Merge pull request alibaba#228 from alibaba/master

Master
josephinemadeleine2 · Jun 17, 2023 · be42224 · be42224
2 parents 1bbd8b9 + 206030a
commit be42224
Show file tree

Hide file tree

Showing 45 changed files with 398 additions and 207 deletions.
diff --git a/build.sh b/build.sh
@@ -82,7 +82,7 @@ target_migrate(){
         echo "-- build sw-migrate --" >&2
         TMP_DOCKERFILE="/tmp/${RANDOM}.dockerfile"
         envsubst < $SW_ROOT/paas/migrate/Dockerfile.tpl > ${TMP_DOCKERFILE}
-        docker build -t sw-migrate:$tag --pull --no-cache -f ${TMP_DOCKERFILE} $SW_ROOT/paas/migrate
+        docker build -t sw-migrate:$tag -f ${TMP_DOCKERFILE} $SW_ROOT/paas/migrate
         docker tag sw-migrate:$tag sw-migrate:latest
     fi
     if [ -n "$PUSH_REPO" ]; then
@@ -98,7 +98,7 @@ target_progress_check(){
         echo "-- build sw-progress-check --" >&2
         TMP_DOCKERFILE="/tmp/${RANDOM}.dockerfile"
         envsubst < $SW_ROOT/paas/progress-check/Dockerfile.tpl > ${TMP_DOCKERFILE}
-        docker build -t sw-progress-check:$tag --pull --no-cache -f ${TMP_DOCKERFILE} $SW_ROOT/paas/progress-check
+        docker build -t sw-progress-check:$tag -f ${TMP_DOCKERFILE} $SW_ROOT/paas/progress-check
         docker tag sw-progress-check:$tag sw-progress-check:latest
     fi
     if [ -n "$PUSH_REPO" ]; then
@@ -112,7 +112,7 @@ target_openjdk8(){
     [ -n "$TAG" ] && tag=$TAG || tag="latest"
     if [ -n "$BUILD" ]; then
         echo "-- build sw-openjdk8-jre --" >&2
-        docker build -t sw-openjdk8-jre:$tag --pull --no-cache -f $SW_ROOT/paas/openjdk8-jre/Dockerfile $SW_ROOT/paas/openjdk8-jre
+        docker build -t sw-openjdk8-jre:$tag -f $SW_ROOT/paas/openjdk8-jre/Dockerfile $SW_ROOT/paas/openjdk8-jre
         docker tag sw-openjdk8-jre:$tag sw-openjdk8-jre:latest
     fi
     if [ -n "$PUSH_REPO" ]; then
@@ -128,7 +128,7 @@ target_postrun(){
         echo "-- build sw-postrun --" >&2
         TMP_DOCKERFILE="/tmp/${RANDOM}.dockerfile"
         envsubst < $SW_ROOT/paas/postrun/Dockerfile.tpl > ${TMP_DOCKERFILE}
-        docker build -t sw-postrun:$tag --pull --no-cache -f ${TMP_DOCKERFILE} $SW_ROOT/paas/postrun
+        docker build -t sw-postrun:$tag -f ${TMP_DOCKERFILE} $SW_ROOT/paas/postrun
         docker tag sw-postrun:$tag sw-postrun:latest
     fi
     if [ -n "$PUSH_REPO" ]; then

diff --git a/chart/sreworks-chart/charts/appmanager/templates/cluster-initjob.yaml b/chart/sreworks-chart/charts/appmanager/templates/cluster-initjob.yaml
@@ -14,6 +14,7 @@ spec:
       labels:
         name: appmanager-cluster-initjob
     spec:
+      serviceAccountName: appmanager-account
       containers:
       - name: job
         image: {{ template "images.clusterInitJob" . }}

diff --git a/chart/sreworks-chart/charts/appmanager/templates/operator-deployment.yaml b/chart/sreworks-chart/charts/appmanager/templates/operator-deployment.yaml
@@ -14,6 +14,7 @@ spec:
       labels:
         control-plane: controller-manager
     spec:
+      serviceAccountName: appmanager-operator-account
       containers:
       - args:
         - --secure-listen-address=0.0.0.0:8443
@@ -44,3 +45,8 @@ spec:
             cpu: 500m
             memory: 512Mi
       terminationGracePeriodSeconds: 10
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: appmanager-operator-account
diff --git a/chart/sreworks-chart/charts/appmanager/templates/rbac.yaml b/chart/sreworks-chart/charts/appmanager/templates/rbac.yaml
@@ -1,9 +1,8 @@
 {{ if eq .Values.server.rbac "default" }}
 apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
+kind: ClusterRole
 metadata:
   name: appmanager-operator-leader-election-role
-  namespace: {{ .Release.Namespace }}
 rules:
 - apiGroups:
   - ""
@@ -44,10 +43,9 @@ rules:
   - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
+kind: ClusterRole
 metadata:
   name: appmanager-operator-manager-role
-  namespace: {{ .Release.Namespace }}
 rules:
 - apiGroups:
   - apps
@@ -209,10 +207,9 @@ rules:
   - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
+kind: ClusterRole
 metadata:
   name: appmanager-operator-proxy-role
-  namespace: {{ .Release.Namespace }}
 rules:
 - apiGroups:
   - authentication.k8s.io
@@ -228,44 +225,110 @@ rules:
   - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
+kind: Role
 metadata:
-  name: appmanager-operator-leader-election-rolebinding
+  name: appmanager-role
   namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: appmanager-cluster-role
+rules:
+- apiGroups: ["*"]
+  resources: ["clusterroles","clusterrolebindings"]
+  verbs: ["*"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: sreworks-base-role
+rules:
+- apiGroups: ["*"]
+  resources: ["services"]
+  verbs: ["list","get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: appmanager-operator-leader-election-rolebinding
 roleRef:
+  kind: ClusterRole
   apiGroup: rbac.authorization.k8s.io
-  kind: Role
   name: appmanager-operator-leader-election-role
 subjects:
 - kind: ServiceAccount
-  name: default
+  name: appmanager-operator-account
   namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
+kind: ClusterRoleBinding
 metadata:
   name: appmanager-operator-manager-rolebinding
-  namespace: {{ .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind: Role
+  kind: ClusterRole
   name: appmanager-operator-manager-role
 subjects:
 - kind: ServiceAccount
-  name: default
+  name: appmanager-operator-account
   namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
+kind: ClusterRoleBinding
 metadata:
   name: appmanager-operator-proxy-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: appmanager-operator-proxy-role
+subjects:
+- kind: ServiceAccount
+  name: appmanager-operator-account
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: appmanager-rolebinding
   namespace: {{ .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: appmanager-operator-proxy-role
+  name: appmanager-role
+subjects:
+- kind: ServiceAccount
+  name: appmanager-account
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: appmanager-cluster-rolebinding
+roleRef:
+  kind: ClusterRole
+  name: appmanager-cluster-role
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+- kind: ServiceAccount
+  name: appmanager-account
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: sreworks-base-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: sreworks-base-role
 subjects:
 - kind: ServiceAccount
   name: default
   namespace: {{ .Release.Namespace }}
-{{ end }} 
+{{ end }}
diff --git a/chart/sreworks-chart/charts/appmanager/templates/server-configmap.yaml b/chart/sreworks-chart/charts/appmanager/templates/server-configmap.yaml
@@ -15,6 +15,7 @@ data:
   APPMANAGER_DB_USER: {{ .Values.server.database.user | quote }}
   APPMANAGER_DB_PASSWORD: {{ .Values.server.database.password | quote }}
   APPMANAGER_DB_NAME: {{ .Values.server.database.name | default "appmanager" | quote }}
+  APPMANAGER_DAG_LOCAL_POOL_SIZE: "100"
   APPMANAGER_PACKAGE_DRIVER: {{ .Values.server.package.driver | quote }}
   APPMANAGER_PACKAGE_ENDPOINT: {{ template "server.package.endpoint" . }}
   APPMANAGER_PACKAGE_ENDPOINT_PROTOCOL: {{ .Values.server.package.endpointProtocol| default "http://" | quote }}
@@ -32,7 +33,7 @@ data:
   APPMANAGER_ACCESS_SECRET: {{ .Values.server.accessSecret | quote }}
   APPMANAGER_CLIENT_ID: {{ .Values.server.clientId | quote }}
   APPMANAGER_CLIENT_SECRET: {{ .Values.server.clientSecret | quote }}
-  APPMANAGER_JWT_SECRET_KEY: {{ .Values.server.jwtSecretKey | quote }}
+  APPMANAGER_JWT_SECRET_KEY: {{ required "appmanager.server.jwtSecretKey is required"  .Values.server.jwtSecretKey | quote }}
   CLOUD_TYPE: {{ .Values.server.cloudType | default "PaaS" | quote }}
   JVM_XMX: {{ .Values.server.jvmXMX | default "4000m" | quote }}
   DOCKER_HOST: {{ .Values.server.docker.host | default "tcp://127.0.0.1:2375" | quote }}

diff --git a/chart/sreworks-chart/charts/appmanager/templates/server-deployment.yaml b/chart/sreworks-chart/charts/appmanager/templates/server-deployment.yaml
@@ -13,6 +13,7 @@ spec:
       labels:
         name: {{ template "name.server" . }}
     spec:
+      serviceAccountName: appmanager-account
       initContainers:
         - name: server-init
           image: {{ template "images.dbMigration" . }}
@@ -43,4 +44,12 @@ spec:
 
           securityContext:
             privileged: true
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: appmanager-account
+
 {{- end -}}
diff --git a/chart/sreworks-chart/charts/appmanager/values.yaml b/chart/sreworks-chart/charts/appmanager/values.yaml
@@ -18,7 +18,7 @@ images:
 
 server:
   sreworksEnvs: false
-  rbac: admin
+  rbac: default
   database:
     #host: 
     port: 3306
@@ -48,7 +48,7 @@ server:
   accessSecret: yJfIYmjAiCL0ondV3kY7e5x6kVTpvC3h
   clientId: superclient
   clientSecret: stLCjCPKbWmki65DsAj2jPoeBLPimpJa
-  jwtSecretKey: 3d8e06065426
+  #jwtSecretKey: 3d8e06065426
   kafkaBrokerPort: 9092
   enableAuth: true
   docker:

diff --git a/chart/sreworks-chart/templates/ext-namespace.yaml b/chart/sreworks-chart/templates/ext-namespace.yaml
@@ -11,4 +11,60 @@ kind: Namespace
 metadata:
   name: {{ template "aiops.namespace" . }}
 
+--- 
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: appmanager-role
+  namespace: {{ template "dataops.namespace" . }}
+rules:
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["*"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: appmanager-role
+  namespace: {{ template "aiops.namespace" . }}
+rules:
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["*"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: appmanager-rolebinding
+  namespace: {{ template "aiops.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: appmanager-role
+subjects:
+- kind: ServiceAccount
+  name: appmanager-account
+  namespace: {{ .Release.Namespace }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: appmanager-rolebinding
+  namespace: {{ template "dataops.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: appmanager-role
+subjects:
+- kind: ServiceAccount
+  name: appmanager-account
+  namespace: {{ .Release.Namespace }}
+
+
 {{- end -}}
diff --git a/.../app/appdev-server/src/main/java/io/sreworks/appdev/server/controllers/AppController.java b/.../app/appdev-server/src/main/java/io/sreworks/appdev/server/controllers/AppController.java
@@ -256,8 +256,19 @@ public TeslaBaseResult getAppInstanceAction(Long appInstanceId) throws IOExcepti
         return buildSucceedResult(ret);
     }
 
-//    @ApiOperation(value = "getComponents")
-//    @RequestMapping(value = "getComponents", method = RequestMethod.GET)
+    @ApiOperation(value = "application-configurations/types")
+    @RequestMapping(value = "application-configurations/types", method = RequestMethod.GET)
+    public TeslaBaseResult getApplicationConfigurationTypes(
+            String appId,
+            @RequestHeader(value = "X-Biz-App", required = false) String headerBizApp
+    ) throws IOException, ApiException {
+        log.info(headerBizApp);
+        JSONObject data = appmanagerService.getApplicationConfigurationTypes(appId, headerBizApp);
+        JSONArray components = appmanagerComponentService.getComponents(appId, headerBizApp);
+        data.put("components", components);
+        return buildSucceedResult(data);
+    }
+
 //    public TeslaBaseResult getComponents(Long appId, @RequestHeader(value = "X-Biz-App", required = false) String headerBizApp) throws IOException {
 //        if (appId == null) {
 //            return buildSucceedResult(new ArrayList<>());

diff --git a/...v-server/src/main/java/io/sreworks/appdev/server/services/AppmanagerComponentService.java b/...v-server/src/main/java/io/sreworks/appdev/server/services/AppmanagerComponentService.java
@@ -11,6 +11,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 
+import java.io.IOException;
 import java.util.List;
 
 @Slf4j
@@ -40,6 +41,15 @@ public JSONArray list(String appId, String user) throws Exception {
         return JSONArray.parseArray(JSON.toJSONString(components));
     }
 
+    public JSONArray getComponents(String appId, String headerBizApp) throws IOException {
+        String url = AppmanagerServiceUtil.getEndpoint() + "/apps/" + appId + "/components";
+        JSONObject headers = new JSONObject();
+        if (headerBizApp != null){
+            headers.put("X-Biz-App", headerBizApp);
+        }
+        return new Requests(url).headers(headers).get().getJSONObject().getJSONArray("data");
+    }
+
     public Long count(String appId, String user)  throws Exception {
         Long componentCnt = Long.valueOf(0);
         log.info("GET " + AppmanagerServiceUtil.getEndpoint() + "/apps/" + appId + "/components");