feat(deploy): 优化配置

2024-04-09 10:40:43 +08:00
@@ -1,5 +1,4 @@
-# 需要提前安装crds
-# kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml
+# 安装后需要将clusterIssuer的cnameStrategy策略设置为Follow
 apiVersion: helm.cattle.io/v1
 kind: HelmChart
 metadata:
@@ -7,31 +7,34 @@ spec:
  chart: oci://registry-1.docker.io/bitnamicharts/postgresql-ha
  targetNamespace: infra-data
  valuesContent: |-
-    tolerations:
-    - key: "node-role.kubernetes.io/master"
-      operator: "Exists"
-      effect: "NoSchedule"
    global:
      postgresql:
        username: rohow
        password: L#GRtTR2QuL@20pm6+c~
    postgresql:
      image:
-        debug: true
+        debug: false
      postgresPassword: L#GRtTR2QuL@20pm6+c~
      nodeAffinityPreset:
        type: "hard"
        key: "topology.kubernetes.io/region"
        values:
        - "cn-sh"
+      tolerations:
+      - key: "node-role.kubernetes.io/master"
+        operator: "Exists"
+        effect: "NoSchedule"
    pgpool:
      image:
-        debug: true
+        debug: false
      nodeAffinityPreset:
        type: "hard"
        key: "topology.kubernetes.io/region"
        values:
        - "cn-sh"
-    
+      tolerations:
+      - key: "node-role.kubernetes.io/master"
+        operator: "Exists"
+        effect: "NoSchedule"
        
    
@@ -18,6 +18,10 @@ spec:
    - key: "node-role.kubernetes.io/master"
      operator: "Exists"
      effect: "NoSchedule"
+    updateStrategy:
+      rollingUpdate:
+        maxUnavailable: 1
+        maxSurge: 0
    deployment:
      kind: DaemonSet
      dnsPolicy: None
@@ -46,8 +50,9 @@ spec:
        port: 8022
        expose: true
        exposedPort: 22
-        
-    updateStrategy:
-      rollingUpdate:
-        maxUnavailable: 1
-        maxSurge: 0
+    experimental:
+      plugins:
+        enabled: true
+        souin:
+          moduleName: github.com/darkweak/souin
+          version: v1.6.47
@@ -1,5 +1,7 @@
 ### 替换hostname
-hostnamectl set-hostname node && reboot
+export HOSTNAME=node
+hostnamectl set-hostname $HOSTNAME && reboot
+vim /etc/hosts

 ### 安装tailscale
 curl -fsSL https://tailscale.com/install.sh | sh
@@ -8,21 +10,22 @@ curl -fsSL https://tailscale.com/install.sh | sh
 tailscale set --auto-update

 ### 开启ip转发
-echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
-echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
-sudo sysctl -p /etc/sysctl.d/99-tailscale.conf
+echo 'net.ipv4.ip_forward = 1' | tee -a /etc/sysctl.d/99-tailscale.conf
+echo 'net.ipv6.conf.all.forwarding = 1' | tee -a /etc/sysctl.d/99-tailscale.conf
+sysctl -p /etc/sysctl.d/99-tailscale.conf

 ### 新建目录 将不同节点类型的config写入
-mkdir -p /etc/rancher/k3s && nano /etc/rancher/k3s/config.yaml
+mkdir -p /etc/rancher/k3s && vim /etc/rancher/k3s/config.yaml

 ### 安装k3s 此处注意安装类型 是server 还是 agent
 curl -sfL https://get.k3s.io | \
+  INSTALL_K3S_VERSION=v1.28.8 \
  INSTALL_K3S_MIRROR=cn  \
  sh -s - server

 ### 国内安装加速 & 镜像加速地址
 https://rancher-mirror.rancher.cn/k3s/k3s-install.sh
-nano /etc/rancher/k3s/registries.yaml
+vim /etc/rancher/k3s/registries.yaml

 ### 查看serverToken 记得在config中替换最新的token
 cat /var/lib/rancher/k3s/server/node-token
@@ -1,10 +1,10 @@
 # worker 工作节点
 server: "https://k3s.dev.cm:6443"
-token: "K10cdbe82226583b6e0c8f80c203f3a2d79580aaf9c2f61d0aebea4a28c1ff3897f::server:35e7d0dc0b8c2427fdb42bb90bb85d5a"
+token: "K1012101b9ab5a404897d6a0530f9dac014b571b374251e3741c95fd74e86cee2e5::server:97760133590f01e7a94ab320dfdbfe96"

 # 网络相关
 vpn-auth: "name=tailscale,joinKey=tskey-auth-ksJXXH4CNTRL-4WRkX448yC6W6yhytK1FD68HMDK4zStw"

 # 节点相关
-# 保留节点资源 根据节点做不同配置 如不需要可以注释掉
-kubelet-arg:  kube-reserved=cpu=5000
+# 保留节点资源 根据节点做不同配置
+# kubelet-arg:  kube-reserved=cpu=5000
@@ -1,6 +1,6 @@
 # server 从节点
 server: "https://tca:6443"
-token: "K10cdbe82226583b6e0c8f80c203f3a2d79580aaf9c2f61d0aebea4a28c1ff3897f::server:35e7d0dc0b8c2427fdb42bb90bb85d5a"
+token: "K1012101b9ab5a404897d6a0530f9dac014b571b374251e3741c95fd74e86cee2e5::server:97760133590f01e7a94ab320dfdbfe96"
 tls-san:
  - "k3s.dev.cm,k3s.fillcode.com"