feat(README): 文档更新

apps/README.md

@@ -1,20 +1 @@
-# postgresql-ha
-helm instll postgresql-ha \
-  --set global.postgresql.username=rohow \
-  --set global.postgresql.password=XXX \
-  --set postgresql.postgresPassword=XXX \
-  --set namespaceOverride=infra-data \
-  oci://registry-1.docker.io/bitnamicharts/postgresql-ha --output-dir .
-
-# redis
-helm instll redis \
-  --set replica.replicaCount=0 \
-  --set global.redis.password=XXX \
-  --set namespaceOverride=infra-data \
-  oci://registry-1.docker.io/bitnamicharts/redis --output-dir .
-
-# gitea
-helm instll gitea \
-  --set redis-cluster.enabled=false \
-  --set postgresql-ha.enabled=false \
-  oci://registry-1.docker.io/giteacharts/gitea --output-dir .
+### apps

apps/crowdsec/helmchart.yaml

@@ -0,0 +1,23 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: crowdsec
+  namespace: infra-monitor
+spec:
+  repo: https://crowdsecurity.github.io/helm-charts
+  chart: crowdsec
+  targetNamespace: infra-monitor
+  valuesContent: |-
+    container_runtime: containerd
+    image:
+      tag: v1.6.1
+    config:
+      config.yaml.local: |
+        db_config:
+          type: postgresql
+          user: rohow
+          password: L#GRtTR2QuL@20pm6+c~
+          db_name:  crowdsec
+          host:     postgresql-ha-pgpool.infra-data
+          port:     5432
+        

apps/gitea/helmchart.yaml

@@ -44,6 +44,8 @@ spec:
         i18n:
           LANGS: zh-CN,en-US
           NAMES: 简体中文,English
+        log:
+          LEVEL: Info
     extraVolumes:
       - name: gitea-custom-templates-volume
         configMap:

apps/namespaces.yaml

@@ -5,6 +5,11 @@ metadata:
 ---
 apiVersion: v1
 kind: Namespace
+metadata:
+  name: infra-net
+---
+apiVersion: v1
+kind: Namespace
 metadata:
   name: infra-data
 ---

apps/postgresql-ha/helmchart.yaml

@@ -7,14 +7,13 @@ spec:
   chart: oci://registry-1.docker.io/bitnamicharts/postgresql-ha
   targetNamespace: infra-data
   valuesContent: |-
-    global:
-      postgresql:
-        username: rohow
-        password: L#GRtTR2QuL@20pm6+c~
     postgresql:
       image:
         debug: false
+      username: rohow
+      password: L#GRtTR2QuL@20pm6+c~
       postgresPassword: L#GRtTR2QuL@20pm6+c~
+      repmgrPassword: yAn0l2eiLw
       nodeAffinityPreset:
         type: "hard"
         key: "topology.kubernetes.io/region"
@@ -27,6 +26,7 @@ spec:
     pgpool:
       image:
         debug: false
+      adminPassword: wc8FVC55JX
       nodeAffinityPreset:
         type: "hard"
         key: "topology.kubernetes.io/region"

certs/certificate-dev-cm.yaml

@@ -2,7 +2,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: dev-cm-crt
-  namespace: kube-system
+  namespace: infra-net
 spec:
   secretName: dev-cm-crt
   issuerRef:

certs/certificate-fillcode-com.yaml

@@ -2,7 +2,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: fillcode-com-crt
-  namespace: kube-system
+  namespace: infra-net
 spec:
   secretName: fillcode-com-crt
   issuerRef:

core/README.md

@@ -1,8 +1,12 @@
 ### 调试
+`
 kubectl run -i --tty --rm --restart=Never \
   --overrides='{"apiVersion": "v1", "spec": {"nodeSelector": {"kubernetes.io/hostname": "tcc"}}}' \
   --image=busybox:1.28 \
   debug -- sh
+`
 
 ### path core中服务的节点亲和性 使他们只运行在master节点上
-kubectl patch -n kube-system deployment coredns --patch-file=patch-affinity.yaml
+`
+kubectl patch -n kube-system deployment coredns --patch-file=patch-affinity.yaml
+`

core/nginx/helmchart.yaml

@@ -2,13 +2,12 @@ apiVersion: helm.cattle.io/v1
 kind: HelmChart
 metadata:
   name: ingress-nginx
-  namespace: kube-system
+  namespace: infra-net
 spec:
-  chart: ingress-nginx
   repo: https://kubernetes.github.io/ingress-nginx
-  targetNamespace: kube-system
+  chart: ingress-nginx
   version: 4.10.0
-  set:
+  targetNamespace: infra-net
   valuesContent: |-
     fullnameOverride: ingress-nginx
     controller:
@@ -40,7 +39,7 @@ spec:
       publishService:
         enabled: false
       extraArgs:
-        default-ssl-certificate: "kube-system/dev-cm-crt"
+        default-ssl-certificate: "infra-net/dev-cm-crt"
       config:
         use-forwarded-headers: "true"
         allow-snippet-annotations: "true"

install/README.md

@@ -1,41 +1,64 @@
 ### 替换hostname
+`
 export HOSTNAME=node
 hostnamectl set-hostname $HOSTNAME && reboot
 vim /etc/hosts
+`
 
 ### 安装tailscale
+`
 curl -fsSL https://tailscale.com/install.sh | sh
+`
 
 ### 开启tailscale的自动更新
+`
 tailscale set --auto-update
+`
 
 ### 开启ip转发
+`
 echo 'net.ipv4.ip_forward = 1' | tee -a /etc/sysctl.d/99-tailscale.conf
 echo 'net.ipv6.conf.all.forwarding = 1' | tee -a /etc/sysctl.d/99-tailscale.conf
 sysctl -p /etc/sysctl.d/99-tailscale.conf
+`
 
 ### 新建目录 将不同节点类型的config写入
+`
 mkdir -p /etc/rancher/k3s && vim /etc/rancher/k3s/config.yaml
+`
 
 ### 安装k3s 此处注意安装类型 是server 还是 agent
+`
 curl -sfL https://get.k3s.io | \
   INSTALL_K3S_VERSION=v1.28.8 \
   INSTALL_K3S_MIRROR=cn  \
   sh -s - server
+`
 
 ### 国内安装加速 & 镜像加速地址
 https://rancher-mirror.rancher.cn/k3s/k3s-install.sh
+
+`
 vim /etc/rancher/k3s/registries.yaml
+`
 
 ### 查看serverToken 记得在config中替换最新的token
+`
 cat /var/lib/rancher/k3s/server/node-token
+`
 
 ### 查看api server config 需要替换到.kube/config中 注意将其中的server地址替换为高可用地址
+`
 cat /etc/rancher/k3s/k3s.yaml
+`
 
 ### 给node添加地域标签
+`
 kubectl label nodes tca topology.kubernetes.io/region=cn-sh
 kubectl label nodes tca svccontroller.k3s.cattle.io/enablelb="true"
+`
 
 ### 给master节点添加污点
-kubectl taint nodes tca node-role.kubernetes.io/master:NoSchedule
+`
+kubectl taint nodes tca node-role.kubernetes.io/master:NoSchedule
+`