diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml index e964a96..4f6f976 100644 --- a/.github/workflows/package.yml +++ b/.github/workflows/package.yml @@ -45,6 +45,7 @@ jobs: owner: ModelEngine-Group repository: 'DataMate' access-token: ${{ secrets.ACCESS_TOKEN }} + branch: 'add-oms-authentication' - name: DataMate Package run: | diff --git a/tools/install.sh b/tools/install.sh index 89629cb..0470c5f 100644 --- a/tools/install.sh +++ b/tools/install.sh @@ -39,6 +39,7 @@ SKIP_LOAD=false INSTALL_MILVUS=true INSTALL_LABEL_STUDIO=true EXECUTE_HAPROXY=true +REAL_IP_MODE=proxy_protocol # --- 脚本内部变量 --- @@ -126,6 +127,10 @@ function read_value() { sed -i "s/type: ClusterIP/type: NodePort/g" "$VALUES_FILE" sed -i "s/^\(\s*nodePort:\s*\).*/\1${NODE_PORT}/" "$VALUES_FILE" fi + + if [ -n "${REAL_IP_MODE}" ]; then + sed -i "/- name: REAL_IP_MODE/{n;s/value: \".*\"/value: \"$REAL_IP_MODE\"/}" "$VALUES_FILE" + fi } function read_storage_value() { @@ -264,7 +269,8 @@ function add_nginx_route_to_haproxy() { nginx_service_ip=$(kubectl get svc datamate-frontend -n "${NAMESPACE}" -o=jsonpath='{.spec.clusterIP}') ## 更新 datamate 转发规则, 保存到 cluster_info_new.json - if ! python3 "${UTILS_PATH}"/config_haproxy.py update -n "${NAMESPACE}" -p "${PORT}" -b "${nginx_service_ip}" -a "${ADDRESS_TYPE}" -P "3000" -m "datamate"; then + if ! python3 "${UTILS_PATH}"/config_haproxy.py update -n "${NAMESPACE}" -p "${PORT}" -b "${nginx_service_ip}" \ + -a "${ADDRESS_TYPE}" -P "3000" -m "datamate" --real-ip-mode "${REAL_IP_MODE}"; then log_error "Add nginx route to haproxy failed" exit 1 fi @@ -277,7 +283,8 @@ function add_label_studio_route_to_haproxy() { label_studio_service_ip=$(kubectl get svc label-studio -n "${NAMESPACE}" -o=jsonpath='{.spec.clusterIP}') ## 更新 datamate 转发规则, 保存到 cluster_info_new.json - if ! python3 "${UTILS_PATH}"/config_haproxy.py update -n "${NAMESPACE}" -p $((PORT + 1)) -b "${label_studio_service_ip}" -a "${ADDRESS_TYPE}" -P "8000" -m "label-studio"; then + if ! python3 "${UTILS_PATH}"/config_haproxy.py update -n "${NAMESPACE}" -p $((PORT + 1)) -b "${label_studio_service_ip}" \ + -a "${ADDRESS_TYPE}" -P "8000" -m "label-studio" --real-ip-mode "${REAL_IP_MODE}"; then log_error "Add label studio route to haproxy failed" exit 1 fi @@ -309,6 +316,7 @@ function main() { --package) PACKAGE_PATH="$2"; shift 2 ;; --skip-haproxy) EXECUTE_HAPROXY=false; shift ;; --node-port) NODE_PORT="$2"; shift 2 ;; + --real-ip-mode) REAL_IP_MODE="$2"; shift 2 ;; -h|--help) print_help "${SCRIPT_PATH}"; exit 0 ;; *) log_info "错误: 未知参数: $1"; shift ;; esac diff --git a/tools/utils/config_haproxy.py b/tools/utils/config_haproxy.py index 6873327..8e5bb1c 100644 --- a/tools/utils/config_haproxy.py +++ b/tools/utils/config_haproxy.py @@ -87,7 +87,7 @@ def get_json_data(self): return None def update_haproxy_data(self, namespace, current_haproxy, front_ip, front_port, backend_ip, backend_port, - address_type, module_name): + address_type, module_name, real_ip_mode): # 将当前配置分割成行 lines = current_haproxy.splitlines() updated_lines = [] @@ -123,6 +123,7 @@ def update_haproxy_data(self, namespace, current_haproxy, front_ip, front_port, # 添加新配置到文件末尾 logger.info(f'在文件末尾添加新的配置') + send_proxy = " send-proxy" if real_ip_mode == "proxy_protocol" else "" if address_type == "management": if front_ip is None: front_ip = '{{.ApisvrFrontVIP}}' @@ -138,7 +139,7 @@ def update_haproxy_data(self, namespace, current_haproxy, front_ip, front_port, f" default-server inter 2s downinter 5s rise 2 fall 2 slowstart 60s maxconn 2000 maxqueue" f" 200 weight 100", f" balance roundrobin", - f" server app0 {backend_ip}:{backend_port}", + f" server app0 {backend_ip}:{backend_port}{send_proxy}", f" mode tcp", f"{section_end}", ]) @@ -157,7 +158,7 @@ def update_haproxy_data(self, namespace, current_haproxy, front_ip, front_port, f" default-server inter 2s downinter 5s rise 2 fall 2 slowstart 60s maxconn 2000 maxqueue" f" 200 weight 100", f" balance roundrobin", - f" server app0 {backend_ip}:{backend_port}", + f" server app0 {backend_ip}:{backend_port}{send_proxy}", f" mode tcp", f"{section_end}", ]) @@ -166,7 +167,8 @@ def update_haproxy_data(self, namespace, current_haproxy, front_ip, front_port, new_haproxy_content = '\n'.join(updated_lines) return new_haproxy_content - def update(self, namespace, front_ip, front_port, backend_ip, backend_port, address_type, module_name): + def update(self, namespace, front_ip, front_port, backend_ip, backend_port, address_type, module_name, + real_ip_mode): if not self.dump(): logger.error("dump cluster info failed.") return False @@ -179,7 +181,7 @@ def update(self, namespace, front_ip, front_port, backend_ip, backend_port, addr # 更新 haproxy 配置数据 new_haproxy_content = self.update_haproxy_data(namespace, current_haproxy, front_ip, front_port, backend_ip, - backend_port, address_type, module_name) + backend_port, address_type, module_name, real_ip_mode) # 更新配置数据 config_data['data']['haproxy'] = new_haproxy_content @@ -273,6 +275,8 @@ def parse_args(): parser_obj.add_argument('-a', '--address-type', dest="address_type", default="management", type=str, help='use management id or business ip') parser_obj.add_argument('-m', '--module', required=False, default="datamate", type=str, help='module name') + parser_obj.add_argument('--real-ip-mode', required=False, default="off", type=str, + help='enable forwarding real ip') return parser.parse_args() @@ -282,7 +286,7 @@ def parse_args(): operator = ClusterInfoOperator() if args.command == 'update': operator.update(args.namespace, args.frontend_ip, args.frontend_port, args.backend_ip, args.backend_port, - address_type=args.address_type, module_name=args.module) + address_type=args.address_type, module_name=args.module, real_ip_mode=args.real_ip_mode) operator.clear() else: print("Illegal command!")