diff --git a/apps/README.md b/apps/README.md index cea1b08..bdffb60 100644 --- a/apps/README.md +++ b/apps/README.md @@ -1 +1,9 @@ ### apps + +### 调试 +```shell +kubectl run -i --tty --rm --restart=Never \ + --overrides='{"apiVersion": "v1", "spec": {"nodeSelector": {"kubernetes.io/hostname": "homea"}}}' \ + --image=nicolaka/netshoot:latest \ + debug -- sh +``` \ No newline at end of file diff --git a/apps/data/cloudnative-pg/cnpg-cluster-sh.yaml b/apps/data/cloudnative-pg/cnpg-cluster-sh.yaml new file mode 100644 index 0000000..104b3ef --- /dev/null +++ b/apps/data/cloudnative-pg/cnpg-cluster-sh.yaml @@ -0,0 +1,20 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: cnpg-cluster-sh + namespace: infra-data +spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: topology.kubernetes.io/region + operator: In + values: + - cn-sh + weight: 1 + instances: 1 + enableSuperuserAccess: true + storage: + size: 10Gi \ No newline at end of file diff --git a/apps/data/cloudnative-pg/helmchart.yaml b/apps/data/cloudnative-pg/helmchart.yaml new file mode 100644 index 0000000..585bf39 --- /dev/null +++ b/apps/data/cloudnative-pg/helmchart.yaml @@ -0,0 +1,24 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: cloudnative-pg + namespace: infra-data +spec: + repo: https://cloudnative-pg.github.io/charts + chart: cloudnative-pg + targetNamespace: infra-data + version: 0.21.4 + valuesContent: |- + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: In + values: + - "true" + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + diff --git a/apps/data/cloudnative-pg/loadbalancer-sh.yaml b/apps/data/cloudnative-pg/loadbalancer-sh.yaml new file mode 100644 index 0000000..54522ad --- /dev/null +++ b/apps/data/cloudnative-pg/loadbalancer-sh.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: cnpg-cluster-sh-lb + namespace: infra-data +spec: + selector: + cnpg.io/cluster: cnpg-cluster-sh + role: primary + ports: + - protocol: TCP + port: 65432 + targetPort: 5432 + type: LoadBalancer \ No newline at end of file diff --git a/apps/data/namespaces.yaml b/apps/data/namespaces.yaml new file mode 100644 index 0000000..e6a787a --- /dev/null +++ b/apps/data/namespaces.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: infra-data \ No newline at end of file diff --git a/apps/data/postgresql-ha/configmap-pgpool-script.yaml b/apps/data/postgresql-ha/configmap-pgpool-script.yaml new file mode 100644 index 0000000..ee9f08e --- /dev/null +++ b/apps/data/postgresql-ha/configmap-pgpool-script.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: postgresql-ha-pgpool-script + namespace: infra-data +data: + latency_test.sh: |- + #!/bin/bash + + install_packages ping + + # 读取环境变量 + nodes=$PGPOOL_BACKEND_NODES + + echo $nodes \ No newline at end of file diff --git a/apps/data/postgresql-ha/helmchart.yaml b/apps/data/postgresql-ha/helmchart.yaml new file mode 100644 index 0000000..4c61de4 --- /dev/null +++ b/apps/data/postgresql-ha/helmchart.yaml @@ -0,0 +1,85 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: postgresql-ha + namespace: infra-data +spec: + chart: oci://registry-1.docker.io/bitnamicharts/postgresql-ha + targetNamespace: infra-data + version: 14.0.12 + valuesContent: |- + diagnosticMode: + enabled: false + postgresql: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: postgresql-ha + app.kubernetes.io/component: postgresql + topologyKey: kubernetes.io/hostname + weight: 1 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: postgresql-ha + app.kubernetes.io/component: postgresql + topologyKey: topology.kubernetes.io/region + weight: 1 + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + image: + debug: true + username: rohow + password: L#GRtTR2QuL@20pm6+c~ + postgresPassword: L#GRtTR2QuL@20pm6+c~ + repmgrPassword: yAn0l2eiLw + pgpool: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: postgresql-ha + app.kubernetes.io/component: pgpool + topologyKey: kubernetes.io/hostname + weight: 1 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: postgresql-ha + app.kubernetes.io/component: pgpool + topologyKey: topology.kubernetes.io/region + weight: 1 + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: postgresql-ha + app.kubernetes.io/component: pgpool + topologyKey: kubernetes.io/hostname + weight: 1 + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + replicaCount: 1 + containerSecurityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + privileged: true + allowPrivilegeEscalation: true + image: + debug: true + adminPassword: wc8FVC55JX + volumePermissions: + enabled: true + diff --git a/apps/postgresql-ha/loadbalancer.yaml b/apps/data/postgresql-ha/loadbalancer.yaml similarity index 92% rename from apps/postgresql-ha/loadbalancer.yaml rename to apps/data/postgresql-ha/loadbalancer.yaml index 7b399a7..d753071 100644 --- a/apps/postgresql-ha/loadbalancer.yaml +++ b/apps/data/postgresql-ha/loadbalancer.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: postgresql-ha + name: postgresql-ha-lb namespace: infra-data spec: selector: diff --git a/apps/redis/helmchart.yaml b/apps/data/redis/helmchart.yaml similarity index 87% rename from apps/redis/helmchart.yaml rename to apps/data/redis/helmchart.yaml index 8e4a7ae..6c9a706 100644 --- a/apps/redis/helmchart.yaml +++ b/apps/data/redis/helmchart.yaml @@ -1,11 +1,12 @@ apiVersion: helm.cattle.io/v1 kind: HelmChart metadata: - name: redis + name: redis-cluster-sh namespace: infra-data spec: chart: oci://registry-1.docker.io/bitnamicharts/redis targetNamespace: infra-data + version: 19.1.0 valuesContent: |- global: redis: diff --git a/apps/cert-manager/helmchart-dnspod.yaml b/apps/devops/cert-manager/helmchart-dnspod.yaml similarity index 58% rename from apps/cert-manager/helmchart-dnspod.yaml rename to apps/devops/cert-manager/helmchart-dnspod.yaml index 4b2fdb9..de95748 100644 --- a/apps/cert-manager/helmchart-dnspod.yaml +++ b/apps/devops/cert-manager/helmchart-dnspod.yaml @@ -3,16 +3,18 @@ apiVersion: helm.cattle.io/v1 kind: HelmChart metadata: name: cert-manager-webhook-dnspod - namespace: infra-cert + namespace: infra-devops spec: chart: oci://registry-1.docker.io/imroc/cert-manager-webhook-dnspod - targetNamespace: infra-cert + targetNamespace: infra-devops + version: 1.4.5 valuesContent: |- - namespace: infra-cert + namespace: infra-devops certManager: - namespace: infra-cert + namespace: infra-devops groupName: cert.dev.cm clusterIssuer: + # 此处需在部署后修改clusterIssuer # cnameStrategy: Follow staging: false email: admin@dev.cm @@ -22,12 +24,12 @@ spec: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: In - values: - - "true" + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: In + values: + - "true" tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" diff --git a/apps/cert-manager/helmchart.yaml b/apps/devops/cert-manager/helmchart.yaml similarity index 53% rename from apps/cert-manager/helmchart.yaml rename to apps/devops/cert-manager/helmchart.yaml index f4617fc..4aad904 100644 --- a/apps/cert-manager/helmchart.yaml +++ b/apps/devops/cert-manager/helmchart.yaml @@ -4,51 +4,51 @@ apiVersion: helm.cattle.io/v1 kind: HelmChart metadata: name: cert-manager - namespace: infra-cert + namespace: infra-devops spec: repo: https://charts.jetstack.io chart: cert-manager - targetNamespace: infra-cert + targetNamespace: infra-devops version: v1.14.4 valuesContent: |- affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: In - values: - - "true" + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: In + values: + - "true" tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" webhook: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: In - values: - - "true" + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: In + values: + - "true" tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" cainjector: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: In - values: - - "true" + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: In + values: + - "true" tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" \ No newline at end of file + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" \ No newline at end of file diff --git a/apps/gitea/configmap-custom.yaml b/apps/devops/gitea/configmap-custom.yaml similarity index 100% rename from apps/gitea/configmap-custom.yaml rename to apps/devops/gitea/configmap-custom.yaml diff --git a/apps/gitea/helmchart.yaml b/apps/devops/gitea/helmchart.yaml similarity index 54% rename from apps/gitea/helmchart.yaml rename to apps/devops/gitea/helmchart.yaml index 0e59b12..8a31733 100644 --- a/apps/gitea/helmchart.yaml +++ b/apps/devops/gitea/helmchart.yaml @@ -7,13 +7,35 @@ spec: repo: https://dl.gitea.com/charts chart: gitea targetNamespace: infra-devops + version: 10.1.4 valuesContent: |- + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + cnpg.io/cluster: cnpg-cluster-sh + role: primary + app.kubernetes.io/name: redis + app.kubernetes.io/component: master + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - homea + weight: 1 redis-cluster: enabled: false postgresql-ha: enabled: false image: - tag: 1.21.11 + tag: 1.22.0 gitea: config: APP_NAME: Git.dev.cm @@ -23,19 +45,20 @@ spec: ROOT_URL: https://git.dev.cm/ database: DB_TYPE: postgres - HOST: postgresql-ha-pgpool.infra-data:5432 + HOST: cnpg-cluster-sh-rw.infra-data:5432 NAME: gitea - USER: rohow - PASSWD: L#GRtTR2QuL@20pm6+c~ + USER: app + PASSWD: 6UeWq0EEQaP47eMjAt3hmmquGY3e6bqDanCeSKWDmLtLCuMe1TH0UGTKuaw2LfIO + SSL_MODE: disable session: PROVIDER: redis - PROVIDER_CONFIG: redis://:ribiPwYQNU6GWxCYR0Nj@redis-master.infra-data:6379/0 + PROVIDER_CONFIG: redis://:ribiPwYQNU6GWxCYR0Nj@redis-cluster-sh-master.infra-data:6379/0 cache: ADAPTER: redis - HOST: redis://:ribiPwYQNU6GWxCYR0Nj@redis-master.infra-data:6379/0?pool_size=100&idle_timeout=180s + HOST: redis://:ribiPwYQNU6GWxCYR0Nj@redis-cluster-sh-master.infra-data:6379/0?pool_size=100&idle_timeout=180s queue: TYPE: redis - CONN_STR: redis://:ribiPwYQNU6GWxCYR0Nj@redis-master.infra-data:6379/0 + CONN_STR: redis://:ribiPwYQNU6GWxCYR0Nj@redis-cluster-sh-master.infra-data:6379/0 repository: DEFAULT_REPO_UNITS: repo.code,repo.releases,repo.issues,repo.pulls service: diff --git a/apps/gitea/ingress-http.yaml b/apps/devops/gitea/ingress-http.yaml similarity index 100% rename from apps/gitea/ingress-http.yaml rename to apps/devops/gitea/ingress-http.yaml diff --git a/apps/gitea/loadbalancer-ssh.yaml b/apps/devops/gitea/loadbalancer-ssh.yaml similarity index 100% rename from apps/gitea/loadbalancer-ssh.yaml rename to apps/devops/gitea/loadbalancer-ssh.yaml diff --git a/apps/devops/namespaces.yaml b/apps/devops/namespaces.yaml new file mode 100644 index 0000000..fbf95ad --- /dev/null +++ b/apps/devops/namespaces.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: infra-devops \ No newline at end of file diff --git a/apps/kube/README.md b/apps/kube/README.md new file mode 100644 index 0000000..6fbed98 --- /dev/null +++ b/apps/kube/README.md @@ -0,0 +1,4 @@ +### path core中服务的节点亲和性 使他们只运行在master节点上 +```shell +kubectl patch -n kube-system deployment coredns --patch-file=apps/kube/patch-affinity.yaml +``` \ No newline at end of file diff --git a/core/coredns/configmap.yaml b/apps/kube/coredns/configmap.yaml similarity index 100% rename from core/coredns/configmap.yaml rename to apps/kube/coredns/configmap.yaml diff --git a/core/coredns/nodelocaldns.yaml b/apps/kube/coredns/nodelocaldns.yaml similarity index 100% rename from core/coredns/nodelocaldns.yaml rename to apps/kube/coredns/nodelocaldns.yaml diff --git a/core/patch-affinity.yaml b/apps/kube/patch-affinity.yaml similarity index 100% rename from core/patch-affinity.yaml rename to apps/kube/patch-affinity.yaml diff --git a/apps/crowdsec/helmchart.yaml b/apps/monitor/crowdsec/helmchart.yaml similarity index 86% rename from apps/crowdsec/helmchart.yaml rename to apps/monitor/crowdsec/helmchart.yaml index 5f8195e..e2253e7 100644 --- a/apps/crowdsec/helmchart.yaml +++ b/apps/monitor/crowdsec/helmchart.yaml @@ -7,6 +7,7 @@ spec: repo: https://crowdsecurity.github.io/helm-charts chart: crowdsec targetNamespace: infra-monitor + version: 0.10.0 valuesContent: |- container_runtime: containerd image: @@ -27,16 +28,16 @@ spec: program: nginx poll_without_inotify: true env: - - name: COLLECTIONS - value: "crowdsecurity/nginx" + - name: COLLECTIONS + value: "crowdsecurity/nginx" lapi: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - preference: + - preference: matchExpressions: - key: kubernetes.io/hostname operator: In values: - - alihka \ No newline at end of file + - alihka + weight: 1 \ No newline at end of file diff --git a/apps/monitor/namespaces.yaml b/apps/monitor/namespaces.yaml new file mode 100644 index 0000000..7ee144e --- /dev/null +++ b/apps/monitor/namespaces.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: infra-monitor \ No newline at end of file diff --git a/apps/namespaces.yaml b/apps/namespaces.yaml deleted file mode 100644 index a62f468..0000000 --- a/apps/namespaces.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: apps ---- -apiVersion: v1 -kind: Namespace -metadata: - name: infra-net ---- -apiVersion: v1 -kind: Namespace -metadata: - name: infra-data ---- -apiVersion: v1 -kind: Namespace -metadata: - name: infra-cert ---- -apiVersion: v1 -kind: Namespace -metadata: - name: infra-devops ---- -apiVersion: v1 -kind: Namespace -metadata: - name: infra-monitor \ No newline at end of file diff --git a/certs/certificate-dev-cm.yaml b/apps/net/certs/certificate-dev-cm.yaml similarity index 100% rename from certs/certificate-dev-cm.yaml rename to apps/net/certs/certificate-dev-cm.yaml diff --git a/certs/certificate-fillcode-com.yaml b/apps/net/certs/certificate-fillcode-com.yaml similarity index 100% rename from certs/certificate-fillcode-com.yaml rename to apps/net/certs/certificate-fillcode-com.yaml diff --git a/apps/net/namespaces.yaml b/apps/net/namespaces.yaml new file mode 100644 index 0000000..2957f6b --- /dev/null +++ b/apps/net/namespaces.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: infra-net \ No newline at end of file diff --git a/core/nginx/helmchart.yaml b/apps/net/nginx/helmchart.yaml similarity index 97% rename from core/nginx/helmchart.yaml rename to apps/net/nginx/helmchart.yaml index 738fd54..8acd134 100644 --- a/core/nginx/helmchart.yaml +++ b/apps/net/nginx/helmchart.yaml @@ -64,7 +64,7 @@ spec: - name: API_URL value: "http://crowdsec-service.infra-monitor.svc.cluster.local:8080" - name: API_KEY - value: "gISXV0a5N9oflSL4PCsfmDHjq+VNz0G6mRkMhuDZTvY" + value: "lkFoJuR7ZPFeaN97wM04EVTUH+icqiSEgXPBXteaMsE" - name: BOUNCER_CONFIG value: "/crowdsec/crowdsec-bouncer.conf" command: ['sh', '-c', "bash /docker_start.sh; mkdir -p /lua_plugins/crowdsec/; cp -R /crowdsec/* /lua_plugins/crowdsec/"] diff --git a/apps/local-service/todo.yaml b/apps/net/proxy/todo.yaml similarity index 100% rename from apps/local-service/todo.yaml rename to apps/net/proxy/todo.yaml diff --git a/apps/postgresql-ha/helmchart.yaml b/apps/postgresql-ha/helmchart.yaml deleted file mode 100644 index d79b77d..0000000 --- a/apps/postgresql-ha/helmchart.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: helm.cattle.io/v1 -kind: HelmChart -metadata: - name: postgresql-ha - namespace: infra-data -spec: - chart: oci://registry-1.docker.io/bitnamicharts/postgresql-ha - targetNamespace: infra-data - valuesContent: |- - postgresql: - image: - debug: false - username: rohow - password: L#GRtTR2QuL@20pm6+c~ - postgresPassword: L#GRtTR2QuL@20pm6+c~ - repmgrPassword: yAn0l2eiLw - nodeAffinityPreset: - type: "hard" - key: "topology.kubernetes.io/region" - values: - - "cn-sh" - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - pgpool: - image: - debug: false - adminPassword: wc8FVC55JX - nodeAffinityPreset: - type: "hard" - key: "topology.kubernetes.io/region" - values: - - "cn-sh" - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - diff --git a/core/README.md b/core/README.md deleted file mode 100644 index 4d3f232..0000000 --- a/core/README.md +++ /dev/null @@ -1,12 +0,0 @@ -### 调试 -```shell -kubectl run -i --tty --rm --restart=Never \ - --overrides='{"apiVersion": "v1", "spec": {"nodeSelector": {"kubernetes.io/hostname": "homea"}}}' \ - --image=busybox:1.28 \ - debug -- sh -``` - -### path core中服务的节点亲和性 使他们只运行在master节点上 -```shell -kubectl patch -n kube-system deployment coredns --patch-file=patch-affinity.yaml -``` \ No newline at end of file diff --git a/install/README.md b/install/README.md index bd7a3ff..73d3067 100644 --- a/install/README.md +++ b/install/README.md @@ -30,7 +30,7 @@ mkdir -p /etc/rancher/k3s && vim /etc/rancher/k3s/config.yaml ### 安装k3s 此处注意安装类型 是server 还是 agent ```shell curl -sfL https://get.k3s.io | \ - INSTALL_K3S_VERSION=v1.28.8+k3s1 \ + INSTALL_K3S_VERSION=v1.29.5+k3s1 \ INSTALL_K3S_MIRROR=cn \ sh -s - server ``` diff --git a/install/agent.config.yaml b/install/agent.config.yaml index 3023410..b79cf52 100644 --- a/install/agent.config.yaml +++ b/install/agent.config.yaml @@ -1,6 +1,6 @@ # worker 工作节点 server: "https://k3s.dev.cm:6443" -token: "K1012101b9ab5a404897d6a0530f9dac014b571b374251e3741c95fd74e86cee2e5::server:97760133590f01e7a94ab320dfdbfe96" +token: "K1010dd6f0853e824cfaf417117f31a0d797a738aa2d4b9d01cd5972a9b084c81a0::server:e4836f1f469315fadd5b12c07d7fb10e" # 网络相关 # 阿里云vps 需要添加 extraArgs=--netfilter-mode=off diff --git a/install/master.config.yaml b/install/master.config.yaml index 90d073a..a392cbc 100644 --- a/install/master.config.yaml +++ b/install/master.config.yaml @@ -1,6 +1,6 @@ # server 从节点 server: "https://tca:6443" -token: "K1012101b9ab5a404897d6a0530f9dac014b571b374251e3741c95fd74e86cee2e5::server:97760133590f01e7a94ab320dfdbfe96" +token: "K1010dd6f0853e824cfaf417117f31a0d797a738aa2d4b9d01cd5972a9b084c81a0::server:e4836f1f469315fadd5b12c07d7fb10e" tls-san: - "k3s.dev.cm,k3s.fillcode.com"