From 4ab8e2576627bdeb286faad40b3888bd5f87f78f Mon Sep 17 00:00:00 2001 From: rohow Date: Fri, 12 Apr 2024 14:23:13 +0800 Subject: [PATCH] =?UTF-8?q?feat(nginx):=20=E6=96=B0=E5=A2=9Enginx=20ingres?= =?UTF-8?q?s=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/gitea/helmchart.yaml | 22 +++++----- apps/gitea/ingress-http.yaml | 18 ++++++++ apps/gitea/ingressroute-http.yaml | 19 -------- apps/gitea/ingressroute-ssh.yaml | 14 ------ apps/gitea/loadbalancer-ssh.yaml | 14 ++++++ apps/{nas => local-service}/todo.yaml | 0 apps/postgresql-ha/helmchart.yaml | 16 +++---- certs/certificate-dev-cm.yaml | 14 +----- core/nginx/helmchart.yaml | 43 +++++++++++++++++++ core/traefik/helmchartconfig.yaml | 25 ++++++----- core/traefik/ingressroute-internal.yaml | 1 - core/traefik/middleware/middleware-cache.yaml | 11 ----- install/master-init.config.yaml | 6 ++- install/master.config.yaml | 6 ++- 14 files changed, 119 insertions(+), 90 deletions(-) create mode 100644 apps/gitea/ingress-http.yaml delete mode 100644 apps/gitea/ingressroute-http.yaml delete mode 100644 apps/gitea/ingressroute-ssh.yaml create mode 100644 apps/gitea/loadbalancer-ssh.yaml rename apps/{nas => local-service}/todo.yaml (100%) create mode 100644 core/nginx/helmchart.yaml delete mode 100644 core/traefik/middleware/middleware-cache.yaml diff --git a/apps/gitea/helmchart.yaml b/apps/gitea/helmchart.yaml index 8d13f1c..5c54c6c 100644 --- a/apps/gitea/helmchart.yaml +++ b/apps/gitea/helmchart.yaml @@ -43,18 +43,18 @@ spec: LANGS: zh-CN,en-US NAMES: 简体中文,English extraVolumes: - - name: gitea-custom-templates-volume - configMap: - name: gitea-custom-templates - items: - - key: home.tmpl - path: home.tmpl - - key: extra_links.tmpl - path: custom/extra_links.tmpl + - name: gitea-custom-templates-volume + configMap: + name: gitea-custom-templates + items: + - key: home.tmpl + path: home.tmpl + - key: extra_links.tmpl + path: custom/extra_links.tmpl extraContainerVolumeMounts: - - name: gitea-custom-templates-volume - readOnly: true - mountPath: /data/gitea/templates + - name: gitea-custom-templates-volume + readOnly: true + mountPath: /data/gitea/templates diff --git a/apps/gitea/ingress-http.yaml b/apps/gitea/ingress-http.yaml new file mode 100644 index 0000000..e4fa077 --- /dev/null +++ b/apps/gitea/ingress-http.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: gitea-http + namespace: infra-devops +spec: + ingressClassName: nginx + rules: + - host: git.dev.cm + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: gitea-http + port: + number: 3000 \ No newline at end of file diff --git a/apps/gitea/ingressroute-http.yaml b/apps/gitea/ingressroute-http.yaml deleted file mode 100644 index a1772a7..0000000 --- a/apps/gitea/ingressroute-http.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: gitea-http - namespace: infra-devops -spec: - entryPoints: - - websecure - routes: - - kind: Rule - match: Host(`git.dev.cm`) - middlewares: - - name: compress - - name: cache - services: - - kind: Service - name: gitea-http - namespace: infra-devops - port: 3000 \ No newline at end of file diff --git a/apps/gitea/ingressroute-ssh.yaml b/apps/gitea/ingressroute-ssh.yaml deleted file mode 100644 index 282399d..0000000 --- a/apps/gitea/ingressroute-ssh.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRouteTCP -metadata: - name: gitea-ssh - namespace: infra-devops -spec: - entryPoints: - - ssh - routes: - - match: HostSNI(`*`) - services: - - name: gitea-ssh - namespace: infra-devops - port: 22 \ No newline at end of file diff --git a/apps/gitea/loadbalancer-ssh.yaml b/apps/gitea/loadbalancer-ssh.yaml new file mode 100644 index 0000000..1f01cec --- /dev/null +++ b/apps/gitea/loadbalancer-ssh.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: gitea-ssh-lb + namespace: infra-devops +spec: + selector: + app.kubernetes.io/name: gitea + app.kubernetes.io/instance: gitea + ports: + - protocol: TCP + port: 22 + targetPort: 22 + type: LoadBalancer \ No newline at end of file diff --git a/apps/nas/todo.yaml b/apps/local-service/todo.yaml similarity index 100% rename from apps/nas/todo.yaml rename to apps/local-service/todo.yaml diff --git a/apps/postgresql-ha/helmchart.yaml b/apps/postgresql-ha/helmchart.yaml index c349496..c4f73cf 100644 --- a/apps/postgresql-ha/helmchart.yaml +++ b/apps/postgresql-ha/helmchart.yaml @@ -19,11 +19,11 @@ spec: type: "hard" key: "topology.kubernetes.io/region" values: - - "cn-sh" + - "cn-sh" tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" pgpool: image: debug: false @@ -31,9 +31,9 @@ spec: type: "hard" key: "topology.kubernetes.io/region" values: - - "cn-sh" + - "cn-sh" tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" diff --git a/certs/certificate-dev-cm.yaml b/certs/certificate-dev-cm.yaml index 663426f..a22c0df 100644 --- a/certs/certificate-dev-cm.yaml +++ b/certs/certificate-dev-cm.yaml @@ -12,16 +12,4 @@ spec: dnsNames: - "dev.cm" - "*.dev.cm" - - "*.node.dev.cm" - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: TLSStore -metadata: - name: default - namespace: kube-system -spec: - certificates: - - secretName: dev-cm-crt - defaultCertificate: - secretName: dev-cm-crt \ No newline at end of file + - "*.node.dev.cm" \ No newline at end of file diff --git a/core/nginx/helmchart.yaml b/core/nginx/helmchart.yaml new file mode 100644 index 0000000..0acdc04 --- /dev/null +++ b/core/nginx/helmchart.yaml @@ -0,0 +1,43 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: ingress-nginx + namespace: kube-system +spec: + chart: ingress-nginx + repo: https://kubernetes.github.io/ingress-nginx + targetNamespace: kube-system + version: 4.10.0 + set: + valuesContent: |- + fullnameOverride: ingress-nginx + controller: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: svccontroller.k3s.cattle.io/enablelb + operator: In + values: + - "true" + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + kind: DaemonSet + hostNetwork: true + dnsPolicy: None + dnsConfig: + nameservers: + - 169.254.20.10 + - 10.43.0.10 + hostNetwork: true + hostPort: + enabled: true + service: + enabled: false + publishService: + enabled: false + config: + use-forwarded-headers: "true" \ No newline at end of file diff --git a/core/traefik/helmchartconfig.yaml b/core/traefik/helmchartconfig.yaml index cc53417..24e61ce 100644 --- a/core/traefik/helmchartconfig.yaml +++ b/core/traefik/helmchartconfig.yaml @@ -9,15 +9,15 @@ spec: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - - matchExpressions: - - key: svccontroller.k3s.cattle.io/enablelb - operator: In - values: - - "true" + - matchExpressions: + - key: svccontroller.k3s.cattle.io/enablelb + operator: In + values: + - "true" tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" updateStrategy: rollingUpdate: maxUnavailable: 1 @@ -27,8 +27,8 @@ spec: dnsPolicy: None dnsConfig: nameservers: - - 169.254.20.10 - - 10.43.0.10 + - 169.254.20.10 + - 10.43.0.10 hostNetwork: true service: spec: @@ -50,8 +50,11 @@ spec: port: 8022 expose: true exposedPort: 22 + providers: + kubernetesCRD: + allowCrossNamespace: true additionalArguments: - - "--experimental.plugins.souin.moduleName=github.com/darkweak/souin" + - "--experimental.plugins.cache.moduleName=github.com/darkweak/souin" - "--experimental.plugins.souin.version=v1.6.47" experimental: plugins: diff --git a/core/traefik/ingressroute-internal.yaml b/core/traefik/ingressroute-internal.yaml index f7d565b..8d141a4 100644 --- a/core/traefik/ingressroute-internal.yaml +++ b/core/traefik/ingressroute-internal.yaml @@ -11,7 +11,6 @@ spec: match: Host(`gateway.dev.cm`) middlewares: - name: compress - - name: cache services: - kind: TraefikService name: dashboard@internal diff --git a/core/traefik/middleware/middleware-cache.yaml b/core/traefik/middleware/middleware-cache.yaml deleted file mode 100644 index f16900b..0000000 --- a/core/traefik/middleware/middleware-cache.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: cache - namespace: kube-system -spec: - plugin: - souin: - default_cache: - ttl: 3600s - default_cache_control: public, max-age=86400 \ No newline at end of file diff --git a/install/master-init.config.yaml b/install/master-init.config.yaml index 60a2195..8693479 100644 --- a/install/master-init.config.yaml +++ b/install/master-init.config.yaml @@ -4,4 +4,8 @@ tls-san: - "k3s.dev.cm,k3s.fillcode.com" # 网络相关 -vpn-auth: "name=tailscale,joinKey=tskey-auth-ksJXXH4CNTRL-4WRkX448yC6W6yhytK1FD68HMDK4zStw" \ No newline at end of file +vpn-auth: "name=tailscale,joinKey=tskey-auth-ksJXXH4CNTRL-4WRkX448yC6W6yhytK1FD68HMDK4zStw" + +# 组件相关 +disable: + - traefik diff --git a/install/master.config.yaml b/install/master.config.yaml index 618c117..90d073a 100644 --- a/install/master.config.yaml +++ b/install/master.config.yaml @@ -5,4 +5,8 @@ tls-san: - "k3s.dev.cm,k3s.fillcode.com" # 网络相关 -vpn-auth: "name=tailscale,joinKey=tskey-auth-ksJXXH4CNTRL-4WRkX448yC6W6yhytK1FD68HMDK4zStw" \ No newline at end of file +vpn-auth: "name=tailscale,joinKey=tskey-auth-ksJXXH4CNTRL-4WRkX448yC6W6yhytK1FD68HMDK4zStw" + +# 组件相关 +disable: + - traefik