From e160c5257195889c4114ce994a565d5e853d0c13 Mon Sep 17 00:00:00 2001
From: z30057876 <zhouweitong@huawei.com>
Date: Fri, 25 Apr 2025 11:09:01 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0Chart=EF=BC=8C=E9=80=82?=
 =?UTF-8?q?=E9=85=8DAuthHub?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../authhub/configs/backend/copy-config.yml   |  8 +++----
 .../templates/backend/authhub-backend.yaml    | 24 +++++++++++--------
 deploy/secret_helper/Dockerfile               |  5 +++-
 deploy/secret_helper/file_copy.py             |  2 ++
 deploy/secret_helper/main.py                  |  3 ++-
 5 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/deploy/chart/authhub/configs/backend/copy-config.yml b/deploy/chart/authhub/configs/backend/copy-config.yml
index 43d4e14c8..25f33b9b2 100644
--- a/deploy/chart/authhub/configs/backend/copy-config.yml
+++ b/deploy/chart/authhub/configs/backend/copy-config.yml
@@ -1,6 +1,6 @@
 copy:
-  - from: /config/aops-config.yaml
-    to: /config-rw/aops-config.yaml
+  - from: /config/aops-config.yml
+    to: /config-rw/aops-config.yml
     mode:
       uid: 0
       gid: 0
@@ -8,8 +8,8 @@ copy:
     secrets:
       - /db-secrets
       - /authhub-secrets
-  - from: /config/conf.d/authhub.yaml
-    to: /config-rw/conf.d/authhub.yaml
+  - from: /config/conf.d/authhub.yml
+    to: /config-rw/conf.d/authhub.yml
     mode:
       uid: 0
       gid: 0
diff --git a/deploy/chart/authhub/templates/backend/authhub-backend.yaml b/deploy/chart/authhub/templates/backend/authhub-backend.yaml
index 8cfc36faa..953ce1126 100644
--- a/deploy/chart/authhub/templates/backend/authhub-backend.yaml
+++ b/deploy/chart/authhub/templates/backend/authhub-backend.yaml
@@ -60,25 +60,22 @@ spec:
             limits:
               {{ toYaml .Values.authhub.backend.resourceLimits | nindent 14 }}
       initContainers:
-        - name: authhub-backend-copy-secret
+        - name: authback-copy
           image: {{ .Values.authhub.secret_inject.image | default (printf "%s/neocopilot/secret_inject:dev-%s" (.Values.globals.imageRegistry | default "hub.oepkgs.net") (ternary "arm" "x86" (eq (.Values.globals.arch | default "x86") "arm"))) }}
           imagePullPolicy: {{ default "IfNotPresent" .Values.globals.imagePullPolicy }}
+          command:
+            - python3
+            - ./main.py
+            - --config
+            - /config/copy-config.yml
+            - --copy
           volumeMounts:
             - mountPath: /db-secrets
               name: euler-copilot-database-vl
             - mountPath: /authhub-secrets
               name: authhub-secret-vl
-            - mountPath: /config/aops-config.yml
-              name: authhub-config
-              subPath: aops-config.yml
-            - mountPath: /config/conf.d/authhub.yml
-              name: authhub-config
-              subPath: authhub.yml
             - mountPath: /config-rw
               name: authhub-shared
-            - mountPath: /app/config.yaml
-              name: authhub-config
-              subPath: copy-config.yml
       volumes:
         - name: authhub-shared
           emptyDir:
@@ -86,6 +83,13 @@ spec:
         - name: authhub-config
           configMap:
             name: authhub-backend-config
+            items:
+              - key: aops-config.yml
+                path: aops-config.yml
+              - key: authhub.yml
+                path: conf.d/authhub.yml
+              - key: copy-config.yml
+                path: copy-config.yml
         - name: authhub-secret-vl
           secret:
             secretName: authhub-secret
diff --git a/deploy/secret_helper/Dockerfile b/deploy/secret_helper/Dockerfile
index ca8421e35..2fe4fe7f6 100644
--- a/deploy/secret_helper/Dockerfile
+++ b/deploy/secret_helper/Dockerfile
@@ -3,7 +3,10 @@ RUN mkdir /app && \
     mkdir /secrets
 WORKDIR /app
 COPY . .
-RUN yum update -y && \
+RUN sed -i 's|repo.openeuler.org|mirrors.nju.edu.cn/openeuler|g' /etc/yum.repos.d/openEuler.repo && \
+    sed -i '/metalink/d' /etc/yum.repos.d/openEuler.repo && \
+    sed -i '/metadata_expire/d' /etc/yum.repos.d/openEuler.repo && \
+    yum update -y && \
     yum install python3 python3-pip -y && \
     yum clean all && \
     pip3 install --no-cache-dir -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple
diff --git a/deploy/secret_helper/file_copy.py b/deploy/secret_helper/file_copy.py
index cd17eac14..ed3466457 100644
--- a/deploy/secret_helper/file_copy.py
+++ b/deploy/secret_helper/file_copy.py
@@ -28,6 +28,8 @@ def copy_file(file: Path, out_path: Path, secrets: dict[str, str]) -> None:
     if secrets:
         for key, value in secrets.items():
             data = data.replace(r"${" + key + "}", value)
+    # 确保父文件夹存在
+    out_path.parent.mkdir(parents=True, exist_ok=True)
     with out_path.open("w", encoding="utf-8") as f:
         f.write(data)
 
diff --git a/deploy/secret_helper/main.py b/deploy/secret_helper/main.py
index 602573e4f..a810ea5a5 100644
--- a/deploy/secret_helper/main.py
+++ b/deploy/secret_helper/main.py
@@ -33,7 +33,8 @@ if __name__ == "__main__":
             config = yaml.safe_load(f)
 
         for copy_config in config["copy"]:
-            copy(copy_config["from"], copy_config["to"], copy_config["mode"], copy_config["secrets"])
+            secrets = copy_config.get("secrets", [])
+            copy(copy_config["from"], copy_config["to"], copy_config["mode"], secrets)
 
         sys.exit(0)
 
-- 
Gitee