feat(kustomization): add recovery configuration and namespace for GitOps

.gitignore

@@ -4,6 +4,9 @@ logs
 
 # Secrets
 .env
+flux-git-auth
+flux-git-auth.pub
+known_hosts
 
 # Editor directories and files
 .vscode/*

README.md

@@ -7,3 +7,14 @@
 #### 应用相关
 
 参见 [flux/README.md](flux/README.md)
+
+`
+ssh-keygen -t ed25519 -C "flux" -f ./flux-git-auth -N ""
+
+ssh-keyscan github.com > ./known_hosts
+
+kubectl -n infra-gitops create secret generic flux-git-auth \
+ --from-file=identity=./flux-git-auth \
+ --from-file=identity.pub=./flux-git-auth.pub \
+ --from-file=known_hosts=./known_hosts
+`

flux/clusters/dev-cm/infra-data-post/cnpg17-cluster-hk.yaml

@@ -18,6 +18,20 @@ spec:
       value: when_required
     - name: AWS_RESPONSE_CHECKSUM_VALIDATION
       value: when_required
+  # >>> RECOVERY: 迁移完成后删除 bootstrap + externalClusters 段 <<<
+  bootstrap:
+    recovery:
+      source: recovery-source-hk
+      recoveryTarget:
+        targetTime: "2026-04-13 00:00:01.000000+00"
+  externalClusters:
+    - name: recovery-source-hk
+      plugin:
+        name: barman-cloud.cloudnative-pg.io
+        parameters:
+          barmanObjectName: cnpg17-objectstore-hw
+          serverName: cnpg17-cluster-hk
+  # <<< END RECOVERY >>>
   plugins:
     - name: barman-cloud.cloudnative-pg.io
       isWALArchiver: true

flux/clusters/dev-cm/infra-data-post/cnpg17-cluster-sh.yaml

@@ -18,6 +18,20 @@ spec:
       value: when_required
     - name: AWS_RESPONSE_CHECKSUM_VALIDATION
       value: when_required
+  # >>> RECOVERY: 迁移完成后删除 bootstrap + externalClusters 段 <<<
+  bootstrap:
+    recovery:
+      source: recovery-source-sh
+      recoveryTarget:
+        targetTime: "2026-04-13 00:00:01.000000+00"
+  externalClusters:
+    - name: recovery-source-sh
+      plugin:
+        name: barman-cloud.cloudnative-pg.io
+        parameters:
+          barmanObjectName: cnpg17-objectstore-hw
+          serverName: cnpg17-cluster-sh
+  # <<< END RECOVERY >>>
   plugins:
     - name: barman-cloud.cloudnative-pg.io
       isWALArchiver: true

flux/clusters/dev-cm/kustomization.yaml

@@ -3,6 +3,10 @@ kind: Kustomization
 resources:
   - ../base
 patches:
+  - target:
+      kind: Kustomization
+      name: kube-system
+    path: patches/kube-system.yaml
   - target:
       kind: Kustomization
       name: infra-devops

flux/clusters/dev-cm/patches/kube-system.yaml

@@ -0,0 +1,26 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: kube-system
+spec:
+  patches:
+    - target:
+        kind: Deployment
+        name: "(coredns|local-path-provisioner|metrics-server)"
+      patch: |
+        spec:
+          template:
+            spec:
+              affinity:
+                nodeAffinity:
+                  requiredDuringSchedulingIgnoredDuringExecution:
+                    nodeSelectorTerms:
+                      - matchExpressions:
+                          - key: node-role.kubernetes.io/control-plane
+                            operator: In
+                            values:
+                              - "true"
+              tolerations:
+                - key: node-role.kubernetes.io/control-plane
+                  operator: Exists
+                  effect: NoSchedule

flux/flux-instance.yaml

@@ -23,11 +23,12 @@ spec:
     class: "local-path"
     size: "10Gi"
   # Git 仓库同步配置 - 请将 url 替换为实际的 deploy 仓库地址
+  # 恢复模式: 先用 restore profile 部署 Velero，恢复 PVC 后切回 dev-cm
   sync:
     kind: GitRepository
     url: ssh://git@github.com/devcm-repo/k3s.git
     ref: refs/heads/main
-    path: flux/clusters/dev-cm
+    path: flux/clusters/restore
     pullSecret: flux-git-auth
     name: flux
   kustomize:

helmcharts/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: infra-gitops