Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: update apiserver python version to 3.11.10 #1655

Merged
merged 22 commits into from
Oct 21, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
e96bdd6
feat: update apiserver python version to 3.11.10
narasux Oct 12, 2024
d827aa6
feat: update Dockerfile
narasux Oct 12, 2024
06a84e8
Merge branch 'main' of https://github.com/TencentBlueKing/blueking-pa…
narasux Oct 12, 2024
78783b7
feat: update requests to 2.32.3
narasux Oct 12, 2024
d70a95f
feat: update pyproject.toml
narasux Oct 12, 2024
41faf76
feat: update Dockerfile
narasux Oct 12, 2024
4aefe45
feat: lock cryptography to 42.0.5
narasux Oct 12, 2024
56b1d16
feat: update elasticsearch to 7.17.12
narasux Oct 12, 2024
831691b
fix: aenum's stricter checks causing extend_enum to fail
narasux Oct 12, 2024
f747657
fix: update attrs to 22.1.0
narasux Oct 14, 2024
4da0ef0
refactor: add StrEnum & IntEnum
narasux Oct 14, 2024
12907a8
fix: add AccessTokenHolderError
narasux Oct 14, 2024
499948d
Merge branch 'main' of https://github.com/TencentBlueKing/blueking-pa…
narasux Oct 14, 2024
3c08009
Merge branch 'main' of https://github.com/TencentBlueKing/blueking-pa…
narasux Oct 15, 2024
80221bb
fix: update enum classes
narasux Oct 15, 2024
f435878
Merge branch 'main' of https://github.com/TencentBlueKing/blueking-pa…
narasux Oct 15, 2024
251747d
fix: resolve #1655 conversations
narasux Oct 17, 2024
7a75f13
feat: update blue_krill to 2.0.7
narasux Oct 21, 2024
65e8449
Merge branch 'main' of https://github.com/TencentBlueKing/blueking-pa…
narasux Oct 21, 2024
8d8f42a
fix: enum type
narasux Oct 21, 2024
e4fb38f
fix: type error
narasux Oct 21, 2024
b4df341
Merge branch 'main' of https://github.com/TencentBlueKing/blueking-pa…
narasux Oct 21, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 5 additions & 17 deletions apiserver/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -22,29 +22,19 @@ ADD ./configs ./configs
RUN EDITION=${EDITION} npm run build

################# PaaS #################
FROM python:3.8.13-slim-buster
FROM python:3.11.10-slim-bullseye
USER root

RUN apt-get update && apt-get install -y gcc subversion ssh default-libmysqlclient-dev pkg-config vim
RUN apt-get update && apt-get install -y gcc subversion ssh default-libmysqlclient-dev pkg-config vim git
SheepSheepChen marked this conversation as resolved.
Show resolved Hide resolved

# Add buster-backports to sources.list
RUN echo "deb http://archive.debian.org/debian buster-backports main" >> /etc/apt/sources.list
# Install git from backports, because the version(git:v2.20.1) in buster will leak usernames from the url
# And this bug is fixed in v2.22.0, so we should install git from buster-backports, which is v2.30.2-1
# See more info at: https://packages.debian.org/buster-backports/git
#
# Update(2024-05-07): The GitClient class has added a new logic to remove sensitive information
# in the git command output, so a newer git version is no longer required to fix the username leakage.
RUN apt-get update && apt-get -y install -t buster-backports git

RUN mkdir ~/.pip && printf '[global]\nindex-url = https://mirrors.cloud.tencent.com/pypi/simple/\n' > ~/.pip/pip.conf
narasux marked this conversation as resolved.
Show resolved Hide resolved
RUN mkdir ~/.pip && printf '[global]\nindex-url = https://mirrors.cloud.tencent.com/pypi/simple/\n' > ~/.pip/pip.conf

ENV LC_ALL=C.UTF-8 \
LANG=C.UTF-8

RUN pip install --upgrade 'pip<24.1'

RUN pip install poetry==1.3.2
RUN pip install poetry==1.8.3

# Change security level of openssl to lower value in order to avoid "CA_MD_TOO_WEAK" error
# See https://stackoverflow.com/questions/52218876/how-to-fix-ssl-issue-ssl-ctx-use-certificate-ca-md-too-weak-on-python-zeep?rq=1
Expand All @@ -56,8 +46,7 @@ ADD ./pyproject.toml .
ADD ./poetry.lock .

# Install dependecies in system
# Disable "new installer" to fix https://github.com/python-poetry/poetry/issues/6301
RUN poetry config virtualenvs.create false && poetry config experimental.new-installer false && poetry install --no-dev
RUN poetry config virtualenvs.create false && poetry install --no-dev

ARG BKPAAS_BUILD_VERSION="tag: null, commitID: ^HEAD, buildID: null, buildTime: null"
ENV BKPAAS_BUILD_VERSION=${BKPAAS_BUILD_VERSION}
Expand All @@ -67,7 +56,6 @@ RUN mkdir -p ./public
COPY --from=admin42 /build/paasng/public ./public
ADD ./paasng .


# Add extra files: static assets & I18N .mo translation file.

# "gettext" package is required for running "compilemessages"
Expand Down
2 changes: 1 addition & 1 deletion apiserver/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ init-pre-commit: ## 初始化 pre-commit
pre-commit install

init-py-dep: ## 初始化 python 依赖包
pip install poetry==1.3.2
pip install poetry==1.8.3
poetry install

init-node-dep: ## 初始化 nodejs
Expand Down
27 changes: 9 additions & 18 deletions apiserver/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,16 +28,16 @@ apiserver 为 blueking-paas 项目的主控模块。

### 准备 Python 开发环境

1. 安装 Python 3.8
1. 安装 Python 3.11

我们推荐使用 [pyenv](https://github.com/pyenv/pyenv) 管理本地的 python 环境

- 依照 [相关指引](https://github.com/pyenv/pyenv#getting-pyenv) 安装 pyenv

- 使用 pyenv 安装 Python 3.8
- 使用 pyenv 安装 Python 3.11

```shell
❯ pyenv install 3.8.13
❯ pyenv install 3.11.10
```

2. 安装项目依赖
Expand All @@ -62,11 +62,12 @@ apiserver 项目的管理端(Admin42)使用 Nodejs 进行开发, 如需开
1. 安装 [Nodejs](https://github.com/nodejs),推荐使用 v14.21.1 版本

我们推荐使用 [nvm](https://github.com/nvm-sh/nvm) 管理本地的 nodejs 环境

- 依照 [相关指引](https://github.com/nvm-sh/nvm#installing-and-updating) 安装 nvm
- 使用 nvm 安装 nodejs 14

```shell
❯ nvm install 14
❯ nvm install 14
```

2. 安装项目依赖
Expand Down Expand Up @@ -185,17 +186,17 @@ Nodejs 组件开发模式与常规的 Nodejs 项目无异, 但为了更方便地
本项目未使用任何 `JavaScript 模块化技术`, 即所有组件都需要自行往 `window` 对象挂载, 例如:

```javascript
import Vue from 'vue'
import Vue from "vue";

window.Vue = Vue
window.Vue = Vue;
```

否则, `Django Template` 将无法直接使用 Nodejs 中的组件。

#### Template 页面开发指引

Template 页面开发模式与常规的 Django 项目无异, 但是使用了 [Vuejs](https://cn.vuejs.org/)
和 [MagicBox Vue组件库](https://magicbox.bk.tencent.com/static_api/v3/components_vue/2.0/example/index.html#/)
和 [MagicBox Vue 组件库](https://magicbox.bk.tencent.com/static_api/v3/components_vue/2.0/example/index.html#/)
完成前端的功能开发。

在开发新的 Template 模板时应该遵循以下规范:
Expand Down Expand Up @@ -242,7 +243,7 @@ class SysBkPluginLogsViewset(viewsets.ViewSet):
要点如下:

1. 使用 `@ForceAllowAuthedApp.mark_view_set` 装饰视图类后,如果请求携带了经认证的有效应用身份(经由 API 网关完成认证与权限校验),平台将自动创建一个角色为 `SYSTEM_API_BASIC_READER` 的系统账号,由它完成请求。
- 后续如需要调整该账号的角色,可在 PaaS Admin 中完成。
- 后续如需要调整该账号的角色,可在 PaaS Admin 中完成。
2. 使用 `@site_perm_required` 装饰视图函数,以保证请求只允许那些拥有系统级权限的账号访问(**非常重要,因为系统 API 一般都是用户无关,极容易发生越权问题。**)

## FAQ
Expand All @@ -251,16 +252,6 @@ class SysBkPluginLogsViewset(viewsets.ViewSet):

如果在安装 docker 时, 安装了 docker-compose-plugin, 需要修改'blueking-paas/apiserver/dev_utils/bundle/start.sh' 中的 docker-compose 改为 docker compose

### poetry install 时 hash 值对不上问题

先执行

```shell
poetry config experimental.new-installer false
```

再重新执行 poetry install 即可

### admin42 页面 403 问题

需要进入数据库执行以下命令
Expand Down
27 changes: 8 additions & 19 deletions apiserver/dev_utils/unittest/Dockerfile.devops.unittest
Original file line number Diff line number Diff line change
Expand Up @@ -22,41 +22,30 @@ ADD ./configs ./configs
RUN EDITION=${EDITION} npm run build

################# PaaS #################
FROM python:3.8.13-slim-buster
FROM python:3.11.10-slim-bullseye
USER root

RUN apt-get update && apt-get install -y gcc subversion ssh default-libmysqlclient-dev pkg-config vim
RUN apt-get update && apt-get install -y gcc subversion ssh default-libmysqlclient-dev pkg-config vim git

# Add buster-backports to sources.list
RUN echo "deb http://archive.debian.org/debian buster-backports main" >> /etc/apt/sources.list
# Install git from backports, because the version(git:v2.20.1) in buster will leak usernames from the url
# And this bug is fixed in v2.22.0, so we should install git from buster-backports, which is v2.30.2-1
# See more info at: https://packages.debian.org/buster-backports/git
#
# Update(2024-05-07): The GitClient class has added a new logic to remove sensitive information
# in the git command output, so a newer git version is no longer required to fix the username leakage.
RUN apt-get update && apt-get -y install -t buster-backports git

RUN mkdir ~/.pip && printf '[global]\nindex-url = https://mirrors.cloud.tencent.com/pypi/simple/\n' > ~/.pip/pip.conf
RUN mkdir ~/.pip && printf '[global]\nindex-url = https://mirrors.cloud.tencent.com/pypi/simple/\n' > ~/.pip/pip.conf

ENV LC_ALL=C.UTF-8 \
LANG=C.UTF-8

RUN pip install --upgrade 'pip<24.1'

RUN pip install poetry==1.8.3

# Change security level of openssl to lower value in order to avoid "CA_MD_TOO_WEAK" error
# See https://stackoverflow.com/questions/52218876/how-to-fix-ssl-issue-ssl-ctx-use-certificate-ca-md-too-weak-on-python-zeep?rq=1
RUN sed -i "s/DEFAULT@SECLEVEL=2/DEFAULT@SECLEVEL=0/g" /etc/ssl/openssl.cnf

RUN pip install --upgrade pip
RUN pip install poetry==1.3.2

WORKDIR /app

ADD ./pyproject.toml .
ADD ./poetry.lock .

# Disable "new installer" to fix https://github.com/python-poetry/poetry/issues/6301
RUN poetry config virtualenvs.create false && poetry config experimental.new-installer false && poetry install

RUN poetry config virtualenvs.create false && poetry install

WORKDIR /app
ADD ./paasng ./paasng
Expand Down
2 changes: 1 addition & 1 deletion apiserver/paasng/conf.yaml.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
## 用于加密数据库内容的 Secret
# BKKRILL_ENCRYPT_SECRET_KEY: ''

## 选择加密数据库内容的算法,可选择:'SHANGMI' , 'CLASSIC',分别对应 'SM4CTR'和'Fernet' 算法
## 选择加密数据库内容的算法,可选值:'SHANGMI', 'CLASSIC',分别对应 'SM4CTR' 和 'FernetCipher' 算法
# BK_CRYPTO_TYPE : ''

## (Django)特定 Django 安装的密钥。用于提供 加密签名,默认值为:${BKKRILL_ENCRYPT_SECRET_KEY}
Expand Down
6 changes: 3 additions & 3 deletions apiserver/paasng/paas_wl/bk_app/applications/constants.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,10 @@
# We undertake not to change the open source license (MIT license) applicable
# to the current version of the project delivered to anyone in the future.

from blue_krill.data_types.enum import EnumField, StructuredEnum
from blue_krill.data_types.enum import EnumField, StrStructuredEnum


class WlAppType(str, StructuredEnum):
class WlAppType(StrStructuredEnum):
"""type of workloads app"""

DEFAULT = EnumField("default") # 默认类型:无任何定制逻辑
Expand All @@ -28,7 +28,7 @@ class WlAppType(str, StructuredEnum):
CLOUD_NATIVE = EnumField("cloud_native")


class ArtifactType(str, StructuredEnum):
class ArtifactType(StrStructuredEnum):
"""type of build artifact"""

SLUG = EnumField("slug")
Expand Down
36 changes: 12 additions & 24 deletions apiserver/paasng/paas_wl/bk_app/cnative/specs/constants.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
# We undertake not to change the open source license (MIT license) applicable
# to the current version of the project delivered to anyone in the future.

from blue_krill.data_types.enum import EnumField, StructuredEnum
from blue_krill.data_types.enum import EnumField, StrStructuredEnum
from django.utils.translation import gettext_lazy as _

# Default resource limitations for each process
Expand Down Expand Up @@ -66,14 +66,14 @@
PROC_SERVICES_ENABLED_ANNOTATION_KEY = "bkapp.paas.bk.tencent.com/proc-services-feature-enabled"


class ApiVersion(str, StructuredEnum):
class ApiVersion(StrStructuredEnum):
"""Kubernetes CRD API versions"""

V1ALPHA1 = "paas.bk.tencent.com/v1alpha1"
V1ALPHA2 = "paas.bk.tencent.com/v1alpha2"


class DeployStatus(str, StructuredEnum):
narasux marked this conversation as resolved.
Show resolved Hide resolved
class DeployStatus(StrStructuredEnum):
"""Cloud-native app's deployment statuses"""

PENDING = EnumField("pending", label=_("待实施"))
Expand All @@ -90,79 +90,67 @@ def is_stable(cls, val: "DeployStatus") -> bool:
return val in [DeployStatus.READY, DeployStatus.ERROR]


class DomainGroupSource(str, StructuredEnum):
class DomainGroupSource(StrStructuredEnum):
"""The source types for DomainGroup data"""

SUBDOMAIN = "subdomain"
SUBPATH = "subpath"
CUSTOM = "custom"


class MResConditionType(str, StructuredEnum):
class MResConditionType(StrStructuredEnum):
APP_AVAILABLE = EnumField("AppAvailable")
APP_PROGRESSING = EnumField("AppProgressing")
ADDONS_PROVISIONED = EnumField("AddOnsProvisioned")
HOOKS_FINISHED = EnumField("HooksFinished")


class ConditionStatus(str, StructuredEnum):
class ConditionStatus(StrStructuredEnum):
"""k8s metav1.ConditionStatus"""

TRUE = EnumField("True")
FALSE = EnumField("False")
UNKNOWN = EnumField("Unknown")


class MResPhaseType(str, StructuredEnum):
class MResPhaseType(StrStructuredEnum):
"""a label for the condition of a BkApp at the current time."""

AppPending = EnumField("Pending")
AppRunning = EnumField("Running")
AppFailed = EnumField("Failed")


class ScalingPolicy(str, StructuredEnum):
class ScalingPolicy(StrStructuredEnum):
"""ScalingPolicy is used to specify which policy should be used while scaling"""

# the default autoscaling policy (cpu utilization 85%)
DEFAULT = EnumField("default")

# simulate `ReprEnum` behavior to work well with DRF serializer
# see also:
# - https://docs.python.org/3/library/enum.html#enum.ReprEnum
# - https://docs.python.org/3/library/enum.html#enum.Enum.__str__
__str__ = str.__str__


class ResQuotaPlan(str, StructuredEnum):
class ResQuotaPlan(StrStructuredEnum):
"""ResQuotaPlan is used to specify process resource quota"""

P_DEFAULT = EnumField("default", label="default")
P_4C1G = EnumField("4C1G", label="4C1G")
P_4C2G = EnumField("4C2G", label="4C2G")
P_4C4G = EnumField("4C4G", label="4C4G")

# simulate `ReprEnum` behavior to work well with DRF serializer
# see also:
# - https://docs.python.org/3/library/enum.html#enum.ReprEnum
# - https://docs.python.org/3/library/enum.html#enum.Enum.__str__
__str__ = str.__str__


class MountEnvName(str, StructuredEnum):
class MountEnvName(StrStructuredEnum):
"""Environment name for managing mount volume"""

STAG = EnumField("stag", label="仅测试环境")
PROD = EnumField("prod", label="仅生产环境")
GLOBAL = EnumField("_global_", label="所有环境")


class VolumeSourceType(str, StructuredEnum):
class VolumeSourceType(StrStructuredEnum):
ConfigMap = EnumField("ConfigMap")
PersistentStorage = EnumField("PersistentStorage")


class PersistentStorageSize(str, StructuredEnum):
class PersistentStorageSize(StrStructuredEnum):
P_1G = EnumField("1Gi")
P_2G = EnumField("2Gi")
P_4G = EnumField("4Gi")
4 changes: 2 additions & 2 deletions apiserver/paasng/paas_wl/bk_app/dev_sandbox/entities.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,12 @@
from dataclasses import dataclass, field
from typing import Dict, List, Optional

from blue_krill.data_types.enum import EnumField, StructuredEnum
from blue_krill.data_types.enum import EnumField, StrStructuredEnum

from paas_wl.workloads.release_controller.constants import ImagePullPolicy


class HealthPhase(str, StructuredEnum):
class HealthPhase(StrStructuredEnum):
HEALTHY = EnumField("Healthy")
PROGRESSING = EnumField("Progressing")
UNHEALTHY = EnumField("Unhealthy")
Expand Down
4 changes: 2 additions & 2 deletions apiserver/paasng/paas_wl/bk_app/monitoring/bklog/constants.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
# We undertake not to change the open source license (MIT license) applicable
# to the current version of the project delivered to anyone in the future.

from blue_krill.data_types.enum import EnumField, StructuredEnum
from blue_krill.data_types.enum import EnumField, StrStructuredEnum

# 注解或标签中存储应用名称的键名
BKAPP_NAME_ANNO_KEY = "bkapp.paas.bk.tencent.com/name"
Expand All @@ -29,7 +29,7 @@
WLAPP_NAME_ANNO_KEY = "bkapp.paas.bk.tencent.com/wl-app-name"


class BkLogConfigType(str, StructuredEnum):
class BkLogConfigType(StrStructuredEnum):
STD_LOG = EnumField("std_log_config", label="标准输出日志")
CONTAINER_LOG = EnumField("container_log_config", label="容器日志")
NODE_LOG = EnumField("node_log_config", label="节点日志")
Loading