaml new file mode 100644 index 000000000..d01ff8ede --- /dev/null +++ b/helm-charts/tca/templates/client/deployment.yaml @@ -0,0 +1,110 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-client + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "tca.fullname" . }}-client +spec: + serviceName: "" + selector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-client + release: {{ .Release.Name }} + template: + metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-client + release: {{ .Release.Name }} + spec: + shareProcessNamespace: true + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.tca.podAntiAffinity.enable }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ .Values.tca.podAntiAffinity.topologyKey }}" + labelSelector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-client + release: {{ .Release.Name }} + {{- end }} + containers: + - name: {{ template "tca.fullname" . }}-client + image: "{{ .Values.tca.client.image.repository }}:{{ .Values.tca.client.image.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["python3"] + args: ["codepuppy.py", "start", "-t", "$(CODEDOG_TOKEN)", "--create-from", "docker", "--tag", "CodeDog_Linux"] + envFrom: + - configMapRef: + name: client-env + env: + - name: _HASH_ENV_ + value: {{ include (print $.Template.BasePath "/client/configmap-env.yaml") . | sha256sum }} + - name: _HASH_CONFIG_ + value: {{ include (print $.Template.BasePath "/client/configmap-conf.yaml") . | sha256sum }} + lifecycle: + preStop: + exec: + command: + - sleep + - '20' + resources: +{{ toYaml .Values.tca.client.resources | indent 12 }} + volumeMounts: + - mountPath: /workspace/client/config.ini + subPath: config.ini + name: client-config-conf + volumes: + - configMap: + items: + - key: config.ini + mode: 420 + path: config.ini + name: {{ template "tca.fullname" . }}-client-config + name: client-config-conf +--- +{{- if .Values.tca.client.autoscaling.enabled }} +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "tca.fullname" . }}-client + labels: + k8s-app: {{ template "tca.fullname" . }}-client + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: StatefulSet + name: {{ template "tca.fullname" . }}-client + minReplicas: {{ .Values.tca.client.autoscaling.minReplicas }} + maxReplicas: {{ .Values.tca.client.autoscaling.maxReplicas }} + metrics: + {{- if .Values.tca.client.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.tca.client.autoscaling.targetMemory }} + {{- end }} + {{- if .Values.tca.client.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.tca.client.autoscaling.targetCPU }} + {{- end }} +{{- end }} diff --git a/helm-charts/tca/templates/db/configmap-initdb.yaml b/helm-charts/tca/templates/db/configmap-initdb.yaml new file mode 100644 index 000000000..3557e8432 --- /dev/null +++ b/helm-charts/tca/templates/db/configmap-initdb.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "tca.fullname" . }}-db-init +data: + init.sql: | + CREATE DATABASE IF NOT EXISTS {{ .Values.tca.main.settings.dbName }} CHARACTER SET UTF8mb4 COLLATE utf8mb4_general_ci; + CREATE DATABASE IF NOT EXISTS {{ .Values.tca.analysis.settings.dbName }} CHARACTER SET UTF8mb4 COLLATE utf8mb4_general_ci; + CREATE DATABASE IF NOT EXISTS {{ .Values.tca.login.settings.dbName }} CHARACTER SET UTF8mb4 COLLATE utf8mb4_general_ci; + CREATE DATABASE IF NOT EXISTS {{ .Values.tca.file.settings.dbName }} CHARACTER SET UTF8mb4 COLLATE utf8mb4_general_ci; \ No newline at end of file diff --git a/helm-charts/tca/templates/db/initdb-job.yaml b/helm-charts/tca/templates/db/initdb-job.yaml new file mode 100644 index 000000000..61b8a8f5c --- /dev/null +++ b/helm-charts/tca/templates/db/initdb-job.yaml @@ -0,0 +1,70 @@ +{{- if .Values.externalMySQL.host }} +apiVersion: batch/v1 +kind: Job +metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-db-init-job + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "tca.fullname" . }}-db-init-job + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + ttlSecondsAfterFinished: 100 + template: + metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-db-init-job + release: {{ .Release.Name }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.tca.podAntiAffinity.enable }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ .Values.tca.podAntiAffinity.topologyKey }}" + labelSelector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-db-init-job + release: {{ .Release.Name }} + {{- end }} + containers: + - name: {{ template "tca.fullname" . }}-db-init-job + image: "{{ .Values.tca.main.image.repository }}:{{ .Values.tca.main.image.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["/bin/bash"] + args: ["-c", "mysql --user=$(MYSQL_USER) --host=$(MYSQL_HOST) --port=$(MYSQL_PORT) < /sql/init.sql"] + env: + - name: MYSQL_HOST + value: {{ .Values.externalMySQL.host | quote }} + - name: MYSQL_PORT + value: {{ .Values.externalMySQL.port | quote }} + - name: MYSQL_USER + value: {{ .Values.externalMySQL.username | quote }} + - name: MYSQL_PWD + value: {{ .Values.externalMySQL.password | quote }} + volumeMounts: + - mountPath: /sql/ + name: db-init + resources: +{{ toYaml .Values.tca.main.beat.resources | indent 12 }} + volumes: + - configMap: + items: + - key: init.sql + mode: 420 + path: init.sql + name: {{ template "tca.fullname" . }}-db-init + name: db-init + restartPolicy: Never + backoffLimit: 2 +{{- end }} diff --git a/helm-charts/tca/templates/db/waitdb-job.yaml b/helm-charts/tca/templates/db/waitdb-job.yaml new file mode 100644 index 000000000..ef0a79b3a --- /dev/null +++ b/helm-charts/tca/templates/db/waitdb-job.yaml @@ -0,0 +1,58 @@ +apiVersion: batch/v1 +kind: Job +metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-db-wait-job + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "tca.fullname" . }}-db-wait-job + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + ttlSecondsAfterFinished: 100 + template: + metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-db-wait-job + release: {{ .Release.Name }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.tca.podAntiAffinity.enable }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ .Values.tca.podAntiAffinity.topologyKey }}" + labelSelector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-db-wait-job + release: {{ .Release.Name }} + {{- end }} + containers: + - name: {{ template "tca.fullname" . }}-db-wait-job + image: "{{ .Values.tca.main.image.repository }}:{{ .Values.tca.main.image.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["bash"] + args: ["bin/wait.sh", "$(TCA_DB_HOST):$(TCA_DB_PORT)", "$(TCA_REDIS_HOST):$(TCA_REDIS_PORT)"] + env: + - name: TCA_DB_HOST + value: {{ include "tca.database.host" . | quote }} + - name: TCA_DB_PORT + value: {{ include "tca.database.port" . | quote }} + - name: TCA_REDIS_HOST + value: {{ include "tca.redis.host" . | quote }} + - name: TCA_REDIS_PORT + value: {{ include "tca.redis.port" . | quote }} + + resources: +{{ toYaml .Values.tca.main.beat.resources | indent 12 }} + restartPolicy: Never + backoffLimit: 2 \ No newline at end of file diff --git a/helm-charts/tca/templates/file/configmap-env.yaml b/helm-charts/tca/templates/file/configmap-env.yaml new file mode 100644 index 000000000..10abd8e78 --- /dev/null +++ b/helm-charts/tca/templates/file/configmap-env.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: tca-file-env +data: + DAEMON: {{ .Values.tca.commonConfig.daemonFlag | quote}} + SERVER_ACCESS_LOG: {{ .Values.tca.commonConfig.accessLogPath | quote }} + SERVER_ERROR_LOG: {{ .Values.tca.commonConfig.errorLogPath | quote }} + API_TICKET_SALT: {{ .Values.tca.commonConfig.apiTicketSalt }} + API_TICKET_TOKEN: {{ .Values.tca.commonConfig.apiTicketToken }} + FILE_SITE_URL: {{ .Values.tca.commonConfig.publicUrl }} + FILE_SENTRY_DSN: {{ .Values.tca.commonConfig.sentryDsn | quote }} + FILE_SERVER_PROCESS_NUM: {{ .Values.tca.file.server.processNum | quote }} + FILE_SERVER_PORT: {{ .Values.tca.file.server.port | quote }} + DJANGO_SETTINGS_MODULE: {{ .Values.tca.file.settings.base.module }} + FILE_DEBUG_MODE: {{ .Values.tca.file.settings.base.debugMode | quote }} + FILE_SECRET_KEY: {{ .Values.tca.commonConfig.secretKey }} + FILE_STORAGE_CLIENT: {{ .Values.tca.file.settings.storageClient }} + FILE_STORAGE_DIR: {{ .Values.tca.file.settings.local.dirPath }} + FILE_TENCENT_COS_ENABLED: {{ .Values.tca.file.settings.tencentcos.enabled | quote }} + TENCENT_COS_APPID: {{ .Values.tca.file.settings.tencentcos.appId | quote }} + TENCENT_COS_SECRETID: {{ .Values.tca.file.settings.tencentcos.secretId | quote }} + TENCENT_COS_SECRETKEY: {{ .Values.tca.file.settings.tencentcos.secretKey | quote }} + TENCENT_COS_REGION: {{ .Values.tca.file.settings.tencentcos.region | quote }} + TENCENT_COS_ROOT_BUCKET: {{ .Values.tca.file.settings.tencentcos.rootBucket | quote }} + FILE_MINIO_ENABLED: {{ .Values.tca.file.settings.minio.enabled | quote }} + FILE_MINIO_ENTRYPOINT: {{ .Values.tca.file.settings.minio.entrypoint | quote }} + FILE_MINIO_ACCESS_KEY: {{ .Values.tca.file.settings.minio.accessKey | quote }} + FILE_MINIO_SECRET_KEY: {{ .Values.tca.file.settings.minio.secretKey | quote }} + FILE_DB_NAME: {{ .Values.tca.file.settings.dbName | quote }} + # DB相关配置,优先使用 Values.tca.file.settings.customDB 配置,默认使用 tca.database + FILE_DB_USER: {{ .Values.tca.file.settings.customDB.user | default ( include "tca.database.username" . ) }} + FILE_DB_PASSWORD: {{ .Values.tca.file.settings.customDB.password | default ( include "tca.database.password" . ) }} + FILE_DB_HOST: {{ .Values.tca.file.settings.customDB.host | default ( include "tca.database.host" . ) }} + FILE_DB_PORT: {{ .Values.tca.file.settings.customDB.port | default ( include "tca.database.port" . ) | quote }} + # 内部服务通信配置 + MAIN_SERVER_URL: http://{{ template "tca.fullname" . }}-main + FILE_SERVER_URL: http://{{ template "tca.fullname" . }}-gateway/files/ diff --git a/helm-charts/tca/templates/file/configmap-nginx.yaml b/helm-charts/tca/templates/file/configmap-nginx.yaml new file mode 100644 index 000000000..55f2ec4e6 --- /dev/null +++ b/helm-charts/tca/templates/file/configmap-nginx.yaml @@ -0,0 +1,266 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "tca.fullname" . }}-file-nginx-configmap +data: + nginx.conf: | + worker_processes 4; + worker_cpu_affinity auto; + + error_log /var/log/nginx/file_error.log; + error_log /dev/stdout; + + + events { + worker_connections 1024; + use epoll; + } + + http { + include mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for" "$upstream_addr" "$upstream_status" $request_time $upstream_response_time'; + + access_log /var/log/nginx/file_access.log main; + access_log /dev/stdout; + + sendfile on; + tcp_nopush on; + keepalive_timeout 0; + rewrite_log on; + log_subrequest on; + client_max_body_size 0; + client_header_timeout 10m; + client_body_timeout 10m; + proxy_connect_timeout 10m; + proxy_read_timeout 10m; + proxy_send_timeout 10m; + proxy_max_temp_file_size 0; + +{{ if eq .Values.tca.file.settings.minio.enabled "true" }} + server { + include mime.types; + default_type application/octet-stream; + access_log /var/log/nginx/nginx_file_access.log; + access_log /dev/stdout; + error_log /var/log/nginx/nginx_file_error.log; + error_log /dev/stdout; + sendfile on; + tcp_nopush on; + keepalive_timeout 0; + rewrite_log on; + log_subrequest on; + client_max_body_size 0; + client_header_timeout 10m; + client_body_timeout 10m; + proxy_connect_timeout 10m; + proxy_read_timeout 10m; + proxy_send_timeout 10m; + proxy_max_temp_file_size 0; + listen 80; + server_name 0.0.0.0; + + location / { + proxy_pass http://127.0.0.1:8804; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-Port $server_port; + proxy_set_header X-Real-Scheme $scheme; + proxy_set_header X-Script-Name /files; + } + + location /files { + auth_request /ngx_cos_auth; + auth_request_set $cos_host $sent_http_req_host; + auth_request_set $req_path $sent_http_req_path; + auth_request_set $err_type $sent_http_err_type; + auth_request_set $err_msg $sent_http_err_msg; + auth_request_set $auth_status $upstream_status; + + auth_request_set $auth $sent_http_authorization; + auth_request_set $x_amz_date $sent_http_x_amz_date; + auth_request_set $x_amz_content_sha256 $sent_http_x_amz_content_sha256; + auth_request_set $content_md5 $sent_http_content_md5; + + auth_request_set $redirect_url $sent_http_redirect_url; + error_page 401 @no_auth; + error_page 500 403 = /ngx_failback; + + proxy_set_header AUTHORIZATION $auth; + proxy_set_header Host $cos_host; + proxy_set_header x-amz-date $x_amz_date; + proxy_set_header content-md5 $content_md5; + proxy_set_header x-amz-content-sha256 $x_amz_content_sha256; + + proxy_buffering off; + proxy_pass http://$cos_host$req_path; + if ($request_method = GET) { + add_header Content-Disposition "attachment;"; + } + post_action /ngx_file_log; + } + + location @no_auth{ + if ($redirect_url){ + return 302 $redirect_url; + } + return 401; + } + + location = /ngx_failback { + internal; + proxy_set_header err-type $err_type; + proxy_set_header err-msg $err_msg; + proxy_pass http://$server_name:$server_port/api/files/error; + } + location = /ngx_cos_auth { + internal; + proxy_method $request_method; + proxy_pass http://$server_name:$server_port/api/files/auth$request_uri; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + } + location = /ngx_file_log { + internal; + proxy_set_header pre-method $request_method; + proxy_set_header pre-uri $request_uri; + proxy_set_header pre-request $request; + proxy_set_header pre-status $status; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + proxy_method $request_method; + proxy_pass http://$server_name:$server_port/api/files/logs; + } + } +{{else if eq .Values.tca.file.settings.tencentcos.enabled "true" }} + server { + include mime.types; + default_type application/octet-stream; + access_log /var/log/nginx/nginx_file_access.log; + access_log /dev/stdout; + error_log /var/log/nginx/nginx_file_error.log; + error_log /dev/stdout; + sendfile on; + tcp_nopush on; + keepalive_timeout 0; + rewrite_log on; + log_subrequest on; + client_max_body_size 0; + client_header_timeout 10m; + client_body_timeout 10m; + proxy_connect_timeout 10m; + proxy_read_timeout 10m; + proxy_send_timeout 10m; + proxy_max_temp_file_size 0; + listen 80; + server_name 0.0.0.0; + location / { + proxy_pass http://127.0.0.1:8804; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-Port $server_port; + proxy_set_header X-Real-Scheme $scheme; + proxy_set_header X-Script-Name /files; + } + location /files { + auth_request /ngx_cos_auth; + auth_request_set $cos_host $sent_http_req_host; + auth_request_set $req_path $sent_http_req_path; + auth_request_set $err_type $sent_http_err_type; + auth_request_set $err_msg $sent_http_err_msg; + auth_request_set $auth_status $upstream_status; + auth_request_set $auth $sent_http_authorization; + auth_request_set $x_amz_date $sent_http_x_amz_date; + auth_request_set $x_amz_content_sha256 $sent_http_x_amz_content_sha256; + auth_request_set $content_md5 $sent_http_content_md5; + auth_request_set $redirect_url $sent_http_redirect_url; + error_page 401 @no_auth; + error_page 500 403 = /ngx_failback; + proxy_set_header AUTHORIZATION $auth; + proxy_set_header Host $cos_host; + proxy_set_header x-cos-meta-md5 $sent_http_ftp_md5; + resolver 8.8.8.8; + proxy_buffering off; + proxy_pass http://$cos_host$req_path; + if ($request_method = GET) { + add_header Content-Disposition "attachment;"; + } + post_action /ngx_file_log; + } + location @no_auth{ + if ($redirect_url){ + return 302 $redirect_url; + } + return 401; + } + location = /ngx_failback { + internal; + proxy_set_header err-type $err_type; + proxy_set_header err-msg $err_msg; + proxy_pass http://$server_name:$server_port/api/files/error; + } + location = /ngx_cos_auth { + internal; + proxy_method $request_method; + proxy_pass http://$server_name:$server_port/api/files/auth$request_uri; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + } + location = /ngx_file_log { + internal; + proxy_set_header pre-method $request_method; + proxy_set_header pre-uri $request_uri; + proxy_set_header pre-request $request; + proxy_set_header pre-status $status; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + proxy_method $request_method; + proxy_pass http://$server_name:$server_port/api/files/logs; + } + } +{{- else }} + server { + listen 80; + server_name 0.0.0.0; + underscores_in_headers on; + client_max_body_size 0; + client_header_timeout 10m; + client_body_timeout 10m; + proxy_connect_timeout 10m; + proxy_read_timeout 10m; + proxy_send_timeout 10m; + proxy_max_temp_file_size 0; + access_log /var/log/nginx/nginx_file_access.log; + # access_log /dev/stdout; + error_log /var/log/nginx/nginx_file_error.log; + error_log /dev/stdout; + + location = /files/codedog/healthcheck/ { + proxy_pass http://127.0.0.1:8804/healthcheck/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-Port $server_port; + proxy_set_header X-Real-Scheme $scheme; + proxy_set_header X-Script-Name /files; + } + + location /files/ { + proxy_pass http://127.0.0.1:8804/api/files/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-Port $server_port; + proxy_set_header X-Real-Scheme $scheme; + proxy_set_header X-Script-Name /files; + } + } +{{- end }} + } \ No newline at end of file diff --git a/helm-charts/tca/templates/file/initdata-job.yaml b/helm-charts/tca/templates/file/initdata-job.yaml new file mode 100644 index 000000000..2bd847146 --- /dev/null +++ b/helm-charts/tca/templates/file/initdata-job.yaml @@ -0,0 +1,54 @@ + +apiVersion: batch/v1 +kind: Job +metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-file-init-job + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "tca.fullname" . }}-file-init-job + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "5" +spec: + ttlSecondsAfterFinished: 100 + template: + metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-file-init-job + release: {{ .Release.Name }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.tca.podAntiAffinity.enable }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ .Values.tca.podAntiAffinity.topologyKey }}" + labelSelector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-file-init-job + release: {{ .Release.Name }} +{{- end }} + containers: + - name: {{ template "tca.fullname" . }}-file-init-job + image: "{{ .Values.tca.file.image.repository }}:{{ .Values.tca.file.image.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["bash"] + args: ["./bin/init.sh"] + envFrom: + - configMapRef: + name: tca-file-env + env: + - name: _HASH_ENV_ + value: {{ include (print $.Template.BasePath "/file/configmap-env.yaml") . | sha256sum }} + resources: +{{ toYaml .Values.tca.file.server.resources | indent 12 }} + restartPolicy: Never + backoffLimit: 2 diff --git a/helm-charts/tca/templates/file/server-deployment.yaml b/helm-charts/tca/templates/file/server-deployment.yaml new file mode 100644 index 000000000..402108484 --- /dev/null +++ b/helm-charts/tca/templates/file/server-deployment.yaml @@ -0,0 +1,131 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-file-server + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "tca.fullname" . }}-file-server +spec: + selector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-file-server + release: {{ .Release.Name }} + template: + metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-file-server + release: {{ .Release.Name }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.tca.podAntiAffinity.enable }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ .Values.tca.podAntiAffinity.topologyKey }}" + labelSelector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-file-server + release: {{ .Release.Name }} + {{- end }} + containers: + - name: {{ template "tca.fullname" . }}-file-server + image: "{{ .Values.tca.file.image.repository }}:{{ .Values.tca.file.image.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["gunicorn"] + args: ["codedog_file_server.wsgi", "-c", "file.gunicorn.conf.py"] + envFrom: + - configMapRef: + name: tca-file-env + env: + - name: _HASH_ENV_ + value: {{ include (print $.Template.BasePath "/file/configmap-env.yaml") . | sha256sum }} + lifecycle: + preStop: + exec: + command: + - sleep + - '20' + resources: +{{ toYaml .Values.tca.file.resources | indent 12 }} + volumeMounts: + - mountPath: {{ .Values.tca.file.settings.local.dirPath }} + name: tca-file-data + - name: {{ template "tca.fullname" . }}-file-nginx + image: "{{ .Values.tca.gateway.image.repository }}:{{ .Values.tca.gateway.image.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + env: + - name: _HASH_CONFIG_ + value: {{ include (print $.Template.BasePath "/file/configmap-nginx.yaml") . | sha256sum }} + resources: +{{ toYaml .Values.tca.file.resources | indent 12 }} + volumeMounts: + - mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + name: file-nginx-conf + - mountPath: {{ .Values.tca.file.settings.local.dirPath }} + name: tca-file-data + ports: + - name: http + containerPort: 80 + protocol: TCP + volumes: + - name: file-nginx-conf + configMap: + items: + - key: nginx.conf + mode: 420 + path: nginx.conf + name: {{ template "tca.fullname" . }}-file-nginx-configmap + - name: tca-file-data + {{- if .Values.tca.file.settings.local.volumes.nfsServer }} + nfs: + server: {{ .Values.tca.file.settings.local.volumes.nfsServer }} + path: {{ .Values.tca.file.settings.local.volumes.nfsPath }} + {{- else }} + emptyDir: {} + {{- end }} +--- +{{- if .Values.tca.file.server.autoscaling.enabled }} +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "tca.fullname" . }}-file-server + labels: + k8s-app: {{ template "tca.fullname" . }}-file-server + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "tca.fullname" . }}-file-server + minReplicas: {{ .Values.tca.file.server.autoscaling.minReplicas }} + maxReplicas: {{ .Values.tca.file.server.autoscaling.maxReplicas }} + metrics: + {{- if .Values.tca.file.server.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.tca.file.server.autoscaling.targetMemory }} + {{- end }} + {{- if .Values.tca.file.server.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.tca.file.server.autoscaling.targetCPU }} + {{- end }} +{{- end }} diff --git a/helm-charts/tca/templates/file/service.yaml b/helm-charts/tca/templates/file/service.yaml new file mode 100644 index 000000000..e7b38af31 --- /dev/null +++ b/helm-charts/tca/templates/file/service.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "tca.fullname" . }}-file + labels: + k8s-app: {{ template "tca.fullname" . }}-file-server + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.tca.file.server.service.type }} + ports: + - name: http + port: {{ .Values.tca.file.server.service.ports.http }} + protocol: TCP + targetPort: http + {{- if (and (or (eq .Values.tca.file.server.service.type "NodePort") (eq .Values.tca.file.server.service.type "LoadBalancer")) (not (empty .Values.tca.file.server.service.nodePorts.http))) }} + nodePort: {{ .Values.tca.file.server.service.nodePorts.http }} + {{- else if eq .Values.tca.file.server.service.type "ClusterIP" }} + nodePort: null + {{- end }} + selector: + k8s-app: {{ template "tca.fullname" . }}-file-server + release: {{ .Release.Name }} diff --git a/helm-charts/tca/templates/file/servicemonitor.yaml b/helm-charts/tca/templates/file/servicemonitor.yaml new file mode 100644 index 000000000..8c18b68ed --- /dev/null +++ b/helm-charts/tca/templates/file/servicemonitor.yaml @@ -0,0 +1,14 @@ +{{- if .Values.metrics.enable }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "tca.fullname" . }}-file-server +spec: + selector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-file-server + endpoints: + - port: http + path: /prometheus/metrics + interval: 30s +{{- end }} \ No newline at end of file diff --git a/helm-charts/tca/templates/gateway/configmap.yaml b/helm-charts/tca/templates/gateway/configmap.yaml new file mode 100644 index 000000000..fe553e4c8 --- /dev/null +++ b/helm-charts/tca/templates/gateway/configmap.yaml @@ -0,0 +1,95 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "tca.fullname" . }}-nginx-configmap +data: + tca_backend.conf: | + server { + listen 80; + server_name 0.0.0.0; + charset utf-8; + client_max_body_size 5G; + access_log /dev/stdout; + access_log /var/log/nginx/nginx_codedog_access.log; + error_log /dev/stdout; + error_log /var/log/nginx/nginx_codedog_error.log; + + location /main/ { + proxy_pass http://{{ template "tca.fullname" . }}-main/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-Port $server_port; + proxy_set_header X-Real-Scheme $scheme; + proxy_set_header X-Script-Name /main; + } + + location /analysis/ { + auth_request /urlauth/; + auth_request_set $user $upstream_http_x_codedog_user; + auth_request_set $ticket $upstream_http_x_codedog_ticket; + proxy_set_header X-CodeDog-User $user; + proxy_set_header X-CodeDog-Ticket $ticket; + if ($request_method = OPTIONS) { + add_header Content-Length 0; + add_header Content-Type text/plain; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"; + add_header Access-Control-Allow-Origin $http_origin; + add_header Access-Control-Allow-Headers "Authorization, Content-Type, X-CSRFToken"; + add_header Access-Control-Allow-Credentials true; + return 200; + } + proxy_pass http://{{ template "tca.fullname" . }}-analysis/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-Port $server_port; + proxy_set_header X-Real-Scheme $scheme; + proxy_set_header X-Script-Name /analysis; + } + + location /credential/ { + proxy_pass http://{{ template "tca.fullname" . }}-login/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-Port $server_port; + proxy_set_header X-Real-Scheme $scheme; + proxy_set_header X-Script-Name /credential; + } + + location /files/ { + auth_request /urlauth/; + auth_request_set $user $upstream_http_x_codedog_user; + auth_request_set $ticket $upstream_http_x_codedog_ticket; + proxy_set_header X-CodeDog-User "codedog"; + proxy_set_header X-CodeDog-Ticket $ticket; + if ($request_method = OPTIONS) { + add_header Content-Length 0; + add_header Content-Type text/plain; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"; + add_header Access-Control-Allow-Origin $http_origin; + add_header Access-Control-Allow-Headers "Authorization, Content-Type, X-CSRFToken"; + add_header Access-Control-Allow-Credentials true; + return 200; + } + proxy_pass http://{{ template "tca.fullname" . }}-file/files/codedog/; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-Port $server_port; + proxy_set_header X-Real-Scheme $scheme; + } + + location = /urlauth/ { + internal; + client_max_body_size 5G; + proxy_pass http://{{ template "tca.fullname" . }}-main/api/authen/urlauth/; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + proxy_set_header X-Original-URI $request_uri; + } + location / { + default_type text/html; + return 200 'Weclome to TCA'; + } + } diff --git a/helm-charts/tca/templates/gateway/deployment.yaml b/helm-charts/tca/templates/gateway/deployment.yaml new file mode 100644 index 000000000..0aa108875 --- /dev/null +++ b/helm-charts/tca/templates/gateway/deployment.yaml @@ -0,0 +1,124 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-gateway + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "tca.fullname" . }}-gateway +spec: + selector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-gateway + release: {{ .Release.Name }} + template: + metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-gateway + release: {{ .Release.Name }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.tca.podAntiAffinity.enable }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ .Values.tca.podAntiAffinity.topologyKey }}" + labelSelector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-gateway + release: {{ .Release.Name }} + {{- end }} + containers: + - name: {{ template "tca.fullname" . }}-gateway + image: "{{ .Values.tca.gateway.image.repository }}:{{ .Values.tca.gateway.image.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + env: + - name: __HASH_CONFIG_ + value: {{ include (print $.Template.BasePath "/gateway/configmap.yaml") . | sha256sum }} + ports: + - name: http + containerPort: 80 + protocol: TCP + lifecycle: + preStop: + exec: + command: + - sleep + - '20' + livenessProbe: + failureThreshold: 10 + httpGet: + path: / + port: 80 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 20 + successThreshold: 1 + timeoutSeconds: 2 + readinessProbe: + failureThreshold: 5 + httpGet: + path: / + port: 80 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + resources: +{{ toYaml .Values.tca.gateway.resources | indent 12 }} + volumeMounts: + - mountPath: /etc/nginx/conf.d/ + name: local-conf + volumes: + - configMap: + items: + - key: tca_backend.conf + mode: 420 + path: tca_backend.conf + name: {{ template "tca.fullname" . }}-nginx-configmap + name: local-conf +--- +{{- if .Values.tca.gateway.autoscaling.enabled }} +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "tca.fullname" . }}-gateway + labels: + k8s-app: {{ template "tca.fullname" . }}-gateway + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "tca.fullname" . }}-gateway + minReplicas: {{ .Values.tca.gateway.autoscaling.minReplicas }} + maxReplicas: {{ .Values.tca.gateway.autoscaling.maxReplicas }} + metrics: + {{- if .Values.tca.gateway.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.tca.gateway.autoscaling.targetMemory }} + {{- end }} + {{- if .Values.tca.gateway.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.tca.gateway.autoscaling.targetCPU }} + {{- end }} +{{- end }} diff --git a/helm-charts/tca/templates/gateway/service.yaml b/helm-charts/tca/templates/gateway/service.yaml new file mode 100644 index 000000000..8ef552fcb --- /dev/null +++ b/helm-charts/tca/templates/gateway/service.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "tca.fullname" . }}-gateway + labels: + k8s-app: {{ template "tca.fullname" . }}-gateway + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.tca.gateway.service.type }} + {{- if and .Values.tca.gateway.service.clusterIP (eq .Values.tca.gateway.service.type "ClusterIP") }} + clusterIP: {{ .Values.tca.gateway.service.clusterIP }} + {{- end }} + {{- if or (eq .Values.tca.gateway.service.type "LoadBalancer") (eq .Values.tca.gateway.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.tca.gateway.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.tca.gateway.service.type "LoadBalancer") (not (empty .Values.tca.gateway.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.tca.gateway.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.tca.gateway.service.type "LoadBalancer") (not (empty .Values.tca.gateway.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.tca.gateway.service.loadBalancerIP }} + {{- end }} + ports: + - name: http + port: {{ .Values.tca.gateway.service.ports.http }} + protocol: TCP + targetPort: http + {{- if (and (or (eq .Values.tca.gateway.service.type "NodePort") (eq .Values.tca.gateway.service.type "LoadBalancer")) (not (empty .Values.tca.gateway.service.nodePorts.http))) }} + nodePort: {{ .Values.tca.gateway.service.nodePorts.http }} + {{- else if eq .Values.tca.gateway.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.tca.gateway.service.ports.https }} + - name: https + port: {{ .Values.tca.gateway.service.ports.https }} + protocol: TCP + targetPort: {{ .Values.tca.gateway.service.httpsTargetPort }} + {{- if (and (or (eq .Values.tca.gateway.service.type "NodePort") (eq .Values.tca.gateway.service.type "LoadBalancer")) (not (empty .Values.tca.gateway.service.nodePorts.https))) }} + nodePort: {{ .Values.tca.gateway.service.nodePorts.https }} + {{- else if eq .Values.tca.gateway.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- end }} + selector: + k8s-app: {{ template "tca.fullname" . }}-gateway + release: {{ .Release.Name }} diff --git a/helm-charts/tca/templates/ingress.yml b/helm-charts/tca/templates/ingress.yml new file mode 100644 index 000000000..eeea66321 --- /dev/null +++ b/helm-charts/tca/templates/ingress.yml @@ -0,0 +1,23 @@ +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ template "tca.fullname" . }}-ingress + labels: + k8s-app: {{ template "tca.fullname" . }}-ingress + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} +spec: + rules: + - host: {{ .Values.tca.commonConfig.publicUrl }} + http: + paths: + - backend: + service: + name: {{ template "tca.fullname" . }}-web + port: + number: 80 + path: / + pathType: Prefix +{{- end }} \ No newline at end of file diff --git a/helm-charts/tca/templates/login/configmap.yaml b/helm-charts/tca/templates/login/configmap.yaml new file mode 100644 index 000000000..e3166909d --- /dev/null +++ b/helm-charts/tca/templates/login/configmap.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: login-env +data: + DAEMON: {{ .Values.tca.commonConfig.daemonFlag | quote}} + SERVER_ACCESS_LOG: {{ .Values.tca.commonConfig.accessLogPath | quote }} + SERVER_ERROR_LOG: {{ .Values.tca.commonConfig.errorLogPath | quote }} + API_TICKET_SALT: {{ .Values.tca.commonConfig.apiTicketSalt }} + API_TICKET_TOKEN: {{ .Values.tca.commonConfig.apiTicketToken }} + PASSWORD_KEY: {{ .Values.tca.commonConfig.passwordKey }} + LOGIN_SENTRY_DSN: {{ .Values.tca.commonConfig.sentryDsn | quote }} + TCA_DEFAULT_ADMIN: {{ .Values.tca.commonConfig.defaultAdmin }} + TCA_DEFAULT_PASSWORD: {{ .Values.tca.commonConfig.defaultPassword }} + LOGIN_SECRET_KEY: {{ .Values.tca.commonConfig.secretKey }} + LOGIN_SERVER_PROCESS_NUM: {{ .Values.tca.login.server.processNum | quote }} + LOGIN_SERVER_PORT: {{ .Values.tca.login.server.port | quote }} + DJANGO_SETTINGS_MODULE: {{ .Values.tca.login.settings.base.module }} + LOGIN_DEBUG_MODE: {{ .Values.tca.login.settings.base.debugMode | quote }} + LOGIN_DB_NAME: {{ .Values.tca.login.settings.dbName }} + # DB相关配置,优先使用 Values.tca.login.settings.customDB 配置,默认使用 tca.database + LOGIN_DB_USER: {{ .Values.tca.login.settings.customDB.user | default ( include "tca.database.username" . ) }} + LOGIN_DB_PASSWORD: {{ .Values.tca.login.settings.customDB.password | default ( include "tca.database.password" . ) }} + LOGIN_DB_HOST: {{ .Values.tca.login.settings.customDB.host | default ( include "tca.database.host" . ) }} + LOGIN_DB_PORT: {{ .Values.tca.login.settings.customDB.port | default ( include "tca.database.port" . ) | quote }} diff --git a/helm-charts/tca/templates/login/initdata-job.yaml b/helm-charts/tca/templates/login/initdata-job.yaml new file mode 100644 index 000000000..8f5694528 --- /dev/null +++ b/helm-charts/tca/templates/login/initdata-job.yaml @@ -0,0 +1,54 @@ + +apiVersion: batch/v1 +kind: Job +metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-login-init-job + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "tca.fullname" . }}-login-init-job + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "5" +spec: + ttlSecondsAfterFinished: 100 + template: + metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-login-init-job + release: {{ .Release.Name }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.tca.podAntiAffinity.enable }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ .Values.tca.podAntiAffinity.topologyKey }}" + labelSelector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-login-init-job + release: {{ .Release.Name }} + {{- end }} + containers: + - name: {{ template "tca.fullname" . }}-login-init-job + image: "{{ .Values.tca.login.image.repository }}:{{ .Values.tca.login.image.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["bash"] + args: ["./bin/init.sh"] + envFrom: + - configMapRef: + name: login-env + env: + - name: _HASH_CONFIG_ + value: {{ include (print $.Template.BasePath "/login/configmap.yaml") . | sha256sum }} + resources: +{{ toYaml .Values.tca.login.server.resources | indent 12 }} + restartPolicy: Never + backoffLimit: 2 diff --git a/helm-charts/tca/templates/login/server-deployment.yaml b/helm-charts/tca/templates/login/server-deployment.yaml new file mode 100644 index 000000000..e51eb9d35 --- /dev/null +++ b/helm-charts/tca/templates/login/server-deployment.yaml @@ -0,0 +1,100 @@ +{{- if .Values.tca.login.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-login-server + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "tca.fullname" . }}-login-server +spec: + selector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-login-server + release: {{ .Release.Name }} + template: + metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-login-server + release: {{ .Release.Name }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.tca.podAntiAffinity.enable }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ .Values.tca.podAntiAffinity.topologyKey }}" + labelSelector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-login-server + release: {{ .Release.Name }} + {{- end }} + containers: + - name: {{ template "tca.fullname" . }}-login-server + image: "{{ .Values.tca.login.image.repository }}:{{ .Values.tca.login.image.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["gunicorn"] + args: ["apps.wsgi", "--preload", "-c", "login.gunicorn.conf.py"] + envFrom: + - configMapRef: + name: login-env + env: + - name: _HASH_CONFIG_ + value: {{ include (print $.Template.BasePath "/login/configmap.yaml") . | sha256sum }} + ports: + - name: http + containerPort: {{ .Values.tca.login.server.port }} + protocol: TCP + lifecycle: + preStop: + exec: + command: + - sleep + - '20' + resources: +{{ toYaml .Values.tca.login.server.resources | indent 12 }} +--- +{{- if .Values.tca.login.server.autoscaling.enabled }} +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "tca.fullname" . }}-login-server + labels: + k8s-app: {{ template "tca.fullname" . }}-login-server + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "tca.fullname" . }}-login-server + minReplicas: {{ .Values.tca.login.server.autoscaling.minReplicas }} + maxReplicas: {{ .Values.tca.login.server.autoscaling.maxReplicas }} + metrics: + {{- if .Values.tca.login.server.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.tca.login.server.autoscaling.targetMemory }} + {{- end }} + {{- if .Values.tca.login.server.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.tca.login.server.autoscaling.targetCPU }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/helm-charts/tca/templates/login/service.yaml b/helm-charts/tca/templates/login/service.yaml new file mode 100644 index 000000000..45204c98a --- /dev/null +++ b/helm-charts/tca/templates/login/service.yaml @@ -0,0 +1,27 @@ +{{- if .Values.tca.login.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "tca.fullname" . }}-login + labels: + k8s-app: {{ template "tca.fullname" . }}-login-server + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.tca.login.server.service.type }} + ports: + - name: http + port: {{ .Values.tca.login.server.service.ports.http }} + protocol: TCP + targetPort: http + {{- if (and (or (eq .Values.tca.login.server.service.type "NodePort") (eq .Values.tca.login.server.service.type "LoadBalancer")) (not (empty .Values.tca.login.server.service.nodePorts.http))) }} + nodePort: {{ .Values.tca.login.server.service.nodePorts.http }} + {{- else if eq .Values.tca.login.server.service.type "ClusterIP" }} + nodePort: null + {{- end }} + selector: + k8s-app: {{ template "tca.fullname" . }}-login-server + release: {{ .Release.Name }} +{{- end }} \ No newline at end of file diff --git a/helm-charts/tca/templates/login/servicemonitor.yaml b/helm-charts/tca/templates/login/servicemonitor.yaml new file mode 100644 index 000000000..1364a704a --- /dev/null +++ b/helm-charts/tca/templates/login/servicemonitor.yaml @@ -0,0 +1,16 @@ +{{- if .Values.tca.login.enabled }} +{{- if .Values.metrics.enable }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "tca.fullname" . }}-login-server +spec: + selector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-login-server + endpoints: + - port: http + path: /prometheus/metrics + interval: 30s +{{- end }} +{{- end }} \ No newline at end of file diff --git a/helm-charts/tca/templates/main/beat-deployment.yaml b/helm-charts/tca/templates/main/beat-deployment.yaml new file mode 100644 index 000000000..8f369426d --- /dev/null +++ b/helm-charts/tca/templates/main/beat-deployment.yaml @@ -0,0 +1,84 @@ +{{- if .Values.tca.main.beat.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-main-beat + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "tca.fullname" . }}-main-beat +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-main-beat + release: {{ .Release.Name }} + strategy: + type: Recreate + template: + metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-main-beat + release: {{.Release.Name}} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- if .Values.tca.podAntiAffinity.enable }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ .Values.tca.podAntiAffinity.topologyKey }}" + labelSelector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-main-beat + release: {{ .Release.Name }} +{{- end }} + containers: + - name: {{ template "tca.fullname" . }}-main-beat + image: "{{ .Values.tca.main.image.repository }}:{{ .Values.tca.main.image.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["celery"] + args: ["-A", "codedog", "beat", "-S", "redbeat.RedBeatScheduler", "-l", "INFO"] + env: + - name: _HASH_CONFIG_ + value: {{ include (print $.Template.BasePath "/main/configmap.yaml") . | sha256sum }} + envFrom: + - configMapRef: + name: main-env + lifecycle: + preStop: + exec: + command: + - sleep + - '70' + resources: +{{ toYaml .Values.tca.main.beat.resources | indent 12 }} +--- +{{- if and (.Values.tca.main.beat.autoscaling) (.Values.tca.main.beat.resources) }} +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "tca.fullname" . }}-main-beat + labels: + k8s-app: {{ template "tca.fullname" . }}-main-beat + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "tca.fullname" . }}-main-beat + minReplicas: {{ .Values.tca.main.beat.autoscaling.minReplicas }} + maxReplicas: {{ .Values.tca.main.beat.autoscaling.maxReplicas }} + metrics: +{{ toYaml .Values.tca.main.beat.autoscaling.metrics | indent 4 }} +{{- end }} +{{- end }} diff --git a/helm-charts/tca/templates/main/configmap.yaml b/helm-charts/tca/templates/main/configmap.yaml new file mode 100644 index 000000000..c7e707d66 --- /dev/null +++ b/helm-charts/tca/templates/main/configmap.yaml @@ -0,0 +1,40 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: main-env +data: + DAEMON: {{ .Values.tca.commonConfig.daemonFlag | quote}} + SERVER_ACCESS_LOG: {{ .Values.tca.commonConfig.accessLogPath | quote }} + SERVER_ERROR_LOG: {{ .Values.tca.commonConfig.errorLogPath | quote }} + API_TICKET_SALT: {{ .Values.tca.commonConfig.apiTicketSalt }} + API_TICKET_TOKEN: {{ .Values.tca.commonConfig.apiTicketToken }} + MAIN_SENTRY_DSN: {{ .Values.tca.commonConfig.sentryDsn | quote }} + LOCAL_DOMAIN: {{ .Values.tca.commonConfig.publicUrl }} + WEB_SERVER_URL: {{ .Values.tca.commonConfig.publicUrl }} + PASSWORD_KEY: {{ .Values.tca.commonConfig.passwordKey }} + NODE_TICKET_SALT: {{ .Values.tca.commonConfig.nodeTicketSalt }} + CODEDOG_TOKEN: {{ .Values.tca.commonConfig.defaultToken }} + MAIN_SECRET_KEY: {{ .Values.tca.commonConfig.secretKey }} + CELERY_WORKER_NUM: {{ .Values.tca.main.worker.num | quote }} + MAIN_SERVER_PORT: {{ .Values.tca.main.server.port | quote }} + MAIN_SERVER_PROCESS_NUM: {{ .Values.tca.main.server.processNum | quote }} + DJANGO_SETTINGS_MODULE: {{ .Values.tca.main.settings.base.module }} + MAIN_DEBUG_MODE: {{ .Values.tca.main.settings.base.debugMode | quote }} + HTTPS_CLONE_FLAG: {{ .Values.tca.main.settings.base.httpsCloneFlag | quote }} + MAIN_DB_NAME: {{ .Values.tca.main.settings.dbName }} + MAIN_REDIS_DBID: {{ .Values.tca.main.settings.redisDBId | quote }} + # DB相关配置,优先使用 Values.tca.main.settings.customDB 配置,默认使用 tca.database + MAIN_DB_USER: {{ .Values.tca.main.settings.customDB.user | default ( include "tca.database.username" . ) }} + MAIN_DB_PASSWORD: {{ .Values.tca.main.settings.customDB.password | default ( include "tca.database.password" . ) }} + MAIN_DB_HOST: {{ .Values.tca.main.settings.customDB.host | default ( include "tca.database.host" . ) }} + MAIN_DB_PORT: {{ .Values.tca.main.settings.customDB.port | default ( include "tca.database.port" . ) | quote }} + # Redis相关配置,优先使用 Values.tca.main.settings.customRedis 配置,默认使用 tca.redis + MAIN_REDIS_HOST: {{ .Values.tca.main.settings.customRedis.host | default ( include "tca.redis.host" . ) | quote }} + MAIN_REDIS_PORT: {{ .Values.tca.main.settings.customRedis.port | default ( include "tca.redis.port" . ) | quote }} + MAIN_REDIS_PASSWD: {{ .Values.tca.main.settings.customRedis.password | default ( include "tca.redis.password" . ) }} + # 内部服务通信配置 + MAIN_SERVER_URL: http://{{ template "tca.fullname" . }}-main + ANALYSE_SERVER_URL: http://{{ template "tca.fullname" . }}-analysis + LOGIN_SERVER_URL: http://{{ template "tca.fullname" . }}-login + FILE_SERVER_URL: http://{{ template "tca.fullname" . }}-gateway/files/ + SCMPROXY: http://{{ template "tca.fullname" . }}-scmproxy diff --git a/helm-charts/tca/templates/main/initdata-job.yaml b/helm-charts/tca/templates/main/initdata-job.yaml new file mode 100644 index 000000000..3a4aa3780 --- /dev/null +++ b/helm-charts/tca/templates/main/initdata-job.yaml @@ -0,0 +1,54 @@ + +apiVersion: batch/v1 +kind: Job +metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-main-init-job + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "tca.fullname" . }}-main-init-job + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "5" +spec: + ttlSecondsAfterFinished: 100 + template: + metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-main-init-job + release: {{ .Release.Name }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.tca.podAntiAffinity.enable }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ .Values.tca.podAntiAffinity.topologyKey }}" + labelSelector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-main-init-job + release: {{ .Release.Name }} + {{- end }} + containers: + - name: {{ template "tca.fullname" . }}-main-init-job + image: "{{ .Values.tca.main.image.repository }}:{{ .Values.tca.main.image.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["bash"] + args: ["./bin/init.sh"] + envFrom: + - configMapRef: + name: main-env + env: + - name: _HASH_CONFIG_ + value: {{ include (print $.Template.BasePath "/main/configmap.yaml") . | sha256sum }} + resources: +{{ toYaml .Values.tca.main.server.resources | indent 12 }} + restartPolicy: Never + backoffLimit: 2 diff --git a/helm-charts/tca/templates/main/server-deployment.yaml b/helm-charts/tca/templates/main/server-deployment.yaml new file mode 100644 index 000000000..76b6a5e96 --- /dev/null +++ b/helm-charts/tca/templates/main/server-deployment.yaml @@ -0,0 +1,118 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-main-server + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "tca.fullname" . }}-main-server +spec: + selector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-main-server + release: {{ .Release.Name }} + template: + metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-main-server + release: {{ .Release.Name }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.tca.podAntiAffinity.enable }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ .Values.tca.podAntiAffinity.topologyKey }}" + labelSelector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-main-server + release: {{ .Release.Name }} + {{- end }} + containers: + - name: {{ template "tca.fullname" . }}-main-server + image: "{{ .Values.tca.main.image.repository }}:{{ .Values.tca.main.image.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["gunicorn"] + args: ["codedog.wsgi", "-c", "main.gunicorn.conf.py"] + envFrom: + - configMapRef: + name: main-env + env: + - name: _HASH_CONFIG_ + value: {{ include (print $.Template.BasePath "/main/configmap.yaml") . | sha256sum }} + ports: + - name: http + containerPort: {{ .Values.tca.main.server.port }} + protocol: TCP + lifecycle: + preStop: + exec: + command: + - sleep + - '20' + livenessProbe: + failureThreshold: 10 + httpGet: + path: / + port: {{ .Values.tca.main.server.port }} + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 20 + successThreshold: 1 + timeoutSeconds: 2 + readinessProbe: + failureThreshold: 5 + httpGet: + path: / + port: {{ .Values.tca.main.server.port }} + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + resources: +{{ toYaml .Values.tca.main.resources | indent 12 }} +--- +{{- if .Values.tca.main.server.autoscaling }} +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "tca.fullname" . }}-main-server + labels: + k8s-app: {{ template "tca.fullname" . }}-main-server + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "tca.fullname" . }}-main-server + minReplicas: {{ .Values.tca.main.server.autoscaling.minReplicas }} + maxReplicas: {{ .Values.tca.main.server.autoscaling.maxReplicas }} + metrics: + {{- if .Values.tca.main.server.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.tca.main.server.autoscaling.targetMemory }} + {{- end }} + {{- if .Values.tca.main.server.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.tca.main.server.autoscaling.targetCPU }} + {{- end }} +{{- end }} diff --git a/helm-charts/tca/templates/main/service.yaml b/helm-charts/tca/templates/main/service.yaml new file mode 100644 index 000000000..c661c2e74 --- /dev/null +++ b/helm-charts/tca/templates/main/service.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "tca.fullname" . }}-main + labels: + k8s-app: {{ template "tca.fullname" . }}-main-server + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.tca.main.server.service.type }} + ports: + - name: http + port: {{ .Values.tca.main.server.service.ports.http }} + protocol: TCP + targetPort: http + {{- if (and (or (eq .Values.tca.main.server.service.type "NodePort") (eq .Values.tca.main.server.service.type "LoadBalancer")) (not (empty .Values.tca.main.server.service.nodePorts.http))) }} + nodePort: {{ .Values.tca.main.server.service.nodePorts.http }} + {{- else if eq .Values.tca.main.server.service.type "ClusterIP" }} + nodePort: null + {{- end }} + selector: + k8s-app: {{ template "tca.fullname" . }}-main-server + release: {{ .Release.Name }} diff --git a/helm-charts/tca/templates/main/servicemonitor.yaml b/helm-charts/tca/templates/main/servicemonitor.yaml new file mode 100644 index 000000000..efa25b998 --- /dev/null +++ b/helm-charts/tca/templates/main/servicemonitor.yaml @@ -0,0 +1,14 @@ +{{- if .Values.metrics.enable }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "tca.fullname" . }}-main-server +spec: + selector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-main-server + endpoints: + - port: http + path: /prometheus/metrics + interval: 30s +{{- end }} \ No newline at end of file diff --git a/helm-charts/tca/templates/main/worker-deployment.yaml b/helm-charts/tca/templates/main/worker-deployment.yaml new file mode 100644 index 000000000..eee50f6a7 --- /dev/null +++ b/helm-charts/tca/templates/main/worker-deployment.yaml @@ -0,0 +1,125 @@ +{{- if .Values.tca.main.worker.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-main-worker + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "tca.fullname" . }}-main-worker +spec: + selector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-main-worker + release: {{ .Release.Name }} + template: + metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-main-worker + release: {{.Release.Name}} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.tca.podAntiAffinity.enable }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ .Values.tca.podAntiAffinity.topologyKey }}" + labelSelector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-main-worker + release: {{ .Release.Name }} + {{- end }} + containers: + - name: {{ template "tca.fullname" . }}-main-worker + image: "{{ .Values.tca.main.image.repository }}:{{ .Values.tca.main.image.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["celery"] + args: ["-A", "codedog", "worker", "--concurrency=$(CELERY_WORKER_NUM)", "-l", "INFO"] + envFrom: + - configMapRef: + name: main-env + env: + - name: _HASH_CONFIG_ + value: {{ include (print $.Template.BasePath "/main/configmap.yaml") . | sha256sum }} + lifecycle: + preStop: + exec: + command: + - sleep + - '70' + livenessProbe: + exec: + command: + - /bin/sh + - '-c' + - >- + bash -c "celery -A codedog inspect ping + -d celery@$HOSTNAME" + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 60 + successThreshold: 1 + timeoutSeconds: 10 + readinessProbe: + exec: + command: + - /bin/sh + - '-c' + - >- + bash -c "celery -A codedog inspect ping + -d celery@$HOSTNAME" + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 40 + successThreshold: 1 + timeoutSeconds: 10 + resources: +{{ toYaml .Values.tca.main.worker.resources | indent 12 }} +--- +{{- if .Values.tca.main.worker.autoscaling.enabled }} +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "tca.fullname" . }}-main-worker + labels: + k8s-app: {{ template "tca.fullname" . }}-main-worker + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "tca.fullname" . }}-main-worker + minReplicas: {{ .Values.tca.main.worker.autoscaling.minReplicas }} + maxReplicas: {{ .Values.tca.main.worker.autoscaling.maxReplicas }} + metrics: + minReplicas: {{ .Values.tca.main.worker.autoscaling.minReplicas }} + maxReplicas: {{ .Values.tca.main.worker.autoscaling.maxReplicas }} + metrics: + {{- if .Values.tca.main.worker.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.tca.main.worker.autoscaling.targetMemory }} + {{- end }} + {{- if .Values.tca.main.worker.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.tca.main.worker.autoscaling.targetCPU }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/helm-charts/tca/templates/scmproxy/configmap.yaml b/helm-charts/tca/templates/scmproxy/configmap.yaml new file mode 100644 index 000000000..2303d535b --- /dev/null +++ b/helm-charts/tca/templates/scmproxy/configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: scmproxy-env +data: + SCMPROXY_PORT: {{ .Values.tca.scmproxy.port | quote }} + SCMPROXY_SENTRY_URL: {{ .Values.tca.commonConfig.sentryDsn | quote }} diff --git a/helm-charts/tca/templates/scmproxy/server-deployment.yaml b/helm-charts/tca/templates/scmproxy/server-deployment.yaml new file mode 100644 index 000000000..f5751074d --- /dev/null +++ b/helm-charts/tca/templates/scmproxy/server-deployment.yaml @@ -0,0 +1,98 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-scmproxy + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "tca.fullname" . }}-scmproxy +spec: + selector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-scmproxy + release: {{ .Release.Name }} + template: + metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-scmproxy + release: {{ .Release.Name }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.tca.podAntiAffinity.enable }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ .Values.tca.podAntiAffinity.topologyKey }}" + labelSelector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-scmproxy + release: {{ .Release.Name }} + {{- end }} + containers: + - name: {{ template "tca.fullname" . }}-scmproxy + image: "{{ .Values.tca.scmproxy.image.repository }}:{{ .Values.tca.scmproxy.image.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["python"] + args: ["proxyserver.py"] + lifecycle: + preStop: + exec: + command: + - sleep + - '20' + envFrom: + - configMapRef: + name: scmproxy-env + env: + - name: _HASH_CONF_ + value: {{ include (print $.Template.BasePath "/scmproxy/configmap.yaml") . | sha256sum }} + ports: + - name: http + containerPort: {{ .Values.tca.scmproxy.port }} + protocol: TCP + resources: +{{ toYaml .Values.tca.scmproxy.resources | indent 12 }} +--- +{{- if .Values.tca.scmproxy.autoscaling.enabled }} +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "tca.fullname" . }}-scmproxy + labels: + k8s-app: {{ template "tca.fullname" . }}-scmproxy + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "tca.fullname" . }}-scmproxy + minReplicas: {{ .Values.tca.scmproxy.autoscaling.minReplicas }} + maxReplicas: {{ .Values.tca.scmproxy.autoscaling.maxReplicas }} + metrics: + {{- if .Values.tca.scmproxy.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.tca.scmproxy.autoscaling.targetMemory }} + {{- end }} + {{- if .Values.tca.scmproxy.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.tca.scmproxy.autoscaling.targetCPU }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm-charts/tca/templates/scmproxy/service.yaml b/helm-charts/tca/templates/scmproxy/service.yaml new file mode 100644 index 000000000..790388600 --- /dev/null +++ b/helm-charts/tca/templates/scmproxy/service.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "tca.fullname" . }}-scmproxy + labels: + k8s-app: {{ template "tca.fullname" . }}-scmproxy + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.tca.scmproxy.service.type }} + ports: + - name: http + port: {{ .Values.tca.scmproxy.service.ports.http }} + protocol: TCP + targetPort: http + {{- if (and (or (eq .Values.tca.scmproxy.service.type "NodePort") (eq .Values.tca.scmproxy.service.type "LoadBalancer")) (not (empty .Values.tca.scmproxy.service.nodePorts.http))) }} + nodePort: {{ .Values.tca.scmproxy.service.nodePorts.http }} + {{- else if eq .Values.tca.scmproxy.service.type "ClusterIP" }} + nodePort: null + {{- end }} + selector: + k8s-app: {{ template "tca.fullname" . }}-scmproxy + release: {{ .Release.Name }} \ No newline at end of file diff --git a/helm-charts/tca/templates/web/configmap.yaml b/helm-charts/tca/templates/web/configmap.yaml new file mode 100644 index 000000000..4674aaefe --- /dev/null +++ b/helm-charts/tca/templates/web/configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: web-env +data: + SERVER_ENV: {{ template "tca.fullname" . }}-gateway + INGRESS_SERVER_NAME: {{ .Values.tca.web.serverName | quote }} + INGRESS_PORT: {{ .Values.tca.web.port | quote }} + NGINX_CONF_PATH: {{ .Values.tca.web.confPath | quote }} + NGINX_LOG_PATH: {{ .Values.tca.web.logPath | quote }} + WEB_DEPLOY_PATH: {{ .Values.tca.web.deployPath | quote }} + IS_DOCKER: {{ .Values.tca.web.isDocker | quote }} diff --git a/helm-charts/tca/templates/web/deployment.yaml b/helm-charts/tca/templates/web/deployment.yaml new file mode 100644 index 000000000..b9ed1ca80 --- /dev/null +++ b/helm-charts/tca/templates/web/deployment.yaml @@ -0,0 +1,118 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-web + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "tca.fullname" . }}-web +spec: + selector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-web + release: {{ .Release.Name }} + template: + metadata: + labels: + k8s-app: {{ template "tca.fullname" . }}-web + release: {{ .Release.Name }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.tca.podAntiAffinity.enable }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: "{{ .Values.tca.podAntiAffinity.topologyKey }}" + labelSelector: + matchLabels: + k8s-app: {{ template "tca.fullname" . }}-web + release: {{ .Release.Name }} + {{- end }} + containers: + - name: {{ template "tca.fullname" . }}-web + image: "{{ .Values.tca.web.image.repository }}:{{ .Values.tca.web.image.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["bash"] + args: ["scripts/deploy.sh", "init"] + envFrom: + - configMapRef: + name: web-env + env: + - name: __HASH_CONFIG_ + value: {{ include (print $.Template.BasePath "/gateway/configmap.yaml") . | sha256sum }} + ports: + - name: http + containerPort: 80 + protocol: TCP + lifecycle: + preStop: + exec: + command: + - sleep + - '20' + livenessProbe: + failureThreshold: 10 + httpGet: + path: / + port: 80 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 20 + successThreshold: 1 + timeoutSeconds: 2 + readinessProbe: + failureThreshold: 5 + httpGet: + path: / + port: 80 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + resources: +{{ toYaml .Values.tca.web.resources | indent 12 }} +--- +{{- if .Values.tca.web.autoscaling.enabled }} +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "tca.fullname" . }}-web + labels: + k8s-app: {{ template "tca.fullname" . }}-web + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "tca.fullname" . }}-web + minReplicas: {{ .Values.tca.web.autoscaling.minReplicas }} + maxReplicas: {{ .Values.tca.web.autoscaling.maxReplicas }} + metrics: + {{- if .Values.tca.web.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.tca.web.autoscaling.targetMemory }} + {{- end }} + {{- if .Values.tca.web.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.tca.web.autoscaling.targetCPU }} + {{- end }} +{{- end }} diff --git a/helm-charts/tca/templates/web/service.yaml b/helm-charts/tca/templates/web/service.yaml new file mode 100644 index 000000000..f748d7151 --- /dev/null +++ b/helm-charts/tca/templates/web/service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "tca.fullname" . }}-web + labels: + k8s-app: {{ template "tca.fullname" . }}-web + app: {{ template "tca.name" . }} + chart: {{ template "tca.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: NodePort + ports: + - name: http + port: {{ .Values.tca.web.service.ports.http }} + protocol: TCP + targetPort: http + nodePort: {{ .Values.tca.web.service.nodePorts.http }} + {{- if .Values.tca.web.service.ports.https }} + - name: https + port: {{ .Values.tca.web.service.ports.https }} + protocol: TCP + targetPort: {{ .Values.tca.web.service.httpsTargetPort }} + nodePort: {{ .Values.tca.web.service.nodePorts.https }} + {{- end }} + selector: + k8s-app: {{ template "tca.fullname" . }}-web + release: {{ .Release.Name }} diff --git a/helm-charts/tca/values.yaml b/helm-charts/tca/values.yaml new file mode 100644 index 000000000..3ada57116 --- /dev/null +++ b/helm-charts/tca/values.yaml @@ -0,0 +1,715 @@ +## @section Global parameters +## Global Docker image parameters +## @param global.imagePullPolicy TCA all image pull policy +## @param global.imagePullSecrets Global Docker registry secret names as an array +global: + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + imagePullPolicy: IfNotPresent + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + +## @section Metrics parameters +## +metrics: + ## @param metrics.enabled start servicemonitor to expose TCA metrics + ## Notice: TCA all services will support metrics soon. + ## + enable: false + +## @section Ingress parameters +## ref: https://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## @param ingress.enabled Enable ingress record generation for TCA + ## + enabled: true + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-body-size: "10240m" + +## @section nginx-ingress-controller parameters +## ref: https://github.com/bitnami/charts/tree/master/bitnami/nginx-ingress-controller +## +nginx-ingress-controller: + ## @param nginx-ingress-controller.enabled Enable nginx-ingress-controller deployment for TCA + ## + enabled: true + defaultBackend: + enabled: false + +## @section redis parameters +## ref: https://github.com/bitnami/charts/tree/master/bitnami/redis +## +redis: + ## @param redis.enabled Enable redis deployment for TCA + ## + enabled: true + auth: + enabled: true + password: tca2022 + +## @section externalRedis parameters +## +## Notice: Before using externalRedis, please disable deploying redis with helm! +externalRedis: + ## @param externalRedis.host External Redis service host name + ## @param externalRedis.port External Redis service port number + ## @param externalRedis.password External Redis service auth password + ## + host: "" + port: "" + password: "" + +## @section mariadb parameters +## ref: https://github.com/bitnami/charts/tree/master/bitnami/mariadb +## +mariadb: + ## @param mariadb.enabled Enable mariadb deployment for TCA + ## + enabled: true + auth: + rootPassword: Tca2022 + database: codedog_main + primary: + persistence: + size: 100Gi + initdbScriptsConfigMap: tca-db-init + +## @section externalMySQL parameters +## +## Notice: Before using externalMySQL, please disable deploying mariadb with helm! +externalMySQL: + ## @param externalMySQL.host External Mariadb service host name + ## @param externalMySQL.port External Mariadb service port number + ## @param externalMySQL.username External Mariadb service auth username + ## @param externalMySQL.password External Mariadb service auth password + ## + host: "" + port: "" + username: "" + password: "" + +tca: + podAntiAffinity: + enable: false + topologyKey: "kubernetes.io/hostname" + + ## TCA common config parameters + ## + commonConfig: + ## @param commonConfig.publicUrl TCA web public url, default "dev.tca.com" + ## + publicUrl: "dev.tca.com" + ## @param commonConfig.daemonFlag TCA server debug mode, default "False" + ## + daemonFlag: "False" + ## @param commonConfig.accessLogPath TCA server access log path, using "-" will print access log with STDOUT + ## + accessLogPath: "-" + ## @param commonConfig.errorLogPath TCA server error log path, using "-" will print error log with STDOUT + ## + errorLogPath: "-" + ## @param commonConfig.apiTicketSalt TCA server internal api ticket salt + ## @param commonConfig.apiTicketToken TCA server internal api ticket token + ## @param commonConfig.passwordKey TCA server internal encryption key for sensitive data + ## @param commonConfig.nodeTicketSalt TCA server internal encryption key for node connection + ## @param commonConfig.secretKey TCA server django secert key + ## Notice: + ## - ticket salt and password key generation way: use any 16 or 32 ascii characters. + ## - api ticket token generation way: use any ascii characters. + ## + apiTicketSalt: "a6x4c7esudcv396w" + apiTicketToken: "tca@public@2021" + passwordKey: "a6x4c7esudcv396w" + nodeTicketSalt: "a6x4c7esudcv396w" + secretKey: "25n=e*_e=4q!ert$4u#9v&^2n+)_#mi7&7ll@x29@j=w=k^q@^" + ## @param commonConfig.defaultAdmin TCA server default user username, use any 16 ascii characters. + ## @param commonConfig.defaultPassword TCA server default user password, use any 16 ascii characters. + ## @param commonConfig.defaultToken TCA server default user token, use any 40 ascii characters. + ## + defaultAdmin: "CodeDog" + defaultPassword: "admin" + defaultToken: "0712b895f30c5e958ec71a7c22e1b1a2ad1d5c6b" + ## @param commonConfig.sentryDsn TCA server sentry url config + ## + sentryDsn: "" + ## @param commonConfig.useLocalTool Using local tools prepared in advance. + ## @param commonConfig.toolLoadUsername Tencent Git Username for TCA client pulling analysis tools + ## @param commonConfig.toolLoadPassword Tencent Git Password for TCA client pulling analysis tools + ## + useLocalTool: "False" + toolLoadUsername: "private" + toolLoadPassword: "gJDAHmgA50AtXj6utNXF" + ## @param commonConfig.clsServerUrl CLS server url + ## @param commonConfig.clsServerLicense CLS server license + ## + clsServerUrl: "" + clsServerLicense: "" + + ## TCA web: frontend service + ## + web: + image: + repository: tencenttca/tca-web + tag: latest + resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 100m + memory: 200Mi + ## @param tca.web.autoscaling TCA Web auto scaling config + ## + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPU: "" + targetMemory: "" + ## @param tca.web.serverName TCA web serverName config for nginx + ## @param tca.web.port TCA web port config for nginx + ## + serverName: "0.0.0.0" + port: "80" + confPath: "/etc/nginx/conf.d" + logPath: "/var/log/nginx" + deployPath: "/usr/share/nginx/www" + isDocker: "TRUE" + routeListenerDataType: "host" + service: + ## @param tca.web.service.type TCA Web service type + ## + type: NodePort + ## @param tca.web.service.ports.http TCA web service HTTP port + ## @param tca.web.service.ports.https TCA web service HTTPS port + ## + ports: + http: 80 + https: "" + ## @param tca.web.service.httpsTargetPort Target port for HTTPS + ## + httpsTargetPort: https + ## Node ports to expose + ## @param tca.web.service.nodePorts.http Node port for HTTP + ## @param tca.web.service.nodePorts.https Node port for HTTPS + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + https: "" + + ## TCA main: Manage config with project, job and scan rules. + ## + main: + image: + repository: tencenttca/tca-main + tag: latest + ## TCA main server config + ## + server: + ## @param tca.main.server.port A port for main server listening + ## @param tca.analysis.server.processNum The number of processes main server is running + ## + port: 80 + processNum: 8 + resources: + limits: + cpu: "1000m" + memory: "2Gi" + requests: + cpu: "200m" + memory: "500Mi" + ## TCA main server service config + ## + service: + ## @param tca.main.server.service.type TCA Main server service type + ## + type: NodePort + ## @param tca.main.server.service.ports.http TCA Main server service HTTP port + ## + ports: + http: 80 + ## Node ports to expose + ## @param tca.main.server.service.nodePorts.http Node port for HTTP + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + ## @param tca.main.server.autoscaling : TCA Main Server auto scaling config + ## + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPU: "" + targetMemory: "" + ## TCA main worker: Async tasks worker. + ## + worker: + ## @param tca.main.worker.enabled Enable main worker starting + ## @param tca.main.worker.num TCA main worker num + ## + enabled: true + num: 2 + resources: + limits: + cpu: "1000m" + memory: "2Gi" + requests: + cpu: "200m" + memory: "500Mi" + ## TCA main worker auto scaling config + ## + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPU: "" + targetMemory: "" + ## TCA main beat: Scheduled tasks delivery. + ## + beat: + ## @param tca.main.beat.enabled Enable main worker starting + ## + enabled: true + resources: + limits: + cpu: "500m" + memory: "1Gi" + requests: + cpu: "100m" + memory: "100Mi" + ## TCA main settings + ## + settings: + base: + ## @param tca.main.settings.module TCA main server setting module + ## @param tca.main.settings.debugMode Debug mode + ## @param tca.main.settings.httpsCloneFlag default using https scm url + ## + module: codedog.settings.open_env + debugMode: "true" + httpsCloneFlag: "true" + ## TCA main db config + ## Notice: + ## - Using tca.main.settings.customDB config first, if exists. Default using internal mariadb config or externalMysql + ## + dbName: "codedog_main" + customDB: + host: "" + port: "" + user: "" + password: "" + ## TCA main redis config + ## Notice: + ## - Using tca.main.settings.customRedis config first, if exists. Default using internal redis config or externalRedis + ## + redisDBId: 1 + customRedis: + host: "" + port: "" + password: "" + + + ## TCA analysis: Manage result from lint and metric tools. + ## + analysis: + image: + repository: tencenttca/tca-analysis + tag: latest + server: + ## @param tca.analysis.server.port A port for analysis server listening + ## @param tca.analysis.server.processNum The number of processes analysis server is running + ## + port: 80 + processNum: 8 + resources: + limits: + cpu: "1000m" + memory: "2Gi" + requests: + cpu: "200m" + memory: "500Mi" + ## TCA analysis server service config + ## + service: + ## @param tca.analysis.server.service.type TCA Analysis server service type + ## + type: NodePort + ## @param tca.analysis.server.service.ports.http TCA Analysis server service HTTP port + ## + ports: + http: 80 + ## Node ports to expose + ## @param tca.analysis.server.service.nodePorts.http Node port for HTTP + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + ## TCA analysis server auto scaling config + ## + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPU: "" + targetMemory: "" + ## TCA analysis worker: Async tasks worker for saving result. + ## + worker: + ## @param tca.analysis.worker.enabled Enable analysis worker starting + ## @param tca.analysis.worker.num TCA analysis worker num + ## + enabled: true + num: 2 + resources: + limits: + cpu: "1000m" + memory: "4Gi" + requests: + cpu: "500m" + memory: "2Gi" + ## TCA analysis worker auto scaling config + ## + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPU: "" + targetMemory: "" + ## TCA analysis settings + ## + settings: + base: + ## @param tca.analysis.settings.module TCA analysis server setting module + ## @param tca.analysis.settings.debugMode Debug mode + ## + module: codedog.settings.open_env + debugMode: "true" + ## TCA analysis db config + ## Notice: + ## - Using tca.analysis.settings.customDB config first, if exists. Default using internal mariadb config or externalMysql + ## + dbName: "codedog_analysis" + customDB: + host: "" + port: "" + user: "" + password: "" + ## TCA analysis redis config + ## Notice: + ## - Using tca.analysis.settings.customRedis config first, if exists. Default using internal redis config or externalRedis + redisDBId: 0 + customRedis: + host: "" + port: "" + password: "" + + ## TCA login: TCA login server. + ## + login: + image: + repository: tencenttca/tca-login + tag: latest + ## @param tca.login.worker.enabled Enable login server starting + ## + enabled: true + server: + ## @param tca.login.server.port A port for login server listening + ## @param tca.login.server.processNum The number of processes login server is running + ## + port: 80 + processNum: 8 + resources: + limits: + cpu: "1000m" + memory: "1Gi" + requests: + cpu: "200m" + memory: "500Mi" + ## TCA login server service config + ## + service: + ## @param tca.login.server.service.type TCA Login server service type + ## + type: NodePort + ## @param tca.login.server.service.ports.http TCA Login server service HTTP port + ## + ports: + http: 80 + ## Node ports to expose + ## @param tca.login.server.service.nodePorts.http Node port for HTTP + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + ## TCA login server auto scaling config + ## + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPU: "" + targetMemory: "" + ## TCA login settings + ## + settings: + base: + ## @param tca.login.settings.module TCA login server setting module + ## @param tca.login.settings.debugMode Debug mode + ## + module: apps.settings.open_env + debugMode: "true" + ## TCA login db config + ## Notice: + ## - Using tca.login.settings.customDB config first, if exists. Default using internal mariadb config or externalMysql + ## + dbName: "codedog_login" + customDB: + host: "" + port: "" + user: "" + password: "" + + ## TCA file: TCA file server. + ## + file: + image: + repository: tencenttca/tca-file + tag: latest + server: + ## @param tca.file.server.port A port for file server listening + ## @param tca.file.server.processNum The number of processes file server is running + ## + port: 8804 + processNum: 8 + resources: + limits: + cpu: "1000m" + memory: "2Gi" + requests: + cpu: "200m" + memory: "500Mi" + ## TCA file server service config + ## + service: + ## @param tca.file.server.service.type TCA File server service type + ## + type: NodePort + ## @param tca.file.server.service.ports.http TCA File server service HTTP port + ## + ports: + http: 80 + ## Node ports to expose + ## @param tca.file.server.service.nodePorts.http Node port for HTTP + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + ## TCA file server auto scaling config + ## + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPU: "" + targetMemory: "" + ## TCA file settings + ## + settings: + base: + ## @param tca.file.settings.module TCA file server setting module + ## @param tca.file.settings.debugMode Debug mode + ## + module: codedog_file_server.settings + debugMode: "true" + ## TCA file db config + ## Notice: + ## - Using tca.file.settings.customDB config first, if exists. Default using internal mariadb config or externalMysql + ## + dbName: "codedog_file" + customDB: + host: "" + port: "" + user: "" + password: "" + ## @param tca.file.settings.storageClient TCA file storage mode: local/cos/minio + ## + storageClient: "local" + local: + ## @param tca.file.settings.local.dirpath The path saving files on TCA file server + ## + dirPath: "/data/file" + ## TCA File nfs volume config + ## @param tca.file.settings.local.volumes.nfsServer The NFS server for TCA File server + ## @param tca.file.settings.local.volumes.nfsPath The NFS server path for TCA File server + ## + volumes: + nfsServer: "" + nfsPath: "" + tencentcos: + ## @param tca.file.settings.tencentcos.enabled Enable using cos to save files + ## @param tca.file.settings.tencentcos.appId TencentCloud Cos appId + ## @param tca.file.settings.tencentcos.secretId TencentCloud Cos secretId + ## @param tca.file.settings.tencentcos.secretKey TencentCloud Cos secretKey + ## @param tca.file.settings.tencentcos.region TencentCloud Cos region + ## @param tca.file.settings.tencentcos.rootBucket TencentCloud Cos root bucket name + ## + enabled: "false" + appId: "" + secretId: "" + secretKey: "" + region: "" + rootBucket: "" + minio: + ## @param tca.file.settings.minio.enabled Enable using minio to save files + ## @param tca.file.settings.minio.entrypoint MinIO server url + ## @param tca.file.settings.minio.accessKey MinIO server access key + ## @param tca.file.settings.minio.secretKey MinIO server secret key + ## + enabled: "false" + entrypoint: "" + accessKey: "" + secretKey: "" + + ## TCA scmproxy: TCA scm proxy for tgit/github/gitlab... + ## + scmproxy: + image: + repository: tencenttca/tca-scmproxy + tag: latest + ## @param tca.scmproxy.port A port for scmproxy server listening + ## + port: 80 + ## @param tca.scmproxy.privateScmUrl private scm url, such as gitlab + ## + privateScmUrl: "" + resources: + limits: + cpu: "1000m" + memory: "2Gi" + requests: + cpu: "300m" + memory: "500Mi" + ## TCA scmproxy server auto scaling config + ## + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPU: "" + targetMemory: "" + ## TCA scmproxy server service config + ## + service: + ## @param tca.scmproxy.service.type TCA ScmProxy service type + ## + type: NodePort + ## @param tca.scmproxy.service.ports.http TCA ScmProxy service HTTP port + ## + ports: + http: 80 + ## Node ports to expose + ## @param tca.scmproxy.service.nodePorts.http Node port for HTTP + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + + ## TCA client: TCA client analysing code + ## + client: + image: + repository: tencenttca/tca-client + tag: latest + ## @param tca.client.enabled Enable TCA client starting + ## + enabled: true + resources: + limits: + cpu: "4000m" + memory: "8Gi" + requests: + cpu: "1000m" + memory: "2Gi" + ## TCA client auto scaling config + ## + autoscaling: + enabled: true + minReplicas: 2 + maxReplicas: 4 + targetCPU: "" + targetMemory: "" + + ## TCA gateway: TCA gateway for all servers + ## + gateway: + image: + repository: nginx + tag: 1.13.7 + resources: + limits: + cpu: "1000m" + memory: "1Gi" + requests: + cpu: "100m" + memory: "100Mi" + ## TCA gateway server service config + ## + service: + ## @param tca.gateway.service.type TCA gateway service type + ## + type: NodePort + ## @param tca.gateway.service.ports.http TCA gateway service HTTP port + ## @param tca.gateway.service.ports.https TCA gateway service HTTPS port + ## + ports: + http: 80 + https: "" + ## Node ports to expose + ## @param tca.gateway.service.nodePorts.http Node port for HTTP + ## @param tca.gateway.service.nodePorts.https Node port for HTTPS + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + https: "" + ## @param tca.gateway.service.clusterIP TCA gateway service Cluster IP + ## + clusterIP: "" + ## @param tca.gateway.service.loadBalancerIP TCA gateway service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges TCA gateway service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy TCA gateway service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## TCA gateway server auto scaling config + ## + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPU: "" + targetMemory: ""