dev.cm/k3s
1
0
派生 0
代码 议题 拉取请求 活动

feat(init): 仓库重新初始化

浏览代码
这个提交包含在:
rohow
2024-06-03 11:23:10 +08:00
未验证
父节点 31f1336586
当前提交 7ec7c8744b
修改 33 个文件,包含 269 行新增136 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件
apps/README.md
+8
查看文件
@@ -1 +1,9 @@
### apps ### apps
### 调试
```shell
kubectl run -i --tty --rm --restart=Never \
--overrides='{"apiVersion": "v1", "spec": {"nodeSelector": {"kubernetes.io/hostname": "homea"}}}' \
--image=nicolaka/netshoot:latest \
debug -- sh
```
apps/data/cloudnative-pg/cnpg-cluster-sh.yaml
+20
查看文件
@@ -0,0 +1,20 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: cnpg-cluster-sh
namespace: infra-data
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: topology.kubernetes.io/region
operator: In
values:
- cn-sh
weight: 1
instances: 1
enableSuperuserAccess: true
storage:
size: 10Gi
apps/data/cloudnative-pg/helmchart.yaml
+24
查看文件
@@ -0,0 +1,24 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: cloudnative-pg
namespace: infra-data
spec:
repo: https://cloudnative-pg.github.io/charts
chart: cloudnative-pg
targetNamespace: infra-data
version: 0.21.4
valuesContent: |-
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/master
operator: In
values:
- "true"
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
apps/data/cloudnative-pg/loadbalancer-sh.yaml
+14
查看文件
@@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: cnpg-cluster-sh-lb
namespace: infra-data
spec:
selector:
cnpg.io/cluster: cnpg-cluster-sh
role: primary
ports:
- protocol: TCP
port: 65432
targetPort: 5432
type: LoadBalancer
apps/data/namespaces.yaml
+4
查看文件
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: infra-data
apps/data/postgresql-ha/configmap-pgpool-script.yaml
+15
查看文件
@@ -0,0 +1,15 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: postgresql-ha-pgpool-script
namespace: infra-data
data:
latency_test.sh: |-
#!/bin/bash
install_packages ping
# 读取环境变量
nodes=$PGPOOL_BACKEND_NODES
echo $nodes
apps/data/postgresql-ha/helmchart.yaml
+85
查看文件
@@ -0,0 +1,85 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: postgresql-ha
namespace: infra-data
spec:
chart: oci://registry-1.docker.io/bitnamicharts/postgresql-ha
targetNamespace: infra-data
version: 14.0.12
valuesContent: |-
diagnosticMode:
enabled: false
postgresql:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: postgresql-ha
app.kubernetes.io/component: postgresql
topologyKey: kubernetes.io/hostname
weight: 1
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: postgresql-ha
app.kubernetes.io/component: postgresql
topologyKey: topology.kubernetes.io/region
weight: 1
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
image:
debug: true
username: rohow
password: L#GRtTR2QuL@20pm6+c~
postgresPassword: L#GRtTR2QuL@20pm6+c~
repmgrPassword: yAn0l2eiLw
pgpool:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: postgresql-ha
app.kubernetes.io/component: pgpool
topologyKey: kubernetes.io/hostname
weight: 1
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: postgresql-ha
app.kubernetes.io/component: pgpool
topologyKey: topology.kubernetes.io/region
weight: 1
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: postgresql-ha
app.kubernetes.io/component: pgpool
topologyKey: kubernetes.io/hostname
weight: 1
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
replicaCount: 1
containerSecurityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
privileged: true
allowPrivilegeEscalation: true
image:
debug: true
adminPassword: wc8FVC55JX
volumePermissions:
enabled: true
apps/postgresql-ha/loadbalancer.yaml → apps/data/postgresql-ha/loadbalancer.yaml
+1 -1
查看文件
@@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: postgresql-ha name: postgresql-ha-lb
namespace: infra-data namespace: infra-data
spec: spec:
selector: selector:
apps/redis/helmchart.yaml → apps/data/redis/helmchart.yaml
+2 -1
查看文件
@@ -1,11 +1,12 @@
apiVersion: helm.cattle.io/v1 apiVersion: helm.cattle.io/v1
kind: HelmChart kind: HelmChart
metadata: metadata:
name: redis name: redis-cluster-sh
namespace: infra-data namespace: infra-data
spec: spec:
chart: oci://registry-1.docker.io/bitnamicharts/redis chart: oci://registry-1.docker.io/bitnamicharts/redis
targetNamespace: infra-data targetNamespace: infra-data
version: 19.1.0
valuesContent: |- valuesContent: |-
global: global:
redis: redis:
apps/cert-manager/helmchart-dnspod.yaml → apps/devops/cert-manager/helmchart-dnspod.yaml
+14 -12
查看文件
@@ -3,16 +3,18 @@ apiVersion: helm.cattle.io/v1
kind: HelmChart kind: HelmChart
metadata: metadata:
name: cert-manager-webhook-dnspod name: cert-manager-webhook-dnspod
namespace: infra-cert namespace: infra-devops
spec: spec:
chart: oci://registry-1.docker.io/imroc/cert-manager-webhook-dnspod chart: oci://registry-1.docker.io/imroc/cert-manager-webhook-dnspod
targetNamespace: infra-cert targetNamespace: infra-devops
version: 1.4.5
valuesContent: |- valuesContent: |-
namespace: infra-cert namespace: infra-devops
certManager: certManager:
namespace: infra-cert namespace: infra-devops
groupName: cert.dev.cm groupName: cert.dev.cm
clusterIssuer: clusterIssuer:
# 此处需在部署后修改clusterIssuer
# cnameStrategy: Follow # cnameStrategy: Follow
staging: false staging: false
email: admin@dev.cm email: admin@dev.cm
@@ -22,12 +24,12 @@ spec:
nodeAffinity: nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms: nodeSelectorTerms:
- matchExpressions: - matchExpressions:
- key: node-role.kubernetes.io/master - key: node-role.kubernetes.io/master
operator: In operator: In
values: values:
- "true" - "true"
tolerations: tolerations:
- key: "node-role.kubernetes.io/master" - key: "node-role.kubernetes.io/master"
operator: "Exists" operator: "Exists"
effect: "NoSchedule" effect: "NoSchedule"
apps/cert-manager/helmchart.yaml → apps/devops/cert-manager/helmchart.yaml
+26 -26
查看文件
@@ -4,51 +4,51 @@ apiVersion: helm.cattle.io/v1
kind: HelmChart kind: HelmChart
metadata: metadata:
name: cert-manager name: cert-manager
namespace: infra-cert namespace: infra-devops
spec: spec:
repo: https://charts.jetstack.io repo: https://charts.jetstack.io
chart: cert-manager chart: cert-manager
targetNamespace: infra-cert targetNamespace: infra-devops
version: v1.14.4 version: v1.14.4
valuesContent: |- valuesContent: |-
affinity: affinity:
nodeAffinity: nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms: nodeSelectorTerms:
- matchExpressions: - matchExpressions:
- key: node-role.kubernetes.io/master - key: node-role.kubernetes.io/master
operator: In operator: In
values: values:
- "true" - "true"
tolerations: tolerations:
- key: "node-role.kubernetes.io/master" - key: "node-role.kubernetes.io/master"
operator: "Exists" operator: "Exists"
effect: "NoSchedule" effect: "NoSchedule"
webhook: webhook:
affinity: affinity:
nodeAffinity: nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms: nodeSelectorTerms:
- matchExpressions: - matchExpressions:
- key: node-role.kubernetes.io/master - key: node-role.kubernetes.io/master
operator: In operator: In
values: values:
- "true" - "true"
tolerations: tolerations:
- key: "node-role.kubernetes.io/master" - key: "node-role.kubernetes.io/master"
operator: "Exists" operator: "Exists"
effect: "NoSchedule" effect: "NoSchedule"
cainjector: cainjector:
affinity: affinity:
nodeAffinity: nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms: nodeSelectorTerms:
- matchExpressions: - matchExpressions:
- key: node-role.kubernetes.io/master - key: node-role.kubernetes.io/master
operator: In operator: In
values: values:
- "true" - "true"
tolerations: tolerations:
- key: "node-role.kubernetes.io/master" - key: "node-role.kubernetes.io/master"
operator: "Exists" operator: "Exists"
effect: "NoSchedule" effect: "NoSchedule"
apps/gitea/configmap-custom.yaml → apps/devops/gitea/configmap-custom.yaml
查看文件
apps/gitea/helmchart.yaml → apps/devops/gitea/helmchart.yaml
+30 -7
查看文件
@@ -7,13 +7,35 @@ spec:
repo: https://dl.gitea.com/charts repo: https://dl.gitea.com/charts
chart: gitea chart: gitea
targetNamespace: infra-devops targetNamespace: infra-devops
version: 10.1.4
valuesContent: |- valuesContent: |-
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
cnpg.io/cluster: cnpg-cluster-sh
role: primary
app.kubernetes.io/name: redis
app.kubernetes.io/component: master
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- homea
weight: 1
redis-cluster: redis-cluster:
enabled: false enabled: false
postgresql-ha: postgresql-ha:
enabled: false enabled: false
image: image:
tag: 1.21.11 tag: 1.22.0
gitea: gitea:
config: config:
APP_NAME: Git.dev.cm APP_NAME: Git.dev.cm
@@ -23,19 +45,20 @@ spec:
ROOT_URL: https://git.dev.cm/ ROOT_URL: https://git.dev.cm/
database: database:
DB_TYPE: postgres DB_TYPE: postgres
HOST: postgresql-ha-pgpool.infra-data:5432 HOST: cnpg-cluster-sh-rw.infra-data:5432
NAME: gitea NAME: gitea
USER: rohow USER: app
PASSWD: L#GRtTR2QuL@20pm6+c~ PASSWD: 6UeWq0EEQaP47eMjAt3hmmquGY3e6bqDanCeSKWDmLtLCuMe1TH0UGTKuaw2LfIO
SSL_MODE: disable
session: session:
PROVIDER: redis PROVIDER: redis
PROVIDER_CONFIG: redis://:ribiPwYQNU6GWxCYR0Nj@redis-master.infra-data:6379/0 PROVIDER_CONFIG: redis://:ribiPwYQNU6GWxCYR0Nj@redis-cluster-sh-master.infra-data:6379/0
cache: cache:
ADAPTER: redis ADAPTER: redis
HOST: redis://:ribiPwYQNU6GWxCYR0Nj@redis-master.infra-data:6379/0?pool_size=100&idle_timeout=180s HOST: redis://:ribiPwYQNU6GWxCYR0Nj@redis-cluster-sh-master.infra-data:6379/0?pool_size=100&idle_timeout=180s
queue: queue:
TYPE: redis TYPE: redis
CONN_STR: redis://:ribiPwYQNU6GWxCYR0Nj@redis-master.infra-data:6379/0 CONN_STR: redis://:ribiPwYQNU6GWxCYR0Nj@redis-cluster-sh-master.infra-data:6379/0
repository: repository:
DEFAULT_REPO_UNITS: repo.code,repo.releases,repo.issues,repo.pulls DEFAULT_REPO_UNITS: repo.code,repo.releases,repo.issues,repo.pulls
service: service:
apps/gitea/ingress-http.yaml → apps/devops/gitea/ingress-http.yaml
查看文件
apps/gitea/loadbalancer-ssh.yaml → apps/devops/gitea/loadbalancer-ssh.yaml
查看文件
apps/devops/namespaces.yaml
+4
查看文件
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: infra-devops
apps/kube/README.md
+4
查看文件
@@ -0,0 +1,4 @@
### path core中服务的节点亲和性 使他们只运行在master节点上
```shell
kubectl patch -n kube-system deployment coredns --patch-file=apps/kube/patch-affinity.yaml
```
core/coredns/configmap.yaml → apps/kube/coredns/configmap.yaml
查看文件
core/coredns/nodelocaldns.yaml → apps/kube/coredns/nodelocaldns.yaml
查看文件
core/patch-affinity.yaml → apps/kube/patch-affinity.yaml
查看文件
apps/crowdsec/helmchart.yaml → apps/monitor/crowdsec/helmchart.yaml
+6 -5
查看文件
@@ -7,6 +7,7 @@ spec:
repo: https://crowdsecurity.github.io/helm-charts repo: https://crowdsecurity.github.io/helm-charts
chart: crowdsec chart: crowdsec
targetNamespace: infra-monitor targetNamespace: infra-monitor
version: 0.10.0
valuesContent: |- valuesContent: |-
container_runtime: containerd container_runtime: containerd
image: image:
@@ -27,16 +28,16 @@ spec:
program: nginx program: nginx
poll_without_inotify: true poll_without_inotify: true
env: env:
- name: COLLECTIONS - name: COLLECTIONS
value: "crowdsecurity/nginx" value: "crowdsecurity/nginx"
lapi: lapi:
affinity: affinity:
nodeAffinity: nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution: preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1 - preference:
preference:
matchExpressions: matchExpressions:
- key: kubernetes.io/hostname - key: kubernetes.io/hostname
operator: In operator: In
values: values:
- alihka - alihka
weight: 1
apps/monitor/namespaces.yaml
+4
查看文件
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: infra-monitor
apps/namespaces.yaml
-29
查看文件
@@ -1,29 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: apps
---
apiVersion: v1
kind: Namespace
metadata:
name: infra-net
---
apiVersion: v1
kind: Namespace
metadata:
name: infra-data
---
apiVersion: v1
kind: Namespace
metadata:
name: infra-cert
---
apiVersion: v1
kind: Namespace
metadata:
name: infra-devops
---
apiVersion: v1
kind: Namespace
metadata:
name: infra-monitor
certs/certificate-dev-cm.yaml → apps/net/certs/certificate-dev-cm.yaml
查看文件
certs/certificate-fillcode-com.yaml → apps/net/certs/certificate-fillcode-com.yaml
查看文件
apps/net/namespaces.yaml
+4
查看文件
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: infra-net
core/nginx/helmchart.yaml → apps/net/nginx/helmchart.yaml
+1 -1
查看文件
@@ -64,7 +64,7 @@ spec:
- name: API_URL - name: API_URL
value: "http://crowdsec-service.infra-monitor.svc.cluster.local:8080" value: "http://crowdsec-service.infra-monitor.svc.cluster.local:8080"
- name: API_KEY - name: API_KEY
value: "gISXV0a5N9oflSL4PCsfmDHjq+VNz0G6mRkMhuDZTvY" value: "lkFoJuR7ZPFeaN97wM04EVTUH+icqiSEgXPBXteaMsE"
- name: BOUNCER_CONFIG - name: BOUNCER_CONFIG
value: "/crowdsec/crowdsec-bouncer.conf" value: "/crowdsec/crowdsec-bouncer.conf"
command: ['sh', '-c', "bash /docker_start.sh; mkdir -p /lua_plugins/crowdsec/; cp -R /crowdsec/* /lua_plugins/crowdsec/"] command: ['sh', '-c', "bash /docker_start.sh; mkdir -p /lua_plugins/crowdsec/; cp -R /crowdsec/* /lua_plugins/crowdsec/"]
apps/local-service/todo.yaml → apps/net/proxy/todo.yaml
查看文件
apps/postgresql-ha/helmchart.yaml
-39
查看文件
@@ -1,39 +0,0 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: postgresql-ha
namespace: infra-data
spec:
chart: oci://registry-1.docker.io/bitnamicharts/postgresql-ha
targetNamespace: infra-data
valuesContent: |-
postgresql:
image:
debug: false
username: rohow
password: L#GRtTR2QuL@20pm6+c~
postgresPassword: L#GRtTR2QuL@20pm6+c~
repmgrPassword: yAn0l2eiLw
nodeAffinityPreset:
type: "hard"
key: "topology.kubernetes.io/region"
values:
- "cn-sh"
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
pgpool:
image:
debug: false
adminPassword: wc8FVC55JX
nodeAffinityPreset:
type: "hard"
key: "topology.kubernetes.io/region"
values:
- "cn-sh"
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
core/README.md
-12
查看文件
@@ -1,12 +0,0 @@
### 调试
```shell
kubectl run -i --tty --rm --restart=Never \
--overrides='{"apiVersion": "v1", "spec": {"nodeSelector": {"kubernetes.io/hostname": "homea"}}}' \
--image=busybox:1.28 \
debug -- sh
```
### path core中服务的节点亲和性 使他们只运行在master节点上
```shell
kubectl patch -n kube-system deployment coredns --patch-file=patch-affinity.yaml
```
install/README.md
+1 -1
查看文件
@@ -30,7 +30,7 @@ mkdir -p /etc/rancher/k3s && vim /etc/rancher/k3s/config.yaml
### 安装k3s 此处注意安装类型 是server 还是 agent ### 安装k3s 此处注意安装类型 是server 还是 agent
```shell ```shell
curl -sfL https://get.k3s.io | \ curl -sfL https://get.k3s.io | \
INSTALL_K3S_VERSION=v1.28.8+k3s1 \ INSTALL_K3S_VERSION=v1.29.5+k3s1 \
INSTALL_K3S_MIRROR=cn \ INSTALL_K3S_MIRROR=cn \
sh -s - server sh -s - server
``` ```
install/agent.config.yaml
+1 -1
查看文件
@@ -1,6 +1,6 @@
# worker 工作节点 # worker 工作节点
server: "https://k3s.dev.cm:6443" server: "https://k3s.dev.cm:6443"
token: "K1012101b9ab5a404897d6a0530f9dac014b571b374251e3741c95fd74e86cee2e5::server:97760133590f01e7a94ab320dfdbfe96" token: "K1010dd6f0853e824cfaf417117f31a0d797a738aa2d4b9d01cd5972a9b084c81a0::server:e4836f1f469315fadd5b12c07d7fb10e"
# 网络相关 # 网络相关
# 阿里云vps 需要添加 extraArgs=--netfilter-mode=off # 阿里云vps 需要添加 extraArgs=--netfilter-mode=off
install/master.config.yaml
+1 -1
查看文件
@@ -1,6 +1,6 @@
# server 从节点 # server 从节点
server: "https://tca:6443" server: "https://tca:6443"
token: "K1012101b9ab5a404897d6a0530f9dac014b571b374251e3741c95fd74e86cee2e5::server:97760133590f01e7a94ab320dfdbfe96" token: "K1010dd6f0853e824cfaf417117f31a0d797a738aa2d4b9d01cd5972a9b084c81a0::server:e4836f1f469315fadd5b12c07d7fb10e"
tls-san: tls-san:
- "k3s.dev.cm,k3s.fillcode.com" - "k3s.dev.cm,k3s.fillcode.com"