├── helm-deploy ├── .gitignore ├── codo_mid │ ├── templates │ │ ├── _helpers.tpl │ │ ├── redis.yaml │ │ ├── mysql.yaml │ │ ├── rabbitmq.yaml │ │ └── etcd.yaml │ ├── .helmignore │ ├── images.yaml │ ├── migrate_scripts │ │ └── migrate_db.sql │ ├── Chart.yaml │ └── values.yaml ├── cloud-agent-operator │ ├── biz │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── secret-imagepull.yaml │ │ │ ├── service_account.yaml │ │ │ ├── _helpers.tpl │ │ │ ├── ao_service.yaml │ │ │ ├── rbac.yaml │ │ │ ├── role_binding.yaml │ │ │ ├── ao_configmap.yaml │ │ │ └── ao_statefulset.yaml │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ └── values.yaml │ └── intra │ │ └── redis.yaml ├── codo │ ├── templates │ │ ├── secret-imagepull.yaml │ │ ├── NOTES.txt │ │ ├── k2 │ │ │ ├── service-k2.yaml │ │ │ ├── deployment-k2.yaml │ │ │ └── configmap-k2.yaml │ │ ├── cmdb │ │ │ ├── service-cmdb.yaml │ │ │ └── deployment-cmdb.yaml │ │ ├── gateway │ │ │ ├── service-gateway.yaml │ │ │ ├── ingress-gateway.yaml │ │ │ └── deployment-gateway.yaml │ │ ├── admin │ │ │ ├── service-adminv4.yaml │ │ │ ├── deployment-adminv4.yaml │ │ │ └── configmap-adminv4.yaml │ │ ├── frontend │ │ │ ├── service-frontend.yaml │ │ │ ├── ingress-frontend.yaml │ │ │ └── deployment-frontend.yaml │ │ ├── cloud-agent-operator │ │ │ ├── service_account.yaml │ │ │ ├── ao_service.yaml │ │ │ ├── rbac.yaml │ │ │ ├── role_binding.yaml │ │ │ ├── ao_configmap.yaml │ │ │ └── ao_statefulset.yaml │ │ ├── flow-servers │ │ │ ├── service-control.yaml │ │ │ ├── deployment-loop.yaml │ │ │ ├── deployment-queue.yaml │ │ │ ├── deployment-control.yaml │ │ │ ├── deployment-task-log.yaml │ │ │ ├── deployment-agent-log.yaml │ │ │ ├── deployment-exec-task.yaml │ │ │ ├── deployment-task-scheduler.yaml │ │ │ ├── configmap-task-scheduler.yaml │ │ │ ├── configmap-loop.yaml │ │ │ ├── configmap-queue.yaml │ │ │ ├── configmap-control.yaml │ │ │ ├── configmap-task-log.yaml │ │ │ └── configmap-agent-log.yaml │ │ ├── gateway_external │ │ │ ├── service-gateway.yaml │ │ │ ├── ingress-gateway.yaml │ │ │ └── deployment-gateway.yaml │ │ ├── agent-server │ │ │ ├── ingress.yaml │ │ │ ├── service.yaml │ │ │ ├── deployment.yaml │ │ │ └── configmap.yaml │ │ ├── cnmp │ │ │ ├── service.yaml │ │ │ ├── deployment.yaml │ │ │ └── configmap.yaml │ │ └── notice │ │ │ ├── service.yaml │ │ │ └── deployment.yaml │ ├── .helmignore_without_crd │ ├── .helmignore │ ├── README.md │ ├── Chart.yaml │ ├── images.yaml │ └── scripts │ │ └── gateway_init_etcd.sh ├── README.md ├── quick_start │ ├── operator.sh │ └── all_in_one.sh └── crds │ └── cloud-agent-operator │ └── rbac.yaml ├── docs ├── img │ ├── 搭建总图.jpeg │ └── 新建业务.jpeg └── 流程搭建指南-管理必看.md ├── docker-deploy ├── rabbitmq │ ├── Dockerfile │ └── init.sh ├── .gitignore ├── deploy_middleware.sh ├── codo-agent-server │ ├── conf.yaml │ ├── ca.crt │ └── ca.key ├── cnmp │ └── config.yaml ├── README.md ├── codo-gateway │ └── conf │ │ ├── app.example.json │ │ └── init_discovery.json ├── build_images.sh ├── init_app.sh ├── notice │ └── config.yaml ├── docker-compose-middle.yaml ├── .env └── gen_config.sh ├── README.md ├── .gitignore └── codo-agent-install-steps.md /helm-deploy/.gitignore: -------------------------------------------------------------------------------- 1 | data/ 2 | .env -------------------------------------------------------------------------------- /helm-deploy/codo_mid/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /helm-deploy/cloud-agent-operator/biz/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Hello world 2 | -------------------------------------------------------------------------------- /docs/img/搭建总图.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opendevops-cn/codo-deploy-docs/HEAD/docs/img/搭建总图.jpeg -------------------------------------------------------------------------------- /docs/img/新建业务.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opendevops-cn/codo-deploy-docs/HEAD/docs/img/新建业务.jpeg -------------------------------------------------------------------------------- /docs/流程搭建指南-管理必看.md: -------------------------------------------------------------------------------- 1 | # 文章前言 2 | 3 | 关于流程开发的最佳实践以及pi全流程,我们已有详细的视频教程:[xxx]()。从22min - 60min 4 | 是实机演示搭建一个流水线的所有步骤。如果有懒得看文字的小伙伴可以直接查看视频学习哦~! 5 | 不想看这么多,想快速开始? 移步 CODO流程开发服务享受一站式服务。 6 | ![图片](./img/搭建总图.jpeg) 7 | 8 | # 第一步:前置任务篇 9 | 10 | ## 全新项目必看: 11 | 12 | > 权限开通联系管理员 13 | 14 | 1. 新建业务 15 | ![图片](./img/新建业务.jpeg) 16 | 17 | ## 已有项目请看: 18 | - 请确保拥有CODO对业务权限 -------------------------------------------------------------------------------- /helm-deploy/codo/templates/secret-imagepull.yaml: -------------------------------------------------------------------------------- 1 | {{- if ne .Values.imagePullSecret "" -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "imagepullsecret.uname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | type: kubernetes.io/dockerconfigjson 8 | data: 9 | .dockerconfigjson: {{ .Values.imagePullSecret }} 10 | {{- end -}} -------------------------------------------------------------------------------- /helm-deploy/cloud-agent-operator/biz/templates/secret-imagepull.yaml: -------------------------------------------------------------------------------- 1 | {{- if ne .Values.imagePullSecret "" -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "imagepullsecret.uname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | type: kubernetes.io/dockerconfigjson 8 | data: 9 | .dockerconfigjson: {{ .Values.imagePullSecret }} 10 | {{- end -}} -------------------------------------------------------------------------------- /docker-deploy/rabbitmq/Dockerfile: -------------------------------------------------------------------------------- 1 | # Dockerfile 2 | 3 | # 使用官方 RabbitMQ 镜像作为基础镜像 4 | #FROM rabbitmq:3.11 5 | FROM registry.cn-shanghai.aliyuncs.com/ss1917/rabbitmq:3.11 6 | 7 | # 复制定义的 RabbitMQ 配置文件 8 | #COPY rabbitmq.conf /etc/rabbitmq/rabbitmq.conf 9 | 10 | # 添加自定义脚本以在容器启动时创建 vhost、用户并进行授权 11 | COPY init.sh /init.sh 12 | RUN chmod +x /init.sh 13 | 14 | # 在容器启动时运行初始化脚本 15 | CMD ["/init.sh"] -------------------------------------------------------------------------------- /docker-deploy/.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | node_modules 3 | /dist 4 | 5 | package-lock.json 6 | 7 | /tests/e2e/videos/ 8 | /tests/e2e/screenshots/ 9 | 10 | codo-gateway/conf/app.json 11 | 12 | # local env files 13 | .env.local 14 | .env.*.local 15 | 16 | # Log files 17 | npm-debug.log* 18 | yarn-debug.log* 19 | yarn-error.log* 20 | 21 | # Editor directories and files 22 | .idea 23 | .vscode 24 | *.suo 25 | *.ntvs* 26 | *.njsproj 27 | *.sln 28 | *.sw* 29 | 30 | build/env.js -------------------------------------------------------------------------------- /helm-deploy/codo_mid/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /helm-deploy/codo/.helmignore_without_crd: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ -------------------------------------------------------------------------------- /helm-deploy/codo/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | CHART NAME: {{ .Chart.Name }} 2 | CHART VERSION: {{ .Chart.Version }} 3 | APP VERSION: {{ .Chart.AppVersion }} 4 | 5 | {{- if .Values.diagnosticMode.enabled }} 6 | -----------------------------------欢迎使用CODO------------------------------------ 7 | CODO Web 地址: {{ .Values.frontendIngressHost }} 8 | 9 | 如有bug或者不合理的地方,可以通过邮箱反馈1084430062@qq.com 10 | ---------------------------------------------------------------------------------- 11 | 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /helm-deploy/cloud-agent-operator/biz/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/k2/service-k2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "k2.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "k2.labels" . | nindent 4}} 8 | spec: 9 | selector: 10 | {{- include "k2.selectorLabels" . | nindent 4}} 11 | ports: 12 | - name: {{ template "k2.uname" . }} 13 | protocol: TCP 14 | port: {{ required "k2ListenPort is required" .Values.k2ListenPort }} 15 | targetPort: http -------------------------------------------------------------------------------- /helm-deploy/codo/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | templates/cloud-agent-operator -------------------------------------------------------------------------------- /helm-deploy/codo/templates/cmdb/service-cmdb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "cmdb.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "cmdb.labels" . | nindent 4}} 8 | spec: 9 | selector: 10 | {{- include "cmdb.selectorLabels" . | nindent 4}} 11 | ports: 12 | - name: {{ template "cmdb.uname" . }} 13 | protocol: TCP 14 | port: {{ required "cmdbListenPort is required" .Values.cmdbListenPort }} 15 | targetPort: http 16 | 17 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/gateway/service-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "gateway.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "gateway.labels" . | nindent 4}} 8 | spec: 9 | selector: 10 | {{- include "gateway.selectorLabels" . | nindent 4}} 11 | ports: 12 | - name: gateway-01 13 | protocol: TCP 14 | port: {{ required "gatewayListenPort is required" .Values.gatewayListenPort }} 15 | targetPort: gateway-01 16 | 17 | 18 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/admin/service-adminv4.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "adminv4.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "adminv4.labels" . | nindent 4}} 8 | spec: 9 | selector: 10 | {{- include "adminv4.selectorLabels" . | nindent 4}} 11 | ports: 12 | - name: {{ template "adminv4.uname" . }} 13 | protocol: TCP 14 | port: {{ required "adminv4ListenPort is required" .Values.adminv4ListenPort }} 15 | targetPort: http 16 | 17 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/frontend/service-frontend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "frontend.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "frontend.labels" . | nindent 4}} 8 | spec: 9 | selector: 10 | {{- include "frontend.selectorLabels" . | nindent 4}} 11 | ports: 12 | - name: {{ template "frontend.uname" . }} 13 | protocol: TCP 14 | port: {{ required "frontendListenPort is required" .Values.frontendListenPort }} 15 | targetPort: http 16 | 17 | -------------------------------------------------------------------------------- /helm-deploy/cloud-agent-operator/biz/templates/service_account.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | {{ include "label.common" . | nindent 4 }} 7 | app.kubernetes.io/managed-by: {{ .Release.Service }} 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: cloud-agent-operator 10 | app.kubernetes.io/instance: controller-manager-sa 11 | app.kubernetes.io/part-of: cloud-agent-operator 12 | name: cloud-agent-operator-controller-manager 13 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /helm-deploy/codo/templates/cloud-agent-operator/service_account.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | {{ include "label.common" . | nindent 4 }} 7 | app.kubernetes.io/managed-by: {{ .Release.Service }} 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: cloud-agent-operator 10 | app.kubernetes.io/instance: controller-manager-sa 11 | app.kubernetes.io/part-of: cloud-agent-operator 12 | name: cloud-agent-operator-controller-manager 13 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /helm-deploy/codo/templates/flow-servers/service-control.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "flowControl.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "flowControl.labels" . | nindent 4}} 8 | spec: 9 | selector: 10 | {{- include "flowControl.selectorLabels" . | nindent 4}} 11 | ports: 12 | - name: {{ template "flowControl.uname" . }} 13 | protocol: TCP 14 | port: {{ required "flowControlListenPort is required" .Values.flowControlListenPort }} 15 | targetPort: http 16 | 17 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/gateway_external/service-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "gatewayExternal.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "gatewayExternal.labels" . | nindent 4}} 8 | spec: 9 | selector: 10 | {{- include "gatewayExternal.selectorLabels" . | nindent 4}} 11 | ports: 12 | - name: gateway-01 13 | protocol: TCP 14 | port: {{ required "gatewayListenPort is required" .Values.gatewayExternalListenPort }} 15 | targetPort: gateway-01 16 | 17 | 18 | -------------------------------------------------------------------------------- /helm-deploy/cloud-agent-operator/biz/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{- define "label.common" -}} 2 | app.kubernetes.io/name: {{ required "app is required" .Values.app }} 3 | app.kubernetes.io/env: {{ required "env is required" .Values.env }} 4 | {{- end -}} 5 | 6 | {{- define "imagepullsecret.uname" -}} 7 | {{- printf "imagepullsecret-%s" .Release.Name | trunc 63 | trimSuffix "-" -}} 8 | {{- end }} 9 | 10 | 11 | {{- define "imagepullsecret.define" -}} 12 | {{- if ne .Values.imagePullSecret "" -}} 13 | imagePullSecrets: 14 | - name: {{ template "imagepullsecret.uname" . }} 15 | {{- end -}} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /helm-deploy/README.md: -------------------------------------------------------------------------------- 1 | # helm安装 2 | 3 | ## 资源不能低于如下配置 4 | - CPU: 6核 5 | - 内存: 10Gi 6 | - 存储: 80Gi 7 | 8 | ## 一键安装CODO 9 | ```shell 10 | bash ./quick_start/all_in_one.sh 11 | 12 | 13 | # [optional] 14 | # 业务参数文件 15 | export local_biz_values_file=./data/biz.values.yaml 16 | # 业务镜像文件 17 | export local_biz_images_file=./data/biz.images.yaml 18 | # 中间件参数文件 19 | export local_mid_value_file=./data/mid.values.yaml 20 | # 部署 cloud-agent-operator (默认不部署) 21 | export local_deploy_crd=true 22 | ``` 23 | 24 | ## 使用 25 | ```shell 26 | kubectl -n codo-test port-forward services/codo-biz-frontend 8888:80 27 | ``` 28 | 29 | ## 进入控制台 30 | - 账号: admin 31 | - 密码: 1qazXSW@ 32 | 33 | 34 | -------------------------------------------------------------------------------- /helm-deploy/codo_mid/images.yaml: -------------------------------------------------------------------------------- 1 | # Redis 镜像配置 2 | redisImage: 3 | repository: registry.cn-shanghai.aliyuncs.com/ss1917/redis 4 | tag: "6.2.11" 5 | pullPolicy: IfNotPresent 6 | 7 | # MySQL 镜像配置 8 | mysqlmage: 9 | repository: registry.cn-shanghai.aliyuncs.com/ss1917/mysql 10 | tag: "8.0" 11 | pullPolicy: IfNotPresent 12 | 13 | # Etcd 镜像配置 14 | EtcdImage: 15 | init_image: registry.cn-shanghai.aliyuncs.com/ss1917/debian:stable-slim 16 | repository: registry.cn-shanghai.aliyuncs.com/ss1917/etcd 17 | tag: "3.5" 18 | pullPolicy: IfNotPresent 19 | 20 | # RabbitMQ 镜像配置 21 | MQImage: 22 | repository: registry.cn-shanghai.aliyuncs.com/ss1917/rabbitmq 23 | tag: 3.11 24 | pullPolicy: IfNotPresent 25 | -------------------------------------------------------------------------------- /helm-deploy/cloud-agent-operator/biz/templates/ao_service.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | labels: 7 | {{ include "label.common" . | nindent 4 }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | app.kubernetes.io/component: kube-rbac-proxy 10 | app.kubernetes.io/created-by: cloud-agent-operator 11 | app.kubernetes.io/instance: controller-manager-metrics-service 12 | app.kubernetes.io/part-of: cloud-agent-operator 13 | control-plane: controller-manager 14 | name: cloud-agent-operator-controller-manager-metrics-service 15 | namespace: {{ .Release.Namespace }} 16 | spec: 17 | ports: 18 | - name: https 19 | port: 8443 20 | protocol: TCP 21 | targetPort: https 22 | selector: 23 | control-plane: controller-manager -------------------------------------------------------------------------------- /helm-deploy/codo/templates/cloud-agent-operator/ao_service.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | labels: 7 | {{ include "label.common" . | nindent 4 }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | app.kubernetes.io/component: kube-rbac-proxy 10 | app.kubernetes.io/created-by: cloud-agent-operator 11 | app.kubernetes.io/instance: controller-manager-metrics-service 12 | app.kubernetes.io/part-of: cloud-agent-operator 13 | control-plane: controller-manager 14 | name: cloud-agent-operator-controller-manager-metrics-service 15 | namespace: {{ .Release.Namespace }} 16 | spec: 17 | ports: 18 | - name: https 19 | port: 8443 20 | protocol: TCP 21 | targetPort: https 22 | selector: 23 | control-plane: controller-manager -------------------------------------------------------------------------------- /helm-deploy/codo/templates/gateway/ingress-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: {{ template "gateway.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "gateway.labels" . | nindent 4 }} 8 | annotations: 9 | {{- with .Values.gatewayIngressIPRestriction }} 10 | nginx.org/server-snippets: 11 | {{- toYaml . | nindent 6 }} 12 | {{- end }} 13 | spec: 14 | rules: 15 | - host: {{ .Values.gatewayIngressHost }} 16 | http: 17 | paths: 18 | - backend: 19 | service: 20 | name: {{ template "gateway.uname" $ }} 21 | port: 22 | number: {{ .Values.gatewayListenPort }} 23 | path: / 24 | pathType: ImplementationSpecific -------------------------------------------------------------------------------- /docker-deploy/deploy_middleware.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # 创建etcd数据目录并设置权限 4 | echo "创建 ./etcd/data 目录并设置权限为 775" 5 | mkdir -p ./etcd/data 6 | chmod 775 ./etcd/data 7 | 8 | # 拉镜像 9 | echo "开始拉取中间服务的 Docker 镜像" 10 | docker pull --platform=linux/amd64 registry.cn-shanghai.aliyuncs.com/ss1917/mysql:8.0 11 | docker pull --platform=linux/amd64 registry.cn-shanghai.aliyuncs.com/ss1917/redis:6.2 12 | docker pull --platform=linux/amd64 rabbitmq:3.11 13 | docker pull --platform=linux/amd64 registry.cn-shanghai.aliyuncs.com/ss1917/etcd:3.5 14 | 15 | # 构建中间服务的 Docker 镜像 16 | echo "开始构建 docker-compose-middle.yaml 中定义的中间服务镜像" 17 | docker compose -f docker-compose-middle.yaml build 18 | 19 | # 启动中间服务的 Docker 容器 20 | echo "启动 docker-compose-middle.yaml 中定义的中间服务容器,并在后台运行" 21 | docker compose -f docker-compose-middle.yaml up -d 22 | 23 | echo "所有操作完成" 24 | -------------------------------------------------------------------------------- /helm-deploy/codo_mid/migrate_scripts/migrate_db.sql: -------------------------------------------------------------------------------- 1 | CREATE DATABASE IF NOT EXISTS `codo_admin` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; 2 | CREATE DATABASE IF NOT EXISTS `codo_cmdb` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; 3 | CREATE DATABASE IF NOT EXISTS `codo_cnmp` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; 4 | CREATE DATABASE IF NOT EXISTS `codo_flow` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; 5 | CREATE DATABASE IF NOT EXISTS `codo_kerrigan` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; 6 | CREATE DATABASE IF NOT EXISTS `codo_agent_server` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; 7 | CREATE DATABASE IF NOT EXISTS `codo-notice` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; 8 | CREATE DATABASE IF NOT EXISTS `codo_k2` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; 9 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/gateway_external/ingress-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: {{ template "gatewayExternal.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "gatewayExternal.labels" . | nindent 4 }} 8 | annotations: 9 | {{- with .Values.gatewayExternalIngressIPRestriction }} 10 | nginx.org/server-snippets: 11 | {{- toYaml . | nindent 6 }} 12 | {{- end }} 13 | spec: 14 | rules: 15 | - host: {{ .Values.gatewayExternalIngressHost }} 16 | http: 17 | paths: 18 | - backend: 19 | service: 20 | name: {{ template "gatewayExternal.uname" $ }} 21 | port: 22 | number: {{ .Values.gatewayExternalListenPort }} 23 | path: / 24 | pathType: ImplementationSpecific -------------------------------------------------------------------------------- /helm-deploy/codo/README.md: -------------------------------------------------------------------------------- 1 | # helm部署 2 | 3 | ## 依赖 4 | - helm 5 | - k8s 6 | 7 | ## 一键部署 8 | ``` 9 | [root@harilou helm]# helm install -n codo codo -f codo/values.yaml -f codo/images.yaml 10 | ``` 11 | 12 | ## 统一端口规则 13 | ### 通用 14 | - http: 8000 15 | - grpc: 8001 16 | - websocket: 8002 17 | - metrics: 8003 18 | - pprof: 8004 19 | ### 额外端口 20 | - extra: 9000 - 9999 21 | 22 | ## svc 端口 23 | 1. admin-v4 24 | 1. http - 8000 25 | 2. tianmen(gateway) 26 | 1. http 8888 27 | 2. grpc 11000 28 | 3. agent server 29 | 1. http 8000 30 | 2. ws 8002 31 | 3. metrics 8003 32 | 4. mesh 9998 33 | 4. cmdb 34 | 1. http - 8000 35 | 5. cnmp 36 | 1. http - 8000 37 | 2. ws - 8002 38 | 3. metrics - 8003 39 | 4. pprof - 8004 40 | 6. kerrigan 41 | 1. http - 8000 42 | 7. flow 43 | 1. http - api 8000 44 | 2. http - cron 9000 45 | 8. monitor 46 | 1. http - 8000 47 | 9. notice 48 | 1. http - 8000 49 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # codo项目部署 2 | 3 | ## 项目简介 4 | 5 | - 本项目采用微服务架构,完成全球一站式运维体系建设。 6 | 7 | - Demo 地址:https://demo.opendevops.cn/user/login `用户:demo 密码:2ZbFYNv9WibWcR7GB6kcEY` 8 | 9 | ```text 10 | codo 11 | ├── codo-admin # 管理后台 12 | ├── codo-agent-server # 底层管控 13 | ├── codo-cloud-agent-operator # 执行云原生任务 14 | ├── codo-cmdb # 数据资产、多云资源管理 15 | ├── codo-cnmp # 云原生管理平台 16 | ├── codo-flow-servers # 任务平台、作业调度执行 17 | ├── codo-monitor # 可观测平台 18 | ├── codo-notice # 通知中心 19 | ├── codo-frontend # 前端应用、流量入口(API流量 先进这里再路由到 gateway) 20 | ├── codo-gateway # API网关 21 | └── codo-kerrigan # 配置中心 22 | 23 | ``` 24 | 25 | ## 环境依赖 26 | 27 | - 操作系统:Rocky Linux 9.1以上 x86_64 28 | - Python版本:3.9 29 | - Docker版本:最新稳定版本 30 | - Docker Compose版本:最新稳定版本 31 | - mysql: 8.0 32 | - redis: 6.2 33 | - rabbitmq: 3.11 34 | - etcd: 3.5 35 | 36 | ## 部署方式 37 | - [k8s-helm 部署](./helm-deploy/README.md) 需要进入对应目录部署 38 | - [docker 部署](./docker-deploy/README.md) 需要进入对应目录部署 39 | - [安装 codo-agent](./codo-agent-install-steps.md) 40 | -------------------------------------------------------------------------------- /helm-deploy/cloud-agent-operator/intra/redis.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: redis-deployment 6 | labels: 7 | app: redis 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: redis 13 | template: 14 | metadata: 15 | labels: 16 | app: redis 17 | spec: 18 | tolerations: 19 | - operator: "Exists" 20 | containers: 21 | - name: redis 22 | image: ccr.ccs.tencentyun.com/library/redis:latest 23 | ports: 24 | - containerPort: 6379 25 | resources: 26 | limits: 27 | cpu: "256m" 28 | memory: "512Mi" 29 | requests: 30 | cpu: "10m" 31 | memory: "256Mi" 32 | --- 33 | apiVersion: v1 34 | kind: Service 35 | metadata: 36 | name: redis-service 37 | spec: 38 | selector: 39 | app: redis 40 | ports: 41 | - protocol: TCP 42 | port: 6379 43 | targetPort: 6379 -------------------------------------------------------------------------------- /helm-deploy/codo/templates/frontend/ingress-frontend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: {{ template "frontend.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "frontend.labels" . | nindent 4 }} 8 | annotations: 9 | kubernetes.io/ingress.class: nginx 10 | nginx.org/websocket-services: "{{ template "frontend.uname" . }}" 11 | {{ required "The frontendIngressWS is required" .Values.frontendIngressWS | nindent 4 }} 12 | {{- with .Values.frontendIngressIPRestriction }} 13 | nginx.org/server-snippets: 14 | {{- toYaml . | nindent 6 }} 15 | {{- end }} 16 | spec: 17 | rules: 18 | - host: {{ .Values.frontendIngressHost }} 19 | http: 20 | paths: 21 | - backend: 22 | service: 23 | name: {{ template "frontend.uname" $ }} 24 | port: 25 | number: {{ .Values.frontendListenPort }} 26 | path: / 27 | pathType: ImplementationSpecific 28 | 29 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/agent-server/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: {{ template "agentServer.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "agentServer.labels" . | nindent 4 }} 8 | annotations: 9 | nginx.org/websocket-services: "{{ template "agentServer.uname" . }}" 10 | {{ required "The agentServerIngressWS is required" .Values.agentServerIngressWS | nindent 4 }} 11 | {{- with .Values.agentServerIngressIPRestriction }} 12 | nginx.org/server-snippets: 13 | {{- toYaml . | nindent 6 }} 14 | {{- end }} 15 | 16 | spec: 17 | rules: 18 | - host: {{ .Values.agentServerIngressWsHost }} 19 | http: 20 | paths: 21 | - backend: 22 | service: 23 | name: {{ template "agentServer.uname" $ }} 24 | port: 25 | number: {{ .Values.agentServerWSListenPort }} 26 | path: / 27 | pathType: ImplementationSpecific -------------------------------------------------------------------------------- /helm-deploy/quick_start/operator.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eox pipefail 4 | 5 | echo "================ init environment ================" 6 | # 如果 .env 文件存在, 则加载 .env 文件 7 | if [ -f .env ]; then 8 | source .env 9 | fi 10 | 11 | operator_values_file=$local_operator_values_file 12 | if [ "$operator_values_file" == "" ]; then 13 | operator_values_file="./cloud-agent-operator/biz/values.yaml" 14 | fi 15 | namespace=$local_namespace 16 | if [ "$namespace" == "" ]; then 17 | namespace="cloud-agent-operator" 18 | fi 19 | 20 | echo "namespace==${namespace}" 21 | echo "operator_values_file==${operator_values_file}" 22 | 23 | 24 | kubectl create ns $namespace || true 25 | # 安装 crd 26 | kubectl apply -f ./crds/cloud-agent-operator/crd.yaml 27 | kubectl apply -f ./crds/cloud-agent-operator/rbac.yaml 28 | 29 | # 安装中间件 30 | kubectl apply -n $namespace -f ./cloud-agent-operator/intra/redis.yaml 31 | 32 | # 安装 operator 33 | helm upgrade -n $namespace cloud-agent-operator ./cloud-agent-operator/biz \ 34 | --install --create-namespace --wait --cleanup-on-fail --recreate-pods \ 35 | --values $operator_values_file 36 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/cloud-agent-operator/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | labels: 5 | {{ include "label.common" . | nindent 4 }} 6 | app.kubernetes.io/managed-by: {{ .Release.Service }} 7 | app.kubernetes.io/component: rbac 8 | app.kubernetes.io/created-by: cloud-agent-operator 9 | app.kubernetes.io/instance: leader-election-role 10 | app.kubernetes.io/part-of: cloud-agent-operator 11 | name: cloud-agent-operator-leader-election-role 12 | namespace: {{ .Release.Namespace }} 13 | rules: 14 | - apiGroups: 15 | - "" 16 | resources: 17 | - configmaps 18 | verbs: 19 | - get 20 | - list 21 | - watch 22 | - create 23 | - update 24 | - patch 25 | - delete 26 | - apiGroups: 27 | - coordination.k8s.io 28 | resources: 29 | - leases 30 | verbs: 31 | - get 32 | - list 33 | - watch 34 | - create 35 | - update 36 | - patch 37 | - delete 38 | - apiGroups: 39 | - "" 40 | resources: 41 | - events 42 | verbs: 43 | - create 44 | - patch -------------------------------------------------------------------------------- /helm-deploy/cloud-agent-operator/biz/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | labels: 6 | {{ include "label.common" . | nindent 4 }} 7 | app.kubernetes.io/managed-by: {{ .Release.Service }} 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: cloud-agent-operator 10 | app.kubernetes.io/instance: leader-election-role 11 | app.kubernetes.io/part-of: cloud-agent-operator 12 | name: cloud-agent-operator-leader-election-role 13 | namespace: {{ .Release.Namespace }} 14 | rules: 15 | - apiGroups: 16 | - "" 17 | resources: 18 | - configmaps 19 | verbs: 20 | - get 21 | - list 22 | - watch 23 | - create 24 | - update 25 | - patch 26 | - delete 27 | - apiGroups: 28 | - coordination.k8s.io 29 | resources: 30 | - leases 31 | verbs: 32 | - get 33 | - list 34 | - watch 35 | - create 36 | - update 37 | - patch 38 | - delete 39 | - apiGroups: 40 | - "" 41 | resources: 42 | - events 43 | verbs: 44 | - create 45 | - patch -------------------------------------------------------------------------------- /helm-deploy/codo/templates/cnmp/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "cnmp.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "cnmp.labels" . | nindent 4}} 8 | spec: 9 | selector: 10 | {{- include "cnmp.selectorLabels" . | nindent 4}} 11 | ports: 12 | - name: codo-cnmp 13 | protocol: TCP 14 | port: {{ required "cnmpListenPort is required" .Values.cnmpListenPort }} 15 | targetPort: cnmp-svc 16 | - name: cnmp-ws 17 | protocol: TCP 18 | port: {{ required "cnmpWSListenPort is required" .Values.cnmpWSListenPort }} 19 | targetPort: ws-svc 20 | - name: cnmp-pprof 21 | protocol: TCP 22 | port: {{ required "cnmpPprofListenPort is required" .Values.cnmpPprofListenPort }} 23 | targetPort: pprof-svc 24 | - name: cnmp-metric 25 | protocol: TCP 26 | port: {{ required "cnmpPromListenPort is required" .Values.cnmpPromListenPort }} 27 | targetPort: metric-svc 28 | # k8s 代理配置 29 | - name: kubelet-port-svc 30 | protocol: TCP 31 | port: {{ required "cnmpKubeletListenPort is required" .Values.cnmpKubeletListenPort }} 32 | targetPort: kubelet-svc -------------------------------------------------------------------------------- /helm-deploy/codo/templates/notice/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "notice.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "notice.labels" . | nindent 4}} 8 | spec: 9 | selector: 10 | {{- include "notice.selectorLabels" . | nindent 4}} 11 | ports: 12 | - name: codo-notice 13 | protocol: TCP 14 | port: {{ required "noticeListenPort is required" .Values.noticeListenPort }} 15 | targetPort: notice-http-svc 16 | - name: notice-grpc 17 | protocol: TCP 18 | port: {{ required "noticeWSListenPort is required" .Values.noticeGrpcListenPort }} 19 | targetPort: notice-grpc-svc 20 | - name: notice-pprof 21 | protocol: TCP 22 | port: {{ required "noticePprofListenPort is required" .Values.noticePprofListenPort }} 23 | targetPort: pprof-svc 24 | - name: notice-metric 25 | protocol: TCP 26 | port: {{ required "noticePromListenPort is required" .Values.noticePromListenPort }} 27 | targetPort: metric-svc 28 | - name: notice-hook 29 | protocol: TCP 30 | port: {{ required "noticePromListenPort is required" .Values.noticeHookListenPort }} 31 | targetPort: hook-svc 32 | -------------------------------------------------------------------------------- /helm-deploy/codo/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: codo 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: "1.16.0" 25 | -------------------------------------------------------------------------------- /docker-deploy/codo-agent-server/conf.yaml: -------------------------------------------------------------------------------- 1 | # HTTP 服务端口 2 | PORT: 8000 3 | # GRPC 通信端口 4 | RPC-PORT: 8001 5 | # websocket 连接专用端口 6 | WS-PORT: 8002 7 | # metrics 端口 8 | PROM-PORT: 8003 9 | # 性能采集端口 10 | PPROF-PORT: 8004 11 | # 本机服务监听地址 12 | BIND-ADDRESS: 0.0.0.0 13 | 14 | 15 | # 日志存放地址 16 | ROOT-PATH: /data/logs/agent-server.log 17 | # 日志等级 18 | LOG-LEVEL: DEBUG 19 | 20 | 21 | # MQ配置 22 | MQCONFIG: 23 | ENABLED: false 24 | SCHEMA: "amqp" 25 | HOST: "127.0.0.1" 26 | PORT: 5672 27 | USERNAME: "admin" 28 | PASSWORD: "123456" 29 | VHOST: "codo" 30 | 31 | 32 | # MYSQL 配置 33 | DB-CONFIG: 34 | DB-TYPE: mysql 35 | DB-USER: root 36 | DB-PASSWORD: 123456 37 | DB-HOST: 127.0.0.1 38 | DB-NAME: codo_agent_server 39 | DB-TABLE-PREFIX: codo_ 40 | DB-FILE: "" 41 | DB-PORT: 3306 42 | 43 | 44 | # REDIS 配置 45 | REDIS: 46 | R-HOST: 127.0.0.1 47 | R-PORT: 6379 48 | R-PASSWORD: "" 49 | R-DB: 1 50 | # REDIS 发布订阅配置 51 | # 用于: 52 | # CDMB 任务同步 53 | # CODO 任务分发 54 | PUBLISH: 55 | P-HOST: 127.0.0.1 56 | P-PORT: 6379 57 | P-PASSWORD: "" 58 | P-DB: 1 59 | P-ENABLED: true 60 | 61 | # 组网配置, 用于 CODO 异地组网流量分发 62 | MESH-CONFIG: 63 | MESH-PORT: 9998 64 | SSL-PUBLIC-KEY-FILEPATH: /data/ca.crt 65 | SSL-PRIVATE-KEY-FILEPATH: /data/ca.key -------------------------------------------------------------------------------- /helm-deploy/codo_mid/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: mid 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: "1.16.0" 25 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/agent-server/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "agentServer.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "agentServer.labels" . | nindent 4}} 8 | spec: 9 | selector: 10 | {{- include "agentServer.selectorLabels" . | nindent 4}} 11 | ports: 12 | - name: mesh-port-svc 13 | protocol: TCP 14 | port: {{ required "agentServerMeshListenPort is required" .Values.agentServerMeshListenPort }} 15 | targetPort: mesh-port 16 | - name: control-port-svc 17 | protocol: TCP 18 | port: {{ required "agentServerListenPort is required" .Values.agentServerListenPort }} 19 | targetPort: port 20 | - name: rpc-port-svc 21 | protocol: TCP 22 | port: {{ required "agentServerRpcListenPort is required" .Values.agentServerRpcListenPort }} 23 | targetPort: rpc-port 24 | - name: prom-port-svc 25 | protocol: TCP 26 | port: {{ required "agentServerPromListenPort is required" .Values.agentServerPromListenPort }} 27 | targetPort: prom-port 28 | - name: ws-port-svc 29 | protocol: TCP 30 | port: {{ required "agentServerWSListenPort is required" .Values.agentServerWSListenPort }} 31 | targetPort: ws-port 32 | 33 | -------------------------------------------------------------------------------- /helm-deploy/cloud-agent-operator/biz/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cloud-agent-operator 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: "1.16.0" 25 | -------------------------------------------------------------------------------- /docker-deploy/cnmp/config.yaml: -------------------------------------------------------------------------------- 1 | 2 | # 应用 3 | APP: 4 | NAME: "codo-cnmp" # 应用名称 5 | ENV: "DEV" # PRE/PRD/DEV 环境 6 | ADDR: "0.0.0.0:8000" # 监听地址 7 | TIMEOUT: 30 # 超时时间(秒) 8 | PROTOCOL: "HTTP" # HTTP/HTTPS 9 | VERSION: "v1.0.0" # 版本号 10 | SECRET: "replace me!!!" # AES对称加密密钥 11 | 12 | # Websocket 13 | WS: 14 | ADDR: "0.0.0.0:8001" 15 | 16 | # 可观测 17 | OTEL: 18 | TRACE: 19 | ENDPOINT: "" # 链路追踪地址 20 | INSECURE: TRUE # 是否开启安全连接 21 | METRIC: 22 | ENABLE_EXEMPLAR: TRUE # 是否开启指标采样 23 | LOG: 24 | LEVEL: DEBUG 25 | 26 | # Prometheus 27 | PROMETHEUS: 28 | ENABLED: true # 是否开启 Prometheus 29 | NETWORK: "tcp" # 网络类型 30 | ADDR: "0.0.0.0:8002" # 监听地址 31 | PATH: "/metrics" # 路径 32 | 33 | # 火焰图 34 | PPROF: 35 | ENABLE: true # 是否开启火焰图 36 | NETWORK: "tcp" # 网络类型 37 | ADDR: "0.0.0.0:8003" # 监听地址 38 | 39 | # 数据库 40 | DB: 41 | DB_TYPE: "mysql" # 数据库类型 42 | DB_USER: "codo" 43 | DB_PASSWORD: "ss1917" 44 | DB_HOST: "172.22.0.2" 45 | DB_NAME: "codo_cnmp" 46 | DB_TABLE_PREFIX: "" 47 | DB_FILE: "" 48 | DB_PORT: "3306" 49 | DB_MaxIdleConns: 10 50 | DB_MaxOpenConns: 10 51 | DB_ConnMaxLifetime: 600 # (秒) 52 | DEBUG: true 53 | 54 | # Redis 55 | REDIS: 56 | R_HOST: "172.22.0.3" 57 | R_PORT: 6379 58 | R_PASSWORD: "ss1917" 59 | R_DB: 1 60 | 61 | TIANMEN: 62 | ADDR: "" 63 | AUTH_KEY: "" 64 | TIMEOUT: 10 # (秒) 65 | -------------------------------------------------------------------------------- /docker-deploy/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## 部署方式 3 | - 开发环境使用docker-compose方式, 完成管理后台、网关服务、前端项目、任务平台、配置中心、Agent-server的部署. 4 | - 部署时先部署中间件, 中间件正常运行后部署应用. 5 | 6 | ## 快速部署 7 | 8 | - 安装 Docker 和 Docker-compose 9 | - Docker安装命令参考 **[Rocky Linux 9 操作系统]** 10 | ```shell 11 | sudo dnf install dnf-plugins-core 12 | sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo 13 | sudo dnf install docker-ce docker-ce-cli containerd.io 14 | sudo systemctl start docker 15 | sudo systemctl enable docker 16 | ``` 17 | 18 | - docker-compose安装命令参考 **[Rocky Linux 9 操作系统]** 19 | ```shell 20 | sudo curl -L "https://github.com/docker/compose/releases/download/v2.5.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose 21 | sudo chmod +x /usr/local/bin/docker-compose 22 | ``` 23 | 24 | --- 25 | 26 | - 配置文件修改【可选】[.env](.env) 27 | 中已经配置项目中所需的账密信息,不修该则使用默认配置 28 | - 数据库初始化【可选】:[db_init.sql](db_init.sql) 在 Docker 部署 MySQL 时默认导入。 29 | 30 | --- 31 | 32 | - 部署中间件 如需依赖已有中间件则需要修改[.env](.env)配置 33 | 34 | ```shell 35 | sh ./deploy_middleware.sh 36 | ``` 37 | 38 | --- 39 | 40 | - 启动服务并初始化 41 | 42 | ```shell 43 | sh ./init_app.sh 44 | ``` 45 | 46 | - 管理后台创建超级用户 47 | 48 | > 默认的admin 密码为 1qazXSW@ 49 | 50 | ```shell 51 | docker exec -it codo_mg python3 manage.py createsuperuser 52 | ``` 53 | 54 | -------------------------------------------------------------------------------- /docker-deploy/codo-gateway/conf/app.example.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "codo-gateway", 3 | "env": "test", 4 | "etcd": { 5 | "http_host": "http://127.0.0.1:2379", 6 | "data_prefix": "/my/gw/" 7 | }, 8 | "jwt_auth": { 9 | "key": "auth_key", 10 | "token_secret": "xxxxxx" 11 | }, 12 | "codo_rbac": { 13 | "key": "auth_key", 14 | "token_secret": "xxxxxx" 15 | }, 16 | "sso2internal": { 17 | "sso_token_secret": "xxxxxx", 18 | "sso_jwt_key": "sso_token", 19 | "internal_token_secret": "xxxxxx", 20 | "internal_jwt_key": "auth_key" 21 | }, 22 | "mfa": { 23 | "mfa_secret": "xxxxxx", 24 | "mfa_key": "mfa_key" 25 | }, 26 | "plugins": [ 27 | "default_plugin", 28 | "discovery_plugin", 29 | "tracing_plugin", 30 | "rewrite_plugin", 31 | "jwt_plugin", 32 | "codo_rbac_plugin", 33 | "kafka-logger", 34 | "redis-logger", 35 | "limit-req", 36 | "referer-restriction", 37 | "ip-restriction", 38 | "cors_plugin", 39 | "sso2internal" 40 | ], 41 | "plugins_config": { 42 | "redis-logger": { 43 | "host": "127.0.0.1", 44 | "port": 6379, 45 | "auth_pwd": "1234567", 46 | "db": 1, 47 | "alive_time": 604800, 48 | "channel": "gw", 49 | "full_log": "no" 50 | } 51 | }, 52 | "admin": { 53 | "jwt_secret": "xxxxxx", 54 | "accounts": [ 55 | "用户名1" 56 | ] 57 | }, 58 | "tokens": [ 59 | "api_token_xxxx" 60 | ] 61 | } 62 | -------------------------------------------------------------------------------- /helm-deploy/codo/images.yaml: -------------------------------------------------------------------------------- 1 | frontendImage: registry.cn-shanghai.aliyuncs.com/ss1917/codo-frontend:latest 2 | gatewayImage: registry.cn-shanghai.aliyuncs.com/ss1917/codo-gateway:latest 3 | adminv4Image: registry.cn-shanghai.aliyuncs.com/ss1917/codo-admin:latest 4 | cmdbImage: registry.cn-shanghai.aliyuncs.com/ss1917/codo-cmdb:latest 5 | kerriganImage: registry.cn-shanghai.aliyuncs.com/ss1917/codo-kerrigan:latest 6 | flowAgentLogImage: registry.cn-shanghai.aliyuncs.com/ss1917/flow-agent-log:latest 7 | flowCronjobImage: registry.cn-shanghai.aliyuncs.com/ss1917/codo-flow-cronjob:latest 8 | flowControlImage: registry.cn-shanghai.aliyuncs.com/ss1917/codo-flow-api:latest 9 | flowExecTaskImage: registry.cn-shanghai.aliyuncs.com/ss1917/codo-exec-task:latest 10 | flowLoopImage: registry.cn-shanghai.aliyuncs.com/ss1917/codo-flow-loop:latest 11 | flowQueueImage: registry.cn-shanghai.aliyuncs.com/ss1917/codo-flow-queue:latest 12 | flowTaskLogImage: registry.cn-shanghai.aliyuncs.com/ss1917/flow-task-log:latest 13 | agentServerImage: registry.cn-shanghai.aliyuncs.com/ss1917/codo-agent-server:latest 14 | cnmpImage: registry.cn-shanghai.aliyuncs.com/ss1917/codo-cnmp:latest 15 | noticeImage: registry.cn-shanghai.aliyuncs.com/ss1917/codo-notice:latest 16 | cloudAgentOperatorImage: registry.cn-shanghai.aliyuncs.com/ss1917/cloud-agent-operator:latest 17 | flowTaskSchedulerImage: registry.cn-shanghai.aliyuncs.com/ss1917/codo-flow-task-scheduler:latest 18 | k2Image: registry.cn-shanghai.aliyuncs.com/ss1917/codo-k2:latest 19 | -------------------------------------------------------------------------------- /docker-deploy/codo-gateway/conf/init_discovery.json: -------------------------------------------------------------------------------- 1 | 2 | [ 3 | { 4 | "service_name": "mg", 5 | "upstream": "172.22.0.7:8000", 6 | "weight": 1, 7 | "status": 1 8 | }, 9 | { 10 | "service_name": "agent", 11 | "upstream": "172.22.0.19:8000", 12 | "weight": 1, 13 | "status": 1 14 | }, 15 | { 16 | "service_name": "cmdb", 17 | "upstream": "172.22.0.8:8000", 18 | "weight": 1, 19 | "status": 1 20 | }, 21 | { 22 | "service_name": "cnmp-ws", 23 | "upstream": "172.22.0.20:8002", 24 | "weight": 1, 25 | "status": 1 26 | }, 27 | { 28 | "service_name": "cnmp", 29 | "upstream": "172.22.0.20:8000", 30 | "weight": 1, 31 | "status": 1 32 | }, 33 | { 34 | "service_name": "job", 35 | "upstream": "172.22.0.11:8000", 36 | "weight": 1, 37 | "status": 1 38 | }, 39 | { 40 | "service_name": "p", 41 | "upstream": "172.22.0.7:8000", 42 | "weight": 1, 43 | "status": 1 44 | }, 45 | { 46 | "service_name": "cron", 47 | "upstream": "172.22.0.11:8000", 48 | "weight": 1, 49 | "status": 1 50 | }, 51 | { 52 | "service_name": "noc", 53 | "upstream": "172.22.0.21:8000", 54 | "weight": 1, 55 | "status": 1 56 | }, 57 | { 58 | "service_name": "k2", 59 | "upstream": "172.22.0.22:8000", 60 | "weight": 1, 61 | "status": 1 62 | }, 63 | { 64 | "service_name": "k2", 65 | "upstream": "codo_k2:8000", 66 | "weight": 1, 67 | "status": 1 68 | } 69 | ] -------------------------------------------------------------------------------- /docker-deploy/rabbitmq/init.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # 启动 RabbitMQ 服务 4 | echo "Starting RabbitMQ server..." 5 | rabbitmq-server -detached 6 | sleep 15 7 | 8 | # 设置默认用户 9 | if [ -n "$RABBITMQ_DEFAULT_USER" ] && [ -n "$RABBITMQ_DEFAULT_PASS" ]; then 10 | echo "Setting default user: $RABBITMQ_DEFAULT_USER" 11 | rabbitmqctl add_user $RABBITMQ_DEFAULT_USER $RABBITMQ_DEFAULT_PASS && 12 | rabbitmqctl set_user_tags $RABBITMQ_DEFAULT_USER administrator 13 | fi 14 | 15 | # 启用管理插件 16 | echo "Enabling management plugins..." 17 | rabbitmq-plugins enable rabbitmq_management 18 | rabbitmq-plugins enable rabbitmq_shovel rabbitmq_shovel_management 19 | 20 | # 创建 vhost 21 | if [ -n "$RABBITMQ_VHOST" ]; then 22 | echo "Creating vhost: $RABBITMQ_VHOST" 23 | rabbitmqctl add_vhost $RABBITMQ_VHOST 24 | fi 25 | 26 | # 创建用户 27 | if [ -n "$RABBITMQ_USER" ] && [ -n "$RABBITMQ_PASS" ]; then 28 | echo "Creating user: $RABBITMQ_USER" 29 | rabbitmqctl add_user $RABBITMQ_USER $RABBITMQ_PASS 30 | rabbitmqctl set_user_tags $RABBITMQ_USER administrator 31 | fi 32 | 33 | # 授权用户 34 | if [ -n "$RABBITMQ_VHOST" ] && [ -n "$RABBITMQ_USER" ]; then 35 | echo "Setting permissions for user $RABBITMQ_USER on vhost $RABBITMQ_VHOST" 36 | rabbitmqctl set_permissions -p $RABBITMQ_VHOST $RABBITMQ_USER '.' '.' '.' 37 | fi 38 | rabbitmqctl set_permissions -p '/' $RABBITMQ_USER '.' '.' '.' 39 | 40 | echo "RabbitMQ setup completed." 41 | 42 | # 停止 RabbitMQ 服务 43 | echo "Stopping RabbitMQ server..." 44 | rabbitmqctl stop 45 | 46 | # 以 RabbitMQ 默认启动命令重新启动服务 47 | echo "Starting RabbitMQ server..." 48 | rabbitmq-server 49 | -------------------------------------------------------------------------------- /helm-deploy/cloud-agent-operator/biz/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for cloud-agent-operator. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | # --------------------------- 通用配置 ------------------------------------ # 6 | # app 应用; 7 | app: codo 8 | # env 环境; 9 | env: dev 10 | # This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ 11 | replicaCount: 1 12 | # 可选, 拉取 operator 镜像的密钥 要是内容格式为 .dockerconfigjson 的 base64 编码 13 | imagePullSecret: "" 14 | 15 | # --------------------------- 中间件配置 ------------------------------------ # 16 | redis: 17 | host: "redis-service" 18 | port: 6379 19 | passwd: 20 | 21 | # --------------------------- Cloud Agent Operator ------------------------------------ # 22 | 23 | cloudAgentOperatorImage: "registry.cn-shanghai.aliyuncs.com/ss1917/cloud-agent-operator:latest" 24 | # 拉取密钥 要是内容格式为 .dockerconfigjson 的 base64 编码 25 | aoPullSecret: "" 26 | # redis db 27 | aoRedisDB: 1 28 | 29 | # ======= otel 配置 ======= 30 | # 日志等级 31 | aoOtelLogLevel: "INFO" 32 | # 链路追踪配置 33 | aoOtelTraceEndpoint: "" 34 | aoOtelTraceInsecure: true 35 | 36 | # ======= agent 配置 ======= 37 | # agent server 连接地址 38 | aoAgentServerURL: "wss://demo.opendevops.cn/api/agent-ws/v1/codo/agent?clientId=cloud-agent-test:6666" 39 | # 业务ID 40 | aoBizID: "504" 41 | # 行数限制 42 | aoRowLimit: 100000 43 | # 最大同时执行命令数限制 44 | aoMaxCMD: 100 45 | # pod 模板 46 | aoPodTemplate: | 47 | {} 48 | 49 | # 任务资源配置 50 | aoTaskDefaultRequestCPU: 30m 51 | aoTaskDefaultRequestMemory: 32Mi 52 | aoTaskDefaultLimitCPU: 100m 53 | aoTaskDefaultLimitMemory: 128Mi 54 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/k2/deployment-k2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "k2.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "k2.labels" . | nindent 4 }} 8 | spec: 9 | replicas: {{ required "k2Replicas is required" .Values.k2Replicas }} 10 | selector: 11 | matchLabels: 12 | {{- include "k2.selectorLabels" . | nindent 6 }} 13 | template: 14 | metadata: 15 | labels: 16 | {{- include "k2.labels" . | nindent 8 }} 17 | spec: 18 | {{ include "imagepullsecret.define" . | nindent 6 }} 19 | containers: 20 | - image: {{ required "k2Image is required" .Values.k2Image }} 21 | name: {{ template "k2.uname" . }}-image 22 | imagePullPolicy: Always 23 | resources: 24 | limits: 25 | cpu: {{ required "k2CPULimit is required" .Values.k2CPULimit }} 26 | memory: {{ required "k2MemoryLimit is required" .Values.k2MemoryLimit }} 27 | ephemeral-storage: {{ required "k2EphemeralStorageLimit is required" .Values.k2EphemeralStorageLimit }} 28 | requests: 29 | cpu: {{ required "k2CPURequire is required" .Values.k2CPURequire }} 30 | memory: {{ required "k2MemoryRequire is required" .Values.k2MemoryRequire }} 31 | ephemeral-storage: {{ required "k2EphemeralStorageRequire is required" .Values.k2EphemeralStorageRequire }} 32 | ports: 33 | - containerPort: 8000 34 | name: http 35 | volumeMounts: 36 | - name: codo-k2-conf 37 | mountPath: /data/settings.py 38 | subPath: settings.py 39 | volumes: 40 | - name: codo-k2-conf 41 | configMap: 42 | name: {{ template "k2.uname" . }} 43 | -------------------------------------------------------------------------------- /helm-deploy/codo_mid/templates/redis.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: redis-conf 5 | data: 6 | redis.conf: | 7 | bind 0.0.0.0 8 | port {{ required "redisPort is required" .Values.redisPort }} 9 | requirepass {{ required "redisPassword is required" .Values.redisPassword }} 10 | pidfile /var/run/redis_6379.pid 11 | save 900 1 12 | save 300 10 13 | save 60 10000 14 | rdbcompression yes 15 | rdbchecksum yes 16 | dbfilename dump.rdb 17 | appendonly yes 18 | appendfilename "appendonly.aof" 19 | appendfsync everysec 20 | dir /data 21 | logfile "/data/redis-6379.log" 22 | 23 | --- 24 | apiVersion: apps/v1 25 | kind: Deployment 26 | metadata: 27 | name: redis 28 | spec: 29 | replicas: {{ .Values.reidsReplicaCount }} 30 | selector: 31 | matchLabels: 32 | app: codo-redis 33 | template: 34 | metadata: 35 | labels: 36 | app: codo-redis 37 | spec: 38 | containers: 39 | - name: redis 40 | image: "{{ .Values.redisImage.repository }}:{{ .Values.redisImage.tag }}" 41 | command: ["redis-server", "/etc/redis/redis.conf"] 42 | ports: 43 | - containerPort: {{ required "redisPort is required" .Values.redisPort }} 44 | volumeMounts: 45 | - name: redis-config 46 | mountPath: /etc/redis/redis.conf 47 | subPath: redis.conf 48 | volumes: 49 | - name: redis-config 50 | configMap: 51 | name: redis-conf 52 | 53 | --- 54 | apiVersion: v1 55 | kind: Service 56 | metadata: 57 | labels: 58 | app: codo-redis-svc 59 | name: redis 60 | spec: 61 | ports: 62 | - name: tcp-redis 63 | port: {{ required "redisPort is required" .Values.redisPort }} 64 | protocol: TCP 65 | selector: 66 | app: codo-redis 67 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Created by .ignore support plugin (hsz.mobi) 2 | ### Python template 3 | # Byte-compiled / optimized / DLL files 4 | __pycache__/ 5 | *.py[cod] 6 | *$py.class 7 | 8 | # C extensions 9 | *.so 10 | 11 | # Distribution / packaging 12 | .Python 13 | build/ 14 | develop-eggs/ 15 | dist/ 16 | downloads/ 17 | eggs/ 18 | .eggs/ 19 | lib/ 20 | lib64/ 21 | parts/ 22 | sdist/ 23 | var/ 24 | wheels/ 25 | *.egg-info/ 26 | .installed.cfg 27 | *.egg 28 | 29 | # PyInstaller 30 | # Usually these files are written by a python script from a template 31 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 32 | *.manifest 33 | *.spec 34 | 35 | # Installer logs 36 | pip-log.txt 37 | pip-delete-this-directory.txt 38 | 39 | # Unit test / coverage reports 40 | htmlcov/ 41 | .tox/ 42 | .coverage 43 | .coverage.* 44 | .cache 45 | nosetests.xml 46 | coverage.xml 47 | *.cover 48 | .hypothesis/ 49 | 50 | # Translations 51 | *.mo 52 | *.pot 53 | 54 | # Django stuff: 55 | *.log 56 | local_settings.py 57 | 58 | # Flask stuff: 59 | instance/ 60 | .webassets-cache 61 | 62 | # Scrapy stuff: 63 | .scrapy 64 | 65 | # Sphinx documentation 66 | docs/_build/ 67 | 68 | # PyBuilder 69 | target/ 70 | 71 | # Jupyter Notebook 72 | .ipynb_checkpoints 73 | 74 | # pyenv 75 | .python-version 76 | 77 | # celery beat schedule file 78 | celerybeat-schedule 79 | 80 | # SageMath parsed files 81 | *.sage.py 82 | 83 | # Environments 84 | .env 85 | .venv 86 | env/ 87 | venv/ 88 | ENV/ 89 | 90 | # Spyder project settings 91 | .spyderproject 92 | .spyproject 93 | 94 | # Rope project settings 95 | .ropeproject 96 | 97 | # mkdocs documentation 98 | /site 99 | # mypy 100 | .mypy_cache/ 101 | 102 | .idea 103 | 104 | 105 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/admin/deployment-adminv4.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "adminv4.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "adminv4.labels" . | nindent 4 }} 8 | spec: 9 | replicas: {{ required "adminv4Replicas is required" .Values.adminv4Replicas }} 10 | selector: 11 | matchLabels: 12 | {{- include "adminv4.selectorLabels" . | nindent 6 }} 13 | template: 14 | metadata: 15 | labels: 16 | {{- include "adminv4.labels" . | nindent 8 }} 17 | spec: 18 | {{ include "imagepullsecret.define" . | nindent 6 }} 19 | containers: 20 | - image: {{ required "adminv4Image is required" .Values.adminv4Image }} 21 | name: {{ template "adminv4.uname" . }}-image 22 | imagePullPolicy: Always 23 | resources: 24 | limits: 25 | cpu: {{ required "adminv4CPULimit is required" .Values.adminv4CPULimit }} 26 | memory: {{ required "adminv4MemoryLimit is required" .Values.adminv4MemoryLimit }} 27 | ephemeral-storage: {{ required "adminv4EphemeralStorageLimit is required" .Values.adminv4EphemeralStorageLimit }} 28 | requests: 29 | cpu: {{ required "adminv4CPURequire is required" .Values.adminv4CPURequire }} 30 | memory: {{ required "adminv4MemoryRequire is required" .Values.adminv4MemoryRequire }} 31 | ephemeral-storage: {{ required "adminv4EphemeralStorageRequire is required" .Values.adminv4EphemeralStorageRequire }} 32 | ports: 33 | - containerPort: 8000 34 | name: http 35 | volumeMounts: 36 | - name: codo-adminv4-conf 37 | mountPath: /data/settings.py 38 | subPath: settings.py 39 | volumes: 40 | - name: codo-adminv4-conf 41 | configMap: 42 | name: {{ template "adminv4.uname" . }} 43 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/cmdb/deployment-cmdb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "cmdb.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "cmdb.labels" . | nindent 4 }} 8 | spec: 9 | replicas: {{ required "cmdbReplicas is required" .Values.cmdbReplicas }} 10 | selector: 11 | matchLabels: 12 | {{- include "cmdb.selectorLabels" . | nindent 6 }} 13 | template: 14 | metadata: 15 | labels: 16 | {{- include "cmdb.labels" . | nindent 8 }} 17 | spec: 18 | {{ include "imagepullsecret.define" . | nindent 6 }} 19 | containers: 20 | - image: {{ required "cmdbImage is required" .Values.cmdbImage }} 21 | name: {{ template "cmdb.uname" . }}-image 22 | imagePullPolicy: Always 23 | env: 24 | - name: SERVICE_NAME 25 | value: "cmdb" 26 | resources: 27 | limits: 28 | cpu: {{ required "cmdbCPULimit is required" .Values.cmdbCPULimit }} 29 | memory: {{ required "cmdbMemoryLimit is required" .Values.cmdbMemoryLimit }} 30 | ephemeral-storage: {{ required "cmdbEphemeralStorageLimit is required" .Values.cmdbEphemeralStorageLimit }} 31 | requests: 32 | cpu: {{ required "cmdbCPURequire is required" .Values.cmdbCPURequire }} 33 | memory: {{ required "cmdbMemoryRequire is required" .Values.cmdbMemoryRequire }} 34 | ephemeral-storage: {{ required "cmdbEphemeralStorageRequire is required" .Values.cmdbEphemeralStorageRequire }} 35 | ports: 36 | - containerPort: 8000 37 | name: http 38 | volumeMounts: 39 | - name: codo-cmdb-conf 40 | mountPath: /data/settings.py 41 | subPath: settings.py 42 | volumes: 43 | - name: codo-cmdb-conf 44 | configMap: 45 | name: {{ template "cmdb.uname" . }} 46 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/frontend/deployment-frontend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "frontend.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "frontend.labels" . | nindent 4 }} 8 | spec: 9 | replicas: {{ required "frontendReplicas is required" .Values.frontendReplicas }} 10 | selector: 11 | matchLabels: 12 | {{- include "frontend.selectorLabels" . | nindent 6 }} 13 | template: 14 | metadata: 15 | labels: 16 | {{- include "frontend.labels" . | nindent 8 }} 17 | spec: 18 | {{ include "imagepullsecret.define" . | nindent 6 }} 19 | containers: 20 | - image: {{ required "frontendImage is required" .Values.frontendImage }} 21 | name: {{ template "frontend.uname" . }}-image 22 | imagePullPolicy: Always 23 | resources: 24 | limits: 25 | cpu: {{ required "frontendCPULimit is required" .Values.frontendCPULimit }} 26 | memory: {{ required "frontendMemoryLimit is required" .Values.frontendMemoryLimit }} 27 | ephemeral-storage: {{ required "frontendEphemeralStorageLimit is required" .Values.frontendEphemeralStorageLimit }} 28 | requests: 29 | cpu: {{ required "frontendCPURequire is required" .Values.frontendCPURequire }} 30 | memory: {{ required "frontendMemoryRequire is required" .Values.frontendMemoryRequire }} 31 | ephemeral-storage: {{ required "frontendEphemeralStorageRequire is required" .Values.frontendEphemeralStorageRequire }} 32 | ports: 33 | - containerPort: 80 34 | name: http 35 | volumeMounts: 36 | - name: codo-frontend-conf 37 | mountPath: /etc/nginx/conf.d/default.conf 38 | subPath: default.conf 39 | volumes: 40 | - name: codo-frontend-conf 41 | configMap: 42 | name: {{ template "frontend.uname" . }} 43 | -------------------------------------------------------------------------------- /helm-deploy/codo_mid/values.yaml: -------------------------------------------------------------------------------- 1 | # --------------------------- Redis ------------------------------------ # 2 | # Redis 配置 3 | redisPort: 6379 4 | redisPassword: "root_password" 5 | # Redis 镜像 6 | redisImage: 7 | repository: redis 8 | tag: "6.2.11" 9 | pullPolicy: IfNotPresent 10 | reidsReplicaCount: 1 11 | 12 | # --------------------------- Mysql ------------------------------------ # 13 | mysqlReplicaCount: 1 14 | mysqlStorage: 10Gi 15 | mysqlmage: 16 | repository: mysql 17 | tag: "8.0" 18 | pullPolicy: IfNotPresent 19 | 20 | mysqlService: 21 | type: ClusterIP 22 | port: 3306 23 | 24 | mysql: 25 | rootPassword: root_password 26 | database: mydb 27 | user: user 28 | password: user_password 29 | 30 | # --------------------------- Etcd ------------------------------------ # 31 | EtcdReplicaCount: 1 32 | etcdStorage: 10Gi 33 | # etcd 镜像设置 34 | EtcdImage: 35 | init_image: debian:stable-slim 36 | repository: bitnami/etcd 37 | tag: "3.5" 38 | pullPolicy: IfNotPresent 39 | 40 | # etcd 服务设置 41 | EtcdService: 42 | type: ClusterIP 43 | port: 2379 44 | 45 | # etcd 的环境变量 46 | etcd: 47 | name: "etcd-node" 48 | initialCluster: "etcd-node=http://etcd-node:2380" 49 | listenClientURLs: "http://0.0.0.0:2379" 50 | listenPeerURLs: "http://0.0.0.0:2380" 51 | advertiseClientURLs: "http://etcd-node:2379" 52 | initialAdvertisePeerURLs: "http://etcd-node:2380" 53 | rootUser: root # 根用户 54 | rootPassword: "root_password" # 根用户密码 55 | authEnabled: flase # 启用认证 56 | 57 | # --------------------------- Rabbitmq ------------------------------------ # 58 | # RabbitMQ 配置 59 | rabbitmq: 60 | username: codo 61 | password: root_password 62 | erlangCookie: "secret-cookie" 63 | 64 | # 镜像配置 65 | MQImage: 66 | repository: bitnami/rabbitmq 67 | tag: "3.13.6-debian-12-r1" 68 | pullPolicy: IfNotPresent 69 | 70 | # 服务配置 71 | MQService: 72 | type: ClusterIP 73 | amqpPort: 5672 74 | managementPort: 15672 75 | MQReplicaCount: 1 76 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/flow-servers/deployment-loop.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "flowLoop.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "flowLoop.labels" . | nindent 4 }} 8 | spec: 9 | replicas: {{ required "flowLoopReplicas is required" .Values.flowLoopReplicas }} 10 | selector: 11 | matchLabels: 12 | {{- include "flowLoop.selectorLabels" . | nindent 6 }} 13 | template: 14 | metadata: 15 | labels: 16 | {{- include "flowLoop.labels" . | nindent 8 }} 17 | spec: 18 | {{ include "imagepullsecret.define" . | nindent 6 }} 19 | containers: 20 | - image: {{ required "flowLoopImage is required" .Values.flowLoopImage }} 21 | name: {{ template "flowLoop.uname" . }}-image 22 | imagePullPolicy: Always 23 | env: 24 | - name: SERVICE_NAME 25 | value: "flow-loop" 26 | resources: 27 | limits: 28 | cpu: {{ required "flowLoopCPULimit is required" .Values.flowLoopCPULimit }} 29 | memory: {{ required "flowLoopMemoryLimit is required" .Values.flowLoopMemoryLimit }} 30 | ephemeral-storage: {{ required "flowLoopEphemeralStorageLimit is required" .Values.flowLoopEphemeralStorageLimit }} 31 | requests: 32 | cpu: {{ required "flowLoopCPURequire is required" .Values.flowLoopCPURequire }} 33 | memory: {{ required "flowLoopMemoryRequire is required" .Values.flowLoopMemoryRequire }} 34 | ephemeral-storage: {{ required "flowLoopEphemeralStorageRequire is required" .Values.flowLoopEphemeralStorageRequire }} 35 | ports: 36 | - containerPort: 8000 37 | name: http 38 | volumeMounts: 39 | - name: flow-conf 40 | mountPath: /data/settings.py 41 | subPath: settings.py 42 | volumes: 43 | - name: flow-conf 44 | configMap: 45 | name: {{ template "flowLoop.uname" . }} 46 | 47 | -------------------------------------------------------------------------------- /docker-deploy/build_images.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # 函数:构建镜像并检查构建结果 4 | build_image() { 5 | local service_name=$1 6 | local dockerfile_path=$2 7 | local image_name=$3 8 | echo "开始构建 ${service_name} 镜像..." 9 | cd "$dockerfile_path" || exit 10 | # if sudo docker build --no-cache --build-arg SERVICE_NAME="${service_name}" . -t "${image_name}"; then 11 | if sudo docker build --build-arg SERVICE_NAME="${service_name}" . -t "${image_name}"; then 12 | echo "${service_name} 镜像构建成功!" 13 | cd .. 14 | else 15 | echo "构建 ${service_name} 镜像失败!" 16 | exit 1 17 | fi 18 | } 19 | 20 | # 构建codo-admin-image 21 | build_image "admin-mg-api" "codo-adminv4" "codo-admin-image" 22 | 23 | # 构建codo-frontend-image 24 | build_image "frontend-converge" "codo-frontend-converge" "codo-frontend-image" 25 | 26 | # 构建codo-gateway-image 27 | build_image "gateway" "codo-gateway" "codo-gateway-image" 28 | 29 | # 构建codo-cmdb-image 30 | build_image "cmdb" "codo-cmdb" "codo-cmdb-image" 31 | 32 | # 构建codo-job-api-image 33 | build_image "control-api" "codo-flow" "codo-job-api-image" 34 | 35 | # 构建codo-flow-loop-image 36 | build_image "flow-loop" "codo-flow" "codo-flow-loop-image" 37 | 38 | # 构建codo-flow-queue-image 39 | build_image "flow-queue" "codo-flow" "codo-flow-queue-image" 40 | 41 | # 构建codo-cron-job-image 42 | build_image "cron" "codo-flow" "codo-cron-job-image" 43 | 44 | # 构建codo-exec-task-image 45 | build_image "exec-task" "codo-flow" "codo-exec-task-image" 46 | 47 | # 构建codo-task-log-image 48 | build_image "task-log" "codo-flow" "codo-task-log-image" 49 | 50 | # 构建codo-agent-log-image 51 | build_image "agent-log" "codo-flow" "codo-agent-log-image" 52 | 53 | # 构建codo-kerrigan-image 54 | build_image "kerrigan" "codo-kerrigan" "codo-kerrigan-image" 55 | 56 | # 构建codo-agent-server-image 57 | build_image "agent-server" "codo-agent-server" "codo-agent-server-image" 58 | 59 | # 构建codo-flow-f-image 60 | build_image "codo-flow-f" "codo-flow-f" "codo-flow-f-image" 61 | 62 | echo "所有镜像构建完成!" 63 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/flow-servers/deployment-queue.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "flowQueue.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "flowQueue.labels" . | nindent 4 }} 8 | spec: 9 | replicas: {{ required "flowQueueReplicas is required" .Values.flowQueueReplicas }} 10 | selector: 11 | matchLabels: 12 | {{- include "flowQueue.selectorLabels" . | nindent 6 }} 13 | template: 14 | metadata: 15 | labels: 16 | {{- include "flowQueue.labels" . | nindent 8 }} 17 | spec: 18 | {{ include "imagepullsecret.define" . | nindent 6 }} 19 | containers: 20 | - image: {{ required "flowQueueImage is required" .Values.flowQueueImage }} 21 | name: {{ template "flowQueue.uname" . }}-image 22 | imagePullPolicy: Always 23 | env: 24 | - name: SERVICE_NAME 25 | value: "flow-queue" 26 | resources: 27 | limits: 28 | cpu: {{ required "flowQueueCPULimit is required" .Values.flowQueueCPULimit }} 29 | memory: {{ required "flowQueueMemoryLimit is required" .Values.flowQueueMemoryLimit }} 30 | ephemeral-storage: {{ required "flowQueueEphemeralStorageLimit is required" .Values.flowQueueEphemeralStorageLimit }} 31 | requests: 32 | cpu: {{ required "flowQueueCPURequire is required" .Values.flowQueueCPURequire }} 33 | memory: {{ required "flowQueueMemoryRequire is required" .Values.flowQueueMemoryRequire }} 34 | ephemeral-storage: {{ required "flowQueueEphemeralStorageRequire is required" .Values.flowQueueEphemeralStorageRequire }} 35 | ports: 36 | - containerPort: 8000 37 | name: http 38 | volumeMounts: 39 | - name: flow-conf 40 | mountPath: /data/settings.py 41 | subPath: settings.py 42 | volumes: 43 | - name: flow-conf 44 | configMap: 45 | name: {{ template "flowQueue.uname" . }} 46 | 47 | -------------------------------------------------------------------------------- /docker-deploy/codo-agent-server/ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFbTCCA1WgAwIBAgIUOuCcmNZPik7oifmiNd8ZVZstaq0wDQYJKoZIhvcNAQEL 3 | BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM 4 | GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0yNDEyMTgxNDI2MDBaGA8yMTI0 5 | MTEyNDE0MjYwMFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx 6 | ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcN 7 | AQEBBQADggIPADCCAgoCggIBANczbz4BU9sN5g/LgHoGamHZMTTTWJiJFXjs9AKj 8 | t+BihQshHJZHyJMRVyW7RJJLZKJJJx9dxRWL4znbyGthHjiwoRb/Nf4fF8Gku3et 9 | P46dFrkzvQGuM1dfqgsk2nT1DTUzgVWhGv8yFwVuDEBcEeOlcqAMt/CRW10HzsG0 10 | f2wSCd2OgdX+tfr0CEZwkhRui0gvUGB52OCRbe+MofsviO0VkKPSGnVz71Sn7E9b 11 | vwuO5fAP+59THN8hISfb2xyDArjHiW2m0gA6OQiin8Jx0rXTMTMa9na8BY/F7ARU 12 | Ua7G3vbOYG5BIE+WD0pEoPQd9BCellOOkTcjnPY+fRibgUngcz4JTlpAHa8oceL5 13 | 1HEfz7kz/rs8oT/xAxMtwvmO1azNGSXZunKrj3N9CrAzpP0uFpWdeyNejq4KfICf 14 | YFnSpQfyStRRPSOVLlZUfTsRq6zHhnLdtrPXUBEBfeIkjhkOvIKJ1zoPa17c7Pdy 15 | CiHvdX4EVMH2tHAz+tFojFnBfVGAWoFlwG7gcKUZKf94uySvxH7WhaN+Jre+0hIK 16 | tQuXsO6T94pahQTL5WEkdRv68IjsHRntQblGAugV+CusW5KJVPZXjso0NuiwDd+d 17 | BLVx7scWYrB5DEdhG7DDB7bswG/qnAw9H7Um/xyKpkDBoAHh0t+v2ZCJEPDSQmru 18 | UKEDAgMBAAGjUzBRMB0GA1UdDgQWBBQHKEUuABjlXOmtvsRZREwWHN9dWjAfBgNV 19 | HSMEGDAWgBQHKEUuABjlXOmtvsRZREwWHN9dWjAPBgNVHRMBAf8EBTADAQH/MA0G 20 | CSqGSIb3DQEBCwUAA4ICAQAwlXq7PJ2p2QOFvce5qeyGaBcOsaLVt6VnBQRnFXA3 21 | f6xALCv2Wsg8soEyQX3IcLmQbAvFQDC5oyUVDl0PnlXB6oCIEkclsuBi4NoRSvt3 22 | CJTT4juGb50sIwV7lSLQ9MheKs15ofi/Se/JC4K4nDMQp4zkdh56YLxMKKLWZtaa 23 | z5oenMBaReHDzXvcdAjbhaZOfJJ3miaAlGXGbyEJCKdKOvdCvfP85pldhLp9kR8j 24 | bL9NaArWrC94mdAo+P+XIW0kD1dX8fWZNh0g/KO4FxovevsxHCziqf18yviIWvMZ 25 | TA6WkDM9lr5siu4kZfL0HqOnXpOC+M/WAZhuq/wLCQVkmYGyRXGhYsubQTzqWLtC 26 | Kb/vTsNroE6p9aHqa6IlhNKPJ7t4y1A5o4OskvLdo/0poQ4oqNzauEDUKsG5gNtX 27 | 19rf/ECGqPG0G9y6tSAheEHfwxmdzreaeQ72wye1d5HLDtqxe/axh2akgV4jDfgF 28 | f29D+oaPYVqUbw90BRZUn4LLrWeXrae/9K57F3ZUwXk06y7wldkrXP+PVNw875th 29 | wZbKPHhQwhKGWHsO3k8+TJwrqhkejQ21x5XnWjUV68uUk9af188nJwuaQnNH5ViJ 30 | cvzzWhfxAPj3gNpvaFdOfC5CPVai99+vvoh1mG1XCrFiSS84kllT+rm1phMy5VfT 31 | YA== 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/flow-servers/deployment-control.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "flowControl.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "flowControl.labels" . | nindent 4 }} 8 | spec: 9 | replicas: {{ required "flowControlReplicas is required" .Values.flowControlReplicas }} 10 | selector: 11 | matchLabels: 12 | {{- include "flowControl.selectorLabels" . | nindent 6 }} 13 | template: 14 | metadata: 15 | labels: 16 | {{- include "flowControl.labels" . | nindent 8 }} 17 | spec: 18 | {{ include "imagepullsecret.define" . | nindent 6 }} 19 | containers: 20 | - image: {{ required "flowControlImage is required" .Values.flowControlImage }} 21 | name: {{ template "flowControl.uname" . }}-image 22 | imagePullPolicy: Always 23 | env: 24 | - name: SERVICE_NAME 25 | value: "control-api" 26 | resources: 27 | limits: 28 | cpu: {{ required "flowControlCPULimit is required" .Values.flowControlCPULimit }} 29 | memory: {{ required "flowControlMemoryLimit is required" .Values.flowControlMemoryLimit }} 30 | ephemeral-storage: {{ required "flowControlEphemeralStorageLimit is required" .Values.flowControlEphemeralStorageLimit }} 31 | requests: 32 | cpu: {{ required "flowControlCPURequire is required" .Values.flowControlCPURequire }} 33 | memory: {{ required "flowControlMemoryRequire is required" .Values.flowControlMemoryRequire }} 34 | ephemeral-storage: {{ required "flowControlEphemeralStorageRequire is required" .Values.flowControlEphemeralStorageRequire }} 35 | ports: 36 | - containerPort: 8000 37 | name: http 38 | volumeMounts: 39 | - name: flow-conf 40 | mountPath: /data/settings.py 41 | subPath: settings.py 42 | volumes: 43 | - name: flow-conf 44 | configMap: 45 | name: {{ template "flowControl.uname" . }} 46 | 47 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/flow-servers/deployment-task-log.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "flowTaskLog.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "flowTaskLog.labels" . | nindent 4 }} 8 | spec: 9 | replicas: {{ required "flowTaskLogReplicas is required" .Values.flowTaskLogReplicas }} 10 | selector: 11 | matchLabels: 12 | {{- include "flowTaskLog.selectorLabels" . | nindent 6 }} 13 | template: 14 | metadata: 15 | labels: 16 | {{- include "flowTaskLog.labels" . | nindent 8 }} 17 | spec: 18 | {{ include "imagepullsecret.define" . | nindent 6 }} 19 | containers: 20 | - image: {{ required "flowTaskLogImage is required" .Values.flowTaskLogImage }} 21 | name: {{ template "flowTaskLog.uname" . }}-image 22 | imagePullPolicy: Always 23 | env: 24 | - name: SERVICE_NAME 25 | value: "task-log" 26 | resources: 27 | limits: 28 | cpu: {{ required "flowTaskLogCPULimit is required" .Values.flowTaskLogCPULimit }} 29 | memory: {{ required "flowTaskLogMemoryLimit is required" .Values.flowTaskLogMemoryLimit }} 30 | ephemeral-storage: {{ required "flowTaskLogEphemeralStorageLimit is required" .Values.flowTaskLogEphemeralStorageLimit }} 31 | requests: 32 | cpu: {{ required "flowTaskLogCPURequire is required" .Values.flowTaskLogCPURequire }} 33 | memory: {{ required "flowTaskLogMemoryRequire is required" .Values.flowTaskLogMemoryRequire }} 34 | ephemeral-storage: {{ required "flowTaskLogEphemeralStorageRequire is required" .Values.flowTaskLogEphemeralStorageRequire }} 35 | ports: 36 | - containerPort: 8000 37 | name: http 38 | volumeMounts: 39 | - name: flow-conf 40 | mountPath: /data/settings.py 41 | subPath: settings.py 42 | volumes: 43 | - name: flow-conf 44 | configMap: 45 | name: {{ template "flowTaskLog.uname" . }} 46 | 47 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/flow-servers/deployment-agent-log.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "flowAgentLog.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "flowAgentLog.labels" . | nindent 4 }} 8 | spec: 9 | replicas: {{ required "flowAgentLogReplicas is required" .Values.flowAgentLogReplicas }} 10 | selector: 11 | matchLabels: 12 | {{- include "flowAgentLog.selectorLabels" . | nindent 6 }} 13 | template: 14 | metadata: 15 | labels: 16 | {{- include "flowAgentLog.labels" . | nindent 8 }} 17 | spec: 18 | {{ include "imagepullsecret.define" . | nindent 6 }} 19 | containers: 20 | - image: {{ required "flowAgentLogImage is required" .Values.flowAgentLogImage }} 21 | name: {{ template "flowAgentLog.uname" . }}-image 22 | imagePullPolicy: Always 23 | env: 24 | - name: SERVICE_NAME 25 | value: "agent-log" 26 | resources: 27 | limits: 28 | cpu: {{ required "flowAgentLogCPULimit is required" .Values.flowAgentLogCPULimit }} 29 | memory: {{ required "flowAgentLogMemoryLimit is required" .Values.flowAgentLogMemoryLimit }} 30 | ephemeral-storage: {{ required "flowAgentLogEphemeralStorageLimit is required" .Values.flowAgentLogEphemeralStorageLimit }} 31 | requests: 32 | cpu: {{ required "flowAgentLogCPURequire is required" .Values.flowAgentLogCPURequire }} 33 | memory: {{ required "flowAgentLogMemoryRequire is required" .Values.flowAgentLogMemoryRequire }} 34 | ephemeral-storage: {{ required "flowAgentLogEphemeralStorageRequire is required" .Values.flowAgentLogEphemeralStorageRequire }} 35 | ports: 36 | - containerPort: 8000 37 | name: http 38 | volumeMounts: 39 | - name: flow-conf 40 | mountPath: /data/settings.py 41 | subPath: settings.py 42 | volumes: 43 | - name: flow-conf 44 | configMap: 45 | name: {{ template "flowAgentLog.uname" . }} 46 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/cnmp/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "cnmp.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "cnmp.labels" . | nindent 4 }} 8 | spec: 9 | replicas: {{ required "cnmpReplicas is required" .Values.cnmpReplicas }} 10 | selector: 11 | matchLabels: 12 | {{- include "cnmp.selectorLabels" . | nindent 6 }} 13 | template: 14 | metadata: 15 | labels: 16 | {{- include "cnmp.labels" . | nindent 8 }} 17 | spec: 18 | {{ include "imagepullsecret.define" . | nindent 6 }} 19 | containers: 20 | - image: {{ required "cnmpImage is required" .Values.cnmpImage }} 21 | name: {{ template "cnmp.uname" . }}-image 22 | imagePullPolicy: Always 23 | resources: 24 | limits: 25 | cpu: {{ required "cnmpCPULimit is required" .Values.cnmpCPULimit }} 26 | memory: {{ required "cnmpMemoryLimit is required" .Values.cnmpMemoryLimit }} 27 | ephemeral-storage: {{ required "cnmpEphemeralStorageLimit is required" .Values.cnmpEphemeralStorageLimit }} 28 | requests: 29 | cpu: {{ required "cnmpCPURequire is required" .Values.cnmpCPURequire }} 30 | memory: {{ required "cnmpMemoryRequire is required" .Values.cnmpMemoryRequire }} 31 | ephemeral-storage: {{ required "cnmpEphemeralStorageRequire is required" .Values.cnmpEphemeralStorageRequire }} 32 | ports: 33 | - containerPort: 8000 34 | name: cnmp-svc 35 | - containerPort: 8001 36 | name: ws-svc 37 | - containerPort: 8002 38 | name: metric-svc 39 | - containerPort: 8003 40 | name: pprof-svc 41 | - containerPort: 8443 42 | name: kubelet-svc 43 | volumeMounts: 44 | - name: codo-cnmp-conf 45 | mountPath: /data/etc/config.yaml 46 | subPath: config.yaml 47 | volumes: 48 | - name: codo-cnmp-conf 49 | configMap: 50 | name: {{ template "cnmp.uname" . }} 51 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/flow-servers/deployment-exec-task.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "flowExecTask.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "flowExecTask.labels" . | nindent 4 }} 8 | spec: 9 | replicas: {{ required "flowExecTaskReplicas is required" .Values.flowExecTaskReplicas }} 10 | selector: 11 | matchLabels: 12 | {{- include "flowExecTask.selectorLabels" . | nindent 6 }} 13 | template: 14 | metadata: 15 | labels: 16 | {{- include "flowExecTask.labels" . | nindent 8 }} 17 | spec: 18 | {{ include "imagepullsecret.define" . | nindent 6 }} 19 | containers: 20 | - image: {{ required "flowExecTaskImage is required" .Values.flowExecTaskImage }} 21 | name: {{ template "flowExecTask.uname" . }}-image 22 | imagePullPolicy: Always 23 | env: 24 | - name: SERVICE_NAME 25 | value: "exec-task" 26 | resources: 27 | limits: 28 | cpu: {{ required "flowExecTaskCPULimit is required" .Values.flowExecTaskCPULimit }} 29 | memory: {{ required "flowExecTaskMemoryLimit is required" .Values.flowExecTaskMemoryLimit }} 30 | ephemeral-storage: {{ required "flowExecTaskEphemeralStorageLimit is required" .Values.flowExecTaskEphemeralStorageLimit }} 31 | requests: 32 | cpu: {{ required "flowExecTaskCPURequire is required" .Values.flowExecTaskCPURequire }} 33 | memory: {{ required "flowExecTaskMemoryRequire is required" .Values.flowExecTaskMemoryRequire }} 34 | ephemeral-storage: {{ required "flowExecTaskEphemeralStorageRequire is required" .Values.flowExecTaskEphemeralStorageRequire }} 35 | ports: 36 | - containerPort: 8000 37 | name: http 38 | volumeMounts: 39 | - name: flow-conf 40 | mountPath: /data/settings.py 41 | subPath: settings.py 42 | volumes: 43 | - name: flow-conf 44 | configMap: 45 | name: {{ template "flowExecTask.uname" . }} 46 | 47 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/flow-servers/deployment-task-scheduler.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "taskScheduler.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "taskScheduler.labels" . | nindent 4 }} 8 | spec: 9 | replicas: {{ required "taskSchedulerReplicas is required" .Values.flowTaskSchedulerReplicas }} 10 | selector: 11 | matchLabels: 12 | {{- include "taskScheduler.selectorLabels" . | nindent 6 }} 13 | template: 14 | metadata: 15 | labels: 16 | {{- include "taskScheduler.labels" . | nindent 8 }} 17 | spec: 18 | {{ include "imagepullsecret.define" . | nindent 6 }} 19 | containers: 20 | - image: {{ required "taskSchedulerImage is required" .Values.flowTaskSchedulerImage }} 21 | name: {{ template "taskScheduler.uname" . }}-image 22 | imagePullPolicy: Always 23 | env: 24 | - name: SERVICE_NAME 25 | value: "task-scheduler" 26 | resources: 27 | limits: 28 | cpu: {{ required "flowCronjobCPULimit is required" .Values.flowTaskSchedulerCPULimit }} 29 | memory: {{ required "flowCronjobMemoryLimit is required" .Values.flowTaskSchedulerMemoryLimit }} 30 | ephemeral-storage: {{ required "flowCronjobEphemeralStorageLimit is required" .Values.flowTaskSchedulerEphemeralStorageLimit }} 31 | requests: 32 | cpu: {{ required "flowCronjobCPURequire is required" .Values.flowTaskSchedulerCPURequire }} 33 | memory: {{ required "flowCronjobMemoryRequire is required" .Values.flowTaskSchedulerMemoryRequire }} 34 | ephemeral-storage: {{ required "flowCronjobEphemeralStorageRequire is required" .Values.flowTaskSchedulerEphemeralStorageRequire }} 35 | ports: 36 | - containerPort: 8000 37 | name: http 38 | volumeMounts: 39 | - name: flow-conf 40 | mountPath: /data/settings.py 41 | subPath: settings.py 42 | volumes: 43 | - name: flow-conf 44 | configMap: 45 | name: {{ template "taskScheduler.uname" . }} 46 | 47 | -------------------------------------------------------------------------------- /helm-deploy/cloud-agent-operator/biz/templates/role_binding.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | labels: 7 | {{ include "label.common" . | nindent 4 }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | app.kubernetes.io/component: rbac 10 | app.kubernetes.io/created-by: cloud-agent-operator 11 | app.kubernetes.io/instance: leader-election-rolebinding 12 | app.kubernetes.io/part-of: cloud-agent-operator 13 | name: cloud-agent-operator-leader-election-rolebinding 14 | namespace: {{ .Release.Namespace }} 15 | roleRef: 16 | apiGroup: rbac.authorization.k8s.io 17 | kind: Role 18 | name: cloud-agent-operator-leader-election-role 19 | subjects: 20 | - kind: ServiceAccount 21 | name: cloud-agent-operator-controller-manager 22 | namespace: {{ .Release.Namespace }} 23 | --- 24 | apiVersion: rbac.authorization.k8s.io/v1 25 | kind: ClusterRoleBinding 26 | metadata: 27 | labels: 28 | {{ include "label.common" . | nindent 4 }} 29 | app.kubernetes.io/managed-by: {{ .Release.Service }} 30 | app.kubernetes.io/component: rbac 31 | app.kubernetes.io/created-by: cloud-agent-operator 32 | app.kubernetes.io/instance: manager-rolebinding 33 | app.kubernetes.io/part-of: cloud-agent-operator 34 | name: cloud-agent-operator-manager-rolebinding 35 | roleRef: 36 | apiGroup: rbac.authorization.k8s.io 37 | kind: ClusterRole 38 | name: cloud-agent-operator-manager-role 39 | subjects: 40 | - kind: ServiceAccount 41 | name: cloud-agent-operator-controller-manager 42 | namespace: {{ .Release.Namespace }} 43 | --- 44 | apiVersion: rbac.authorization.k8s.io/v1 45 | kind: ClusterRoleBinding 46 | metadata: 47 | labels: 48 | {{ include "label.common" . | nindent 4 }} 49 | app.kubernetes.io/managed-by: {{ .Release.Service }} 50 | app.kubernetes.io/component: kube-rbac-proxy 51 | app.kubernetes.io/created-by: cloud-agent-operator 52 | app.kubernetes.io/instance: proxy-rolebinding 53 | app.kubernetes.io/part-of: cloud-agent-operator 54 | name: cloud-agent-operator-proxy-rolebinding 55 | roleRef: 56 | apiGroup: rbac.authorization.k8s.io 57 | kind: ClusterRole 58 | name: cloud-agent-operator-proxy-role 59 | subjects: 60 | - kind: ServiceAccount 61 | name: cloud-agent-operator-controller-manager 62 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /helm-deploy/codo/templates/cloud-agent-operator/role_binding.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | labels: 7 | {{ include "label.common" . | nindent 4 }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | app.kubernetes.io/component: rbac 10 | app.kubernetes.io/created-by: cloud-agent-operator 11 | app.kubernetes.io/instance: leader-election-rolebinding 12 | app.kubernetes.io/part-of: cloud-agent-operator 13 | name: cloud-agent-operator-leader-election-rolebinding 14 | namespace: {{ .Release.Namespace }} 15 | roleRef: 16 | apiGroup: rbac.authorization.k8s.io 17 | kind: Role 18 | name: cloud-agent-operator-leader-election-role 19 | subjects: 20 | - kind: ServiceAccount 21 | name: cloud-agent-operator-controller-manager 22 | namespace: {{ .Release.Namespace }} 23 | --- 24 | apiVersion: rbac.authorization.k8s.io/v1 25 | kind: ClusterRoleBinding 26 | metadata: 27 | labels: 28 | {{ include "label.common" . | nindent 4 }} 29 | app.kubernetes.io/managed-by: {{ .Release.Service }} 30 | app.kubernetes.io/component: rbac 31 | app.kubernetes.io/created-by: cloud-agent-operator 32 | app.kubernetes.io/instance: manager-rolebinding 33 | app.kubernetes.io/part-of: cloud-agent-operator 34 | name: cloud-agent-operator-manager-rolebinding 35 | roleRef: 36 | apiGroup: rbac.authorization.k8s.io 37 | kind: ClusterRole 38 | name: cloud-agent-operator-manager-role 39 | subjects: 40 | - kind: ServiceAccount 41 | name: cloud-agent-operator-controller-manager 42 | namespace: {{ .Release.Namespace }} 43 | --- 44 | apiVersion: rbac.authorization.k8s.io/v1 45 | kind: ClusterRoleBinding 46 | metadata: 47 | labels: 48 | {{ include "label.common" . | nindent 4 }} 49 | app.kubernetes.io/managed-by: {{ .Release.Service }} 50 | app.kubernetes.io/component: kube-rbac-proxy 51 | app.kubernetes.io/created-by: cloud-agent-operator 52 | app.kubernetes.io/instance: proxy-rolebinding 53 | app.kubernetes.io/part-of: cloud-agent-operator 54 | name: cloud-agent-operator-proxy-rolebinding 55 | roleRef: 56 | apiGroup: rbac.authorization.k8s.io 57 | kind: ClusterRole 58 | name: cloud-agent-operator-proxy-role 59 | subjects: 60 | - kind: ServiceAccount 61 | name: cloud-agent-operator-controller-manager 62 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /helm-deploy/codo_mid/templates/mysql.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: mysql-config 5 | labels: 6 | app: mysql 7 | data: 8 | my.cnf: | 9 | [mysqld] 10 | skip-host-cache 11 | skip-name-resolve 12 | bind-address=0.0.0.0 13 | default-authentication-plugin=mysql_native_password 14 | 15 | --- 16 | apiVersion: apps/v1 17 | kind: StatefulSet 18 | metadata: 19 | name: mysql 20 | labels: 21 | app: mysql 22 | spec: 23 | serviceName: mysql 24 | replicas: {{ .Values.mysqlReplicaCount }} 25 | selector: 26 | matchLabels: 27 | app: mysql 28 | volumeClaimTemplates: 29 | - apiVersion: v1 30 | kind: PersistentVolumeClaim 31 | metadata: 32 | name: pvc-mysql-data 33 | spec: 34 | accessModes: 35 | - ReadWriteOnce 36 | resources: 37 | requests: 38 | storage: {{ required "The mysqlStorage is required" .Values.mysqlStorage }} 39 | volumeMode: Filesystem 40 | template: 41 | metadata: 42 | labels: 43 | app: mysql 44 | spec: 45 | containers: 46 | - name: mysql 47 | image: "{{ .Values.mysqlmage.repository }}:{{ .Values.mysqlmage.tag }}" 48 | ports: 49 | - containerPort: {{ .Values.mysqlService.port }} 50 | env: 51 | - name: MYSQL_ROOT_PASSWORD 52 | value: {{ .Values.mysql.rootPassword | quote }} 53 | - name: MYSQL_DATABASE 54 | value: {{ .Values.mysql.database | quote }} 55 | - name: MYSQL_USER 56 | value: {{ .Values.mysql.user | quote }} 57 | - name: MYSQL_PASSWORD 58 | value: {{ .Values.mysql.password | quote }} 59 | volumeMounts: 60 | - name: mysql-config 61 | mountPath: /etc/mysql/conf.d/my.cnf 62 | subPath: my.cnf 63 | - name: pvc-mysql-data 64 | subPath: mysql/data 65 | mountPath: /var/lib/mysql 66 | volumes: 67 | - name: mysql-config 68 | configMap: 69 | name: mysql-config 70 | --- 71 | apiVersion: v1 72 | kind: Service 73 | metadata: 74 | name: mysql 75 | labels: 76 | app: mysql 77 | spec: 78 | ports: 79 | - port: {{ .Values.mysqlService.port }} 80 | targetPort: 3306 81 | selector: 82 | app: mysql 83 | type: {{ .Values.mysqlService.type }} 84 | -------------------------------------------------------------------------------- /docker-deploy/init_app.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo -e "开始启动应用镜像" 4 | 5 | docker pull --platform=linux/amd64 registry.cn-shanghai.aliyuncs.com/ss1917/codo-gateway:latest 6 | docker pull --platform=linux/amd64 registry.cn-shanghai.aliyuncs.com/ss1917/codo-frontend:latest 7 | docker pull --platform=linux/amd64 registry.cn-shanghai.aliyuncs.com/ss1917/codo-admin:latest 8 | docker pull --platform=linux/amd64 registry.cn-shanghai.aliyuncs.com/ss1917/codo-cmdb:latest 9 | docker pull --platform=linux/amd64 registry.cn-shanghai.aliyuncs.com/ss1917/codo-flow-api:latest 10 | docker pull --platform=linux/amd64 registry.cn-shanghai.aliyuncs.com/ss1917/codo-flow-loop:latest 11 | docker pull --platform=linux/amd64 registry.cn-shanghai.aliyuncs.com/ss1917/codo-flow-queue:latest 12 | docker pull --platform=linux/amd64 registry.cn-shanghai.aliyuncs.com/ss1917/codo-exec-task:latest 13 | docker pull --platform=linux/amd64 registry.cn-shanghai.aliyuncs.com/ss1917/flow-task-log:latest 14 | docker pull --platform=linux/amd64 registry.cn-shanghai.aliyuncs.com/ss1917/flow-agent-log:latest 15 | docker pull --platform=linux/amd64 registry.cn-shanghai.aliyuncs.com/ss1917/codo-agent-server:latest 16 | docker pull --platform=linux/amd64 registry.cn-shanghai.aliyuncs.com/ss1917/codo-cnmp:latest 17 | docker pull --platform=linux/amd64 registry.cn-shanghai.aliyuncs.com/ss1917/codo-notice:latest 18 | docker pull --platform=linux/amd64 registry.cn-shanghai.aliyuncs.com/ss1917/codo-k2:latest 19 | 20 | # 启动应用镜像并等待启动完成 21 | # 优先启动天门 22 | docker compose -f docker-compose-app.yaml up tianmen -d 23 | 24 | sleep 10 25 | 26 | # 启动业务服务 27 | docker compose -f docker-compose-app.yaml up -d 28 | if [ $? -ne 0 ]; then 29 | echo "应用镜像启动失败" 30 | exit 1 31 | fi 32 | echo "应用镜像启动成功,等待 5 秒..." 33 | sleep 5 34 | 35 | # 执行docker命令获取token 36 | TOKEN=$(docker exec codo_mg python3 manage.py token_init | tr -d '\r\n') 37 | 38 | # 更新或替换.env文件中的CODO_AUTH_KEY变量的值 39 | sed -i "s/^CODO_AUTH_KEY=.*/CODO_AUTH_KEY=\"$TOKEN\"/" .env 40 | 41 | echo "Token成功更新到.env文件的CODO_AUTH_KEY变量中" 42 | 43 | echo "更新配置文件" 44 | chmod +x gen_config.sh 45 | ./gen_config.sh 46 | 47 | echo "开始初始化数据库" 48 | cat ./db_init.sql| docker exec -i mysql mysql -ucodo -pss1917 49 | docker exec -it codo_mg python3 manage.py db_init 50 | 51 | echo "开始重启应用" 52 | docker compose -f docker-compose-middle.yaml restart 53 | docker compose -f docker-compose-app.yaml down 54 | docker compose -f docker-compose-app.yaml up -d 55 | 56 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/agent-server/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "agentServer.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "agentServer.labels" . | nindent 4 }} 8 | spec: 9 | replicas: {{ required "agentServerReplicas is required" .Values.agentServerReplicas }} 10 | selector: 11 | matchLabels: 12 | {{- include "agentServer.selectorLabels" . | nindent 6 }} 13 | template: 14 | metadata: 15 | labels: 16 | {{- include "agentServer.labels" . | nindent 8 }} 17 | spec: 18 | {{ include "imagepullsecret.define" . | nindent 6 }} 19 | containers: 20 | - image: {{ required "agentServerImage is required" .Values.agentServerImage }} 21 | name: {{ template "agentServer.uname" . }}-image 22 | imagePullPolicy: Always 23 | resources: 24 | limits: 25 | cpu: {{ required "agentServerCPULimit is required" .Values.agentServerCPULimit }} 26 | memory: {{ required "agentServerMemoryLimit is required" .Values.agentServerMemoryLimit }} 27 | ephemeral-storage: {{ required "agentServerEphemeralStorageLimit is required" .Values.agentServerEphemeralStorageLimit }} 28 | requests: 29 | cpu: {{ required "agentServerCPURequire is required" .Values.agentServerCPURequire }} 30 | memory: {{ required "agentServerMemoryRequire is required" .Values.agentServerMemoryRequire }} 31 | ephemeral-storage: {{ required "agentServerEphemeralStorageRequire is required" .Values.agentServerEphemeralStorageRequire }} 32 | ports: 33 | - containerPort: 8080 34 | name: port 35 | - containerPort: 8081 36 | name: ws-port 37 | - containerPort: 8082 38 | name: rpc-port 39 | - containerPort: 8083 40 | name: prom-port 41 | - containerPort: 8084 42 | name: mesh-port 43 | volumeMounts: 44 | - name: codo-agent-server-conf 45 | mountPath: /data/ca.key 46 | subPath: ca.key 47 | - name: codo-agent-server-conf 48 | mountPath: /data/ca.crt 49 | subPath: ca.crt 50 | - name: codo-agent-server-conf 51 | mountPath: /data/conf.yaml 52 | subPath: conf.yaml 53 | volumes: 54 | - name: codo-agent-server-conf 55 | configMap: 56 | name: {{ template "agentServer.uname" . }} 57 | -------------------------------------------------------------------------------- /helm-deploy/codo_mid/templates/rabbitmq.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: rabbitmq 5 | labels: 6 | app: rabbitmq 7 | spec: 8 | serviceName: rabbitmq 9 | volumeClaimTemplates: 10 | - metadata: 11 | name: rabbitmqdata 12 | spec: 13 | accessModes: 14 | - ReadWriteOnce 15 | resources: 16 | requests: 17 | storage: 10Gi 18 | replicas: {{ .Values.MQReplicaCount }} 19 | selector: 20 | matchLabels: 21 | app: rabbitmq 22 | template: 23 | metadata: 24 | labels: 25 | app: rabbitmq 26 | spec: 27 | initContainers: 28 | - name: set-permissions 29 | image: busybox 30 | command: [ 'sh', '-c', 'chmod -R 777 /bitnami/rabbitmq/mnesia' ] 31 | volumeMounts: 32 | - name: rabbitmqdata 33 | subPath: rabbitmq/data 34 | mountPath: /bitnami/rabbitmq/mnesia 35 | securityContext: 36 | runAsUser: 0 37 | containers: 38 | - name: rabbitmq 39 | image: "{{ .Values.MQImage.repository }}:{{ .Values.MQImage.tag }}" 40 | ports: 41 | - containerPort: {{ .Values.MQService.amqpPort }} 42 | - containerPort: {{ .Values.MQService.managementPort }} 43 | env: 44 | - name: RABBITMQ_DEFAULT_USER 45 | value: {{ .Values.rabbitmq.username | quote }} 46 | - name: RABBITMQ_DEFAULT_PASS 47 | value: {{ .Values.rabbitmq.password | quote }} 48 | - name: RABBITMQ_ERLANG_COOKIE 49 | value: {{ .Values.rabbitmq.erlangCookie | quote }} 50 | - name: RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS 51 | value: |2 52 | -rabbit loopback_users [] 53 | volumeMounts: 54 | - name: rabbitmqdata 55 | subPath: rabbitmq/data 56 | mountPath: /bitnami/rabbitmq/mnesia 57 | --- 58 | apiVersion: v1 59 | kind: Service 60 | metadata: 61 | name: rabbitmq 62 | labels: 63 | app: rabbitmq 64 | spec: 65 | ports: 66 | - name: amqp 67 | port: {{ .Values.MQService.amqpPort }} 68 | targetPort: {{ .Values.MQService.amqpPort }} 69 | protocol: TCP 70 | - name: management 71 | port: {{ .Values.MQService.managementPort }} 72 | targetPort: {{ .Values.MQService.managementPort }} 73 | protocol: TCP 74 | selector: 75 | app: rabbitmq 76 | type: {{ .Values.MQService.type }} 77 | 78 | 79 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/gateway/deployment-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "gateway.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "gateway.labels" . | nindent 4 }} 8 | spec: 9 | replicas: {{ required "gatewayReplicas is required" .Values.gatewayReplicas }} 10 | selector: 11 | matchLabels: 12 | {{- include "gateway.selectorLabels" . | nindent 6 }} 13 | template: 14 | metadata: 15 | labels: 16 | {{- include "gateway.labels" . | nindent 8 }} 17 | spec: 18 | {{ include "imagepullsecret.define" . | nindent 6 }} 19 | containers: 20 | - image: {{ required "gatewayImage is required" .Values.gatewayImage }} 21 | name: {{ template "gateway.uname" . }}-image 22 | imagePullPolicy: Always 23 | resources: 24 | limits: 25 | cpu: {{ required "gatewayCPULimit is required" .Values.gatewayCPULimit }} 26 | memory: {{ required "gatewayMemoryLimit is required" .Values.gatewayMemoryLimit }} 27 | ephemeral-storage: {{ required "gatewayEphemeralStorageLimit is required" .Values.gatewayEphemeralStorageLimit }} 28 | requests: 29 | cpu: {{ required "gatewayCPURequire is required" .Values.gatewayCPURequire }} 30 | memory: {{ required "gatewayMemoryRequire is required" .Values.gatewayMemoryRequire }} 31 | ephemeral-storage: {{ required "gatewayEphemeralStorageRequire is required" .Values.gatewayEphemeralStorageRequire }} 32 | ports: 33 | - containerPort: 8888 34 | name: gateway-01 35 | - containerPort: 11000 36 | name: gateway-02 37 | volumeMounts: 38 | - name: codo-gateway-conf 39 | mountPath: /usr/local/openresty/nginx/conf/app.json 40 | subPath: app.json 41 | - name: codo-gateway-conf 42 | mountPath: /usr/local/openresty/nginx/conf/common/proxy.conf 43 | subPath: proxy.conf 44 | - name: codo-gateway-conf 45 | mountPath: /usr/local/openresty/nginx/conf/nginx.conf 46 | subPath: nginx.conf 47 | - name: codo-gateway-conf 48 | mountPath: /usr/local/openresty/nginx/conf/init_discovery.json 49 | subPath: init_discovery.json 50 | - name: codo-gateway-conf 51 | mountPath: /usr/local/openresty/nginx/conf/init_routes.json 52 | subPath: init_routes.json 53 | 54 | volumes: 55 | - name: codo-gateway-conf 56 | configMap: 57 | name: {{ template "gateway.uname" . }} 58 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/notice/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "notice.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "notice.labels" . | nindent 4 }} 8 | spec: 9 | replicas: {{ required "noticeReplicas is required" .Values.noticeReplicas }} 10 | selector: 11 | matchLabels: 12 | {{- include "notice.selectorLabels" . | nindent 6 }} 13 | template: 14 | metadata: 15 | labels: 16 | {{- include "notice.labels" . | nindent 8 }} 17 | spec: 18 | {{ include "imagepullsecret.define" . | nindent 6 }} 19 | containers: 20 | - image: {{ required "noticeImage is required" .Values.noticeImage }} 21 | name: {{ template "notice.uname" . }}-image 22 | imagePullPolicy: Always 23 | command: 24 | - /app/codo-notice 25 | - --conf=/data/conf/config.yaml 26 | resources: 27 | limits: 28 | cpu: {{ required "noticeCPULimit is required" .Values.noticeCPULimit }} 29 | memory: {{ required "noticeMemoryLimit is required" .Values.noticeMemoryLimit }} 30 | ephemeral-storage: {{ required "noticeEphemeralStorageLimit is required" .Values.noticeEphemeralStorageLimit }} 31 | requests: 32 | cpu: {{ required "noticeCPURequire is required" .Values.noticeCPURequire }} 33 | memory: {{ required "noticeMemoryRequire is required" .Values.noticeMemoryRequire }} 34 | ephemeral-storage: {{ required "noticeEphemeralStorageRequire is required" .Values.noticeEphemeralStorageRequire }} 35 | ports: 36 | - containerPort: {{ required "noticeListenPort is required" .Values.noticeListenPort }} 37 | name: notice-http-svc 38 | - containerPort: {{ required "noticeGrpcListenPort is required" .Values.noticeGrpcListenPort }} 39 | name: notice-grpc-svc 40 | - containerPort: {{ required "noticePromListenPort is required" .Values.noticePromListenPort }} 41 | name: metric-svc 42 | - containerPort: {{ required "noticePprofListenPort is required" .Values.noticePprofListenPort }} 43 | name: pprof-svc 44 | - containerPort: {{ required "noticeHookListenPort is required" .Values.noticeHookListenPort }} 45 | name: hook-svc 46 | volumeMounts: 47 | - name: codo-notice-conf 48 | mountPath: /data/conf/config.yaml 49 | subPath: config.yaml 50 | volumes: 51 | - name: codo-notice-conf 52 | configMap: 53 | name: {{ template "notice.uname" . }} 54 | -------------------------------------------------------------------------------- /docker-deploy/notice/config.yaml: -------------------------------------------------------------------------------- 1 | # 项目元信息 2 | metadata: 3 | name: "codo-notice" 4 | env: PRE 5 | gatewayPrefix: "http://172.22.0.6:8888" 6 | gatewayToken: "123xxxx" 7 | 8 | # 中间件 9 | middleware: 10 | jwt: 11 | authKeyName: "auth_key" 12 | 13 | # 服务注册 14 | etcdRegistry: 15 | endpoints: 16 | - "172.22.0.5:2379" 17 | 18 | # 可观测性相关 19 | otel: 20 | trace: 21 | endpoint: "http://jaeger-xingyun-collector.tracing.svc.cluster.local:14268/api/traces" 22 | insecure: true 23 | metric: 24 | enableExemplar: true 25 | log: 26 | level: INFO 27 | 28 | # 运输层相关 29 | server: 30 | # 控制+通知接口配置 31 | http: 32 | addr: "0.0.0.0:8000" 33 | timeout: 1s 34 | # 第三方 webhook 接入 35 | thirdPartHook: 36 | network: "tcp" 37 | addr: "0.0.0.0:9001" 38 | timeout: 1s 39 | # metrics 配置 40 | prometheus: 41 | enable: true 42 | network: "tcp" 43 | addr: "0.0.0.0:9091" 44 | path: "/metrics" 45 | # golang pprof 配置 46 | pprof: 47 | enable: true 48 | network: "tcp" 49 | addr: "0.0.0.0:6060" 50 | 51 | # 通知渠道回调配置 52 | hook: 53 | larkCard: 54 | verificationToken: "xxxxx" 55 | encryptKey: "xxxxx" 56 | 57 | # 通知渠道配置 58 | notifyConfig: 59 | # email 配置 60 | email: 61 | host: smtp.feishu.cn 62 | port: 465 63 | user: codo@codo.com 64 | password: xxx 65 | 66 | # 阿里通知配置 67 | aliyun: 68 | dxAccessId: LT____ 69 | dxAccessSecret: obyElU_____ 70 | dxSignName: CODO通知 71 | dxTemplate: SMS_20___ 72 | dhAccessId: LTAI4F____ 73 | dhAccessSecret: wFqdUb____ 74 | dhTtsCode: TTS_21006____ 75 | dhCalledShowNumber: "xxx" 76 | enable: true 77 | 78 | # 腾讯通知配置 79 | txyun: 80 | dxAccessId: xxx 81 | dxAccessSecret: xxx 82 | dxSignName: CODO通知 83 | dxTemplate: xxx 84 | dxAppId: xxx 85 | dhAccessId: xxx 86 | dhAccessSecret: xxx 87 | dhTemplate: xxx 88 | dhAppId: xxx 89 | enable: true 90 | 91 | # 飞书配置 92 | fsapp: 93 | appId: "xxx" 94 | appSecret: "xxxxx" 95 | 96 | # 钉钉通知配置 97 | ddapp: 98 | appId: xxx 99 | appSecret: xxx-xx 100 | agentId: "xxx" 101 | 102 | # 微信通知配置 103 | wxapp: 104 | agentId: 112233 105 | agentSecret: xxx 106 | cropId: xxx 107 | 108 | # 数据库和缓存相关 109 | data: 110 | database: 111 | link: "codo:ss1917@tcp(172.22.0.2:3306)/codo-notice?loc=Local&charset=utf8mb4&parseTime=True" 112 | debug: true 113 | prefix: codo_ 114 | redis: 115 | addr: 172.22.0.3:6379 116 | password: ss1917 117 | readTimeout: 0.2s 118 | writeTimeout: 0.2s 119 | db: 2 120 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/gateway_external/deployment-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "gatewayExternal.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "gatewayExternal.labels" . | nindent 4 }} 8 | spec: 9 | replicas: {{ required "gatewayReplicas is required" .Values.gatewayExternalReplicas }} 10 | selector: 11 | matchLabels: 12 | {{- include "gatewayExternal.selectorLabels" . | nindent 6 }} 13 | template: 14 | metadata: 15 | labels: 16 | {{- include "gatewayExternal.labels" . | nindent 8 }} 17 | spec: 18 | {{ include "imagepullsecret.define" . | nindent 6 }} 19 | containers: 20 | - image: {{ required "gatewayImage is required" .Values.gatewayImage }} 21 | name: {{ template "gatewayExternal.uname" . }}-image 22 | imagePullPolicy: Always 23 | resources: 24 | limits: 25 | cpu: {{ required "gatewayCPULimit is required" .Values.gatewayExternalCPULimit }} 26 | memory: {{ required "gatewayMemoryLimit is required" .Values.gatewayExternalMemoryLimit }} 27 | ephemeral-storage: {{ required "gatewayEphemeralStorageLimit is required" .Values.gatewayExternalEphemeralStorageLimit }} 28 | requests: 29 | cpu: {{ required "gatewayCPURequire is required" .Values.gatewayExternalCPURequire }} 30 | memory: {{ required "gatewayMemoryRequire is required" .Values.gatewayExternalMemoryRequire }} 31 | ephemeral-storage: {{ required "gatewayEphemeralStorageRequire is required" .Values.gatewayExternalEphemeralStorageRequire }} 32 | ports: 33 | - containerPort: 8888 34 | name: gateway-01 35 | - containerPort: 11000 36 | name: gateway-02 37 | volumeMounts: 38 | - name: codo-gateway-conf 39 | mountPath: /usr/local/openresty/nginx/conf/app.json 40 | subPath: app.json 41 | - name: codo-gateway-conf 42 | mountPath: /usr/local/openresty/nginx/conf/common/proxy.conf 43 | subPath: proxy.conf 44 | - name: codo-gateway-conf 45 | mountPath: /usr/local/openresty/nginx/conf/nginx.conf 46 | subPath: nginx.conf 47 | - name: codo-gateway-conf 48 | mountPath: /usr/local/openresty/nginx/conf/init_discovery.json 49 | subPath: init_discovery.json 50 | - name: codo-gateway-conf 51 | mountPath: /usr/local/openresty/nginx/conf/init_routes.json 52 | subPath: init_routes.json 53 | 54 | volumes: 55 | - name: codo-gateway-conf 56 | configMap: 57 | name: {{ template "gatewayExternal.uname" . }} 58 | -------------------------------------------------------------------------------- /helm-deploy/crds/cloud-agent-operator/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: cloud-agent-operator-manager-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - limitranges 11 | - serviceaccounts 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | - apiGroups: 17 | - "" 18 | resources: 19 | - pods 20 | - secrets 21 | verbs: 22 | - create 23 | - delete 24 | - get 25 | - list 26 | - patch 27 | - update 28 | - watch 29 | - apiGroups: 30 | - "" 31 | resources: 32 | - pods/log 33 | verbs: 34 | - get 35 | - list 36 | - apiGroups: 37 | - "" 38 | resources: 39 | - pods/status 40 | verbs: 41 | - get 42 | - patch 43 | - update 44 | - apiGroups: 45 | - codo.dev 46 | resources: 47 | - codocloudtasks 48 | verbs: 49 | - create 50 | - delete 51 | - get 52 | - list 53 | - patch 54 | - update 55 | - watch 56 | - apiGroups: 57 | - codo.dev 58 | resources: 59 | - codocloudtasks/finalizers 60 | verbs: 61 | - update 62 | - apiGroups: 63 | - codo.dev 64 | resources: 65 | - codocloudtasks/status 66 | verbs: 67 | - get 68 | - patch 69 | - update 70 | --- 71 | apiVersion: rbac.authorization.k8s.io/v1 72 | kind: ClusterRole 73 | metadata: 74 | labels: 75 | app.kubernetes.io/component: kube-rbac-proxy 76 | app.kubernetes.io/created-by: cloud-agent-operator 77 | app.kubernetes.io/instance: metrics-reader 78 | app.kubernetes.io/managed-by: kustomize 79 | app.kubernetes.io/name: clusterrole 80 | app.kubernetes.io/part-of: cloud-agent-operator 81 | name: cloud-agent-operator-metrics-reader 82 | rules: 83 | - nonResourceURLs: 84 | - /metrics 85 | verbs: 86 | - get 87 | --- 88 | apiVersion: rbac.authorization.k8s.io/v1 89 | kind: ClusterRole 90 | metadata: 91 | labels: 92 | app.kubernetes.io/component: kube-rbac-proxy 93 | app.kubernetes.io/created-by: cloud-agent-operator 94 | app.kubernetes.io/instance: proxy-role 95 | app.kubernetes.io/managed-by: kustomize 96 | app.kubernetes.io/name: clusterrole 97 | app.kubernetes.io/part-of: cloud-agent-operator 98 | name: cloud-agent-operator-proxy-role 99 | rules: 100 | - apiGroups: 101 | - authentication.k8s.io 102 | resources: 103 | - tokenreviews 104 | verbs: 105 | - create 106 | - apiGroups: 107 | - authorization.k8s.io 108 | resources: 109 | - subjectaccessreviews 110 | verbs: 111 | - create -------------------------------------------------------------------------------- /docker-deploy/docker-compose-middle.yaml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | 4 | mysql: 5 | image: registry.cn-shanghai.aliyuncs.com/ss1917/mysql:8.0 6 | restart: always 7 | user: root 8 | privileged: true 9 | volumes: 10 | - /etc/localtime:/etc/localtime:ro 11 | - ./mysql/data:/var/lib/mysql 12 | - ./db_init.sql:/docker-entrypoint-init.d/db_init.sql 13 | environment: 14 | - TZ=Asia/Shanghai 15 | - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 16 | - MYSQL_ROOT_HOST=% 17 | container_name: mysql 18 | hostname: mysql 19 | networks: 20 | codo: 21 | ipv4_address: 172.22.0.2 22 | ports: 23 | - "3306:3306" 24 | command: [ "sh", "-c", "docker-entrypoint.sh mysqld --init-file=/docker-entrypoint-init.d/db_init.sql" ] 25 | 26 | 27 | redis: 28 | image: registry.cn-shanghai.aliyuncs.com/ss1917/redis:6.2 29 | restart: always 30 | user: root 31 | privileged: true 32 | volumes: 33 | - /etc/localtime:/etc/localtime:ro 34 | - ./redis/data:/data 35 | environment: 36 | - TZ=Asia/Shanghai 37 | env_file: 38 | - .env 39 | container_name: redis 40 | hostname: redis 41 | networks: 42 | codo: 43 | ipv4_address: 172.22.0.3 44 | command: redis-server --requirepass ${DEFAULT_REDIS_PASSWORD} --bind 0.0.0.0 --appendonly yes 45 | 46 | rabbitmq: 47 | image: rabbitmq:3.11 48 | build: 49 | context: ./rabbitmq 50 | dockerfile: Dockerfile 51 | environment: 52 | RABBITMQ_DEFAULT_USER: ${RABBITMQ_DEFAULT_USER:-admin} 53 | RABBITMQ_DEFAULT_PASS: ${RABBITMQ_DEFAULT_PASS:-password} 54 | RABBITMQ_VHOST: ${RABBITMQ_VHOST:-/} 55 | RABBITMQ_USER: ${RABBITMQ_USER:-user} 56 | RABBITMQ_PASS: ${RABBITMQ_PASS:-password} 57 | #RABBITMQ_USER_PERMISSIONS: ${RABBITMQ_USER_PERMISSIONS:-.* .* .*} 58 | container_name: rabbitmq 59 | env_file: 60 | - .env 61 | volumes: 62 | - /etc/localtime:/etc/localtime:ro 63 | - ./rabbitmq/data:/var/lib/rabbitmq 64 | networks: 65 | codo: 66 | ipv4_address: 172.22.0.4 67 | ports: 68 | - "5672:5672" # RabbitMQ 主服务端口 69 | - "15672:15672" # RabbitMQ 管理界面端口 70 | hostname: rabbitmq-server # 设置固定的主机名 71 | 72 | etcd: 73 | image: registry.cn-shanghai.aliyuncs.com/ss1917/etcd:3.5 74 | privileged: true 75 | restart: always 76 | volumes: 77 | - /etc/localtime:/etc/localtime:ro 78 | - ./etcd/data:/bitnami/etcd:rw 79 | environment: 80 | - TZ=Asia/Shanghai 81 | - ALLOW_NONE_AUTHENTICATION=yes 82 | container_name: etcd 83 | hostname: etcd 84 | networks: 85 | codo: 86 | ipv4_address: 172.22.0.5 87 | 88 | networks: 89 | codo: 90 | name: codo 91 | ipam: 92 | driver: default 93 | config: 94 | - subnet: "172.22.0.0/24" -------------------------------------------------------------------------------- /codo-agent-install-steps.md: -------------------------------------------------------------------------------- 1 | ## Agent 部署 2 | 3 | 在部署应用程序时,默认情况下会同时部署 Agent Server。默认的 Server 地址设置为 `ip:8081`。 4 | 5 | [点击这里下载Agent](https://github.com/opendevops-cn/codo-agent-server) 6 | 7 | > 注意:在生产环境中,为了确保数据传输的安全性,使用 Agent Server 和 Agent Proxy 8 | > 时需要为这两个组件配置证书。这样可以保护系统免受潜在的中间人攻击或其他安全威胁。 9 | 10 | #### 启动 proxy (可选) 11 | 12 | ```bash 13 | codo-agent --url ws://ip:8081/api/v1/codo/agent?clientId=8888 -s --log-dir /data/logs/codo --client-type master 14 | ``` 15 | 16 | #### 启动 agent 17 | 18 | - 直连模式(测试推荐) 19 | 20 | ```bash 21 | codo-agent --url ws://ip:8081/api/v1/codo/agent?clientId=codo-test -s --log-dir /data/logs/codo --row-limit 2000 --client-type normal 22 | 23 | ``` 24 | 25 | - 代理模式(需要启动proxy,生产推荐) 26 | 27 | ```bash 28 | codo-agent --url ws://proxy_ip:20800/api/v1/codo/agent?clientId=codo-test:8888 -s --log-dir /data/logs/codo --row-limit 2000 --client-type normal 29 | 30 | ``` 31 | 32 | [Agent安装文档](https://github.com/opendevops-cn/codo-agent-server/blob/main/%E5%AE%89%E8%A3%85%E6%96%87%E6%A1%A3.md) 33 | 34 | 35 | CentOS 7 及以上版本手动部署文档: 36 | 37 | ### 步骤 1:下载、解压并设置执行权限 38 | 39 | 1. 创建目标目录,下载并解压 codo-agent,然后重命名文件并添加执行权限: 40 | ```bash 41 | mkdir -p /opt/apps/codo-agent/ && wget -O - https://ops-public.huanle.com/agent/agent.gz | tar -xz -C /opt/apps/codo-agent/ && mv /opt/apps/codo-agent/codo-agent-linux-x86 /opt/apps/codo-agent/codo-agent && chmod +x /opt/apps/codo-agent/codo-agent 42 | ``` 43 | 44 | ### 步骤 2:创建并配置 systemd 服务文件 45 | >【注意点】根据实际情况修改 `ExecStart` 行中的 `{server addr}` `{ip}:8888` 和 `{biz_id}`: 46 | ```bash 47 | cat < /usr/lib/systemd/system/codo-agent.service 48 | [Unit] 49 | Description=codo-agent 50 | After=network-online.target 51 | Wants=network-online.target 52 | 53 | [Service] 54 | User=root 55 | Group=root 56 | LimitCORE=infinity 57 | LimitNOFILE=655350 58 | LimitNPROC=655350 59 | KillMode=process 60 | 61 | Type=simple 62 | ExecStart=/opt/apps/codo-agent/codo-agent --url ws://{server addr}:8081/api/v1/codo/agent?clientId={ip}:8888 -s --log-dir /opt/apps/codo-agent --client-type normal --row-limit 4000 --biz-id={biz_id} 63 | WorkingDirectory=/opt/apps/codo-agent 64 | 65 | Restart=always 66 | RestartSec=10s 67 | StartLimitInterval=0 68 | 69 | [Install] 70 | WantedBy=multi-user.target 71 | EOF 72 | ``` 73 | 74 | ```bash 75 | # 生产数据参考 76 | # /opt/apps/codo-agent/codo-agent --url wss://agent-server.codo.com/api/v1/codo/agent?clientId=10.60.16.5:8888 -s --log-dir /opt/apps/codo-agent --row-limit 4000 --biz-id=504 77 | ``` 78 | 79 | ### 步骤 3:加载并启动服务 80 | 81 | 1. 重载 systemd 守护进程: 82 | ```bash 83 | systemctl daemon-reload 84 | ``` 85 | 86 | 2. 启用并启动 `codo-agent` 服务: 87 | ```bash 88 | systemctl enable codo-agent.service 89 | systemctl restart codo-agent.service 90 | systemctl status codo-agent.service 91 | ``` 92 | 93 | ### 步骤 4:查看日志 94 | 95 | 使用以下命令实时查看 `codo-agent` 的日志: 96 | 97 | ```bash 98 | tail -f /opt/apps/codo-agent/logs/codo-agent.log 99 | ``` 100 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/k2/configmap-k2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "k2.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "k2.labels" . | nindent 4 }} 8 | data: 9 | settings.py: |+ 10 | #!/usr/bin/env python 11 | # -*- coding: utf-8 -*- 12 | import os 13 | 14 | from websdk2.consts import const 15 | 16 | ROOT_DIR = os.path.dirname(__file__) 17 | debug = True 18 | xsrf_cookies = False 19 | expire_seconds = 365 * 24 * 60 * 60 20 | cookie_secret = os.getenv('DEFAULT_COOKIE_SECRET', '{{ required "The cookieSecretPy is required" .Values.cookieSecretPy }}') 21 | 22 | DEFAULT_DB_DBHOST = os.getenv('DEFAULT_DB_DBHOST', '{{ required "The mysql.host is required" .Values.mysql.host }}') 23 | DEFAULT_DB_DBPORT = os.getenv('DEFAULT_DB_DBPORT', {{ required "The mysql.port is required" .Values.mysql.port }}) 24 | DEFAULT_DB_DBUSER = os.getenv('DEFAULT_DB_DBUSER', '{{ required "The mysql.user is required" .Values.mysql.user }}') 25 | DEFAULT_DB_DBPWD = os.getenv('DEFAULT_DB_DBPWD', '{{ required "The mysql.passwd is required" .Values.mysql.passwd }}') 26 | DEFAULT_DB_DBNAME = os.getenv('DEFAULT_DB_DBNAME', '{{ required "The k2DB is required" .Values.k2DB }}') 27 | 28 | READONLY_DB_DBHOST = os.getenv('READONLY_DB_DBHOST', '{{ required "The mysql.host is required" .Values.mysql.host }}') 29 | READONLY_DB_DBPORT = os.getenv('READONLY_DB_DBPORT', {{ required "The mysql.port is required" .Values.mysql.port }}) 30 | READONLY_DB_DBUSER = os.getenv('READONLY_DB_DBUSER', '{{ required "The mysql.user is required" .Values.mysql.user }}') 31 | READONLY_DB_DBPWD = os.getenv('READONLY_DB_DBPWD', '{{ required "The mysql.passwd is required" .Values.mysql.passwd }}') 32 | READONLY_DB_DBNAME = os.getenv('READONLY_DB_DBNAME', '{{ required "The k2DB is required" .Values.k2DB }}') 33 | 34 | # 和其他系统交互使用 35 | api_gw = "http://{{ template "gateway.innerApi" . }}" 36 | settings_auth_key = "{{ required "The gatewayInnerApiToken is required" .Values.gatewayInnerApiToken }}" 37 | no_auth_sign_key = os.getenv("CODO_NO_AUTH_SIGN_KEY", '{{ required "The k2NoAuthSignKey is required" .Values.k2NoAuthSignKey }}') 38 | 39 | try: 40 | from local_settings import * 41 | except ImportError: 42 | print('local_settings.py No Found.') 43 | 44 | settings = dict( 45 | debug=debug, 46 | api_gw=api_gw, 47 | settings_auth_key=settings_auth_key, 48 | xsrf_cookies=xsrf_cookies, 49 | cookie_secret=cookie_secret, 50 | expire_seconds=expire_seconds, 51 | no_auth_sign_key=no_auth_sign_key, 52 | app_name='codo-k2', 53 | databases={ 54 | const.DEFAULT_DB_KEY: { 55 | const.DBHOST_KEY: DEFAULT_DB_DBHOST, 56 | const.DBPORT_KEY: DEFAULT_DB_DBPORT, 57 | const.DBUSER_KEY: DEFAULT_DB_DBUSER, 58 | const.DBPWD_KEY: DEFAULT_DB_DBPWD, 59 | const.DBNAME_KEY: DEFAULT_DB_DBNAME, 60 | }, 61 | const.READONLY_DB_KEY: { 62 | const.DBHOST_KEY: READONLY_DB_DBHOST, 63 | const.DBPORT_KEY: READONLY_DB_DBPORT, 64 | const.DBUSER_KEY: READONLY_DB_DBUSER, 65 | const.DBPWD_KEY: READONLY_DB_DBPWD, 66 | const.DBNAME_KEY: READONLY_DB_DBNAME, 67 | } 68 | }, 69 | ) -------------------------------------------------------------------------------- /helm-deploy/codo/scripts/gateway_init_etcd.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # 函数定义:发送请求函数 4 | send_request() { 5 | local endpoint="$1" 6 | local payload="$2" 7 | 8 | response=$(curl -sS -X POST "http://codo-gateway:8888$endpoint" \ 9 | -H "X-Api-Token: api_token_xxxx" \ 10 | -d "$payload") 11 | # 检查curl命令的返回码 12 | if [[ $? -ne 0 ]]; then 13 | echo "Failed to send request to $endpoint" 14 | exit 1 15 | fi 16 | 17 | # 检查响应中是否包含"ok" 18 | if [[ "$response" != "ok" ]]; then 19 | echo "Error: Unexpected response from $endpoint: $response" 20 | exit 1 21 | fi 22 | 23 | echo "Request to $endpoint successful" 24 | } 25 | 26 | # 路由配置函数 27 | configure_route() { 28 | local key="$1" 29 | local serviceName="$2" 30 | local rewriteRegex="$3" 31 | local rewriteReplace="$4" 32 | 33 | send_request "/api/admin/routes/save" '{ 34 | "key": "'"$key"'", 35 | "protocol": "http", 36 | "remark": "", 37 | "prefix": "'"$key"'", 38 | "service_name": "'"$serviceName"'", 39 | "status": 1, 40 | "plugins": ["rewrite", "discovery", "tracing"], 41 | "props": { 42 | "rewrite_url_regex": "'"$rewriteRegex"'", 43 | "rewrite_replace": "'"$rewriteReplace"'" 44 | } 45 | }' 46 | } 47 | 48 | # 服务配置函数 49 | configure_service() { 50 | local key="$1" 51 | local serviceName="$2" 52 | local upstream="$3" 53 | 54 | send_request "/api/admin/services/save" '{ 55 | "key": "'"$key"'", 56 | "service_name": "'"$serviceName"'", 57 | "upstream": "'"$upstream"'", 58 | "weight": 1, 59 | "status": 1 60 | }' 61 | } 62 | 63 | # 配置路由 64 | configure_route "/api/mg/*" "mg" "^/api/mg/" "/" 65 | configure_route "/api/acc/*" "mg" "^/api/acc" "/v4/na" 66 | configure_route "/api/p/*" "mg" "^/api/p/" "/" 67 | configure_route "/api/agent/*" "agent" "^/api/agent/" "/api/" 68 | configure_route "/api/cmdb/*" "cmdb" "^/api/cmdb/" "/" 69 | configure_route "/api/job/*" "job" "^/api/job/" "/" 70 | configure_route "/api/kerrigan/*" "kerrigan" "^/api/kerrigan/" "/" 71 | configure_route "/api/noc/*" "noc" "^/api/noc/" "/" 72 | configure_route "/api/v2/cmdb/*" "cmdb" "^/api/cmdb/" "/" 73 | configure_route "/api/cnmp/*" "cnmp" "^/api/cnmp/" "/" 74 | configure_route "/api/cnmp-ws/*" "cnmp-ws" "^/api/cnmp-ws/" "/" 75 | 76 | # 配置服务 77 | configure_service "/mg/codo-adminv4..svc.cluster.local:8000" "mg" "codo-adminv4..svc.cluster.local:8000" 78 | configure_service "/p/codo-adminv4..svc.cluster.local:8000" "p" "codo-adminv4..svc.cluster.local:8000" 79 | configure_service "/cmdb/codo-cmdb..svc.cluster.local:8000" "cmdb" "codo-cmdb..svc.cluster.local:8000" 80 | configure_service "/job/codo-flow-control..svc.cluster.local:8000" "job" "codo-flow-control..svc.cluster.local:8000" 81 | configure_service "/kerrigan/codo-kerrigan..svc.cluster.local:8000" "kerrigan" "codo-kerrigan..svc.cluster.local:8000" 82 | configure_service "/agent/codo-agent-server..svc.cluster.local:8080" "agent" "codo-agent-server..svc.cluster.local:8080" 83 | configure_service "/cnmp/codo-cnmp..svc.cluster.local:8000" "cnmp" "codo-cnmp..svc.cluster.local:8000" 84 | configure_service "/cnmp-ws/codo-cnmp..svc.cluster.local:8001" "cnmp-ws" "codo-cnmp..svc.cluster.local:8001" 85 | exit 0 -------------------------------------------------------------------------------- /helm-deploy/codo/templates/agent-server/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "agentServer.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "agentServer.labels" . | nindent 4 }} 8 | data: 9 | ca.crt: | 10 | {{ required "The agentServerConfCACrt is required" .Values.agentServerConfCACrt | nindent 4 }} 11 | ca.key: | 12 | {{ required "The agentServerConfCAKey is required" .Values.agentServerConfCAKey | nindent 4 }} 13 | conf.yaml: |+ 14 | META: 15 | ENV: {{ .Values.env | quote}} # dev | pre | prod 16 | 17 | PORT: 8080 # http control 18 | WS-PORT: 8081 # websocket 19 | RPC-PORT: 8082 # 没用 20 | PROM-PORT: 8083 # metrics 21 | BIND-ADDRESS: 0.0.0.0 22 | MQCONFIG: 23 | ENABLED: true 24 | SCHEMA: "amqp" 25 | HOST: "{{ required "The rabbitmq.host is required" .Values.rabbitmq.host }}" 26 | PORT: {{ required "The rabbitmq.port is required" .Values.rabbitmq.port }} 27 | USERNAME: "{{ required "The rabbitmq.user is required" .Values.rabbitmq.user }}" 28 | PASSWORD: "{{ required "The rabbitmq.passwd is required" .Values.rabbitmq.passwd }}" 29 | VHOST: "{{ required "The rabbitmq.vhost is required" .Values.rabbitmq.vhost }}" 30 | ROOT-PATH: . 31 | MESH-CONFIG: 32 | MESH-PORT: 8084 33 | SSL-PUBLIC-KEY-FILEPATH: /data/ca.crt 34 | SSL-PRIVATE-KEY-FILEPATH: /data/ca.key 35 | LOG-LEVEL: "{{ required "The agentServerLogLevel is required" .Values.agentServerLogLevel }}" 36 | DB-CONFIG: 37 | DB-TYPE: mysql 38 | DB-USER: {{ required "The mysql.user is required" .Values.mysql.user }} 39 | DB-PASSWORD: {{ required "The mysql.passwd is required" .Values.mysql.passwd }} 40 | DB-HOST: {{ required "The mysql.host is required" .Values.mysql.host }} 41 | DB-NAME: {{ required "The agentServerDB is required" .Values.agentServerDB }} 42 | DB-TABLE-PREFIX: codo_ 43 | DB-FILE: "" 44 | DB-PORT: {{ required "The mysql.port is required" .Values.mysql.port }} 45 | REDIS: 46 | R-HOST: {{ required "The redis.host is required" .Values.redis.host }} 47 | R-PORT: {{ required "The redis.port is required" .Values.redis.port }} 48 | R-PASSWORD: "{{ required "The redis.passwd is required" .Values.redis.passwd }}" 49 | R-DB: {{ required "The agentServerRedisDB is required" .Values.agentServerRedisDB }} 50 | PUBLISH: 51 | P-HOST: {{ required "The redis.host is required" .Values.redis.host }} 52 | P-PORT: {{ required "The redis.port is required" .Values.redis.port }} 53 | P-PASSWORD: "{{ required "The redis.passwd is required" .Values.redis.passwd }}" 54 | P-DB: {{ required "The agentServerRedisPublishDB is required" .Values.agentServerRedisPublishDB }} 55 | P-ENABLED: true 56 | 57 | # 第三方接口配置 58 | THIRD-PARTY-API-CONFIG: 59 | AUTH-KEY: "{{ required "The gatewayInnerApiToken is required" .Values.gatewayInnerApiToken }}" 60 | CMDB-API-CONFIG: 61 | REGISTER-AGENT-API: "http://{{ template "gateway.innerApi" . }}/api/cmdb/api/v2/cmdb/agent/" 62 | 63 | # OTEL 配置 64 | OTEL: 65 | # pyroscope 服务地址 66 | PYROSCOPE: 67 | SERVER-ADDRESS: {{ .Values.otel.pyroscope.serverAddress | quote }} 68 | BASIC-AUTH-USER: {{ .Values.otel.pyroscope.username | quote }} 69 | BASIC-AUTH-PASSWORD: {{ .Values.otel.pyroscope.password | quote }} -------------------------------------------------------------------------------- /docker-deploy/codo-agent-server/ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDXM28+AVPbDeYP 3 | y4B6Bmph2TE001iYiRV47PQCo7fgYoULIRyWR8iTEVclu0SSS2SiSScfXcUVi+M5 4 | 28hrYR44sKEW/zX+HxfBpLt3rT+OnRa5M70BrjNXX6oLJNp09Q01M4FVoRr/MhcF 5 | bgxAXBHjpXKgDLfwkVtdB87BtH9sEgndjoHV/rX69AhGcJIUbotIL1BgedjgkW3v 6 | jKH7L4jtFZCj0hp1c+9Up+xPW78LjuXwD/ufUxzfISEn29scgwK4x4ltptIAOjkI 7 | op/CcdK10zEzGvZ2vAWPxewEVFGuxt72zmBuQSBPlg9KRKD0HfQQnpZTjpE3I5z2 8 | Pn0Ym4FJ4HM+CU5aQB2vKHHi+dRxH8+5M/67PKE/8QMTLcL5jtWszRkl2bpyq49z 9 | fQqwM6T9LhaVnXsjXo6uCnyAn2BZ0qUH8krUUT0jlS5WVH07Eausx4Zy3baz11AR 10 | AX3iJI4ZDryCidc6D2te3Oz3cgoh73V+BFTB9rRwM/rRaIxZwX1RgFqBZcBu4HCl 11 | GSn/eLskr8R+1oWjfia3vtISCrULl7Duk/eKWoUEy+VhJHUb+vCI7B0Z7UG5RgLo 12 | FfgrrFuSiVT2V47KNDbosA3fnQS1ce7HFmKweQxHYRuwwwe27MBv6pwMPR+1Jv8c 13 | iqZAwaAB4dLfr9mQiRDw0kJq7lChAwIDAQABAoICAH5wwAmkagqozeW14dTQdCzt 14 | mdW537IvySf1wSDT5LO37wes+sjpgFW4uIV41D9IgOZBKPVq+ONB/8387nL46vLQ 15 | BLYoWSboSeMC0QruBgvbDIDgf0q/eXb6xEQr8RcK7Cm4C2Oudtg+K/yKvjQKZJBm 16 | o0SadHCqVw4ACmERllR+/MDqfCqpr261dy878PiEQt20vvsQXHcFu5wl+v5E3aS/ 17 | KO64AcfEyHfq+hNeio9V9I/qNCNWh/4pzvtGWCUWbMD4rCx6+aQckWobctaiXfVr 18 | Ets+GlWE/5eL6LJagGu6eUJ1236sUTmxp2YxkIgeGUqygwyxFW1aRV0BNisBIyKa 19 | OVmYNkQsIyzAJ3kqUnTdIGqPPDcQGNB6j7+8eIJBgZ1wRCT7+LDj7rQ3kNx6B01H 20 | dyDZZ8Eo+qrq5cFiA5XmHWlzBM/NiCvm3XBRIKhbcsZ0LPwqz18tUv6WQ/8RrSgs 21 | rZEk7Xi4EYe6AjWK5Bpe2LmnmCVME+OMZVPqNrG+JnG2GUeC+IwLLj1grIwWvOp5 22 | I0IGem/+UfATbmD1zW6wCr7USbrrq042IX6BJhZg3Mw/amvEZvB3v/0o0Cy6K7Id 23 | nxhzyVB7hTFvtmpr0bBcDQknJDjKyZoxW1/5lMZpdm1298mwsuSxYb2xxFgRdI66 24 | byr0mRJv6kxiv+RCTMYRAoIBAQD+xRwKSFsx8eX5GyFHhm+oAEGKXXi40EVmNh6k 25 | mu8oKDwti9wWoCOgH2EEdZMdip8TvQck6T2+nMUflfpeQh5eZ63mEjqYuzxuA8qy 26 | mmKcFpPGi+hLuyon2UZzfo6GxqCifjPwi8vVDO172+tNmY9IIktIKCUJtK324if7 27 | SGUTKlbKP7Wm/uznxX3ENoTNodHTZkUAV/PbOlM3PUTz5g2v2fQDi/U+K77FMCed 28 | 8N/N/Zo/Y/x7ghAjVwirzH4KBNiyOx3TJGRCRSJ5UtlV/Tw+pbKojgtiDTX8rkVQ 29 | Ctd5xoaluTXc/yT7gLoNrZdOuaHt0XEp1bjCZ1bmgyPSqzOtAoIBAQDYPWshbDfe 30 | gchWoQJwbCQsy64TIi6UyJx8aYH73WN2ONyy9FeMycdVy5QcgmsUFViX0Gm6lWq0 31 | s7+wCCZVgjk1e/EfBVK9tOLPt/lMmFWsRvei4dV4tXAmuGkinCNg2j8JIczcPTSd 32 | 5HzRPMUNHquog7AKVUt0slJYe0fmKuskQ5UwHwpDpFrQiZbYN0YLiF57UVjYm9Gk 33 | 57JEEj0qSRds47zcZLoGs0d6skTFJyzTMFr5bUoumJN744NX8gOKlpMO+ogethSy 34 | d+5PdpljygB+yana+TlvAQ5QfD/54/EUMTgRpVYL5whencjBfRWJ2IFVmoGvfKz+ 35 | hEn2FxGWeT1vAoIBAQDKGWqI7aUKFa4s0cywhICGcM2NCWD+mpiy4DOmuBEHdgNm 36 | zg+lExuvpbS8aNhvEsvmSIkmSq/kSVBGIh8eLq0QjoZwf/1jswPY8cEVtUqML4zC 37 | b7GygaKLQdyVOcuuNlqvDBX/t6XWOA8btfUO9cWnnyzA7LeU33Mw6W5185PahDec 38 | 8LUU6BzeLtf5kpX+2WMto28ROrQDMF1a8IuGPvSUjvz240uEKgeHPQ/wRmgDbC20 39 | I4jiIObUYfJK9kj1gaq0mBisqa2utFEIlSQ7BkuIFsGG3EdDXN96tnPdbvxHaaje 40 | RfHoga3ApPjyaMYieTdvBDoUyalq7bcN3PHJ6G1xAoIBAQC0SrEx0rraSDczE1en 41 | SGL4/nGK/mr8Hi9rA8UerD2rakmI43TDq9EJVY2OH6cLvah6G4iryryHIX9nU8Qy 42 | czsjvs0RYizUgybArdGr7S8xTpJWOhj0ZcK2ZfcypiBRNmZsRMQ7tMRUCReQlSxu 43 | fe39uJ5kXy1khPFnWJJf89TODZMr5hV2xGf7i1w7tgouv2qXQwHiyDgJWC0n2FUr 44 | FnnzjgX/c/QudffY8x2ni7wx8RVI9bhuFUSSfOUbxGrzeAvw5y3q/UFQc/I8StQl 45 | gVzcWWPHcRhT1vuKW64zubtdbJQlEkcl8WDnEoM54AK/RcbACuyp1jeelcnc5usB 46 | HOD9AoIBAQDhauyjCcGepPMYNIov5T6IIzWS9Tfyuv8AlaQT+tabJT5IqM/7thgM 47 | Qo5ny7oLeL708WbRDV3COGL+xFiB1NYcjlTObruTKPEhtsw8aKC7GKUQC/k9gVbO 48 | vUcZbwFsykRK4v64Ctlv+uXL3TIK+SN7s6pwIxJfyoYjC95WNNpQtHA7TKgAZ98y 49 | acTe1Tvm2Z8sN3LTTbx8oUT5dj/0bCO7R/EaBkQkuPVOTmHqKf8iHZBR/C9nMs6A 50 | fc+U7q+c9Y8GcwPVTMrOaOi8WdifQAiL+B/Zj18lbL/XjW32GoMk1156MlMlCw+u 51 | meurehQYwcmCj/1hSHjE73wrHB4QyXpd 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /helm-deploy/codo_mid/templates/etcd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: etcd-config 5 | labels: 6 | app: etcd 7 | data: 8 | etcd.yaml: | 9 | name: {{ .Values.etcd.name }} 10 | initial-cluster: {{ .Values.etcd.initialCluster }} 11 | listen-client-urls: {{ .Values.etcd.listenClientURLs }} 12 | listen-peer-urls: {{ .Values.etcd.listenPeerURLs }} 13 | advertise-client-urls: {{ .Values.etcd.advertiseClientURLs }} 14 | initial-advertise-peer-urls: {{ .Values.etcd.initialAdvertisePeerURLs }} 15 | 16 | --- 17 | apiVersion: apps/v1 18 | kind: StatefulSet 19 | metadata: 20 | name: etcd 21 | labels: 22 | app: etcd 23 | spec: 24 | serviceName: etcd 25 | replicas: {{ .Values.EtcdReplicaCount }} 26 | selector: 27 | matchLabels: 28 | app: etcd 29 | volumeClaimTemplates: 30 | - apiVersion: v1 31 | kind: PersistentVolumeClaim 32 | metadata: 33 | name: pvc-etcd-data 34 | spec: 35 | accessModes: 36 | - ReadWriteOnce 37 | resources: 38 | requests: 39 | storage: {{ required "The etcdStorage is required" .Values.etcdStorage }} 40 | volumeMode: Filesystem 41 | 42 | template: 43 | metadata: 44 | labels: 45 | app: etcd 46 | spec: 47 | initContainers: 48 | - name: init-permissions 49 | image: {{ .Values.EtcdImage.init_image }} 50 | securityContext: 51 | runAsUser: 0 52 | command: 53 | - /bin/sh 54 | - -c 55 | - | 56 | chmod 700 /bitnami/etcd/data 57 | chown 1001:1001 /bitnami/etcd/data 58 | volumeMounts: 59 | - name: pvc-etcd-data 60 | subPath: etcd/data 61 | mountPath: /bitnami/etcd/data 62 | containers: 63 | - name: etcd 64 | env: 65 | - name: MY_STS_NAME 66 | value: etcd 67 | - name: ETCDCTL_API 68 | value: "3" 69 | - name: ETCD_ON_K8S 70 | value: "yes" 71 | - name: ETCD_START_FROM_SNAPSHOT 72 | value: "no" 73 | - name: ETCD_DISASTER_RECOVERY 74 | value: "no" 75 | - name: ETCD_NAME 76 | value: $(MY_POD_NAME) 77 | - name: ETCD_DATA_DIR 78 | value: /bitnami/etcd/data 79 | - name: ETCD_LOG_LEVEL 80 | value: info 81 | - name: ALLOW_NONE_AUTHENTICATION 82 | value: "no" 83 | - name: ETCD_LISTEN_PEER_URLS 84 | value: http://0.0.0.0:2380 85 | - name: ETCD_ROOT_PASSWORD 86 | value: "{{ .Values.etcd.rootPassword }}" 87 | image: "{{ .Values.EtcdImage.repository }}:{{ .Values.EtcdImage.tag }}" 88 | ports: 89 | - containerPort: 2379 90 | name: client 91 | volumeMounts: 92 | - name: etcd-config 93 | mountPath: /etc/etcd/etcd.conf 94 | subPath: etcd.yaml 95 | - name: pvc-etcd-data 96 | subPath: etcd/data 97 | mountPath: /bitnami/etcd/data 98 | volumes: 99 | - name: etcd-config 100 | configMap: 101 | name: etcd-config 102 | --- 103 | apiVersion: v1 104 | kind: Service 105 | metadata: 106 | name: etcd 107 | labels: 108 | app: etcd 109 | spec: 110 | ports: 111 | - port: {{ .Values.EtcdService.port }} 112 | targetPort: {{ .Values.EtcdService.port }} 113 | protocol: TCP 114 | selector: 115 | app: etcd 116 | type: {{ .Values.EtcdService.type }} 117 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/cnmp/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "cnmp.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "cnmp.labels" . | nindent 4 }} 8 | data: 9 | config.yaml: |+ 10 | # 应用 11 | APP: 12 | NAME: "codo-cnmp" # 应用名称 13 | ENV: "PRD" # PRE/PRD/DEV 环境 14 | ADDR: "0.0.0.0:8000" # 监听地址 15 | TIMEOUT: 30 # 超时时间 16 | PROTOCOL: "HTTP" # HTTP/HTTPS 17 | VERSION: "v1.0.0" # 版本号 18 | SECRET: "{{ required "The cnmpSecret is required" .Values.cnmpSecret }}" # AES对称加密密钥 19 | 20 | # Websocket 21 | WS: 22 | ADDR: "0.0.0.0:8001" 23 | 24 | # 可观测 25 | OTEL: 26 | TRACE: 27 | ENDPOINT: "{{ .Values.otel.trace.endpoint }}" # 链路追踪地址 28 | INSECURE: {{ required "The otel.trace.insecure is required" .Values.otel.trace.insecure }} # 是否开启安全连接 29 | METRIC: 30 | ENABLE_EXEMPLAR: TRUE # 是否开启指标采样 31 | LOG: 32 | LEVEL: DEBUG 33 | 34 | # Prometheus 35 | PROMETHEUS: 36 | ENABLED: true # 是否开启 Prometheus 37 | NETWORK: "tcp" # 网络类型 38 | ADDR: "0.0.0.0:8002" # 监听地址 39 | PATH: "/metrics" # 路径 40 | 41 | # 火焰图 42 | PPROF: 43 | ENABLE: true # 是否开启火焰图 44 | NETWORK: "tcp" # 网络类型 45 | ADDR: "0.0.0.0:8003" # 监听地址 46 | 47 | # 数据库 48 | DB: 49 | DB_TYPE: "mysql" # 数据库类型 50 | DB_USER: "{{ required "The mysql.user is required" .Values.mysql.user }}" 51 | DB_PASSWORD: "{{ required "The mysql.passwd is required" .Values.mysql.passwd }}" 52 | DB_HOST: "{{ required "The mysql.host is required" .Values.mysql.host }}" 53 | DB_NAME: "{{ required "The cnmpDB is required" .Values.cnmpDB }}" 54 | DB_TABLE_PREFIX: "" 55 | DB_FILE: "" 56 | DB_PORT: "{{ required "The mysql.port is required" .Values.mysql.port }}" 57 | DB_MaxIdleConns: 10 58 | DB_MaxOpenConns: 10 59 | DB_ConnMaxLifetime: 600 60 | DEBUG: false 61 | 62 | # Redis 63 | REDIS: 64 | R_HOST: {{ required "The redis.host is required" .Values.redis.host }} 65 | R_PORT: {{ required "The redis.port is required" .Values.redis.port }} 66 | R_PASSWORD: "{{ required "The redis.passwd is required" .Values.redis.passwd }}" 67 | R_DB: {{ required "The adminv4RedisDB is required" .Values.adminv4RedisDB }} 68 | 69 | TIANMEN: 70 | ADDR: "http://{{ template "gateway.innerApi" . }}" 71 | AUTH_KEY: "{{ required "The gatewayInnerApiToken is required" .Values.gatewayInnerApiToken }}" 72 | TIMEOUT: 10 73 | 74 | GRAFANA: 75 | ADDR: "{{ required "The cnmpGrafanaAddr is required" .Values.cnmpGrafanaAddr }}" 76 | USER: "{{ required "The cnmpGrafanaUser is required" .Values.cnmpGrafanaUser }}" 77 | PASSWORD: "{{ required "The cnmpGrafanaPassword is required" .Values.cnmpGrafanaPassword }}" 78 | 79 | KAFKA: 80 | ADDR: "{{ required "The cnmpKafkaAddr is required" .Values.cnmpKafkaAddr }}" 81 | TOPIC: "{{ required "The cnmpKafkaTopic is required" .Values.cnmpKafkaTopic }}" 82 | DialTimeout: "{{ required "The cnmpKafkaDialTimeout is required" .Values.cnmpKafkaDialTimeout }}" 83 | 84 | AGENT_SERVER: 85 | SERVER_ADDR: "{{ required "The agentServerAddr is required" .Values.cnmpAgentServerAddr }}" 86 | MESH_ADDR: "{{ required "The meshAddr is required" .Values.cnmpAgentServerMeshAddr }}" 87 | ENABLED: {{ .Values.cnmpAgentServerEnabled }} 88 | NODE_TYPE: "{{ .Values.cnmpAgentServerNodeType }}" 89 | 90 | MESH: 91 | WHITE_IP_LIST: 92 | {{- required "The whiteIpList is required" .Values.cnmpMeshWhiteIpList | toYaml | nindent 8 }} 93 | SRC_AGENT_ID: "{{ required "The srcAgentId is required" .Values.cnmpMeshSrcAgentId }}" 94 | SRC_AGENT_PORT: 39000 95 | 96 | PROXY: 97 | ADDR: "0.0.0.0:8443" 98 | ENABLE: true 99 | NETWORK: "tcp" 100 | API_SERVER: "{{ required "The srcAgentId is required" .Values.cnmpAPIServer }}" -------------------------------------------------------------------------------- /helm-deploy/cloud-agent-operator/biz/templates/ao_configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | namespace: {{ .Release.Namespace }} 5 | name: cloud-agent-operator-config 6 | labels: 7 | {{ include "label.common" . | nindent 4 }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | data: 10 | config.yaml: | 11 | # 服务配置 12 | serverConfig: 13 | # crd controller 配置 14 | managerConfig: 15 | # 最大同时处理的reconcile数量 16 | maxConcurrentReconciles: 1024 17 | pprof: 18 | port: 9090 19 | metrics: 20 | port: 6060 21 | 22 | # redis 配置(用于领域事件分发, 以及数据缓存) 23 | redisConfig: 24 | # 地址 25 | addr: "{{ required "The redis.host is required" .Values.redis.host }}:{{ required "The redis.port is required" .Values.redis.port }}" 26 | # 密码 27 | password: "{{ .Values.redis.passwd }}" 28 | # 数据库 index 29 | db: {{ required "The aoRedisDB is required" .Values.aoRedisDB }} 30 | 31 | # 可观测性配置 32 | otel: 33 | # 日志配置 34 | log: 35 | # 日志等级 DEBUG, INFO, WARN, ERROR, FATAL 36 | level: "{{ required "The aoOtelLogLevel is required" .Values.aoOtelLogLevel }}" 37 | # 日志格式 json, console 38 | encoding: "console" 39 | # 日志文件路径 40 | filepath: "/data/codo-work-dir/codo-agent.log" 41 | # 日志文件切割大小(单位: MB)(默认 100MB) 42 | maxSize: 100 43 | # 日志文件切割周期(单位: 天)(默认 7天) 44 | maxAge: 7 45 | # 日志文件最大保留个数(单位: 个)(默认 10个) 46 | maxBackups: 10 47 | # 链路追踪配置(可以不开, 不采集的话) 48 | trace: 49 | # jaeger 配置 的 endpoint 50 | endpoint: "{{ .Values.aoOtelTraceEndpoint }}" 51 | # endpoint 是否是 https 52 | insecure: {{ required "The aoOtelTraceInsecure is required" .Values.aoOtelTraceInsecure }} 53 | # 数据指标 54 | metrics: 55 | # 开启 exemplar 56 | enableExemplar: true 57 | 58 | # 镜像配置, 用于 cloud-agent 的运行时 59 | imagesConfig: 60 | # 运行时镜像(很重要) 61 | entrypointImage: {{ required "The aoEntrypointImage is required" .Values.cloudAgentOperatorImage }} 62 | # 拉取密钥 要是内容格式为 .dockerconfigjson 的 base64 编码 63 | pullSecret: "{{ .Values.aoPullSecret }}" 64 | 65 | 66 | # agent 配置 67 | agentConfig: 68 | # 日志等级 69 | LOG-LEVEL: "{{ required "The aoOtelLogLevel is required" .Values.aoOtelLogLevel }}" 70 | # RootPath 日志保存路径 71 | # 用于: 72 | # - 存储脚本文件 73 | # - 存储密钥文件 74 | # - 存储执行日志文件 75 | # - 存储agent日志文件 76 | ROOT-PATH: "/data/codo-agent" 77 | # 连接服务地址 78 | SERVER-ADDRESS: "{{ required "The aoAgentServerURL is required" .Values.aoAgentServerURL }}" 79 | # 节点类型,当节点为master时,自动开启代理模式 80 | NODE-TYPE: "operator" 81 | # 业务ID 82 | BIZ-ID: "{{ required "The aoBizID is required" .Values.aoBizID }}" 83 | # 日志行数限制 84 | ROW-LIMIT: {{ required "The aoRowLimit is required" .Values.aoRowLimit }} 85 | # 最大执行命令数 86 | MAX-EXEC-CMD: {{ required "The aoMaxCMD is required" .Values.aoMaxCMD }} 87 | # 强指脚本的工作目录 88 | WORK-DIR: "/data/codo-work-dir" 89 | # 日志清理间隔(单位:天) 90 | LOG-CLEAN-INTERVAL: 30 91 | defaultTaskConfig: 92 | # [可选] pod 的资源限制 93 | # 用户可以选择在任务级指定资源需求,而不是在每个 Step 上指定资源需求。如果用户指定了任务级资源要求, 94 | # 它将确保 kubelet 只为执行 Task 的 Steps 保留该数量的资源。如果用户指定了任务级资源限制,则任何 Step 都不能使用超过该数量的资源。 95 | computeResources: 96 | requests: 97 | cpu: "{{ required "The aoTaskDefaultLimitCPU is required" .Values.aoTaskDefaultRequestCPU }}" # 申请 1 Core 的 CPU 98 | memory: "{{ required "The aoTaskDefaultLimitMemory is required" .Values.aoTaskDefaultRequestMemory }}" # 申请 512 MB 的内存 99 | limits: 100 | cpu: "{{ required "The aoTaskDefaultLimitCPU is required" .Values.aoTaskDefaultLimitCPU }}" # 申请 1 Core 的 CPU 101 | memory: "{{ required "The aoTaskDefaultLimitMemory is required" .Values.aoTaskDefaultLimitMemory }}" # 申请 512 MB 的内存 102 | podTemplate: 103 | {{ default "{}" .Values.aoPodTemplate | nindent 8 }} -------------------------------------------------------------------------------- /helm-deploy/codo/templates/cloud-agent-operator/ao_configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | namespace: {{ .Release.Namespace }} 5 | name: cloud-agent-operator-config 6 | labels: 7 | {{ include "label.common" . | nindent 4 }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | data: 10 | config.yaml: | 11 | # 服务配置 12 | serverConfig: 13 | # crd controller 配置 14 | managerConfig: 15 | # 最大同时处理的reconcile数量 16 | maxConcurrentReconciles: 1024 17 | pprof: 18 | port: 9090 19 | metrics: 20 | port: 6060 21 | 22 | # redis 配置(用于领域事件分发, 以及数据缓存) 23 | redisConfig: 24 | # 地址 25 | addr: "{{ required "The redis.host is required" .Values.redis.host }}:{{ required "The redis.port is required" .Values.redis.port }}" 26 | # 密码 27 | password: "{{ required "The redis.passwd is required" .Values.redis.passwd }}" 28 | # 数据库 index 29 | db: {{ required "The aoRedisDB is required" .Values.aoRedisDB }} 30 | 31 | # 可观测性配置 32 | otel: 33 | # 日志配置 34 | log: 35 | # 日志等级 DEBUG, INFO, WARN, ERROR, FATAL 36 | level: "{{ required "The aoOtelLogLevel is required" .Values.aoOtelLogLevel }}" 37 | # 日志格式 json, console 38 | encoding: "console" 39 | # 日志文件路径 40 | filepath: "/data/codo-work-dir/codo-agent.log" 41 | # 日志文件切割大小(单位: MB)(默认 100MB) 42 | maxSize: 100 43 | # 日志文件切割周期(单位: 天)(默认 7天) 44 | maxAge: 7 45 | # 日志文件最大保留个数(单位: 个)(默认 10个) 46 | maxBackups: 10 47 | # 链路追踪配置(可以不开, 不采集的话) 48 | trace: 49 | # jaeger 配置 的 endpoint 50 | endpoint: "{{ .Values.otel.trace.endpoint }}" 51 | # endpoint 是否是 https 52 | insecure: {{ required "The otel.trace.insecure is required" .Values.otel.trace.insecure }} 53 | # 数据指标 54 | metrics: 55 | # 开启 exemplar 56 | enableExemplar: true 57 | 58 | # 镜像配置, 用于 cloud-agent 的运行时 59 | imagesConfig: 60 | # 运行时镜像(很重要) 61 | entrypointImage: {{ required "The aoEntrypointImage is required" .Values.cloudAgentOperatorImage }} 62 | # 拉取密钥 要是内容格式为 .dockerconfigjson 的 base64 编码 63 | pullSecret: "{{ required "The aoPullSecret is required" .Values.aoPullSecret }}" 64 | 65 | 66 | # agent 配置 67 | agentConfig: 68 | # 日志等级 69 | LOG-LEVEL: "{{ required "The aoOtelLogLevel is required" .Values.aoOtelLogLevel }}" 70 | # RootPath 日志保存路径 71 | # 用于: 72 | # - 存储脚本文件 73 | # - 存储密钥文件 74 | # - 存储执行日志文件 75 | # - 存储agent日志文件 76 | ROOT-PATH: "/data/codo-agent" 77 | # 连接服务地址 78 | SERVER-ADDRESS: "{{ required "The aoAgentServerURL is required" .Values.aoAgentServerURL }}" 79 | # 节点类型,当节点为master时,自动开启代理模式 80 | NODE-TYPE: "operator" 81 | # 业务ID 82 | BIZ-ID: "{{ required "The aoBizID is required" .Values.aoBizID }}" 83 | # 日志行数限制 84 | ROW-LIMIT: {{ required "The aoRowLimit is required" .Values.aoRowLimit }} 85 | # 最大执行命令数 86 | MAX-EXEC-CMD: {{ required "The aoMaxCMD is required" .Values.aoMaxCMD }} 87 | # 强指脚本的工作目录 88 | WORK-DIR: "/data/codo-work-dir" 89 | # 日志清理间隔(单位:天) 90 | LOG-CLEAN-INTERVAL: 30 91 | defaultTaskConfig: 92 | # [可选] pod 的资源限制 93 | # 用户可以选择在任务级指定资源需求,而不是在每个 Step 上指定资源需求。如果用户指定了任务级资源要求, 94 | # 它将确保 kubelet 只为执行 Task 的 Steps 保留该数量的资源。如果用户指定了任务级资源限制,则任何 Step 都不能使用超过该数量的资源。 95 | computeResources: 96 | requests: 97 | cpu: "{{ required "The aoTaskDefaultLimitCPU is required" .Values.aoTaskDefaultRequestCPU }}" # 申请 1 Core 的 CPU 98 | memory: "{{ required "The aoTaskDefaultLimitMemory is required" .Values.aoTaskDefaultRequestMemory }}" # 申请 512 MB 的内存 99 | limits: 100 | cpu: "{{ required "The aoTaskDefaultLimitCPU is required" .Values.aoTaskDefaultLimitCPU }}" # 申请 1 Core 的 CPU 101 | memory: "{{ required "The aoTaskDefaultLimitMemory is required" .Values.aoTaskDefaultLimitMemory }}" # 申请 512 MB 的内存 102 | podTemplate: 103 | {{ default "{}" .Values.aoPodTemplate }} -------------------------------------------------------------------------------- /docker-deploy/.env: -------------------------------------------------------------------------------- 1 | # .env 文件中定义的变量会自动加载到Docker-compose 项目中,并且可以在docker-compose 文件中使用 2 | # 环境配置 3 | CODO_APP_ENV=dev 4 | 5 | # 项目配置 6 | DEFAULT_COOKIE_SECRET="r61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2X6TP1" 7 | # 用于JWT发放, 不要加双引号, lua 不认 8 | DEFAULT_TOKEN_SECRET=yong7yu7jwt 9 | DEFAULT_SWORD_SECRET="iYX3VtB0gSRH32AIKbn1HKgcAxLBxdRqRz7FLU_3_tQ=" 10 | CODO_API_GW="http://172.22.0.6:8888" 11 | CODO_OUTER_API_GW="http://172.22.0.6:8888" 12 | CODO_AUTH_KEY=123xxxx 13 | 14 | # MySQL统一配置 15 | MYSQL_ROOT_PASSWORD=ss1917 16 | DEFAULT_DB_DBHOST=172.22.0.2 17 | DEFAULT_DB_DBPORT=3306 18 | DEFAULT_DB_DBUSER=codo 19 | DEFAULT_DB_DBPWD=ss1917 20 | READONLY_DB_DBHOST=172.22.0.2 21 | READONLY_DB_DBPORT=3306 22 | READONLY_DB_DBUSER=codo 23 | READONLY_DB_DBPWD=ss1917 24 | 25 | 26 | # Redis统一配置 27 | DEFAULT_REDIS_HOST=172.22.0.3 28 | DEFAULT_REDIS_PORT=6379 29 | DEFAULT_REDIS_AUTH=ture 30 | DFAULT_REDIS_CHARSET=utf-8 31 | DEFAULT_REDIS_PASSWORD=ss1917 32 | DEFAULT_REDIS_USER='' 33 | 34 | # ETCD统一配置 35 | DEFAULT_ETCD_HOST=172.22.0.5 36 | DEFAULT_ETCD_PORT=2379 37 | DEFAULT_ETCD_PROTOCOL=http 38 | DEFAULT_ETCD_USER= 39 | DEFAULT_ETCD_PWD=ss1917 40 | DEFAULT_ETCD_PREFIX=/codo/gw/ 41 | 42 | # RabbitMQ统一配置 43 | DEFAULT_MQ_SCHEMA=amqp 44 | DEFAULT_MQ_ADDR=172.22.0.4 45 | DEFAULT_MQ_PORT=5672 46 | DEFAULT_MQ_VHOST=codo 47 | DEFAULT_MQ_USER=codo 48 | DEFAULT_MQ_PWD=eYEhUKJMyJ&8R3qJjf 49 | DEFAULT_MQ_ENABLED=yes 50 | 51 | RABBITMQ_DEFAULT_USER=admin 52 | RABBITMQ_DEFAULT_PASS=WzAGv2etxp&v528zJjSK 53 | RABBITMQ_VHOST=codo 54 | RABBITMQ_USER=codo 55 | RABBITMQ_PASS=eYEhUKJMyJ&8R3qJjf 56 | RABBITMQ_USER_PERMISSIONS=.* .* .* 57 | 58 | AGENT_MQ_ADDR=172.22.0.4 59 | AGENT_MQ_PORT=5672 60 | AGENT_MQ_VHOST=codo 61 | AGENT_MQ_USER=codo 62 | AGENT_MQ_PWD=eYEhUKJMyJ&8R3qJjf 63 | 64 | # codo-admin配置 65 | CODO_ADMIN_DEFAULT_DB_DBUSER=codo-admin 66 | CODO_ADMIN_DEFAULT_DB_DBPWD=ss1917 67 | CODO_ADMIN_DEFAULT_DB_DBNAME=codo-admin 68 | CODO_ADMIN_DEFAULT_REDIS_DB=7 69 | 70 | # codo-cmdb配置 71 | CODO_CMDB_DEFAULT_DB_DBUSER=codo-cmdb 72 | CODO_CMDB_DEFAULT_DB_DBPWD=ss1917 73 | CODO_CMDB_DEFAULT_DB_DBNAME=codo-cmdb 74 | CODO_CMDB_DEFAULT_REDIS_DB=8 75 | 76 | # codo-flow配置 77 | CODO_FLOW_DEFAULT_DB_DBUSER=codo-flow 78 | CODO_FLOW_DEFAULT_DB_DBPWD=ss1917 79 | CODO_FLOW_DEFAULT_DB_DBNAME=codo-flow 80 | CODO_FLOW_DEFAULT_REDIS_DB=9 81 | 82 | # codo-gateway配置 83 | CODO_GATEWAY_DEFAULT_API_TOKEN=e09d6153f1c15395144794GtmAhR 84 | 85 | # codo-kerrigan配置 86 | CODO_KERRIGAN_DEFAULT_DB_DBUSER=codo-kerrigan 87 | CODO_KERRIGAN_DEFAULT_DB_DBPWD=ss1917 88 | CODO_KERRIGAN_DEFAULT_DB_DBNAME=codo-kerrigan 89 | 90 | # codo-agent配置 91 | CODO_AGENT_DB_DBUSER=codo-agent-server 92 | CODO_AGENT_DB_DBPWD=ss1917 93 | CODO_AGENT_DB_DBNAME=codo-agent-server 94 | DEFAULT_DB_TABLE_PREFIX=codo 95 | CODO_AGENT_REDIS_DB=10 96 | DEFAULT_PUBLISH_REDIS_HOST=127.0.0.1 97 | DEFAULT_PUBLISH_REDIS_ENABLE=no 98 | DEFAULT_PUBLISH_REDIS_PORT=6379 99 | DEFAULT_PUBLISH_REDIS_PASSWORD=ss1917 100 | DEFAULT_PUBLISH_REDIS_DB=11 101 | 102 | # codo-cnmp配置 103 | CODO_CNMP_APP_NAME=codo-cnmp 104 | CODO_CNMP_APP_ENV=DEV 105 | CODO_CNMP_APP_ADDR=0.0.0.0:8000 106 | CODO_CNMP_APP_VERSION=v1.0.0 107 | CODO_CNMP_APP_SECRET=e3b0c44298fc1c16 # 16位随机字符串 108 | # Prometheus 109 | DEFAULT_PROMETHEUS_ENABLE=true 110 | DEFAULT_PROMETHEUS_NETWORK=tcp 111 | DEFAULT_PROMETHEUS_ADDR=0.0.0.0:9091 112 | DEFAULT_PROMETHEUS_PATH=/metrics 113 | # PProf 114 | DEFAULT_PPROF_ENABLE=true 115 | DEFAULT_PPROF_NETWORK=tcp 116 | DEFAULT_PPROF_ADDR=0.0.0.0:6060 117 | # database 118 | CODO_CNMP_DB_NAME=codo-cnmp 119 | # Otel 120 | DEFAULT_OTEL_TRACE_ENDPOINT=http://jaeger-xingyun-collector.tracing.svc.cluster.local:14268/api/traces 121 | DEFAULT_OTEL_TRACE_INSECURE=true 122 | DEFAULT_OTEL_METRIC_ENABLE_EXEMPLAR=true 123 | DEFAULT_OTEL_LOG_LEVEL=INFO 124 | # Redis 125 | CODO_CNMP_REDIS_DB=1 126 | # Websocket 127 | CODO_CNMP_WS_ADDR=0.0.0.0:8002 128 | 129 | # granafa 130 | DEFAULT_GRAFANA_ADDR= 131 | DEFAULT_GRAFANA_USER= 132 | DEFAULT_GRAFANA_PASSWORD= 133 | 134 | #k2 135 | CODO_K2_DEFAULT_DB_DBNAME=codo-k2 136 | CODO_NO_AUTH_SIGN_KEY=4MzU1MDI5MDUsIm5iZiI6MTY342ed26eb 137 | 138 | # monitor 139 | CODO_MONITOR_APP_VERSION=v1.0.0 140 | CODO_MONITOR_DEFAULT_DB_DBNAME=codo-k2 -------------------------------------------------------------------------------- /helm-deploy/codo/templates/cloud-agent-operator/ao_statefulset.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: StatefulSet 4 | metadata: 5 | labels: 6 | {{ include "label.common" . | nindent 4 }} 7 | app.kubernetes.io/managed-by: {{ .Release.Service }} 8 | app.kubernetes.io/component: manager 9 | app.kubernetes.io/created-by: cloud-agent-operator 10 | app.kubernetes.io/instance: controller-manager 11 | app.kubernetes.io/part-of: cloud-agent-operator 12 | control-plane: controller-manager 13 | name: cloud-agent-operator-controller-manager 14 | namespace: {{ .Release.Namespace }} 15 | spec: 16 | replicas: 1 17 | selector: 18 | matchLabels: 19 | control-plane: controller-manager 20 | serviceName: cloud-agent-operator 21 | template: 22 | metadata: 23 | annotations: 24 | kubectl.kubernetes.io/default-container: manager 25 | labels: 26 | control-plane: controller-manager 27 | spec: 28 | {{ include "imagepullsecret.define" . | nindent 6 }} 29 | 30 | containers: 31 | - args: 32 | - --health-probe-bind-address=:8081 33 | - --leader-elect 34 | - -conf=/etc/config/config.yaml 35 | command: 36 | - /app/manager 37 | image: {{ required "The cloudAgentOperatorImage is required" .Values.cloudAgentOperatorImage }} 38 | imagePullPolicy: Always 39 | livenessProbe: 40 | httpGet: 41 | path: /healthz 42 | port: 8081 43 | initialDelaySeconds: 15 44 | periodSeconds: 20 45 | name: manager 46 | ports: 47 | - containerPort: 9090 48 | name: pprof 49 | protocol: TCP 50 | - containerPort: 6060 51 | name: metrics 52 | protocol: TCP 53 | readinessProbe: 54 | httpGet: 55 | path: /readyz 56 | port: 8081 57 | initialDelaySeconds: 5 58 | periodSeconds: 10 59 | resources: 60 | limits: 61 | cpu: 1000m 62 | memory: 1024Mi 63 | requests: 64 | cpu: 10m 65 | memory: 64Mi 66 | securityContext: 67 | allowPrivilegeEscalation: false 68 | capabilities: 69 | drop: 70 | - ALL 71 | volumeMounts: 72 | - mountPath: /etc/config 73 | name: config-volume 74 | - mountPath: /data/codo-agent 75 | name: codo-storage-volume 76 | subPath: cloud-agent-operator/codo-agent 77 | - mountPath: /data/codo-work-dir 78 | name: codo-storage-volume 79 | subPath: cloud-agent-operator/codo-work-dir 80 | - args: 81 | - --secure-listen-address=0.0.0.0:8443 82 | - --upstream=http://127.0.0.1:8080/ 83 | - --logtostderr=true 84 | - --v=0 85 | image: m.daocloud.io/gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 86 | name: kube-rbac-proxy 87 | ports: 88 | - containerPort: 8443 89 | name: https 90 | protocol: TCP 91 | resources: 92 | limits: 93 | cpu: 500m 94 | memory: 128Mi 95 | requests: 96 | cpu: 5m 97 | memory: 64Mi 98 | securityContext: 99 | allowPrivilegeEscalation: false 100 | capabilities: 101 | drop: 102 | - ALL 103 | securityContext: 104 | runAsNonRoot: false 105 | serviceAccountName: cloud-agent-operator-controller-manager 106 | terminationGracePeriodSeconds: 10 107 | volumes: 108 | - configMap: 109 | items: 110 | - key: config.yaml 111 | path: config.yaml 112 | name: cloud-agent-operator-config 113 | name: config-volume 114 | volumeClaimTemplates: 115 | - apiVersion: v1 116 | kind: PersistentVolumeClaim 117 | metadata: 118 | name: codo-storage-volume 119 | spec: 120 | accessModes: 121 | - ReadWriteOnce 122 | resources: 123 | requests: 124 | storage: 10Gi 125 | volumeMode: Filesystem -------------------------------------------------------------------------------- /helm-deploy/cloud-agent-operator/biz/templates/ao_statefulset.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: StatefulSet 4 | metadata: 5 | labels: 6 | {{ include "label.common" . | nindent 4 }} 7 | app.kubernetes.io/managed-by: {{ .Release.Service }} 8 | app.kubernetes.io/component: manager 9 | app.kubernetes.io/created-by: cloud-agent-operator 10 | app.kubernetes.io/instance: controller-manager 11 | app.kubernetes.io/part-of: cloud-agent-operator 12 | control-plane: controller-manager 13 | name: cloud-agent-operator-controller-manager 14 | namespace: {{ .Release.Namespace }} 15 | spec: 16 | replicas: {{ .Values.replicaCount }} 17 | selector: 18 | matchLabels: 19 | control-plane: controller-manager 20 | serviceName: cloud-agent-operator 21 | template: 22 | metadata: 23 | annotations: 24 | kubectl.kubernetes.io/default-container: manager 25 | labels: 26 | control-plane: controller-manager 27 | spec: 28 | {{ include "imagepullsecret.define" . | nindent 6 }} 29 | tolerations: 30 | - operator: "Exists" 31 | containers: 32 | - args: 33 | - --health-probe-bind-address=:8081 34 | - --leader-elect 35 | - -conf=/etc/config/config.yaml 36 | command: 37 | - /app/manager 38 | image: {{ required "The cloudAgentOperatorImage is required" .Values.cloudAgentOperatorImage }} 39 | imagePullPolicy: Always 40 | livenessProbe: 41 | httpGet: 42 | path: /healthz 43 | port: 8081 44 | initialDelaySeconds: 15 45 | periodSeconds: 20 46 | name: manager 47 | ports: 48 | - containerPort: 9090 49 | name: pprof 50 | protocol: TCP 51 | - containerPort: 6060 52 | name: metrics 53 | protocol: TCP 54 | readinessProbe: 55 | httpGet: 56 | path: /readyz 57 | port: 8081 58 | initialDelaySeconds: 5 59 | periodSeconds: 10 60 | resources: 61 | limits: 62 | cpu: 500m 63 | memory: 512Mi 64 | requests: 65 | cpu: 10m 66 | memory: 64Mi 67 | securityContext: 68 | allowPrivilegeEscalation: false 69 | capabilities: 70 | drop: 71 | - ALL 72 | volumeMounts: 73 | - mountPath: /etc/config 74 | name: config-volume 75 | - mountPath: /data/codo-agent 76 | name: codo-storage-volume 77 | subPath: cloud-agent-operator/codo-agent 78 | - mountPath: /data/codo-work-dir 79 | name: codo-storage-volume 80 | subPath: cloud-agent-operator/codo-work-dir 81 | - args: 82 | - --secure-listen-address=0.0.0.0:8443 83 | - --upstream=http://127.0.0.1:8080/ 84 | - --logtostderr=true 85 | - --v=0 86 | image: m.daocloud.io/gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 87 | name: kube-rbac-proxy 88 | ports: 89 | - containerPort: 8443 90 | name: https 91 | protocol: TCP 92 | resources: 93 | limits: 94 | cpu: 100m 95 | memory: 128Mi 96 | requests: 97 | cpu: 5m 98 | memory: 64Mi 99 | securityContext: 100 | allowPrivilegeEscalation: false 101 | capabilities: 102 | drop: 103 | - ALL 104 | securityContext: 105 | runAsNonRoot: false 106 | serviceAccountName: cloud-agent-operator-controller-manager 107 | terminationGracePeriodSeconds: 10 108 | volumes: 109 | - configMap: 110 | items: 111 | - key: config.yaml 112 | path: config.yaml 113 | name: cloud-agent-operator-config 114 | name: config-volume 115 | volumeClaimTemplates: 116 | - apiVersion: v1 117 | kind: PersistentVolumeClaim 118 | metadata: 119 | name: codo-storage-volume 120 | spec: 121 | accessModes: 122 | - ReadWriteOnce 123 | resources: 124 | requests: 125 | storage: 10Gi 126 | volumeMode: Filesystem -------------------------------------------------------------------------------- /helm-deploy/codo/templates/admin/configmap-adminv4.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "adminv4.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "adminv4.labels" . | nindent 4 }} 8 | data: 9 | settings.py: |+ 10 | #!/usr/bin/env python 11 | # -*-coding:utf-8-*- 12 | """ 13 | Author : shenshuo 14 | Date : 2024-08-09 15 | Desc : 配置文件 16 | """ 17 | 18 | import os 19 | from websdk2.consts import const 20 | 21 | ROOT_DIR = os.path.dirname(__file__) 22 | debug = True 23 | xsrf_cookies = False 24 | expire_seconds = 365 * 24 * 60 * 60 25 | max_body_size = 3 * 1024 * 1024 * 1024 26 | max_buffer_size = 3 * 1024 * 1024 * 1024 27 | cookie_secret = os.getenv('DEFAULT_COOKIE_SECRET', '{{ required "The cookieSecretPy is required" .Values.cookieSecretPy }}') 28 | token_secret = os.getenv('DEFAULT_TOKEN_SECRET', '{{ required "The tokenSecretPy is required" .Values.tokenSecretPy }}') 29 | etcd_prefix = os.getenv('DEFAULT_ETCD_PREFIX', '{{ required "The etcd.prefix is required" .Values.etcd.prefix }}') 30 | 31 | DEFAULT_DB_DBHOST = os.getenv('DEFAULT_DB_DBHOST', '{{ required "The mysql.host is required" .Values.mysql.host }}') 32 | DEFAULT_DB_DBPORT = os.getenv('DEFAULT_DB_DBPORT', {{ required "The mysql.port is required" .Values.mysql.port }}) 33 | DEFAULT_DB_DBUSER = os.getenv('DEFAULT_DB_DBUSER', '{{ required "The mysql.user is required" .Values.mysql.user }}') 34 | DEFAULT_DB_DBPWD = os.getenv('DEFAULT_DB_DBPWD', '{{ required "The mysql.passwd is required" .Values.mysql.passwd }}') 35 | DEFAULT_DB_DBNAME = os.getenv('DEFAULT_DB_DBNAME', '{{ required "The adminv4DB is required" .Values.adminv4DB }}') 36 | 37 | READONLY_DB_DBHOST = os.getenv('READONLY_DB_DBHOST', '{{ required "The mysql.host is required" .Values.mysql.host }}') 38 | READONLY_DB_DBPORT = os.getenv('READONLY_DB_DBPORT', {{ required "The mysql.port is required" .Values.mysql.port }}) 39 | READONLY_DB_DBUSER = os.getenv('READONLY_DB_DBUSER', '{{ required "The mysql.user is required" .Values.mysql.user }}') 40 | READONLY_DB_DBPWD = os.getenv('READONLY_DB_DBPWD', '{{ required "The mysql.passwd is required" .Values.mysql.passwd }}') 41 | READONLY_DB_DBNAME = os.getenv('READONLY_DB_DBNAME', '{{ required "The adminv4DB is required" .Values.adminv4DB }}') 42 | 43 | DEFAULT_REDIS_HOST = os.getenv('DEFAULT_REDIS_HOST', '{{ required "The redis.host is required" .Values.redis.host }}') 44 | DEFAULT_REDIS_PORT = os.getenv('DEFAULT_REDIS_PORT', {{ required "The redis.port is required" .Values.redis.port }}) 45 | DEFAULT_REDIS_DB = os.getenv('DEFAULT_REDIS_DB', {{ required "The adminv4RedisDB is required" .Values.adminv4RedisDB }}) 46 | DEFAULT_REDIS_AUTH = os.getenv('DEFAULT_REDIS_AUTH', True) 47 | DEFAULT_REDIS_CHARSET = os.getenv('DEFAULT_REDIS_CHARSET', 'utf-8') 48 | DEFAULT_REDIS_PASSWORD = os.getenv('DEFAULT_REDIS_PASSWORD', '{{ required "The redis.passwd is required" .Values.redis.passwd }}') 49 | 50 | DEFAULT_ETCD_HOST = os.getenv('DEFAULT_ETCD_HOST', "{{ required "The etcd.host is required" .Values.etcd.host }}") 51 | DEFAULT_ETCD_PORT = os.getenv('DEFAULT_ETCD_PORT', {{ required "The etcd.port is required" .Values.etcd.port }}) 52 | DEFAULT_ETCD_PROTOCOL = os.getenv('DEFAULT_ETCD_PROTOCOL', 'http') 53 | DEFAULT_ETCD_USER = os.getenv('DEFAULT_ETCD_USER', '{{ required "The etcd.user is required" .Values.etcd.user }}') 54 | DEFAULT_ETCD_PWD = os.getenv('DEFAULT_ETCD_PWD', '{{ required "The etcd.passwd is required" .Values.etcd.passwd }}') 55 | 56 | api_gw = "http://{{ template "gateway.innerApi" . }}" 57 | settings_auth_key = "{{ required "The gatewayInnerApiToken is required" .Values.gatewayInnerApiToken }}" 58 | 59 | oss_data_private = {} # 上传私有仓库使用 60 | 61 | {{ required "The adminv4UserCenterConf is required" .Values.adminv4UserCenterConf | nindent 4 }} 62 | 63 | try: 64 | from local_settings import * 65 | except: 66 | pass 67 | 68 | settings = dict( 69 | debug=debug, 70 | xsrf_cookies=xsrf_cookies, 71 | cookie_secret=cookie_secret, 72 | token_secret=token_secret, 73 | expire_seconds=expire_seconds, 74 | max_body_size=max_body_size, 75 | max_buffer_size=max_buffer_size, 76 | uc_conf=uc_conf, 77 | api_gw=api_gw, 78 | settings_auth_key=settings_auth_key, 79 | oss_data_private=oss_data_private, 80 | etcd_prefix=etcd_prefix, 81 | app_name='codo_mg', 82 | databases={ 83 | const.DEFAULT_DB_KEY: { 84 | const.DBHOST_KEY: DEFAULT_DB_DBHOST, 85 | const.DBPORT_KEY: DEFAULT_DB_DBPORT, 86 | const.DBUSER_KEY: DEFAULT_DB_DBUSER, 87 | const.DBPWD_KEY: DEFAULT_DB_DBPWD, 88 | const.DBNAME_KEY: DEFAULT_DB_DBNAME, 89 | }, 90 | const.READONLY_DB_KEY: { 91 | const.DBHOST_KEY: READONLY_DB_DBHOST, 92 | const.DBPORT_KEY: READONLY_DB_DBPORT, 93 | const.DBUSER_KEY: READONLY_DB_DBUSER, 94 | const.DBPWD_KEY: READONLY_DB_DBPWD, 95 | const.DBNAME_KEY: READONLY_DB_DBNAME, 96 | } 97 | }, 98 | redises={ 99 | const.DEFAULT_RD_KEY: { 100 | const.RD_HOST_KEY: DEFAULT_REDIS_HOST, 101 | const.RD_PORT_KEY: DEFAULT_REDIS_PORT, 102 | const.RD_DB_KEY: DEFAULT_REDIS_DB, 103 | const.RD_AUTH_KEY: DEFAULT_REDIS_AUTH, 104 | const.RD_CHARSET_KEY: DEFAULT_REDIS_CHARSET, 105 | const.RD_PASSWORD_KEY: DEFAULT_REDIS_PASSWORD 106 | } 107 | }, 108 | etcds={ 109 | const.DEFAULT_ETCD_KEY: { 110 | const.DEFAULT_ETCD_HOST: DEFAULT_ETCD_HOST, 111 | const.DEFAULT_ETCD_PORT: DEFAULT_ETCD_PORT, 112 | const.DEFAULT_ETCD_PROTOCOL: DEFAULT_ETCD_PROTOCOL, 113 | const.DEFAULT_ETCD_USER: DEFAULT_ETCD_USER, 114 | const.DEFAULT_ETCD_PWD: DEFAULT_ETCD_PWD, 115 | } 116 | } 117 | ) -------------------------------------------------------------------------------- /helm-deploy/codo/templates/flow-servers/configmap-task-scheduler.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "taskScheduler.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "taskScheduler.labels" . | nindent 4 }} 8 | data: 9 | settings.py: |+ 10 | #!/usr/bin/env python 11 | # -*- coding: utf-8 -*- 12 | """ 13 | Contact : 191715030@qq.com 14 | Author : shenshuo 15 | Date : 2019/4/15 14:59 16 | Desc : 配置文件 17 | """ 18 | 19 | import os 20 | from websdk2.consts import const 21 | import logging 22 | 23 | ROOT_DIR = os.path.dirname(__file__) 24 | debug = True 25 | log_level = logging.DEBUG 26 | xsrf_cookies = False 27 | expire_seconds = 365 * 24 * 60 * 60 28 | cookie_secret = os.getenv('DEFAULT_COOKIE_SECRET', '{{ required "The cookieSecretPy is required" .Values.cookieSecretPy }}') 29 | 30 | DEFAULT_DB_DBHOST = os.getenv('DEFAULT_DB_DBHOST', '{{ required "The mysql.host is required" .Values.mysql.host }}') 31 | DEFAULT_DB_DBPORT = os.getenv('DEFAULT_DB_DBPORT', {{ required "The mysql.port is required" .Values.mysql.port }}) 32 | DEFAULT_DB_DBUSER = os.getenv('DEFAULT_DB_DBUSER', '{{ required "The mysql.user is required" .Values.mysql.user }}') 33 | DEFAULT_DB_DBPWD = os.getenv('DEFAULT_DB_DBPWD', '{{ required "The mysql.passwd is required" .Values.mysql.passwd }}') 34 | DEFAULT_DB_DBNAME = os.getenv('DEFAULT_DB_DBNAME', '{{ required "The flowCronjobDB is required" .Values.flowTaskSchedulerDB }}') 35 | 36 | READONLY_DB_DBHOST = os.getenv('READONLY_DB_DBHOST', '{{ required "The mysql.host is required" .Values.mysql.host }}') 37 | READONLY_DB_DBPORT = os.getenv('READONLY_DB_DBPORT', {{ required "The mysql.port is required" .Values.mysql.port }}) 38 | READONLY_DB_DBUSER = os.getenv('READONLY_DB_DBUSER', '{{ required "The mysql.user is required" .Values.mysql.user }}') 39 | READONLY_DB_DBPWD = os.getenv('READONLY_DB_DBPWD', '{{ required "The mysql.passwd is required" .Values.mysql.passwd }}') 40 | READONLY_DB_DBNAME = os.getenv('READONLY_DB_DBNAME', '{{ required "The flowCronjobDB is required" .Values.flowTaskSchedulerDB }}') 41 | 42 | DEFAULT_REDIS_HOST = os.getenv('DEFAULT_REDIS_HOST', '{{ required "The redis.host is required" .Values.redis.host }}') 43 | DEFAULT_REDIS_PORT = os.getenv('DEFAULT_REDIS_PORT', {{ required "The redis.port is required" .Values.redis.port }}) 44 | DEFAULT_REDIS_DB = os.getenv('DEFAULT_REDIS_DB', {{ required "The flowCronjobRedisDB is required" .Values.flowTaskSchedulerRedisDB }}) 45 | DEFAULT_REDIS_AUTH = os.getenv('DEFAULT_REDIS_AUTH', True) 46 | DEFAULT_REDIS_CHARSET = os.getenv('DEFAULT_REDIS_CHARSET', 'utf-8') 47 | DEFAULT_REDIS_PASSWORD = os.getenv('DEFAULT_REDIS_PASSWORD', '{{ required "The redis.passwd is required" .Values.redis.passwd }}') 48 | 49 | 50 | # 系统使用MQ 51 | DEFAULT_MQ_ADDR = os.getenv('DEFAULT_MQ_ADDR', '{{ required "The rabbitmq.host is required" .Values.rabbitmq.host }}') 52 | DEFAULT_MQ_PORT = os.getenv('DEFAULT_MQ_PORT', {{ required "The rabbitmq.port is required" .Values.rabbitmq.port }}) 53 | DEFAULT_MQ_VHOST = os.getenv('DEFAULT_MQ_VHOST', '{{ required "The rabbitmq.vhost is required" .Values.rabbitmq.vhost }}') 54 | DEFAULT_MQ_USER = os.getenv('DEFAULT_MQ_USER', '{{ required "The rabbitmq.user is required" .Values.rabbitmq.user }}') 55 | DEFAULT_MQ_PWD = os.getenv('DEFAULT_MQ_PWD', '{{ required "The rabbitmq.passwd is required" .Values.rabbitmq.passwd }}') 56 | 57 | # agent使用的MQ 用来处理日志 58 | AGENT_MQ_ADDR = os.getenv('AGENT_MQ_ADDR', '{{ required "The rabbitmq.host is required" .Values.rabbitmq.host }}') 59 | AGENT_MQ_PORT = os.getenv('AGENT_MQ_PORT', {{ required "The rabbitmq.port is required" .Values.rabbitmq.port }}) 60 | AGENT_MQ_VHOST = os.getenv('AGENT_MQ_VHOST', '{{ required "The rabbitmq.vhost is required" .Values.rabbitmq.vhost }}') 61 | AGENT_MQ_USER = os.getenv('AGENT_MQ_USER', '{{ required "The rabbitmq.user is required" .Values.rabbitmq.user }}') 62 | AGENT_MQ_PWD = os.getenv('AGENT_MQ_PWD', '{{ required "The rabbitmq.passwd is required" .Values.rabbitmq.passwd }}') 63 | 64 | api_gw = "http://{{ template "gateway.innerApi" . }}" 65 | settings_auth_key = "{{ required "The gatewayInnerApiToken is required" .Values.gatewayInnerApiToken }}" 66 | 67 | # 钉钉和飞书免密链接 68 | dd_redirect = "" # 免密 69 | fs_redirect = "" 70 | m_url_redirect = "" # 移动端 71 | p_url_redirect = "" # PC端 72 | 73 | # 输出屏蔽字 74 | block_key = ['password', 'secret'] 75 | 76 | {{ required "The noticeConf is required" .Values.noticeConf | nindent 4 }} 77 | 78 | try: 79 | from local_settings import * 80 | except ImportError: 81 | print('local_settings.py No Found.') 82 | 83 | settings = dict( 84 | debug=debug, 85 | log_level=log_level, 86 | xsrf_cookies=xsrf_cookies, 87 | cookie_secret=cookie_secret, 88 | expire_seconds=expire_seconds, 89 | block_key=block_key, 90 | notice_conf_map=notice_conf_map, 91 | settings_auth_key=settings_auth_key, 92 | api_gw=api_gw, 93 | dd_redirect=dd_redirect, 94 | fs_redirect=fs_redirect, 95 | m_url_redirect=m_url_redirect, 96 | p_url_redirect=p_url_redirect, 97 | app_name='codo_flow', 98 | databases={ 99 | const.DEFAULT_DB_KEY: { 100 | const.DBHOST_KEY: DEFAULT_DB_DBHOST, 101 | const.DBPORT_KEY: DEFAULT_DB_DBPORT, 102 | const.DBUSER_KEY: DEFAULT_DB_DBUSER, 103 | const.DBPWD_KEY: DEFAULT_DB_DBPWD, 104 | const.DBNAME_KEY: DEFAULT_DB_DBNAME, 105 | }, 106 | const.READONLY_DB_KEY: { 107 | const.DBHOST_KEY: READONLY_DB_DBHOST, 108 | const.DBPORT_KEY: READONLY_DB_DBPORT, 109 | const.DBUSER_KEY: READONLY_DB_DBUSER, 110 | const.DBPWD_KEY: READONLY_DB_DBPWD, 111 | const.DBNAME_KEY: READONLY_DB_DBNAME, 112 | } 113 | }, 114 | redises={ 115 | const.DEFAULT_RD_KEY: { 116 | const.RD_HOST_KEY: DEFAULT_REDIS_HOST, 117 | const.RD_PORT_KEY: DEFAULT_REDIS_PORT, 118 | const.RD_DB_KEY: DEFAULT_REDIS_DB, 119 | const.RD_AUTH_KEY: DEFAULT_REDIS_AUTH, 120 | const.RD_CHARSET_KEY: DEFAULT_REDIS_CHARSET, 121 | const.RD_PASSWORD_KEY: DEFAULT_REDIS_PASSWORD 122 | } 123 | }, 124 | mqs={ 125 | const.DEFAULT_MQ_KEY: { 126 | const.MQ_ADDR: DEFAULT_MQ_ADDR, 127 | const.MQ_PORT: DEFAULT_MQ_PORT, 128 | const.MQ_VHOST: DEFAULT_MQ_VHOST, 129 | const.MQ_USER: DEFAULT_MQ_USER, 130 | const.MQ_PWD: DEFAULT_MQ_PWD, 131 | }, 132 | const.AGENT_MQ_KEY: { 133 | const.MQ_ADDR: AGENT_MQ_ADDR, 134 | const.MQ_PORT: AGENT_MQ_PORT, 135 | const.MQ_VHOST: AGENT_MQ_VHOST, 136 | const.MQ_USER: AGENT_MQ_USER, 137 | const.MQ_PWD: AGENT_MQ_PWD, 138 | } 139 | } 140 | ) -------------------------------------------------------------------------------- /docker-deploy/gen_config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # 脚本用于生成 notice 和 monitor 的配置文件 4 | # 从 .env 文件加载环境变量 5 | 6 | # 定义颜色 7 | GREEN='\033[0;32m' 8 | RED='\033[0;31m' 9 | YELLOW='\033[0;33m' 10 | NC='\033[0m' # No Color 11 | 12 | # 输出带颜色的信息 13 | info() { 14 | echo -e "${GREEN}[INFO] $1${NC}" 15 | } 16 | 17 | warn() { 18 | echo -e "${YELLOW}[WARN] $1${NC}" 19 | } 20 | 21 | error() { 22 | echo -e "${RED}[ERROR] $1${NC}" 23 | } 24 | 25 | # 检查 .env 文件是否存在 26 | if [ ! -f .env ]; then 27 | error ".env 文件不存在,请先创建 .env 文件" 28 | exit 1 29 | fi 30 | 31 | # 加载 .env 文件中的环境变量 32 | info "正在加载 .env 文件..." 33 | # 导出环境变量,忽略空行和注释 34 | # 加载 .env 文件中的环境变量 - 使用更安全的方式 35 | # 逐行读取 .env 文件内容并设置环境变量 36 | while IFS= read -r line || [ -n "$line" ]; do 37 | # 跳过注释行和空行 38 | if [[ ! "$line" =~ ^#.*$ ]] && [[ -n "$line" ]]; then 39 | # 分离变量名和值 40 | var_name=$(echo "$line" | cut -d= -f1) 41 | var_value=$(echo "$line" | cut -d= -f2-) 42 | 43 | # 移除可能的引号 44 | var_value=$(echo "$var_value" | sed -e 's/^"//' -e 's/"$//' -e "s/^'//" -e "s/'$//") 45 | 46 | # 设置环境变量 47 | export "$var_name"="$var_value" 48 | fi 49 | done < .env 50 | 51 | # 验证必要的环境变量是否存在 52 | check_env_vars() { 53 | local missing=false 54 | for var in "$@"; do 55 | if [ -z "${!var}" ]; then 56 | error "缺少环境变量: $var" 57 | missing=true 58 | fi 59 | done 60 | 61 | if [ "$missing" = true ]; then 62 | exit 1 63 | fi 64 | } 65 | 66 | # 检查必要的环境变量 67 | check_env_vars \ 68 | "DEFAULT_DB_DBHOST" "DEFAULT_DB_DBPORT" "DEFAULT_DB_DBUSER" "DEFAULT_DB_DBPWD" \ 69 | "DEFAULT_REDIS_HOST" "DEFAULT_REDIS_PORT" "DEFAULT_REDIS_PASSWORD" \ 70 | "DEFAULT_ETCD_HOST" "DEFAULT_ETCD_PORT" "CODO_MONITOR_DEFAULT_DB_DBNAME" 71 | 72 | # 创建目录(如果不存在) 73 | mkdir -p notice 74 | mkdir -p monitor/control 75 | mkdir -p log 76 | 77 | # 生成 notice 的配置文件 78 | generate_notice_config() { 79 | info "正在生成 notice 配置文件..." 80 | 81 | cat > notice/config.yaml << EOF 82 | # 项目元信息 83 | metadata: 84 | name: "codo-notice" 85 | env: PRE 86 | gatewayPrefix: "${CODO_API_GW}" 87 | gatewayToken: "${CODO_AUTH_KEY}" 88 | 89 | # 中间件 90 | middleware: 91 | jwt: 92 | authKeyName: "auth_key" 93 | 94 | # 服务注册 95 | etcdRegistry: 96 | endpoints: 97 | - "${DEFAULT_ETCD_HOST}:${DEFAULT_ETCD_PORT}" 98 | 99 | # 可观测性相关 100 | otel: 101 | trace: 102 | endpoint: "${DEFAULT_OTEL_TRACE_ENDPOINT:-http://jaeger:14268/api/traces}" 103 | insecure: ${DEFAULT_OTEL_TRACE_INSECURE:-true} 104 | metric: 105 | enableExemplar: ${DEFAULT_OTEL_METRIC_ENABLE_EXEMPLAR:-true} 106 | log: 107 | level: ${DEFAULT_OTEL_LOG_LEVEL:-debug} 108 | 109 | # 运输层相关 110 | server: 111 | # 控制+通知接口配置 112 | http: 113 | addr: "0.0.0.0:8000" 114 | timeout: 1s 115 | # 第三方 webhook 接入 116 | thirdPartHook: 117 | network: "tcp" 118 | addr: "0.0.0.0:9001" 119 | timeout: 1s 120 | # metrics 配置 121 | prometheus: 122 | enable: ${DEFAULT_PROMETHEUS_ENABLE:-true} 123 | network: "${DEFAULT_PROMETHEUS_NETWORK:-tcp}" 124 | addr: "${DEFAULT_PROMETHEUS_ADDR:-0.0.0.0:8003}" 125 | path: "${DEFAULT_PROMETHEUS_PATH:-/metrics}" 126 | # golang pprof 配置 127 | pprof: 128 | enable: ${DEFAULT_PPROF_ENABLE:-true} 129 | network: "${DEFAULT_PPROF_NETWORK:-tcp}" 130 | addr: "${DEFAULT_PPROF_ADDR:-0.0.0.0:8004}" 131 | 132 | # 通知渠道回调配置 133 | hook: 134 | larkCard: 135 | verificationToken: "xxxxx" 136 | encryptKey: "xxxxx" 137 | 138 | # 通知渠道配置 139 | notifyConfig: 140 | # email 配置 141 | email: 142 | host: smtp.feishu.cn 143 | port: 465 144 | user: codo@codo.com 145 | password: xxx 146 | 147 | # 阿里通知配置 148 | aliyun: 149 | dxAccessId: LT____ 150 | dxAccessSecret: obyElU_____ 151 | dxSignName: CODO通知 152 | dxTemplate: SMS_20___ 153 | dhAccessId: LTAI4F____ 154 | dhAccessSecret: wFqdUb____ 155 | dhTtsCode: TTS_21006____ 156 | dhCalledShowNumber: "xxx" 157 | enable: true 158 | 159 | # 腾讯通知配置 160 | txyun: 161 | dxAccessId: xxx 162 | dxAccessSecret: xxx 163 | dxSignName: CODO通知 164 | dxTemplate: xxx 165 | dxAppId: xxx 166 | dhAccessId: xxx 167 | dhAccessSecret: xxx 168 | dhTemplate: xxx 169 | dhAppId: xxx 170 | enable: true 171 | 172 | # 飞书配置 173 | fsapp: 174 | appId: "xxx" 175 | appSecret: "xxxxx" 176 | 177 | # 钉钉通知配置 178 | ddapp: 179 | appId: xxx 180 | appSecret: xxx-xx 181 | agentId: "xxx" 182 | 183 | # 微信通知配置 184 | wxapp: 185 | agentId: 112233 186 | agentSecret: xxx 187 | cropId: xxx 188 | 189 | # 数据库和缓存相关 190 | data: 191 | database: 192 | link: "${DEFAULT_DB_DBUSER}:${DEFAULT_DB_DBPWD}@tcp(${DEFAULT_DB_DBHOST}:${DEFAULT_DB_DBPORT})/codo-notice?loc=Local&charset=utf8mb4&parseTime=True" 193 | debug: true 194 | prefix: codo_ 195 | redis: 196 | addr: ${DEFAULT_REDIS_HOST}:${DEFAULT_REDIS_PORT} 197 | password: ${DEFAULT_REDIS_PASSWORD} 198 | readTimeout: 0.2s 199 | writeTimeout: 0.2s 200 | db: 2 201 | EOF 202 | 203 | info "notice 配置文件生成完成: notice/config.yaml" 204 | } 205 | 206 | generate_agent_server_config() { 207 | info "正在生成 agent server 配置文件..." 208 | cat > codo-agent-server/conf.yaml << EOF 209 | # HTTP 服务端口 210 | PORT: 8000 211 | # GRPC 通信端口 212 | RPC-PORT: 8001 213 | # websocket 连接专用端口 214 | WS-PORT: 8002 215 | # metrics 端口 216 | PROM-PORT: 8003 217 | # 性能采集端口 218 | PPROF-PORT: 8004 219 | # 本机服务监听地址 220 | BIND-ADDRESS: 0.0.0.0 221 | 222 | 223 | # 日志存放地址 224 | ROOT-PATH: /data/logs/agent-server.log 225 | # 日志等级 226 | LOG-LEVEL: DEBUG 227 | 228 | 229 | # MQ配置 230 | MQCONFIG: 231 | ENABLED: false 232 | SCHEMA: "amqp" 233 | HOST: "127.0.0.1" 234 | PORT: 5672 235 | USERNAME: "admin" 236 | PASSWORD: "123456" 237 | VHOST: "codo" 238 | 239 | 240 | # MYSQL 配置 241 | DB-CONFIG: 242 | DB-TYPE: mysql 243 | DB-USER: root 244 | DB-PASSWORD: 123456 245 | DB-HOST: 127.0.0.1 246 | DB-NAME: codo_agent_server 247 | DB-TABLE-PREFIX: codo_ 248 | DB-FILE: "" 249 | DB-PORT: 3306 250 | 251 | 252 | # REDIS 配置 253 | REDIS: 254 | R-HOST: 127.0.0.1 255 | R-PORT: 6379 256 | R-PASSWORD: "" 257 | R-DB: 1 258 | # REDIS 发布订阅配置 259 | # 用于: 260 | # CDMB 任务同步 261 | # CODO 任务分发 262 | PUBLISH: 263 | P-HOST: 127.0.0.1 264 | P-PORT: 6379 265 | P-PASSWORD: "" 266 | P-DB: 1 267 | P-ENABLED: true 268 | 269 | # 组网配置, 用于 CODO 异地组网流量分发 270 | MESH-CONFIG: 271 | MESH-PORT: 9998 272 | SSL-PUBLIC-KEY-FILEPATH: /data/ca.crt 273 | SSL-PRIVATE-KEY-FILEPATH: /data/ca.key 274 | 275 | # 第三方接口配置 276 | THIRD-PARTY-API-CONFIG: 277 | AUTH-KEY: "${CODO_AUTH_KEY}" 278 | CMDB-API-CONFIG: 279 | REGISTER-AGENT-API: "${CODO_API_GW}/api/cmdb/api/v2/cmdb/agent/" 280 | 281 | # OTEL 配置 282 | OTEL: 283 | # pyroscope 服务地址 284 | PYROSCOPE: 285 | SERVER-ADDRESS: "" 286 | BASIC-AUTH-USER: "" 287 | BASIC-AUTH-PASSWORD: "" 288 | EOF 289 | } 290 | 291 | # 执行生成配置文件函数 292 | generate_notice_config 293 | generate_agent_server_config 294 | 295 | info "所有配置文件生成完成!" 296 | -------------------------------------------------------------------------------- /helm-deploy/quick_start/all_in_one.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eox pipefail 3 | 4 | 5 | # 创建一个堆栈来存储要执行的命令 6 | DEFER_STACK=() 7 | 8 | # defer 函数实现 9 | defer() { 10 | # 将命令添加到堆栈开头(模拟LIFO) 11 | DEFER_STACK=("$@" "${DEFER_STACK[@]}") 12 | } 13 | 14 | # 清理函数 - 按照LIFO顺序执行所有defer的命令 15 | cleanup() { 16 | for cmd in "${DEFER_STACK[@]}"; do 17 | eval "$cmd" 18 | done 19 | } 20 | 21 | # 注册EXIT信号处理器 22 | trap cleanup EXIT 23 | 24 | 25 | echo "================ init environment ================" 26 | # 如果 .env 文件存在, 则加载 .env 文件 27 | if [ -f .env ]; then 28 | source .env 29 | fi 30 | 31 | if [ -n "$local_deploy_crd" ]; then 32 | echo "============== need crd ==============" 33 | cp ./codo/.helmignore ./codo/.helmignore.bak 34 | cp ./codo/.helmignore_without_crd ./codo/.helmignore 35 | kubectl apply -f ./crds/cloud-agent-operator/crd.yaml 36 | kubectl apply -f ./crds/cloud-agent-operator/rbac.yaml 37 | 38 | defer "mv ./codo/.helmignore.bak ./codo/.helmignore" 39 | fi 40 | 41 | biz_values_file=$local_biz_values_file 42 | if [ "$biz_values_file" == "" ]; then 43 | biz_values_file="./codo/values.yaml" 44 | fi 45 | biz_images_file=$local_biz_images_file 46 | if [ "$biz_images_file" == "" ]; then 47 | biz_images_file="./codo/images.yaml" 48 | fi 49 | mid_values_file=$local_mid_values_file 50 | if [ "$mid_values_file" == "" ]; then 51 | mid_values_file="./codo_mid/values.yaml" 52 | fi 53 | mid_images_file=$local_mid_images_file 54 | if [ "$mid_images_file" == "" ]; then 55 | mid_images_file="./codo_mid/images.yaml" 56 | fi 57 | 58 | namespace=$local_namespace 59 | if [ "$namespace" == "" ]; then 60 | namespace="codo-dev" 61 | fi 62 | 63 | echo "namespace==${namespace}" 64 | echo "biz_values_file==${biz_values_file}" 65 | echo "biz_images_file==${biz_images_file}" 66 | echo "mid_values_file==${mid_values_file}" 67 | echo "mid_images_file==${mid_images_file}" 68 | 69 | echo "================ init environment done. ================" 70 | 71 | # 中间件依赖 72 | helm upgrade -n $namespace codo-mid ./codo_mid --install --create-namespace --wait --cleanup-on-fail \ 73 | --values $mid_values_file \ 74 | --values $mid_images_file \ 75 | --set "namespace=$namespace" 76 | 77 | 78 | echo "================ start check mysql status ================" 79 | mysql_pod_name=$(kubectl get pods -n $namespace|grep mysql | awk '{print $1}') 80 | echo "mysql_pod_name==${mysql_pod_name}" 81 | # 循环检查 pod 状态, 直到 RUNNING 82 | while true; do 83 | pod_status=$(kubectl get pods -n $namespace | grep $mysql_pod_name | awk '{print $3}' || true) 84 | echo "mysql pod status is $pod_status" 85 | if [ "$pod_status" == "Running" ]; then 86 | break 87 | fi 88 | sleep 1 89 | done 90 | echo "mysql pod is running" 91 | # 检查 mysql 日志, 直到 mysql 初始化完成 92 | echo "================ check mysql log ================" 93 | while true; do 94 | mysql_log=$(kubectl logs -n $namespace $mysql_pod_name |grep 'Server' |grep 'mysqld' | grep "starting as process 1" || true) 95 | if [ "$mysql_log" != "" ]; then 96 | break 97 | fi 98 | sleep 1 99 | done 100 | echo "================ check mysql status done ================" 101 | 102 | 103 | echo "================ start check rabbitmq status ================" 104 | rabbitmq_pod_name=$(kubectl get pods -n $namespace |grep rabbitmq | awk '{print $1}') 105 | echo "rabbitmq_pod_name==${rabbitmq_pod_name}" 106 | # 循环检查 pod 状态, 直到 RUNNING 107 | while true; do 108 | pod_status=$(kubectl get pods -n $namespace | grep $rabbitmq_pod_name | awk '{print $3}' || true) 109 | echo "rabbitmq pod status is $pod_status" 110 | if [ "$pod_status" == "Running" ]; then 111 | break 112 | fi 113 | sleep 1 114 | done 115 | echo "rabbitmq pod is running" 116 | # 检查 rabbitmq 日志, 直到 rabbitmq 初始化完成 117 | while true; do 118 | rabbitmq_log=$(kubectl logs -n $namespace $rabbitmq_pod_name | grep "Server startup complete" || true) 119 | if [ "$rabbitmq_log" != "" ]; then 120 | break 121 | fi 122 | sleep 1 123 | done 124 | echo "================ check rabbitmq status done ================" 125 | 126 | echo "================ start setup rabbitmq ================" 127 | kubectl exec -it -n $namespace $rabbitmq_pod_name -- /bin/bash -c "rabbitmqctl add_vhost codo" || true 128 | kubectl exec -it -n $namespace $rabbitmq_pod_name -- /bin/bash -c "rabbitmqctl set_permissions -p codo codo \".*\" \".*\" \".*\"" || true 129 | echo "================ setup rabbitmq done ================" 130 | 131 | echo "================ start setup mysql ================" 132 | # 将 codo_mid/migrate_scripts/*.sql 拷贝到 mysql 容器中 133 | kubectl cp ./codo_mid/migrate_scripts $namespace/$mysql_pod_name:/tmp/migrate_scripts 134 | # 执行数据库初始化脚本 135 | kubectl exec -it -n $namespace $mysql_pod_name -- /bin/bash -c "mysql --default-character-set=utf8mb4 -uroot -proot_password < /tmp/migrate_scripts/migrate_db.sql" || true 136 | kubectl exec -it -n $namespace $mysql_pod_name -- /bin/bash -c "mysql --default-character-set=utf8mb4 -uroot -proot_password < /tmp/migrate_scripts/migrate_cnmp.sql" || true 137 | kubectl exec -it -n $namespace $mysql_pod_name -- /bin/bash -c "mysql --default-character-set=utf8mb4 -uroot -proot_password < /tmp/migrate_scripts/migrate_notice.sql" || true 138 | echo "================ setup mysql done ================" 139 | 140 | echo "================ start deploy biz pods ================" 141 | # 业务组件 142 | helm upgrade -n $namespace codo-biz ./codo --create-namespace --install --wait --cleanup-on-fail \ 143 | --values $biz_values_file \ 144 | --values $biz_images_file \ 145 | --set "namespace=$namespace" 146 | 147 | echo "================ deploy biz pods done ================" 148 | 149 | kubectl get pods -n $namespace 150 | 151 | echo "================ deploy biz pods done ================" 152 | 153 | echo "================ start check biz pods status ================" 154 | admin_pod_name=$(kubectl get pods -n $namespace |grep admin | awk '{print $1}') 155 | echo "admin_pod_name==${admin_pod_name}" 156 | # 循环检查 pod 状态, 直到 RUNNING 157 | while true; do 158 | pod_status=$(kubectl get pods -n $namespace | grep $admin_pod_name | awk '{print $3}' || true) 159 | echo "admin pod status is $pod_status" 160 | if [ "$pod_status" == "Running" ]; then 161 | break 162 | fi 163 | sleep 1 164 | done 165 | echo "admin pod is running" 166 | 167 | # 进入 admin 容器, 执行 python3 manage.py db_init, 将数据库初始化 168 | kubectl exec -it -n $namespace $admin_pod_name -- /bin/bash -c "python3 manage.py db_init" || true 169 | # 进入 admin 容器, 执行 python3 manage.py token_init, 将获取的 token 作为 gatewayInnerApiToken 的值 170 | gateway_inner_api_token=$(kubectl exec -it -n $namespace $admin_pod_name -- /bin/bash -c "python3 manage.py token_init" | tr -d '\r' | tr -d '\n') 171 | echo "gateway_inner_api_token==$gateway_inner_api_token" 172 | # helm 重新部署 biz 组件, 传入 api_token 173 | helm upgrade --recreate-pods -n $namespace codo-biz ./codo --create-namespace --install --wait --cleanup-on-fail \ 174 | --values $biz_values_file \ 175 | --values $biz_images_file \ 176 | --set "namespace=$namespace" \ 177 | --set "gatewayInnerApiToken=$gateway_inner_api_token" 178 | 179 | echo "================ congratulation!!! deploy done ================" 180 | -------------------------------------------------------------------------------- /helm-deploy/codo/templates/flow-servers/configmap-loop.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "flowLoop.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "flowLoop.labels" . | nindent 4 }} 8 | data: 9 | settings.py: |+ 10 | #!/usr/bin/env python 11 | # -*- coding: utf-8 -*- 12 | """ 13 | Contact : 191715030@qq.com 14 | Author : shenshuo 15 | Date : 2019/4/15 14:59 16 | Desc : 配置文件 17 | """ 18 | import logging 19 | import os 20 | 21 | from websdk2.consts import const 22 | 23 | ROOT_DIR = os.path.dirname(__file__) 24 | debug = True 25 | log_level = logging.DEBUG 26 | xsrf_cookies = False 27 | expire_seconds = 365 * 24 * 60 * 60 28 | cookie_secret = os.getenv('DEFAULT_COOKIE_SECRET', '{{ required "The cookieSecretPy is required" .Values.cookieSecretPy }}') 29 | 30 | DEFAULT_DB_DBHOST = os.getenv('DEFAULT_DB_DBHOST', '{{ required "The mysql.host is required" .Values.mysql.host }}') 31 | DEFAULT_DB_DBPORT = os.getenv('DEFAULT_DB_DBPORT', {{ required "The mysql.port is required" .Values.mysql.port }}) 32 | DEFAULT_DB_DBUSER = os.getenv('DEFAULT_DB_DBUSER', '{{ required "The mysql.user is required" .Values.mysql.user }}') 33 | DEFAULT_DB_DBPWD = os.getenv('DEFAULT_DB_DBPWD', '{{ required "The mysql.passwd is required" .Values.mysql.passwd }}') 34 | DEFAULT_DB_DBNAME = os.getenv('DEFAULT_DB_DBNAME', '{{ required "The flowLoopDB is required" .Values.flowLoopDB }}') 35 | 36 | READONLY_DB_DBHOST = os.getenv('READONLY_DB_DBHOST', '{{ required "The mysql.host is required" .Values.mysql.host }}') 37 | READONLY_DB_DBPORT = os.getenv('READONLY_DB_DBPORT', {{ required "The mysql.port is required" .Values.mysql.port }}) 38 | READONLY_DB_DBUSER = os.getenv('READONLY_DB_DBUSER', '{{ required "The mysql.user is required" .Values.mysql.user }}') 39 | READONLY_DB_DBPWD = os.getenv('READONLY_DB_DBPWD', '{{ required "The mysql.passwd is required" .Values.mysql.passwd }}') 40 | READONLY_DB_DBNAME = os.getenv('READONLY_DB_DBNAME', '{{ required "The flowLoopDB is required" .Values.flowLoopDB }}') 41 | 42 | DEFAULT_REDIS_HOST = os.getenv('DEFAULT_REDIS_HOST', '{{ required "The redis.host is required" .Values.redis.host }}') 43 | DEFAULT_REDIS_PORT = os.getenv('DEFAULT_REDIS_PORT', {{ required "The redis.port is required" .Values.redis.port }}) 44 | DEFAULT_REDIS_DB = os.getenv('DEFAULT_REDIS_DB', {{ required "The flowLoopRedisDB is required" .Values.flowLoopRedisDB }}) 45 | DEFAULT_REDIS_AUTH = os.getenv('DEFAULT_REDIS_AUTH', True) 46 | DEFAULT_REDIS_CHARSET = os.getenv('DEFAULT_REDIS_CHARSET', 'utf-8') 47 | DEFAULT_REDIS_PASSWORD = os.getenv('DEFAULT_REDIS_PASSWORD', '{{ required "The redis.passwd is required" .Values.redis.passwd }}') 48 | 49 | 50 | # 系统使用MQ 51 | DEFAULT_MQ_ADDR = os.getenv('DEFAULT_MQ_ADDR', '{{ required "The rabbitmq.host is required" .Values.rabbitmq.host }}') 52 | DEFAULT_MQ_PORT = os.getenv('DEFAULT_MQ_PORT', {{ required "The rabbitmq.port is required" .Values.rabbitmq.port }}) 53 | DEFAULT_MQ_VHOST = os.getenv('DEFAULT_MQ_VHOST', '{{ required "The rabbitmq.vhost is required" .Values.rabbitmq.vhost }}') 54 | DEFAULT_MQ_USER = os.getenv('DEFAULT_MQ_USER', '{{ required "The rabbitmq.user is required" .Values.rabbitmq.user }}') 55 | DEFAULT_MQ_PWD = os.getenv('DEFAULT_MQ_PWD', '{{ required "The rabbitmq.passwd is required" .Values.rabbitmq.passwd }}') 56 | 57 | # agent使用的MQ 用来处理日志 58 | AGENT_MQ_ADDR = os.getenv('AGENT_MQ_ADDR', '{{ required "The rabbitmq.host is required" .Values.rabbitmq.host }}') 59 | AGENT_MQ_PORT = os.getenv('AGENT_MQ_PORT', {{ required "The rabbitmq.port is required" .Values.rabbitmq.port }}) 60 | AGENT_MQ_VHOST = os.getenv('AGENT_MQ_VHOST', '{{ required "The rabbitmq.vhost is required" .Values.rabbitmq.vhost }}') 61 | AGENT_MQ_USER = os.getenv('AGENT_MQ_USER', '{{ required "The rabbitmq.user is required" .Values.rabbitmq.user }}') 62 | AGENT_MQ_PWD = os.getenv('AGENT_MQ_PWD', '{{ required "The rabbitmq.passwd is required" .Values.rabbitmq.passwd }}') 63 | 64 | api_gw = "http://{{ template "gateway.innerApi" . }}" 65 | outer_api_gw = os.getenv('CODO_OUTER_API_GW', "https://{{ required "The gatewayIngressHost is required" .Values.gatewayIngressHost }}") # 外部webhook端点 66 | 67 | settings_auth_key = "{{ required "The gatewayInnerApiToken is required" .Values.gatewayInnerApiToken }}" 68 | 69 | # 钉钉和飞书免密链接 70 | dd_redirect = "" # 免密 71 | fs_redirect = "" 72 | m_url_redirect = "" # 移动端 73 | p_url_redirect = "" # PC端 74 | 75 | # 输出屏蔽字 76 | block_key = ['password', 'secret'] 77 | 78 | {{ required "The noticeConf is required" .Values.noticeConf | nindent 4 }} 79 | 80 | try: 81 | from local_settings import * 82 | except ImportError: 83 | print('local_settings.py No Found.') 84 | 85 | settings = dict( 86 | debug=debug, 87 | log_level=log_level, 88 | xsrf_cookies=xsrf_cookies, 89 | cookie_secret=cookie_secret, 90 | expire_seconds=expire_seconds, 91 | block_key=block_key, 92 | notice_conf_map=notice_conf_map, 93 | settings_auth_key=settings_auth_key, 94 | api_gw=api_gw, 95 | outer_api_gw=outer_api_gw, 96 | outer_webhook_prefix=f"{outer_api_gw}/api/job-acc", 97 | dd_redirect=dd_redirect, 98 | fs_redirect=fs_redirect, 99 | m_url_redirect=m_url_redirect, 100 | p_url_redirect=p_url_redirect, 101 | app_name='codo_flow', 102 | databases={ 103 | const.DEFAULT_DB_KEY: { 104 | const.DBHOST_KEY: DEFAULT_DB_DBHOST, 105 | const.DBPORT_KEY: DEFAULT_DB_DBPORT, 106 | const.DBUSER_KEY: DEFAULT_DB_DBUSER, 107 | const.DBPWD_KEY: DEFAULT_DB_DBPWD, 108 | const.DBNAME_KEY: DEFAULT_DB_DBNAME, 109 | }, 110 | const.READONLY_DB_KEY: { 111 | const.DBHOST_KEY: READONLY_DB_DBHOST, 112 | const.DBPORT_KEY: READONLY_DB_DBPORT, 113 | const.DBUSER_KEY: READONLY_DB_DBUSER, 114 | const.DBPWD_KEY: READONLY_DB_DBPWD, 115 | const.DBNAME_KEY: READONLY_DB_DBNAME, 116 | } 117 | }, 118 | redises={ 119 | const.DEFAULT_RD_KEY: { 120 | const.RD_HOST_KEY: DEFAULT_REDIS_HOST, 121 | const.RD_PORT_KEY: DEFAULT_REDIS_PORT, 122 | const.RD_DB_KEY: DEFAULT_REDIS_DB, 123 | const.RD_AUTH_KEY: DEFAULT_REDIS_AUTH, 124 | const.RD_CHARSET_KEY: DEFAULT_REDIS_CHARSET, 125 | const.RD_PASSWORD_KEY: DEFAULT_REDIS_PASSWORD 126 | } 127 | }, 128 | mqs={ 129 | const.DEFAULT_MQ_KEY: { 130 | const.MQ_ADDR: DEFAULT_MQ_ADDR, 131 | const.MQ_PORT: DEFAULT_MQ_PORT, 132 | const.MQ_VHOST: DEFAULT_MQ_VHOST, 133 | const.MQ_USER: DEFAULT_MQ_USER, 134 | const.MQ_PWD: DEFAULT_MQ_PWD, 135 | }, 136 | const.AGENT_MQ_KEY: { 137 | const.MQ_ADDR: AGENT_MQ_ADDR, 138 | const.MQ_PORT: AGENT_MQ_PORT, 139 | const.MQ_VHOST: AGENT_MQ_VHOST, 140 | const.MQ_USER: AGENT_MQ_USER, 141 | const.MQ_PWD: AGENT_MQ_PWD, 142 | } 143 | } 144 | ) -------------------------------------------------------------------------------- /helm-deploy/codo/templates/flow-servers/configmap-queue.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "flowQueue.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "flowQueue.labels" . | nindent 4 }} 8 | data: 9 | settings.py: |+ 10 | #!/usr/bin/env python 11 | # -*- coding: utf-8 -*- 12 | """ 13 | Contact : 191715030@qq.com 14 | Author : shenshuo 15 | Date : 2019/4/15 14:59 16 | Desc : 配置文件 17 | """ 18 | import logging 19 | import os 20 | 21 | from websdk2.consts import const 22 | 23 | ROOT_DIR = os.path.dirname(__file__) 24 | debug = True 25 | log_level = logging.DEBUG 26 | xsrf_cookies = False 27 | expire_seconds = 365 * 24 * 60 * 60 28 | cookie_secret = os.getenv('DEFAULT_COOKIE_SECRET', '{{ required "The cookieSecretPy is required" .Values.cookieSecretPy }}') 29 | 30 | DEFAULT_DB_DBHOST = os.getenv('DEFAULT_DB_DBHOST', '{{ required "The mysql.host is required" .Values.mysql.host }}') 31 | DEFAULT_DB_DBPORT = os.getenv('DEFAULT_DB_DBPORT', {{ required "The mysql.port is required" .Values.mysql.port }}) 32 | DEFAULT_DB_DBUSER = os.getenv('DEFAULT_DB_DBUSER', '{{ required "The mysql.user is required" .Values.mysql.user }}') 33 | DEFAULT_DB_DBPWD = os.getenv('DEFAULT_DB_DBPWD', '{{ required "The mysql.passwd is required" .Values.mysql.passwd }}') 34 | DEFAULT_DB_DBNAME = os.getenv('DEFAULT_DB_DBNAME', '{{ required "The flowQueueDB is required" .Values.flowQueueDB }}') 35 | 36 | READONLY_DB_DBHOST = os.getenv('READONLY_DB_DBHOST', '{{ required "The mysql.host is required" .Values.mysql.host }}') 37 | READONLY_DB_DBPORT = os.getenv('READONLY_DB_DBPORT', {{ required "The mysql.port is required" .Values.mysql.port }}) 38 | READONLY_DB_DBUSER = os.getenv('READONLY_DB_DBUSER', '{{ required "The mysql.user is required" .Values.mysql.user }}') 39 | READONLY_DB_DBPWD = os.getenv('READONLY_DB_DBPWD', '{{ required "The mysql.passwd is required" .Values.mysql.passwd }}') 40 | READONLY_DB_DBNAME = os.getenv('READONLY_DB_DBNAME', '{{ required "The flowQueueDB is required" .Values.flowQueueDB }}') 41 | 42 | DEFAULT_REDIS_HOST = os.getenv('DEFAULT_REDIS_HOST', '{{ required "The redis.host is required" .Values.redis.host }}') 43 | DEFAULT_REDIS_PORT = os.getenv('DEFAULT_REDIS_PORT', {{ required "The redis.port is required" .Values.redis.port }}) 44 | DEFAULT_REDIS_DB = os.getenv('DEFAULT_REDIS_DB', {{ required "The flowQueueRedisDB is required" .Values.flowQueueRedisDB }}) 45 | DEFAULT_REDIS_AUTH = os.getenv('DEFAULT_REDIS_AUTH', True) 46 | DEFAULT_REDIS_CHARSET = os.getenv('DEFAULT_REDIS_CHARSET', 'utf-8') 47 | DEFAULT_REDIS_PASSWORD = os.getenv('DEFAULT_REDIS_PASSWORD', '{{ required "The redis.passwd is required" .Values.redis.passwd }}') 48 | 49 | 50 | # 系统使用MQ 51 | DEFAULT_MQ_ADDR = os.getenv('DEFAULT_MQ_ADDR', '{{ required "The rabbitmq.host is required" .Values.rabbitmq.host }}') 52 | DEFAULT_MQ_PORT = os.getenv('DEFAULT_MQ_PORT', {{ required "The rabbitmq.port is required" .Values.rabbitmq.port }}) 53 | DEFAULT_MQ_VHOST = os.getenv('DEFAULT_MQ_VHOST', '{{ required "The rabbitmq.vhost is required" .Values.rabbitmq.vhost }}') 54 | DEFAULT_MQ_USER = os.getenv('DEFAULT_MQ_USER', '{{ required "The rabbitmq.user is required" .Values.rabbitmq.user }}') 55 | DEFAULT_MQ_PWD = os.getenv('DEFAULT_MQ_PWD', '{{ required "The rabbitmq.passwd is required" .Values.rabbitmq.passwd }}') 56 | 57 | # agent使用的MQ 用来处理日志 58 | AGENT_MQ_ADDR = os.getenv('AGENT_MQ_ADDR', '{{ required "The rabbitmq.host is required" .Values.rabbitmq.host }}') 59 | AGENT_MQ_PORT = os.getenv('AGENT_MQ_PORT', {{ required "The rabbitmq.port is required" .Values.rabbitmq.port }}) 60 | AGENT_MQ_VHOST = os.getenv('AGENT_MQ_VHOST', '{{ required "The rabbitmq.vhost is required" .Values.rabbitmq.vhost }}') 61 | AGENT_MQ_USER = os.getenv('AGENT_MQ_USER', '{{ required "The rabbitmq.user is required" .Values.rabbitmq.user }}') 62 | AGENT_MQ_PWD = os.getenv('AGENT_MQ_PWD', '{{ required "The rabbitmq.passwd is required" .Values.rabbitmq.passwd }}') 63 | 64 | api_gw = "http://{{ template "gateway.innerApi" . }}" 65 | outer_api_gw = os.getenv('CODO_OUTER_API_GW', "https://{{ required "The gatewayIngressHost is required" .Values.gatewayIngressHost }}") # 外部webhook端点 66 | 67 | settings_auth_key = "{{ required "The gatewayInnerApiToken is required" .Values.gatewayInnerApiToken }}" 68 | 69 | # 钉钉和飞书免密链接 70 | dd_redirect = "" # 免密 71 | fs_redirect = "" 72 | m_url_redirect = "" # 移动端 73 | p_url_redirect = "" # PC端 74 | 75 | # 输出屏蔽字 76 | block_key = ['password', 'secret'] 77 | 78 | {{ required "The noticeConf is required" .Values.noticeConf | nindent 4 }} 79 | 80 | try: 81 | from local_settings import * 82 | except ImportError: 83 | print('local_settings.py No Found.') 84 | 85 | settings = dict( 86 | debug=debug, 87 | log_level=log_level, 88 | xsrf_cookies=xsrf_cookies, 89 | cookie_secret=cookie_secret, 90 | expire_seconds=expire_seconds, 91 | block_key=block_key, 92 | notice_conf_map=notice_conf_map, 93 | settings_auth_key=settings_auth_key, 94 | api_gw=api_gw, 95 | outer_api_gw=outer_api_gw, 96 | outer_webhook_prefix=f"{outer_api_gw}/api/job-acc", 97 | dd_redirect=dd_redirect, 98 | fs_redirect=fs_redirect, 99 | m_url_redirect=m_url_redirect, 100 | p_url_redirect=p_url_redirect, 101 | app_name='codo_flow', 102 | databases={ 103 | const.DEFAULT_DB_KEY: { 104 | const.DBHOST_KEY: DEFAULT_DB_DBHOST, 105 | const.DBPORT_KEY: DEFAULT_DB_DBPORT, 106 | const.DBUSER_KEY: DEFAULT_DB_DBUSER, 107 | const.DBPWD_KEY: DEFAULT_DB_DBPWD, 108 | const.DBNAME_KEY: DEFAULT_DB_DBNAME, 109 | }, 110 | const.READONLY_DB_KEY: { 111 | const.DBHOST_KEY: READONLY_DB_DBHOST, 112 | const.DBPORT_KEY: READONLY_DB_DBPORT, 113 | const.DBUSER_KEY: READONLY_DB_DBUSER, 114 | const.DBPWD_KEY: READONLY_DB_DBPWD, 115 | const.DBNAME_KEY: READONLY_DB_DBNAME, 116 | } 117 | }, 118 | redises={ 119 | const.DEFAULT_RD_KEY: { 120 | const.RD_HOST_KEY: DEFAULT_REDIS_HOST, 121 | const.RD_PORT_KEY: DEFAULT_REDIS_PORT, 122 | const.RD_DB_KEY: DEFAULT_REDIS_DB, 123 | const.RD_AUTH_KEY: DEFAULT_REDIS_AUTH, 124 | const.RD_CHARSET_KEY: DEFAULT_REDIS_CHARSET, 125 | const.RD_PASSWORD_KEY: DEFAULT_REDIS_PASSWORD 126 | } 127 | }, 128 | mqs={ 129 | const.DEFAULT_MQ_KEY: { 130 | const.MQ_ADDR: DEFAULT_MQ_ADDR, 131 | const.MQ_PORT: DEFAULT_MQ_PORT, 132 | const.MQ_VHOST: DEFAULT_MQ_VHOST, 133 | const.MQ_USER: DEFAULT_MQ_USER, 134 | const.MQ_PWD: DEFAULT_MQ_PWD, 135 | }, 136 | const.AGENT_MQ_KEY: { 137 | const.MQ_ADDR: AGENT_MQ_ADDR, 138 | const.MQ_PORT: AGENT_MQ_PORT, 139 | const.MQ_VHOST: AGENT_MQ_VHOST, 140 | const.MQ_USER: AGENT_MQ_USER, 141 | const.MQ_PWD: AGENT_MQ_PWD, 142 | } 143 | } 144 | ) -------------------------------------------------------------------------------- /helm-deploy/codo/templates/flow-servers/configmap-control.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "flowControl.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "flowControl.labels" . | nindent 4 }} 8 | data: 9 | settings.py: |+ 10 | #!/usr/bin/env python 11 | # -*- coding: utf-8 -*- 12 | """ 13 | Contact : 191715030@qq.com 14 | Author : shenshuo 15 | Date : 2019/4/15 14:59 16 | Desc : 配置文件 17 | """ 18 | import logging 19 | import os 20 | 21 | from websdk2.consts import const 22 | 23 | ROOT_DIR = os.path.dirname(__file__) 24 | debug = True 25 | log_level = logging.DEBUG 26 | xsrf_cookies = False 27 | expire_seconds = 365 * 24 * 60 * 60 28 | cookie_secret = os.getenv('DEFAULT_COOKIE_SECRET', '{{ required "The cookieSecretPy is required" .Values.cookieSecretPy }}') 29 | 30 | DEFAULT_DB_DBHOST = os.getenv('DEFAULT_DB_DBHOST', '{{ required "The mysql.host is required" .Values.mysql.host }}') 31 | DEFAULT_DB_DBPORT = os.getenv('DEFAULT_DB_DBPORT', {{ required "The mysql.port is required" .Values.mysql.port }}) 32 | DEFAULT_DB_DBUSER = os.getenv('DEFAULT_DB_DBUSER', '{{ required "The mysql.user is required" .Values.mysql.user }}') 33 | DEFAULT_DB_DBPWD = os.getenv('DEFAULT_DB_DBPWD', '{{ required "The mysql.passwd is required" .Values.mysql.passwd }}') 34 | DEFAULT_DB_DBNAME = os.getenv('DEFAULT_DB_DBNAME', '{{ required "The flowControlDB is required" .Values.flowControlDB }}') 35 | 36 | READONLY_DB_DBHOST = os.getenv('READONLY_DB_DBHOST', '{{ required "The mysql.host is required" .Values.mysql.host }}') 37 | READONLY_DB_DBPORT = os.getenv('READONLY_DB_DBPORT', {{ required "The mysql.port is required" .Values.mysql.port }}) 38 | READONLY_DB_DBUSER = os.getenv('READONLY_DB_DBUSER', '{{ required "The mysql.user is required" .Values.mysql.user }}') 39 | READONLY_DB_DBPWD = os.getenv('READONLY_DB_DBPWD', '{{ required "The mysql.passwd is required" .Values.mysql.passwd }}') 40 | READONLY_DB_DBNAME = os.getenv('READONLY_DB_DBNAME', '{{ required "The flowControlDB is required" .Values.flowControlDB }}') 41 | 42 | DEFAULT_REDIS_HOST = os.getenv('DEFAULT_REDIS_HOST', '{{ required "The redis.host is required" .Values.redis.host }}') 43 | DEFAULT_REDIS_PORT = os.getenv('DEFAULT_REDIS_PORT', {{ required "The redis.port is required" .Values.redis.port }}) 44 | DEFAULT_REDIS_DB = os.getenv('DEFAULT_REDIS_DB', {{ required "The flowControlRedisDB is required" .Values.flowControlRedisDB }}) 45 | DEFAULT_REDIS_AUTH = os.getenv('DEFAULT_REDIS_AUTH', True) 46 | DEFAULT_REDIS_CHARSET = os.getenv('DEFAULT_REDIS_CHARSET', 'utf-8') 47 | DEFAULT_REDIS_PASSWORD = os.getenv('DEFAULT_REDIS_PASSWORD', '{{ required "The redis.passwd is required" .Values.redis.passwd }}') 48 | 49 | 50 | # 系统使用MQ 51 | DEFAULT_MQ_ADDR = os.getenv('DEFAULT_MQ_ADDR', '{{ required "The rabbitmq.host is required" .Values.rabbitmq.host }}') 52 | DEFAULT_MQ_PORT = os.getenv('DEFAULT_MQ_PORT', {{ required "The rabbitmq.port is required" .Values.rabbitmq.port }}) 53 | DEFAULT_MQ_VHOST = os.getenv('DEFAULT_MQ_VHOST', '{{ required "The rabbitmq.vhost is required" .Values.rabbitmq.vhost }}') 54 | DEFAULT_MQ_USER = os.getenv('DEFAULT_MQ_USER', '{{ required "The rabbitmq.user is required" .Values.rabbitmq.user }}') 55 | DEFAULT_MQ_PWD = os.getenv('DEFAULT_MQ_PWD', '{{ required "The rabbitmq.passwd is required" .Values.rabbitmq.passwd }}') 56 | 57 | # agent使用的MQ 用来处理日志 58 | AGENT_MQ_ADDR = os.getenv('AGENT_MQ_ADDR', '{{ required "The rabbitmq.host is required" .Values.rabbitmq.host }}') 59 | AGENT_MQ_PORT = os.getenv('AGENT_MQ_PORT', {{ required "The rabbitmq.port is required" .Values.rabbitmq.port }}) 60 | AGENT_MQ_VHOST = os.getenv('AGENT_MQ_VHOST', '{{ required "The rabbitmq.vhost is required" .Values.rabbitmq.vhost }}') 61 | AGENT_MQ_USER = os.getenv('AGENT_MQ_USER', '{{ required "The rabbitmq.user is required" .Values.rabbitmq.user }}') 62 | AGENT_MQ_PWD = os.getenv('AGENT_MQ_PWD', '{{ required "The rabbitmq.passwd is required" .Values.rabbitmq.passwd }}') 63 | 64 | api_gw = "http://{{ template "gateway.innerApi" . }}" 65 | outer_api_gw = os.getenv('CODO_OUTER_API_GW', "https://{{ required "The gatewayIngressHost is required" .Values.gatewayIngressHost }}") # 外部webhook端点 66 | 67 | settings_auth_key = "{{ required "The gatewayInnerApiToken is required" .Values.gatewayInnerApiToken }}" 68 | 69 | # 钉钉和飞书免密链接 70 | dd_redirect = "" # 免密 71 | fs_redirect = "" 72 | m_url_redirect = "" # 移动端 73 | p_url_redirect = "" # PC端 74 | 75 | # 输出屏蔽字 76 | block_key = ['password', 'secret'] 77 | 78 | {{ required "The noticeConf is required" .Values.noticeConf | nindent 4 }} 79 | 80 | try: 81 | from local_settings import * 82 | except ImportError: 83 | print('local_settings.py No Found.') 84 | 85 | settings = dict( 86 | debug=debug, 87 | log_level=log_level, 88 | xsrf_cookies=xsrf_cookies, 89 | cookie_secret=cookie_secret, 90 | expire_seconds=expire_seconds, 91 | block_key=block_key, 92 | notice_conf_map=notice_conf_map, 93 | settings_auth_key=settings_auth_key, 94 | api_gw=api_gw, 95 | outer_api_gw=outer_api_gw, 96 | outer_webhook_prefix=f"{outer_api_gw}/api/job-acc", 97 | dd_redirect=dd_redirect, 98 | fs_redirect=fs_redirect, 99 | m_url_redirect=m_url_redirect, 100 | p_url_redirect=p_url_redirect, 101 | app_name='codo_flow', 102 | databases={ 103 | const.DEFAULT_DB_KEY: { 104 | const.DBHOST_KEY: DEFAULT_DB_DBHOST, 105 | const.DBPORT_KEY: DEFAULT_DB_DBPORT, 106 | const.DBUSER_KEY: DEFAULT_DB_DBUSER, 107 | const.DBPWD_KEY: DEFAULT_DB_DBPWD, 108 | const.DBNAME_KEY: DEFAULT_DB_DBNAME, 109 | }, 110 | const.READONLY_DB_KEY: { 111 | const.DBHOST_KEY: READONLY_DB_DBHOST, 112 | const.DBPORT_KEY: READONLY_DB_DBPORT, 113 | const.DBUSER_KEY: READONLY_DB_DBUSER, 114 | const.DBPWD_KEY: READONLY_DB_DBPWD, 115 | const.DBNAME_KEY: READONLY_DB_DBNAME, 116 | } 117 | }, 118 | redises={ 119 | const.DEFAULT_RD_KEY: { 120 | const.RD_HOST_KEY: DEFAULT_REDIS_HOST, 121 | const.RD_PORT_KEY: DEFAULT_REDIS_PORT, 122 | const.RD_DB_KEY: DEFAULT_REDIS_DB, 123 | const.RD_AUTH_KEY: DEFAULT_REDIS_AUTH, 124 | const.RD_CHARSET_KEY: DEFAULT_REDIS_CHARSET, 125 | const.RD_PASSWORD_KEY: DEFAULT_REDIS_PASSWORD 126 | } 127 | }, 128 | mqs={ 129 | const.DEFAULT_MQ_KEY: { 130 | const.MQ_ADDR: DEFAULT_MQ_ADDR, 131 | const.MQ_PORT: DEFAULT_MQ_PORT, 132 | const.MQ_VHOST: DEFAULT_MQ_VHOST, 133 | const.MQ_USER: DEFAULT_MQ_USER, 134 | const.MQ_PWD: DEFAULT_MQ_PWD, 135 | }, 136 | const.AGENT_MQ_KEY: { 137 | const.MQ_ADDR: AGENT_MQ_ADDR, 138 | const.MQ_PORT: AGENT_MQ_PORT, 139 | const.MQ_VHOST: AGENT_MQ_VHOST, 140 | const.MQ_USER: AGENT_MQ_USER, 141 | const.MQ_PWD: AGENT_MQ_PWD, 142 | } 143 | } 144 | ) -------------------------------------------------------------------------------- /helm-deploy/codo/templates/flow-servers/configmap-task-log.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "flowTaskLog.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "flowTaskLog.labels" . | nindent 4 }} 8 | data: 9 | settings.py: |+ 10 | #!/usr/bin/env python 11 | # -*- coding: utf-8 -*- 12 | """ 13 | Contact : 191715030@qq.com 14 | Author : shenshuo 15 | Date : 2019/4/15 14:59 16 | Desc : 配置文件 17 | """ 18 | import logging 19 | import os 20 | 21 | from websdk2.consts import const 22 | 23 | ROOT_DIR = os.path.dirname(__file__) 24 | debug = True 25 | log_level = logging.DEBUG 26 | xsrf_cookies = False 27 | expire_seconds = 365 * 24 * 60 * 60 28 | cookie_secret = os.getenv('DEFAULT_COOKIE_SECRET', '{{ required "The cookieSecretPy is required" .Values.cookieSecretPy }}') 29 | 30 | DEFAULT_DB_DBHOST = os.getenv('DEFAULT_DB_DBHOST', '{{ required "The mysql.host is required" .Values.mysql.host }}') 31 | DEFAULT_DB_DBPORT = os.getenv('DEFAULT_DB_DBPORT', {{ required "The mysql.port is required" .Values.mysql.port }}) 32 | DEFAULT_DB_DBUSER = os.getenv('DEFAULT_DB_DBUSER', '{{ required "The mysql.user is required" .Values.mysql.user }}') 33 | DEFAULT_DB_DBPWD = os.getenv('DEFAULT_DB_DBPWD', '{{ required "The mysql.passwd is required" .Values.mysql.passwd }}') 34 | DEFAULT_DB_DBNAME = os.getenv('DEFAULT_DB_DBNAME', '{{ required "The flowTaskLogDB is required" .Values.flowTaskLogDB }}') 35 | 36 | READONLY_DB_DBHOST = os.getenv('READONLY_DB_DBHOST', '{{ required "The mysql.host is required" .Values.mysql.host }}') 37 | READONLY_DB_DBPORT = os.getenv('READONLY_DB_DBPORT', {{ required "The mysql.port is required" .Values.mysql.port }}) 38 | READONLY_DB_DBUSER = os.getenv('READONLY_DB_DBUSER', '{{ required "The mysql.user is required" .Values.mysql.user }}') 39 | READONLY_DB_DBPWD = os.getenv('READONLY_DB_DBPWD', '{{ required "The mysql.passwd is required" .Values.mysql.passwd }}') 40 | READONLY_DB_DBNAME = os.getenv('READONLY_DB_DBNAME', '{{ required "The flowTaskLogDB is required" .Values.flowTaskLogDB }}') 41 | 42 | DEFAULT_REDIS_HOST = os.getenv('DEFAULT_REDIS_HOST', '{{ required "The redis.host is required" .Values.redis.host }}') 43 | DEFAULT_REDIS_PORT = os.getenv('DEFAULT_REDIS_PORT', {{ required "The redis.port is required" .Values.redis.port }}) 44 | DEFAULT_REDIS_DB = os.getenv('DEFAULT_REDIS_DB', {{ required "The flowTaskLogRedisDB is required" .Values.flowTaskLogRedisDB }}) 45 | DEFAULT_REDIS_AUTH = os.getenv('DEFAULT_REDIS_AUTH', True) 46 | DEFAULT_REDIS_CHARSET = os.getenv('DEFAULT_REDIS_CHARSET', 'utf-8') 47 | DEFAULT_REDIS_PASSWORD = os.getenv('DEFAULT_REDIS_PASSWORD', '{{ required "The redis.passwd is required" .Values.redis.passwd }}') 48 | 49 | 50 | # 系统使用MQ 51 | DEFAULT_MQ_ADDR = os.getenv('DEFAULT_MQ_ADDR', '{{ required "The rabbitmq.host is required" .Values.rabbitmq.host }}') 52 | DEFAULT_MQ_PORT = os.getenv('DEFAULT_MQ_PORT', {{ required "The rabbitmq.port is required" .Values.rabbitmq.port }}) 53 | DEFAULT_MQ_VHOST = os.getenv('DEFAULT_MQ_VHOST', '{{ required "The rabbitmq.vhost is required" .Values.rabbitmq.vhost }}') 54 | DEFAULT_MQ_USER = os.getenv('DEFAULT_MQ_USER', '{{ required "The rabbitmq.user is required" .Values.rabbitmq.user }}') 55 | DEFAULT_MQ_PWD = os.getenv('DEFAULT_MQ_PWD', '{{ required "The rabbitmq.passwd is required" .Values.rabbitmq.passwd }}') 56 | 57 | # agent使用的MQ 用来处理日志 58 | AGENT_MQ_ADDR = os.getenv('AGENT_MQ_ADDR', '{{ required "The rabbitmq.host is required" .Values.rabbitmq.host }}') 59 | AGENT_MQ_PORT = os.getenv('AGENT_MQ_PORT', {{ required "The rabbitmq.port is required" .Values.rabbitmq.port }}) 60 | AGENT_MQ_VHOST = os.getenv('AGENT_MQ_VHOST', '{{ required "The rabbitmq.vhost is required" .Values.rabbitmq.vhost }}') 61 | AGENT_MQ_USER = os.getenv('AGENT_MQ_USER', '{{ required "The rabbitmq.user is required" .Values.rabbitmq.user }}') 62 | AGENT_MQ_PWD = os.getenv('AGENT_MQ_PWD', '{{ required "The rabbitmq.passwd is required" .Values.rabbitmq.passwd }}') 63 | 64 | api_gw = "http://{{ template "gateway.innerApi" . }}" 65 | outer_api_gw = os.getenv('CODO_OUTER_API_GW', "https://{{ required "The gatewayIngressHost is required" .Values.gatewayIngressHost }}") # 外部webhook端点 66 | 67 | settings_auth_key = "{{ required "The gatewayInnerApiToken is required" .Values.gatewayInnerApiToken }}" 68 | 69 | # 钉钉和飞书免密链接 70 | dd_redirect = "" # 免密 71 | fs_redirect = "" 72 | m_url_redirect = "" # 移动端 73 | p_url_redirect = "" # PC端 74 | 75 | # 输出屏蔽字 76 | block_key = ['password', 'secret'] 77 | 78 | {{ required "The noticeConf is required" .Values.noticeConf | nindent 4 }} 79 | 80 | try: 81 | from local_settings import * 82 | except ImportError: 83 | print('local_settings.py No Found.') 84 | 85 | settings = dict( 86 | debug=debug, 87 | log_level=log_level, 88 | xsrf_cookies=xsrf_cookies, 89 | cookie_secret=cookie_secret, 90 | expire_seconds=expire_seconds, 91 | block_key=block_key, 92 | notice_conf_map=notice_conf_map, 93 | settings_auth_key=settings_auth_key, 94 | api_gw=api_gw, 95 | outer_api_gw=outer_api_gw, 96 | outer_webhook_prefix=f"{outer_api_gw}/api/job-acc", 97 | dd_redirect=dd_redirect, 98 | fs_redirect=fs_redirect, 99 | m_url_redirect=m_url_redirect, 100 | p_url_redirect=p_url_redirect, 101 | app_name='codo_flow', 102 | databases={ 103 | const.DEFAULT_DB_KEY: { 104 | const.DBHOST_KEY: DEFAULT_DB_DBHOST, 105 | const.DBPORT_KEY: DEFAULT_DB_DBPORT, 106 | const.DBUSER_KEY: DEFAULT_DB_DBUSER, 107 | const.DBPWD_KEY: DEFAULT_DB_DBPWD, 108 | const.DBNAME_KEY: DEFAULT_DB_DBNAME, 109 | }, 110 | const.READONLY_DB_KEY: { 111 | const.DBHOST_KEY: READONLY_DB_DBHOST, 112 | const.DBPORT_KEY: READONLY_DB_DBPORT, 113 | const.DBUSER_KEY: READONLY_DB_DBUSER, 114 | const.DBPWD_KEY: READONLY_DB_DBPWD, 115 | const.DBNAME_KEY: READONLY_DB_DBNAME, 116 | } 117 | }, 118 | redises={ 119 | const.DEFAULT_RD_KEY: { 120 | const.RD_HOST_KEY: DEFAULT_REDIS_HOST, 121 | const.RD_PORT_KEY: DEFAULT_REDIS_PORT, 122 | const.RD_DB_KEY: DEFAULT_REDIS_DB, 123 | const.RD_AUTH_KEY: DEFAULT_REDIS_AUTH, 124 | const.RD_CHARSET_KEY: DEFAULT_REDIS_CHARSET, 125 | const.RD_PASSWORD_KEY: DEFAULT_REDIS_PASSWORD 126 | } 127 | }, 128 | mqs={ 129 | const.DEFAULT_MQ_KEY: { 130 | const.MQ_ADDR: DEFAULT_MQ_ADDR, 131 | const.MQ_PORT: DEFAULT_MQ_PORT, 132 | const.MQ_VHOST: DEFAULT_MQ_VHOST, 133 | const.MQ_USER: DEFAULT_MQ_USER, 134 | const.MQ_PWD: DEFAULT_MQ_PWD, 135 | }, 136 | const.AGENT_MQ_KEY: { 137 | const.MQ_ADDR: AGENT_MQ_ADDR, 138 | const.MQ_PORT: AGENT_MQ_PORT, 139 | const.MQ_VHOST: AGENT_MQ_VHOST, 140 | const.MQ_USER: AGENT_MQ_USER, 141 | const.MQ_PWD: AGENT_MQ_PWD, 142 | } 143 | } 144 | ) -------------------------------------------------------------------------------- /helm-deploy/codo/templates/flow-servers/configmap-agent-log.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "flowAgentLog.uname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "flowAgentLog.labels" . | nindent 4 }} 8 | data: 9 | settings.py: |+ 10 | #!/usr/bin/env python 11 | # -*- coding: utf-8 -*- 12 | """ 13 | Contact : 191715030@qq.com 14 | Author : shenshuo 15 | Date : 2019/4/15 14:59 16 | Desc : 配置文件 17 | """ 18 | import logging 19 | import os 20 | 21 | from websdk2.consts import const 22 | 23 | ROOT_DIR = os.path.dirname(__file__) 24 | debug = True 25 | log_level = logging.DEBUG 26 | xsrf_cookies = False 27 | expire_seconds = 365 * 24 * 60 * 60 28 | cookie_secret = os.getenv('DEFAULT_COOKIE_SECRET', '{{ required "The cookieSecretPy is required" .Values.cookieSecretPy }}') 29 | 30 | DEFAULT_DB_DBHOST = os.getenv('DEFAULT_DB_DBHOST', '{{ required "The mysql.host is required" .Values.mysql.host }}') 31 | DEFAULT_DB_DBPORT = os.getenv('DEFAULT_DB_DBPORT', {{ required "The mysql.port is required" .Values.mysql.port }}) 32 | DEFAULT_DB_DBUSER = os.getenv('DEFAULT_DB_DBUSER', '{{ required "The mysql.user is required" .Values.mysql.user }}') 33 | DEFAULT_DB_DBPWD = os.getenv('DEFAULT_DB_DBPWD', '{{ required "The mysql.passwd is required" .Values.mysql.passwd }}') 34 | DEFAULT_DB_DBNAME = os.getenv('DEFAULT_DB_DBNAME', '{{ required "The flowAgentLogDB is required" .Values.flowAgentLogDB }}') 35 | 36 | READONLY_DB_DBHOST = os.getenv('READONLY_DB_DBHOST', '{{ required "The mysql.host is required" .Values.mysql.host }}') 37 | READONLY_DB_DBPORT = os.getenv('READONLY_DB_DBPORT', {{ required "The mysql.port is required" .Values.mysql.port }}) 38 | READONLY_DB_DBUSER = os.getenv('READONLY_DB_DBUSER', '{{ required "The mysql.user is required" .Values.mysql.user }}') 39 | READONLY_DB_DBPWD = os.getenv('READONLY_DB_DBPWD', '{{ required "The mysql.passwd is required" .Values.mysql.passwd }}') 40 | READONLY_DB_DBNAME = os.getenv('READONLY_DB_DBNAME', '{{ required "The flowAgentLogDB is required" .Values.flowAgentLogDB }}') 41 | 42 | DEFAULT_REDIS_HOST = os.getenv('DEFAULT_REDIS_HOST', '{{ required "The redis.host is required" .Values.redis.host }}') 43 | DEFAULT_REDIS_PORT = os.getenv('DEFAULT_REDIS_PORT', {{ required "The redis.port is required" .Values.redis.port }}) 44 | DEFAULT_REDIS_DB = os.getenv('DEFAULT_REDIS_DB', {{ required "The flowAgentLogRedisDB is required" .Values.flowAgentLogRedisDB }}) 45 | DEFAULT_REDIS_AUTH = os.getenv('DEFAULT_REDIS_AUTH', True) 46 | DEFAULT_REDIS_CHARSET = os.getenv('DEFAULT_REDIS_CHARSET', 'utf-8') 47 | DEFAULT_REDIS_PASSWORD = os.getenv('DEFAULT_REDIS_PASSWORD', '{{ required "The redis.passwd is required" .Values.redis.passwd }}') 48 | 49 | 50 | # 系统使用MQ 51 | DEFAULT_MQ_ADDR = os.getenv('DEFAULT_MQ_ADDR', '{{ required "The rabbitmq.host is required" .Values.rabbitmq.host }}') 52 | DEFAULT_MQ_PORT = os.getenv('DEFAULT_MQ_PORT', {{ required "The rabbitmq.port is required" .Values.rabbitmq.port }}) 53 | DEFAULT_MQ_VHOST = os.getenv('DEFAULT_MQ_VHOST', '{{ required "The rabbitmq.vhost is required" .Values.rabbitmq.vhost }}') 54 | DEFAULT_MQ_USER = os.getenv('DEFAULT_MQ_USER', '{{ required "The rabbitmq.user is required" .Values.rabbitmq.user }}') 55 | DEFAULT_MQ_PWD = os.getenv('DEFAULT_MQ_PWD', '{{ required "The rabbitmq.passwd is required" .Values.rabbitmq.passwd }}') 56 | 57 | # agent使用的MQ 用来处理日志 58 | AGENT_MQ_ADDR = os.getenv('AGENT_MQ_ADDR', '{{ required "The rabbitmq.host is required" .Values.rabbitmq.host }}') 59 | AGENT_MQ_PORT = os.getenv('AGENT_MQ_PORT', {{ required "The rabbitmq.port is required" .Values.rabbitmq.port }}) 60 | AGENT_MQ_VHOST = os.getenv('AGENT_MQ_VHOST', '{{ required "The rabbitmq.vhost is required" .Values.rabbitmq.vhost }}') 61 | AGENT_MQ_USER = os.getenv('AGENT_MQ_USER', '{{ required "The rabbitmq.user is required" .Values.rabbitmq.user }}') 62 | AGENT_MQ_PWD = os.getenv('AGENT_MQ_PWD', '{{ required "The rabbitmq.passwd is required" .Values.rabbitmq.passwd }}') 63 | 64 | api_gw = "http://{{ template "gateway.innerApi" . }}" 65 | outer_api_gw = os.getenv('CODO_OUTER_API_GW', "https://{{ required "The gatewayIngressHost is required" .Values.gatewayIngressHost }}") # 外部webhook端点 66 | 67 | settings_auth_key = "{{ required "The gatewayInnerApiToken is required" .Values.gatewayInnerApiToken }}" 68 | 69 | # 钉钉和飞书免密链接 70 | dd_redirect = "" # 免密 71 | fs_redirect = "" 72 | m_url_redirect = "" # 移动端 73 | p_url_redirect = "" # PC端 74 | 75 | # 输出屏蔽字 76 | block_key = ['password', 'secret'] 77 | 78 | {{ required "The noticeConf is required" .Values.noticeConf | nindent 4 }} 79 | 80 | try: 81 | from local_settings import * 82 | except ImportError: 83 | print('local_settings.py No Found.') 84 | 85 | settings = dict( 86 | debug=debug, 87 | log_level=log_level, 88 | xsrf_cookies=xsrf_cookies, 89 | cookie_secret=cookie_secret, 90 | expire_seconds=expire_seconds, 91 | block_key=block_key, 92 | notice_conf_map=notice_conf_map, 93 | settings_auth_key=settings_auth_key, 94 | api_gw=api_gw, 95 | outer_api_gw=outer_api_gw, 96 | outer_webhook_prefix=f"{outer_api_gw}/api/job-acc", 97 | dd_redirect=dd_redirect, 98 | fs_redirect=fs_redirect, 99 | m_url_redirect=m_url_redirect, 100 | p_url_redirect=p_url_redirect, 101 | app_name='codo_flow', 102 | databases={ 103 | const.DEFAULT_DB_KEY: { 104 | const.DBHOST_KEY: DEFAULT_DB_DBHOST, 105 | const.DBPORT_KEY: DEFAULT_DB_DBPORT, 106 | const.DBUSER_KEY: DEFAULT_DB_DBUSER, 107 | const.DBPWD_KEY: DEFAULT_DB_DBPWD, 108 | const.DBNAME_KEY: DEFAULT_DB_DBNAME, 109 | }, 110 | const.READONLY_DB_KEY: { 111 | const.DBHOST_KEY: READONLY_DB_DBHOST, 112 | const.DBPORT_KEY: READONLY_DB_DBPORT, 113 | const.DBUSER_KEY: READONLY_DB_DBUSER, 114 | const.DBPWD_KEY: READONLY_DB_DBPWD, 115 | const.DBNAME_KEY: READONLY_DB_DBNAME, 116 | } 117 | }, 118 | redises={ 119 | const.DEFAULT_RD_KEY: { 120 | const.RD_HOST_KEY: DEFAULT_REDIS_HOST, 121 | const.RD_PORT_KEY: DEFAULT_REDIS_PORT, 122 | const.RD_DB_KEY: DEFAULT_REDIS_DB, 123 | const.RD_AUTH_KEY: DEFAULT_REDIS_AUTH, 124 | const.RD_CHARSET_KEY: DEFAULT_REDIS_CHARSET, 125 | const.RD_PASSWORD_KEY: DEFAULT_REDIS_PASSWORD 126 | } 127 | }, 128 | mqs={ 129 | const.DEFAULT_MQ_KEY: { 130 | const.MQ_ADDR: DEFAULT_MQ_ADDR, 131 | const.MQ_PORT: DEFAULT_MQ_PORT, 132 | const.MQ_VHOST: DEFAULT_MQ_VHOST, 133 | const.MQ_USER: DEFAULT_MQ_USER, 134 | const.MQ_PWD: DEFAULT_MQ_PWD, 135 | }, 136 | const.AGENT_MQ_KEY: { 137 | const.MQ_ADDR: AGENT_MQ_ADDR, 138 | const.MQ_PORT: AGENT_MQ_PORT, 139 | const.MQ_VHOST: AGENT_MQ_VHOST, 140 | const.MQ_USER: AGENT_MQ_USER, 141 | const.MQ_PWD: AGENT_MQ_PWD, 142 | } 143 | } 144 | ) --------------------------------------------------------------------------------