Merge remote-tracking branch 'github-bk-bcs/master'

* github-bk-bcs/master: feat: 添加 bcs-ops 标准运维流程文件；添加 bcs-ops 导入标准运维、bkrepo脚本，并添加对应的脚本镜像Dockerfile (#2902) feat: 单节点，取消污点 (#2829)
TencentBlueKing · Feb 2, 2024 · 9996087 · 9996087
2 parents 5054e4a + cb69435
commit 9996087
Show file tree

Hide file tree

Showing 6 changed files with 202 additions and 4 deletions.
diff --git a/bcs-ops/docker/Dockerfile b/bcs-ops/docker/Dockerfile
@@ -0,0 +1,14 @@
+FROM python:3.8-alpine3.18 as builder
+WORKDIR /work
+RUN apk update && apk add make
+COPY . .
+RUN make build
+RUN cp bcs-ops-script-release-*.tar.gz sops/bcs-ops.tar.gz
+
+FROM python:3.8-alpine3.18
+ENV WORKSPACE=/app
+ENV PATH=$PATH:${WORKSPACE}
+WORKDIR ${WORKSPACE}
+RUN pip3 install ujson requests
+COPY --from=builder /work/sops/upload.py /work/sops/bcs-ops.tar.gz /work/sops/bcs_bk_sops_common.dat ./
+ENTRYPOINT ["python3", "upload.py"]
diff --git a/bcs-ops/functions/utils.sh b/bcs-ops/functions/utils.sh
@@ -68,7 +68,7 @@ utils::color_echo() {
 #	$LOG_FILE | write log to file
 #   $ERR_CODE | fatal exit code, default is 1
 # PrintColor:
-# DEBUG-purple;INFO-yellow;OK-green;WARN-yellow;ERROR-red;FATAL-red
+# DEBUG-purple;INFO-blue;OK-green;WARN-yellow;ERROR-red;FATAL-red
 # Returns:
 # DEBUG-0;INFO-0;OK-0;WARN-0;ERROR-1;FATAL-$ERR_CODE and exit;
 #######################################
@@ -83,9 +83,17 @@ utils::log() {
   if ((${#FUNCNAME[@]} <= 2)); then
     func_name="main"
   else
-    func_name="${FUNCNAME[1]}"
+    if [[ -n ${TRAP_FLAG:-} ]]; then
+      func_name="${FUNCNAME[2]}"
+    else
+      func_name="${FUNCNAME[1]}"
+    fi
+  fi
+  if [[ -n ${TRAP_FLAG:-} ]]; then
+    format="$timestamp [$level] ${BASH_SOURCE[2]}|${BASH_LINENO[1]}|${func_name}:"
+  else
+    format="$timestamp [$level] ${BASH_SOURCE[1]}|${BASH_LINENO[0]}|${func_name}:"
   fi
-  format="$timestamp [$level] ${BASH_SOURCE[1]}|${BASH_LINENO[0]}|${func_name}:"
   case "${level}" in
     "DEBUG")
       if [[ -z ${DEBUG:-} ]]; then
@@ -151,6 +159,7 @@ utils::log() {
 # ######################################
 utils::on_ERR() {
   ERR_CODE=$?
+  export TRAP_FLAG=1
   utils::log FATAL "$(utils::color_echo bwhite "$BASH_COMMAND")"
 }
 

diff --git a/bcs-ops/install_master.sh b/bcs-ops/install_master.sh
@@ -68,6 +68,11 @@ if [[ -z ${MASTER_JOIN_CMD:-} ]]; then
   install -dv "$HOME/.kube"
   install -v -m 600 -o "$(id -u)" -g "$(id -g)" \
     /etc/kubernetes/admin.conf "$HOME/.kube/config"
+   # single master cluster
+   if [[ "$BCS_CP_WORKER" != "0" ]];then
+     kubectl taint node -l node-role.kubernetes.io/master= node-role.kubernetes.io/master:NoSchedule- node-role.kubernetes.io/control-plane:NoSchedule-
+     kubectl taint node -l node-role.kubernetes.io/control-plane= node-role.kubernetes.io/master:NoSchedule- node-role.kubernetes.io/control-plane:NoSchedule-
+   fi
   "${ROOT_DIR}"/k8s/install_cni.sh
   "${ROOT_DIR}"/k8s/operate_metrics_server apply
   "${ROOT_DIR}"/k8s/install_helm

diff --git a/bcs-ops/sops/bcs_bk_sops_common.dat b/bcs-ops/sops/bcs_bk_sops_common.dat
diff --git a/bcs-ops/sops/upload.py b/bcs-ops/sops/upload.py
@@ -0,0 +1,167 @@
+#!/usr/bin/env python3
+#######################################
+# Tencent is pleased to support the open source community by making Blueking Container Service available.
+# Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+# Licensed under the MIT License (the "License"); you may not use this file except
+# in compliance with the License. You may obtain a copy of the License at
+# http://opensource.org/licenses/MIT
+# Unless required by applicable law or agreed to in writing, software distributed under
+# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+# either express or implied. See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################
+
+"""
+upload.py is a script to upload bcs scripts package to bkrepo
+and upload relate sops file to common flow.
+Notice!!!!!!
+BKREPO URL is diverse in in different blueking environments.
+So `SCRIPT_URL_PLACEHOLDER` is used as a matching pattern in sops template flow.
+"""
+
+import argparse
+import base64
+import requests
+import ujson
+import hashlib
+import logging
+import os
+import re
+
+LOG_LEVEL = os.environ.get("LOG_LEVEL", "INFO")
+
+REPO_FILE = os.environ.get("REPO_FILE", "bcs-ops.tar.gz")
+SOPS_FILE = os.environ.get("SOPS_FILE", "bcs_bk_sops_common.dat")
+SOPS_PAT = os.environ.get("SOPS_PAT", r"SCRIPT_URL_PLACEHOLDER")
+
+BKAPI_HOST = os.environ["BKAPI_HOST"]
+APP_CODE = os.environ["APP_CODE"]
+APP_SECRET = os.environ["APP_SECRET"]
+
+REPO_HOST = os.environ["REPO_HOST"]
+REPO_PROJECT = os.environ["REPO_PROJECT"]
+REPO_BUCKET = os.environ["REPO_BUCKET"]
+REPO_PATH = os.environ["REPO_PATH"]
+REPO_USER = os.environ["REPO_USER"]
+REPO_PASSWD = os.environ["REPO_PASSWD"]
+
+
+def bkrepo_upload(file: str, bkrepo_url: str, override: bool = True) -> bool:
+    with open(file, "rb") as f:
+        content = f.read()
+        content_hash = hashlib.md5(content).hexdigest()
+
+        headers = {
+            "X-BKREPO-OVERWRITE": str(override).lower(),
+            "X-BKREPO-MD5": content_hash,
+        }
+        response = requests.put(
+            bkrepo_url, auth=(REPO_USER, REPO_PASSWD), headers=headers, data=content
+        )
+        if response.status_code == 200:
+            logging.info(f"Upload {file} to {bkrepo_url} succeeded.")
+            return True
+        else:
+            logging.error(
+                f"http_code: {response.status_code}, Upload {file} to {bkrepo_url} failed: {response.text}"
+            )
+            return False
+
+
+class SOPS_UPLOAD_API:
+    def __init__(
+        self, file: str, paas_host: str, app_code: str, app_secret: str
+    ) -> None:
+        self.url = f"http://{paas_host}/api/c/compapi/v2/sops/import_common_template/"
+        self.salt = r"821a11587ea434eb85c2f5327a90ae54"
+        self.app_code = app_code
+        self.app_secret = app_secret
+        self.file = file
+        with open(self.file, "rb") as f:
+            self.data = f.read()
+            self._b64dec_unmarshal()
+
+    def replace_data(self, sub_pat: str, sub_str: str) -> None:
+        if sub_pat == "":
+            logging.warn(f"missing sub_pat, skip replace")
+            self._b64en_salt_marshal()
+            return
+        logging.debug(f"sub_pat: {sub_pat}, sub_str: {sub_str}")
+        if isinstance(self.data, dict):
+            self.data = ujson.dumps(self.data, sort_keys=True)
+        if re.search(sub_pat, self.data):
+            self.data = re.sub(sub_pat, sub_str, self.data)
+        else:
+            logging.warn(f"data not found: {sub_pat}")
+        self.data = ujson.loads(self.data)
+        self._b64en_salt_marshal()
+
+    def _b64dec_unmarshal(self) -> None:
+        self.data = ujson.loads(base64.b64decode(self.data).decode("utf-8"))
+
+    def _b64en_salt_marshal(self) -> None:
+        if isinstance(self.data, str):
+            self.data = ujson.loads(self.data)
+        template_data_string = (
+            ujson.dumps(self.data["template_data"], sort_keys=True) + self.salt
+        ).encode("utf-8")
+        digest = hashlib.md5(template_data_string).hexdigest()
+        self.data["digest"] = digest
+        self.data = base64.b64encode(
+            ujson.dumps(self.data, sort_keys=True).encode("utf-8")
+        ).decode("utf-8")
+
+    def upload(self, override: bool = True) -> bool:
+        # 构建请求数据
+        data = {
+            "bk_app_code": self.app_code,
+            "bk_app_secret": self.app_secret,
+            "bk_username": "admin",
+            "template_data": self.data,
+            "override": override,
+        }
+        headers = {"Content-Type": "application/json", "cache-control": "no-cache"}
+        # 发送 POST 请求
+        response = requests.post(self.url, headers=headers, data=ujson.dumps(data))
+        if response.status_code == 200:
+            response_obj = ujson.loads(response.content)
+            if response_obj["result"] == True:
+                logging.info(f"Upload succeeded: {self.file}")
+                return True
+        logging.error(f"Upload failed: {response.text}")
+        return False
+
+
+def main():
+    # set log-level
+    logging.basicConfig(level=LOG_LEVEL)
+
+    # bkrepo_url
+    bkrepo_url = f"http://{REPO_HOST}/generic/{REPO_PROJECT}/{REPO_BUCKET}/{REPO_PATH}/{os.path.basename(REPO_FILE)}"
+    logging.debug(f"bkrepo_url: {bkrepo_url}")
+    # bcs sops file
+
+    parser = argparse.ArgumentParser(description="Upload bcs scripts package to bkrepo")
+    parser.add_argument(
+        "upload",
+        choices=["bkrepo", "sops"],
+        type=str,
+        default="bkrepo",
+        help="upload to [sops] or [bkrepo]",
+    )
+    args = parser.parse_args()
+    if args.upload:
+        if args.upload == "bkrepo":
+            bkrepo_upload(REPO_FILE, bkrepo_url, override=True)
+        elif args.upload == "sops":
+            s = SOPS_UPLOAD_API(SOPS_FILE, BKAPI_HOST, APP_CODE, APP_SECRET)
+            s.replace_data(SOPS_PAT, bkrepo_url)
+            s.upload()
+        else:
+            raise ValueError(
+                "Invalid choice for upload, please choose either 'sops' or 'bkrepo'"
+            )
+
+
+if __name__ == "__main__":
+    main()
diff --git a/bcs-ops/system/config_envfile.sh b/bcs-ops/system/config_envfile.sh
@@ -46,6 +46,7 @@ version() {
 
 # default env value in function `init_env`
 init_env() {
+  trap "utils::on_ERR;" ERR
   # host
   BK_HOME=${BK_HOME:-"/data/bcs"}
   K8S_IPv6_STATUS=${K8S_IPv6_STATUS:-"Disable"}
@@ -94,7 +95,7 @@ init_env() {
   local kubectl_extra_args
   kubectl_extra_args="allowed-unsafe-sysctls: 'net.ipv4.tcp_tw_reuse'"
   K8S_EXTRA_ARGS=${K8S_EXTRA_ARGS:-${kubectl_extra_args}}
-  ## if BCS_CP_WORKER==0, then untaint master
+  ## if BCS_CP_WORKER==1, means single master cluster, then untaint master
   BCS_CP_WORKER=${BCS_CP_WORKER:-0}
 
   # csi
@@ -286,6 +287,7 @@ $(
   )
 K8S_CNI="${K8S_CNI}"
 K8S_EXTRA_ARGS="${K8S_EXTRA_ARGS}"
+## if BCS_CP_WORKER==1, means single master cluster, then untaint master
 BCS_CP_WORKER="${BCS_CP_WORKER}"
 
 # csi