feat(k3s): app版本升级 & 安装优化
这个提交包含在:
rohow
@@ -103,8 +103,6 @@ kubectl get nodes
|
|||||||
| 变量 | 必须 | 说明 |
|
| 变量 | 必须 | 说明 |
|
||||||
|------|------|------|
|
|------|------|------|
|
||||||
| `TAILSCALE_AUTH_KEY` | ✅ | Tailscale Auth Key |
|
| `TAILSCALE_AUTH_KEY` | ✅ | Tailscale Auth Key |
|
||||||
| `K3S_TOKEN` | 单独添加节点时 | 集群 Token (完整安装时自动获取) |
|
|
||||||
| `K3S_SERVER_URL` | 单独添加节点时 | API Server 地址 (完整安装时自动设置) |
|
|
||||||
| `SSH_PASSWORD` | 首次安装 | SSH 密码 |
|
| `SSH_PASSWORD` | 首次安装 | SSH 密码 |
|
||||||
| `SSH_PUBKEY` | - | SSH 公钥 (默认 ~/.ssh/id_rsa.pub) |
|
| `SSH_PUBKEY` | - | SSH 公钥 (默认 ~/.ssh/id_rsa.pub) |
|
||||||
|
|
||||||
|
|||||||
@@ -17,6 +17,15 @@
|
|||||||
path: /usr/local/bin/k3s
|
path: /usr/local/bin/k3s
|
||||||
register: k3s_binary
|
register: k3s_binary
|
||||||
|
|
||||||
|
# 检查当前K3s版本
|
||||||
|
- name: Check current K3s version
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: /usr/local/bin/k3s --version
|
||||||
|
register: k3s_current_version
|
||||||
|
failed_when: false
|
||||||
|
changed_when: false
|
||||||
|
when: k3s_binary.stat.exists
|
||||||
|
|
||||||
# 部署配置文件(注册变更状态)
|
# 部署配置文件(注册变更状态)
|
||||||
- name: Deploy K3s server config
|
- name: Deploy K3s server config
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
@@ -42,9 +51,16 @@
|
|||||||
when: use_mirror | default(false)
|
when: use_mirror | default(false)
|
||||||
|
|
||||||
# 判断是否需要安装/重启
|
# 判断是否需要安装/重启
|
||||||
|
# 使用 -e force_reinstall=true 可强制重新安装
|
||||||
- name: Set K3s installation flag
|
- name: Set K3s installation flag
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
k3s_needs_install: "{{ not k3s_binary.stat.exists or (k3s_server_config.changed | default(false)) or (k3s_agent_config.changed | default(false)) }}"
|
k3s_needs_install: "{{
|
||||||
|
not k3s_binary.stat.exists or
|
||||||
|
(force_reinstall | default(false) | bool) or
|
||||||
|
(k3s_server_config.changed | default(false)) or
|
||||||
|
(k3s_agent_config.changed | default(false)) or
|
||||||
|
(k3s_binary.stat.exists and k3s_current_version.stdout is defined and k3s_version not in k3s_current_version.stdout)
|
||||||
|
}}"
|
||||||
|
|
||||||
# 设置安装变量
|
# 设置安装变量
|
||||||
- name: Set K3s install variables
|
- name: Set K3s install variables
|
||||||
|
|||||||
@@ -21,11 +21,23 @@ spec:
|
|||||||
operator: In
|
operator: In
|
||||||
values:
|
values:
|
||||||
- clawhk
|
- clawhk
|
||||||
instances: 1
|
|
||||||
imageName: ghcr.io/cloudnative-pg/postgresql:17.4
|
imageName: ghcr.io/cloudnative-pg/postgresql:17.4
|
||||||
enableSuperuserAccess: true
|
enableSuperuserAccess: true
|
||||||
|
enablePDB: false
|
||||||
|
instances: 1
|
||||||
storage:
|
storage:
|
||||||
size: 10Gi
|
size: 10Gi
|
||||||
postgresql:
|
postgresql:
|
||||||
parameters:
|
parameters:
|
||||||
archive_timeout: 30min
|
archive_timeout: 30min
|
||||||
|
env:
|
||||||
|
- name: AWS_REQUEST_CHECKSUM_CALCULATION
|
||||||
|
value: when_required
|
||||||
|
- name: AWS_RESPONSE_CHECKSUM_VALIDATION
|
||||||
|
value: when_required
|
||||||
|
plugins:
|
||||||
|
- name: barman-cloud.cloudnative-pg.io
|
||||||
|
isWALArchiver: true
|
||||||
|
parameters:
|
||||||
|
barmanObjectName: cnpg17-objectstore-hw
|
||||||
|
serverName: cnpg17-cluster-hk
|
||||||
|
|||||||
@@ -21,11 +21,23 @@ spec:
|
|||||||
operator: In
|
operator: In
|
||||||
values:
|
values:
|
||||||
- homea
|
- homea
|
||||||
instances: 1
|
|
||||||
imageName: ghcr.io/cloudnative-pg/postgresql:17.4
|
imageName: ghcr.io/cloudnative-pg/postgresql:17.4
|
||||||
enableSuperuserAccess: true
|
enableSuperuserAccess: true
|
||||||
|
enablePDB: false
|
||||||
|
instances: 1
|
||||||
storage:
|
storage:
|
||||||
size: 10Gi
|
size: 10Gi
|
||||||
postgresql:
|
postgresql:
|
||||||
parameters:
|
parameters:
|
||||||
archive_timeout: 30min
|
archive_timeout: 30min
|
||||||
|
env:
|
||||||
|
- name: AWS_REQUEST_CHECKSUM_CALCULATION
|
||||||
|
value: when_required
|
||||||
|
- name: AWS_RESPONSE_CHECKSUM_VALIDATION
|
||||||
|
value: when_required
|
||||||
|
plugins:
|
||||||
|
- name: barman-cloud.cloudnative-pg.io
|
||||||
|
isWALArchiver: true
|
||||||
|
parameters:
|
||||||
|
barmanObjectName: cnpg17-objectstore-hw
|
||||||
|
serverName: cnpg17-cluster-sh
|
||||||
+2
-1
@@ -1,7 +1,7 @@
|
|||||||
apiVersion: barmancloud.cnpg.io/v1
|
apiVersion: barmancloud.cnpg.io/v1
|
||||||
kind: ObjectStore
|
kind: ObjectStore
|
||||||
metadata:
|
metadata:
|
||||||
name: devcm-hw
|
name: cnpg17-objectstore-hw
|
||||||
namespace: infra-data
|
namespace: infra-data
|
||||||
spec:
|
spec:
|
||||||
retentionPolicy: "7d"
|
retentionPolicy: "7d"
|
||||||
@@ -17,3 +17,4 @@ spec:
|
|||||||
key: ACCESS_SECRET_KEY
|
key: ACCESS_SECRET_KEY
|
||||||
wal:
|
wal:
|
||||||
compression: gzip
|
compression: gzip
|
||||||
|
maxParallel: 8
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
apiVersion: cert-manager.io/v1
|
apiVersion: cert-manager.io/v1
|
||||||
kind: ClusterIssuer
|
kind: ClusterIssuer
|
||||||
metadata:
|
metadata:
|
||||||
name: cert-manager-webhook-dnspod
|
name: dnspod
|
||||||
labels:
|
labels:
|
||||||
app: cert-manager-webhook-dnspod
|
app: cert-manager-webhook-dnspod
|
||||||
spec:
|
spec:
|
||||||
|
|||||||
@@ -44,7 +44,7 @@ spec:
|
|||||||
# 在删除证书时同时删除secret
|
# 在删除证书时同时删除secret
|
||||||
enableCertificateOwnerRef: true
|
enableCertificateOwnerRef: true
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: false
|
enabled: true
|
||||||
servicemonitor:
|
servicemonitor:
|
||||||
enabled: true
|
enabled: true
|
||||||
interval: 300s
|
interval: 300s
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ spec:
|
|||||||
repo: https://dl.gitea.com/charts
|
repo: https://dl.gitea.com/charts
|
||||||
chart: gitea
|
chart: gitea
|
||||||
targetNamespace: infra-gitops
|
targetNamespace: infra-gitops
|
||||||
version: 12.3.0
|
version: 12.5.0
|
||||||
valuesContent: |-
|
valuesContent: |-
|
||||||
affinity:
|
affinity:
|
||||||
podAffinity:
|
podAffinity:
|
||||||
@@ -36,7 +36,7 @@ spec:
|
|||||||
postgresql-ha:
|
postgresql-ha:
|
||||||
enabled: false
|
enabled: false
|
||||||
image:
|
image:
|
||||||
tag: 1.25.3
|
tag: 1.25.4
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
className: nginx
|
className: nginx
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ spec:
|
|||||||
repo: https://grafana.github.io/helm-charts
|
repo: https://grafana.github.io/helm-charts
|
||||||
chart: loki
|
chart: loki
|
||||||
targetNamespace: infra-monitor
|
targetNamespace: infra-monitor
|
||||||
version: 6.49.0
|
version: 6.53.0
|
||||||
valuesContent: |-
|
valuesContent: |-
|
||||||
deploymentMode: SingleBinary
|
deploymentMode: SingleBinary
|
||||||
gateway:
|
gateway:
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ spec:
|
|||||||
repo: https://prometheus-community.github.io/helm-charts
|
repo: https://prometheus-community.github.io/helm-charts
|
||||||
chart: kube-prometheus-stack
|
chart: kube-prometheus-stack
|
||||||
targetNamespace: infra-monitor
|
targetNamespace: infra-monitor
|
||||||
version: 81.5.0
|
version: 81.6.5
|
||||||
valuesContent: |-
|
valuesContent: |-
|
||||||
kubeControllerManager:
|
kubeControllerManager:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|||||||
@@ -7,11 +7,11 @@ spec:
|
|||||||
repo: https://crowdsecurity.github.io/helm-charts
|
repo: https://crowdsecurity.github.io/helm-charts
|
||||||
chart: crowdsec
|
chart: crowdsec
|
||||||
targetNamespace: infra-net
|
targetNamespace: infra-net
|
||||||
version: 0.21.1
|
version: 0.22.0
|
||||||
valuesContent: |-
|
valuesContent: |-
|
||||||
container_runtime: containerd
|
container_runtime: containerd
|
||||||
image:
|
image:
|
||||||
tag: v1.7.4
|
tag: v1.7.6
|
||||||
agent:
|
agent:
|
||||||
affinity:
|
affinity:
|
||||||
podAffinity:
|
podAffinity:
|
||||||
|
|||||||
在新议题中引用
屏蔽一个用户