ycz
/
OKR
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add toc

main
ycz 2024-10-12 18:16:54 +08:00
parent 37bf895dd4
commit 36aa7137c3
15 changed files with 1685 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

191
toc-upgrade/elastic/elastic.yaml Normal file
View File

@ -0,0 +1,191 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: elastic-tcs-0
spec:
storageClassName: elastic-tcs
capacity:
storage: 30Gi
accessModes:
- ReadWriteOnce
local:
path: /data/elastic-tcs/es_data
claimRef:
kind: PersistentVolumeClaim
namespace: tcs
name: elastic-tcs-elastic-0
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- bfs-k8snode-10-2-1-14.hetzner.base.drillinsight.com
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: elastic-tcs-1
spec:
storageClassName: elastic-tcs
capacity:
storage: 30Gi
accessModes:
- ReadWriteOnce
local:
path: /data/elastic-tcs/es_data
claimRef:
kind: PersistentVolumeClaim
namespace:
name: elastic-tcs-elastic-1
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- bfs-k8snode-10-2-1-15.hetzner.base.drillinsight.com
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: elastic-tcs-2
spec:
storageClassName: elastic-tcs
capacity:
storage: 30Gi
accessModes:
- ReadWriteOnce
local:
path: /data/elastic-tcs/es_data
claimRef:
kind: PersistentVolumeClaim
namespace: tcs
name: elastic-tcs-elastic-2
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- bfs-k8snode-10-2-1-16.hetzner.base.drillinsight.com
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: elastic
spec:
serviceName: elastic
replicas: 3
selector:
matchLabels:
app: elastic
template:
metadata:
labels:
app: elastic
spec:
securityContext:
fsGroup: 100
nodeSelector:
app.kubernetes.io/name: tcs
initContainers:
- name: init
image: busybox
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c", "sysctl -w vm.max_map_count=262144;chown -R 1000:1000 /usr/share/elasticsearch/data"]
securityContext:
privileged: true
volumeMounts:
- name: elastic-tcs
mountPath: /usr/share/elasticsearch/data
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:7.16.3
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9200
name: restful
- containerPort: 9300
name: transport
env:
- name: cluster.name
value: bfs-elastic-tcs-1
- name: network.host
value: 0.0.0.0
- name: node.name
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: discovery.seed_hosts
value: "elastic-0.elastic,elastic-1.elastic,elastic-2.elastic"
- name: cluster.initial_master_nodes
value: "elastic-0,elastic-1,elastic-2"
- name: xpack.security.enabled
value: "false"
- name: xpack.monitoring.collection.enabled
value: "false"
- name: ES_JAVA_OPTS
value: "-Xms2048m -Xmx2048m"
- name: ELASTIC_PASSWORD
value: "changeme"
resources:
limits:
cpu: 2
memory: 8Gi
requests:
cpu: 100m
memory: 512Mi
volumeMounts:
- name: elastic-tcs
mountPath: /usr/share/elasticsearch/data
volumeClaimTemplates:
- metadata:
name: elastic-tcs
spec:
accessModes: ['ReadWriteOnce']
storageClassName: "elastic-tcs"
resources:
requests:
storage: 30Gi
---
apiVersion: v1
kind: Service
metadata:
name: elastic-internel
labels:
app: elastic
spec:
ports:
- name: restful
port: 9200
targetPort: 9200
type: ClusterIP
selector:
app: elastic
---
apiVersion: v1
kind: Service
metadata:
name: elastic
labels:
app: elastic
spec:
ports:
- name: restful
port: 9200
- name: transport
port: 9300
clusterIP: None
selector:
app: elastic

215
toc-upgrade/elastic/filebeat.yaml Normal file
View File

@ -0,0 +1,215 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
namespace: kube-system
labels:
k8s-app: filebeat
data:
filebeat.yml: |-
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
# To enable hints based autodiscover, remove `filebeat.inputs` configuration and uncomment this:
filebeat.autodiscover:
providers:
- type: kubernetes
node: ${NODE_NAME}
hints.enabled: true
# hints.default_config:
# type: container
# paths:
# - /var/log/containers/*${data.kubernetes.container.id}.log
processors:
- add_cloud_metadata: ~
- drop_fields:
fields: ["ecs","agent","@version"]
filebeat.inputs:
- type: log
paths:
- /data/app_logs/*/*/logstash/*.log
json.keys_under_root: true
tags: ['json']
#All data to indexed to Elasticsearch
output.kafka:
hosts: ["10.2.0.12:30002","10.2.0.12:30003","10.2.0.12:30004"]
topic: 'logback-tcs-1'
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: filebeat
namespace: kube-system
labels:
k8s-app: filebeat
spec:
selector:
matchLabels:
k8s-app: filebeat
template:
metadata:
labels:
k8s-app: filebeat
spec:
serviceAccountName: filebeat
terminationGracePeriodSeconds: 30
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: filebeat
image: docker.elastic.co/beats/filebeat:7.16.3
args: [
"-c", "/etc/filebeat.yml",
"-e",
]
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
securityContext:
runAsUser: 0
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 10m
memory: 64Mi
volumeMounts:
- name: config
mountPath: /etc/filebeat.yml
readOnly: true
subPath: filebeat.yml
- name: data
mountPath: /usr/share/filebeat/data
- name: app-logs
mountPath: /data/app_logs
readOnly: true
volumes:
- name: config
configMap:
defaultMode: 0640
name: filebeat-config
- name: app-logs
hostPath:
path: /data/app_logs
- name: data
hostPath:
# When filebeat runs as non-root user, this directory needs to be writable by group (g+w).
path: /var/lib/filebeat-data
type: DirectoryOrCreate
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: filebeat
subjects:
- kind: ServiceAccount
name: filebeat
namespace: kube-system
roleRef:
kind: ClusterRole
name: filebeat
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: filebeat
namespace: kube-system
subjects:
- kind: ServiceAccount
name: filebeat
namespace: kube-system
roleRef:
kind: Role
name: filebeat
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: filebeat-kubeadm-config
namespace: kube-system
subjects:
- kind: ServiceAccount
name: filebeat
namespace: kube-system
roleRef:
kind: Role
name: filebeat-kubeadm-config
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: filebeat
labels:
k8s-app: filebeat
rules:
- apiGroups: [""] # "" indicates the core API group
resources:
- namespaces
- pods
- nodes
verbs:
- get
- watch
- list
- apiGroups: ["apps"]
resources:
- replicasets
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: filebeat
# should be the namespace where filebeat is running
namespace: kube-system
labels:
k8s-app: filebeat
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs: ["get", "create", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: filebeat-kubeadm-config
namespace: kube-system
labels:
k8s-app: filebeat
rules:
- apiGroups: [""]
resources:
- configmaps
resourceNames:
- kubeadm-config
verbs: ["get"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: filebeat
namespace: kube-system
labels:
k8s-app: filebeat

80
toc-upgrade/elastic/kibana.yaml Normal file
View File

@ -0,0 +1,80 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: kibana-config
data:
kibana.yml: |-
server.name: kibana
server.host: 0.0.0.0
server.publicBaseUrl: http://kibana-tcs.drillinsight.com
elasticsearch.hosts: [ "http://elastic:9200" ]
node.options: |-
--max-old-space-size=4096
--unhandled-rejections=warn
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kibana
labels:
app: kibana
spec:
replicas: 1
selector:
matchLabels:
app: kibana
template:
metadata:
labels:
app: kibana
spec:
containers:
- name: kibana
image: docker.elastic.co/kibana/kibana:7.16.3
ports:
- containerPort: 5601
resources:
requests:
cpu: 100m
memory: 512Mi
limits:
cpu: 2
memory: 4Gi
volumeMounts:
- name: config
mountPath: /usr/share/kibana/config/kibana.yml
subPath: kibana.yml
readOnly: true
- name: node-options
mountPath: /usr/share/kibana/config/node.options
subPath: node.options
readOnly: true
volumes:
- name: config
configMap:
name: kibana-config
items:
- key: kibana.yml
path: kibana.yml
- name: node-options
configMap:
name: kibana-config
items:
- key: node.options
path: node.options
---
apiVersion: v1
kind: Service
metadata:
name: kibana
labels:
app: kibana
spec:
ports:
- port: 5601
targetPort: 5601
selector:
app: kibana
type: ClusterIP

97
toc-upgrade/elastic/logstash.yaml Normal file
View File

@ -0,0 +1,97 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: logstash-config
data:
logstash.conf: |-
input {
beats {
port => 5044
}
}
filter {
if [tags][json] {
json {
source => "message"
}
}
mutate {
split => { "[log][file][path]" => "/" }
add_field => { "env" => "%{[log][file][path][3]}" }
}
}
output {
# stdout { codec => rubydebug }
elasticsearch {
hosts => ["http://elastic:9200"]
index => "%{[env]}-logback-1-%{+YYYY.MM.dd}"
}
}
logstash.yml: |-
http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "http://elastic:9200" ]
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: logstash
labels:
app: logstash
spec:
replicas: 1
selector:
matchLabels:
app: logstash
template:
metadata:
labels:
app: logstash
spec:
containers:
- name: logstash
image: docker.elastic.co/logstash/logstash:7.16.3
ports:
- containerPort: 5044
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 1
memory: 1Gi
volumeMounts:
- name: config
mountPath: /usr/share/logstash/pipeline/logstash.conf
subPath: logstash.conf
readOnly: true
- name: config
mountPath: /usr/share/logstash/config/logstash.yml
subPath: logstash.yml
readOnly: true
volumes:
- name: config
configMap:
name: logstash-config
items:
- key: logstash.conf
path: logstash.conf
- key: logstash.yml
path: logstash.yml
---
apiVersion: v1
kind: Service
metadata:
name: logstash
labels:
app: logstash
spec:
ports:
- port: 5044
targetPort: 5044
selector:
app: logstash
type: ClusterIP

8
toc-upgrade/elastic/storage.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: elastic-tcs
provisioner: openebs.io/local
allowVolumeExpansion: true
volumeBindingMode: WaitForFirstConsumer

156
toc-upgrade/jenkins/jenkins.yaml Normal file
View File

@ -0,0 +1,156 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: jenkins-admin
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins-admin
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jenkins-admin
subjects:
- kind: ServiceAccount
name: jenkins-admin
# ref: ServiceAccount
namespace: base
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jenkins-pvc
spec:
storageClassName: local-storage
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 3Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: jenkins-pv
labels:
type: local
spec:
storageClassName: local-storage
claimRef:
name: jenkins-pvc
# ref: PersistentVolumeClaim
namespace: base
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
local:
path: /data/jenkins
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- bfs-k8snode-10-2-1-14.hetzner.base.drillinsight.com
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
app: jenkins
template:
metadata:
labels:
app: jenkins
spec:
securityContext:
fsGroup: 1000
runAsUser: 1000
serviceAccountName: jenkins-admin
containers:
- name: jenkins
image: jenkins/jenkins:2.433
resources:
limits:
memory: "2Gi"
cpu: "1000m"
requests:
memory: "500Mi"
cpu: "500m"
ports:
- name: httpport
containerPort: 8080
- name: jnlpport
containerPort: 50000
livenessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 90
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
readinessProbe:
httpGet:
path: "/login"
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
volumeMounts:
- name: jenkins-data
mountPath: /var/jenkins_home
volumes:
- name: jenkins-data
persistentVolumeClaim:
claimName: jenkins-pvc
---
apiVersion: v1
kind: Service
metadata:
name: jenkins
annotations:
prometheus.io/scrape: 'true'
prometheus.io/path: /
prometheus.io/port: '8080'
spec:
selector:
app: jenkins
ports:
- port: 8080
targetPort: 8080
nodePort: 30080
type: NodePort

102
toc-upgrade/kafka/akhq.yaml Normal file
View File

@ -0,0 +1,102 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: akhq-config
data:
application.yml: |
micronaut:
security:
enabled: true
token:
jwt:
signatures:
secret:
generator:
secret: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjpbeyJ0b29sdHQiOiJodHRwczovL3Rvb2x0dC5jb20ifV0sImlhdCI6MTY4NTY4OTU1MiwiZXhwIjoyNTM3NjI1NTk5LCJhdWQiOiIiLCJpc3MiOiJzbWFsbGtvdWRhaSIsInN1YiI6IiJ9.mKw9nKRhQimdaNtMWLHT9TqIn2-iIcZR4txgy8z07xQ
akhq:
security:
default-group: no-roles
basic-auth:
- username: admin
password: "$2a$10$zBr9YyaCto68TJ.aYsP8/eQXHm5MqJUULRm0OpzEOowhmG2Pjv2ry"
passwordHash: BCRYPT
groups:
- admin
connections:
kafka-cluster:
properties:
bootstrap.servers: "kafka.base.svc.cluster.local:9092"
schema-registry:
url: "http://schemaregistry.base.svc.cluster.local:8081"
type: "confluent"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: akhq
spec:
replicas: 1
selector:
matchLabels:
app: akhq
template:
metadata:
labels:
app: akhq
spec:
containers:
- name: akhq
image: tchiotludo/akhq
env:
- name: MICRONAUT_CONFIG_FILES
value: /app/application.yml
ports:
- name: http
containerPort: 8080
protocol: TCP
- name: management
containerPort: 28081
protocol: TCP
volumeMounts:
- name: config
mountPath: /app/application.yml
subPath: application.yml
livenessProbe:
httpGet:
path: /health
port: management
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: management
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
resources: {}
volumes:
- name: config
configMap:
name: akhq-config
---
apiVersion: v1
kind: Service
metadata:
name: akhq
spec:
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 8080
targetPort: http
selector:
app: akhq

107
toc-upgrade/kafka/kafka.yaml Normal file
View File

@ -0,0 +1,107 @@
---
apiVersion: platform.confluent.io/v1beta1
kind: Zookeeper
metadata:
name: zookeeper
spec:
replicas: 3
oneReplicaPerNode: true
configOverrides:
jvm:
- "-Xmx256m"
podTemplate:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- mq
image:
application: confluentinc/cp-zookeeper:7.4.0
init: confluentinc/confluent-init-container:2.6.0
dataVolumeCapacity: 10Gi
logVolumeCapacity: 10Gi
storageClass:
name: tcs-kafka
---
apiVersion: platform.confluent.io/v1beta1
kind: Kafka
metadata:
name: kafka
spec:
replicas: 3
oneReplicaPerNode: true
configOverrides:
server:
- auto.create.topics.enable=true
- default.replication.factor=3
jvm:
- "-Xmx512m"
podTemplate:
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "4G"
cpu: "1"
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- mq
image:
application: confluentinc/cp-server:7.4.0
init: confluentinc/confluent-init-container:2.6.0
dataVolumeCapacity: 20Gi
storageClass:
name: tcs-kafka
metricReporter:
enabled: true
listeners:
external:
externalAccess:
type: nodePort
nodePort:
host: kafka-tcs.drillinsight.com
nodePortOffset: 30001
# dependencies:
# 多个kakfa集群复用zk
# zookeeper:
# endpoint: zookeeper.common.svc.cluster.local:2181
---
apiVersion: platform.confluent.io/v1beta1
kind: SchemaRegistry
metadata:
name: schemaregistry
spec:
replicas: 3
oneReplicaPerNode: true
configOverrides:
jvm:
- "-Xmx256m"
podTemplate:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- mq
image:
application: confluentinc/cp-schema-registry:7.4.0
init: confluentinc/confluent-init-container:2.6.0
externalAccess:
type: nodePort
nodePort:
host: kafka-tcs.drillinsight.com
nodePortOffset: 30005

9
toc-upgrade/kafka/storage.yaml Normal file
View File

@ -0,0 +1,9 @@
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: tcs-kafka
provisioner: openebs.io/local
reclaimPolicy: Retain
allowVolumeExpansion: true
volumeBindingMode: WaitForFirstConsumer

234
toc-upgrade/kubesphere/k8scluster.yaml Normal file
View File

@ -0,0 +1,234 @@
apiVersion: kubekey.kubesphere.io/v1alpha2
kind: Cluster
metadata:
name: bfs-k8scluster-1
spec:
hosts:
- {name: bfs-k8smaster-10-2-1-11.hetzner.base.drillinsight.com, address: 10.2.1.11, internalAddress: 10.2.1.11, privateKeyPath: "~/.ssh/bfs-ed25519"}
- {name: bfs-k8smaster-10-2-1-12.hetzner.base.drillinsight.com, address: 10.2.1.12, internalAddress: 10.2.1.12, privateKeyPath: "~/.ssh/bfs-ed25519"}
- {name: bfs-k8smaster-10-2-1-13.hetzner.base.drillinsight.com, address: 10.2.1.13, internalAddress: 10.2.1.13, privateKeyPath: "~/.ssh/bfs-ed25519"}
- {name: bfs-k8snode-10-2-1-14.hetzner.base.drillinsight.com, address: 10.2.1.5, internalAddress: 10.2.1.5, privateKeyPath: "~/.ssh/bfs-ed25519"}
- {name: bfs-k8snode-10-2-1-15.hetzner.base.drillinsight.com, address: 10.2.1.6, internalAddress: 10.2.1.6, privateKeyPath: "~/.ssh/bfs-ed25519"}
- {name: bfs-k8snode-10-2-1-16.hetzner.base.drillinsight.com, address: 10.2.1.7, internalAddress: 10.2.1.7, privateKeyPath: "~/.ssh/bfs-ed25519"}
- {name: bfs-k8snode-10-2-1-17.hetzner.base.drillinsight.com, address: 10.2.1.8, internalAddress: 10.2.1.8, privateKeyPath: "~/.ssh/bfs-ed25519"}
- {name: bfs-k8snode-10-2-1-18.hetzner.base.drillinsight.com, address: 10.2.1.9, internalAddress: 10.2.1.9, privateKeyPath: "~/.ssh/bfs-ed25519"}
- {name: bfs-k8snode-10-2-1-19.hetzner.base.drillinsight.com, address: 10.2.1.10, internalAddress: 10.2.1.10, privateKeyPath: "~/.ssh/bfs-ed25519"}
roleGroups:
etcd:
- bfs-k8smaster-10-2-1-11.hetzner.base.drillinsight.com
- bfs-k8smaster-10-2-1-12.hetzner.base.drillinsight.com
- bfs-k8smaster-10-2-1-13.hetzner.base.drillinsight.com
control-plane:
- bfs-k8smaster-10-2-1-11.hetzner.base.drillinsight.com
- bfs-k8smaster-10-2-1-12.hetzner.base.drillinsight.com
- bfs-k8smaster-10-2-1-13.hetzner.base.drillinsight.com
worker:
- bfs-k8snode-10-2-1-14.hetzner.base.drillinsight.com
- bfs-k8snode-10-2-1-15.hetzner.base.drillinsight.com
- bfs-k8snode-10-2-1-16.hetzner.base.drillinsight.com
- bfs-k8snode-10-2-1-17.hetzner.base.drillinsight.com
- bfs-k8snode-10-2-1-18.hetzner.base.drillinsight.com
- bfs-k8snode-10-2-1-19.hetzner.base.drillinsight.com
controlPlaneEndpoint:
## Internal loadbalancer for apiservers
# internalLoadbalancer: haproxy
domain: tcs-k8slb.drillinsight.com
address: "10.2.1.99"
port: 6443
kubernetes:
version: v1.23.12
clusterName: cluster.local
autoRenewCerts: true
containerManager: docker
etcd:
type: kubekey
network:
plugin: calico
kubePodsCIDR: 10.233.64.0/18
kubeServiceCIDR: 10.233.0.0/18
## multus support. https://github.com/k8snetworkplumbingwg/multus-cni
multusCNI:
enabled: false
registry:
privateRegistry: ""
namespaceOverride: ""
registryMirrors: []
insecureRegistries: []
addons: []
---
apiVersion: installer.kubesphere.io/v1alpha1
kind: ClusterConfiguration
metadata:
name: ks-installer
namespace: kubesphere-system
labels:
version: v3.3.2
spec:
persistence:
storageClass: ""
authentication:
jwtSecret: ""
zone: ""
local_registry: ""
namespace_override: ""
# dev_tag: ""
etcd:
monitoring: false
endpointIps: localhost
port: 2379
tlsEnable: true
common:
core:
console:
enableMultiLogin: true
port: 30880
type: NodePort
# apiserver:
# resources: {}
# controllerManager:
# resources: {}
redis:
enabled: false
volumeSize: 2Gi
openldap:
enabled: false
volumeSize: 2Gi
minio:
volumeSize: 20Gi
monitoring:
# type: external
endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090
GPUMonitoring:
enabled: false
gpu:
kinds:
- resourceName: "nvidia.com/gpu"
resourceType: "GPU"
default: true
es:
# master:
# volumeSize: 4Gi
# replicas: 1
# resources: {}
# data:
# volumeSize: 20Gi
# replicas: 1
# resources: {}
logMaxAge: 7
elkPrefix: logstash
basicAuth:
enabled: false
username: ""
password: ""
externalElasticsearchHost: ""
externalElasticsearchPort: ""
alerting:
enabled: false
# thanosruler:
# replicas: 1
# resources: {}
auditing:
enabled: false
# operator:
# resources: {}
# webhook:
# resources: {}
devops:
enabled: false
# resources: {}
jenkinsMemoryLim: 2Gi
jenkinsMemoryReq: 500Mi
jenkinsVolumeSize: 8Gi
events:
enabled: false
# operator:
# resources: {}
# exporter:
# resources: {}
# ruler:
# enabled: true
# replicas: 2
# resources: {}
logging:
enabled: false
logsidecar:
enabled: true
replicas: 2
# resources: {}
metrics_server:
enabled: false
monitoring:
storageClass: ""
node_exporter:
port: 9100
# resources: {}
# kube_rbac_proxy:
# resources: {}
# kube_state_metrics:
# resources: {}
# prometheus:
# replicas: 1
# volumeSize: 20Gi
# resources: {}
# operator:
# resources: {}
# alertmanager:
# replicas: 1
# resources: {}
# notification_manager:
# resources: {}
# operator:
# resources: {}
# proxy:
# resources: {}
gpu:
nvidia_dcgm_exporter:
enabled: false
# resources: {}
multicluster:
clusterRole: none
network:
networkpolicy:
enabled: false
ippool:
type: none
topology:
type: none
openpitrix:
store:
enabled: false
servicemesh:
enabled: false
istio:
components:
ingressGateways:
- name: istio-ingressgateway
enabled: false
cni:
enabled: false
edgeruntime:
enabled: false
kubeedge:
enabled: false
cloudCore:
cloudHub:
advertiseAddress:
- ""
service:
cloudhubNodePort: "30000"
cloudhubQuicNodePort: "30001"
cloudhubHttpsNodePort: "30002"
cloudstreamNodePort: "30003"
tunnelNodePort: "30004"
# resources: {}
# hostNetWork: false
iptables-manager:
enabled: true
mode: "external"
# resources: {}
# edgeService:
# resources: {}
terminal:
timeout: 600

72
toc-upgrade/mongo/mongo.yaml Normal file
View File

@ -0,0 +1,72 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mongo
spec:
replicas: 1
serviceName: mongo
selector:
matchLabels:
app: mongo
template:
metadata:
labels:
app: mongo
spec:
initContainers:
- name: init
image: busybox
imagePullPolicy: IfNotPresent
command:
- sh
- -c
- |
sysctl -w net.ipv4.tcp_keepalive_time=300
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=3
securityContext:
privileged: true
containers:
- name: mongo
image: mongo:6.0.6
imagePullPolicy: IfNotPresent
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: root
- name: MONGO_INITDB_ROOT_PASSWORD
value: 'drillinsight123'
ports:
- containerPort: 27017
volumeMounts:
- name: mongo-data
mountPath: /data/db
volumes:
- name: mongo-data
hostPath:
path: /data/tcs/mongo
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "kubernetes.io/hostname"
operator: In
values:
- bfs-k8snode-10-2-1-15.hetzner.base.drillinsight.com
---
apiVersion: v1
kind: Service
metadata:
name: mongo
spec:
selector:
app: mongo
ports:
- name: mongo
protocol: TCP
port: 27017
targetPort: 27017
nodePort: 30018
type: NodePort

75
toc-upgrade/mysql/mysql.yaml Normal file
View File

@ -0,0 +1,75 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mysql
spec:
replicas: 1
serviceName: mysql
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
initContainers:
- name: init
image: busybox
imagePullPolicy: IfNotPresent
command:
- sh
- -c
- |
sysctl -w net.ipv4.tcp_keepalive_time=300
sysctl -w net.ipv4.tcp_keepalive_intvl=10
sysctl -w net.ipv4.tcp_keepalive_probes=3
securityContext:
privileged: true
containers:
- name: mysql
image: mysql:8.0.33
args: ["--character-set-server=utf8mb4", "--collation-server=utf8mb4_unicode_ci", "--max_connections=2000", "--binlog_expire_logs_seconds=432000","--sql_mode=STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION"]
ports:
- containerPort: 3306
volumeMounts:
- name: tcs-mysql
mountPath: /var/lib/mysql
env:
- name: MYSQL_ROOT_PASSWORD
value: "Drillinsight@2099"
- name: MYSQL_DATABASE
value: "test"
- name: MYSQL_USER
value: "app"
- name: MYSQL_PASSWORD
value: "drillinsight@123"
volumes:
- name: tcs-mysql
hostPath:
path: /data/tcs/mysql
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "kubernetes.io/hostname"
operator: In
values:
- bfs-k8snode-10-2-1-16.hetzner.base.drillinsight.com
---
apiVersion: v1
kind: Service
metadata:
name: mysql
labels:
app: mysql
spec:
ports:
- protocol: TCP
port: 3306
targetPort: 3306
nodePort: 30016
selector:
app: mysql
type: NodePort

88
toc-upgrade/redis/redis.yaml Normal file
View File

@ -0,0 +1,88 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: redis
labels:
app: redis
spec:
replicas: 1
serviceName: redis
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
initContainers:
- name: init
image: busybox
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c", "sysctl -w net.core.somaxconn=1024"]
securityContext:
privileged: true
containers:
- name: redis
image: redis/redis-stack-server:7.2.0-v0
ports:
- protocol: TCP
containerPort: 6379
env:
- name: "REDIS_ARGS"
value: "--requirepass beaconfire@123"
volumeMounts:
- name: tcs-redis
mountPath: /data
resources:
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 50m
memory: 128Mi
livenessProbe:
tcpSocket:
port: 6379
initialDelaySeconds: 300
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
tcpSocket:
port: 6379
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
volumes:
- name: tcs-redis
hostPath:
path: /data/tcs/redis
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "kubernetes.io/hostname"
operator: In
values:
- bfs-k8snode-10-2-1-5.hetzner.base.beaconfireinc.com
---
apiVersion: v1
kind: Service
metadata:
name: redis
spec:
ports:
- port: 6379
protocol: TCP
targetPort: 6379
nodePort: 30015
selector:
app: redis
type: NodePort

107
toc-upgrade/service_group/config-server.yaml Normal file
View File

@ -0,0 +1,107 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: config-server
data:
application.yml: |
server:
port: 8888
spring:
cloud:
config:
server:
git:
uri: https://github.com/beaconfire-projects/cloud-config.git
search-paths:
- '{application}'
- micro/*
username: zyu@beaconfireinc.com
password: ENC(5/I4EP0HwkLv/ZFigX3bmP+U/yR0HAOgWpbVg4tHuREz0G9CfOZzZfFTHA342PpoLYVkj924iqo=)
bus:
refresh:
enabled: true
trace:
enabled: true
stream:
kafka:
binder:
brokers: http://kafka-0-internal.basic:9092,http://kafka-1-internal.basic:9092, http://kafka-2-internal.basic:9092
jasypt:
encryptor:
algorithm: PBEWithMD5AndDES
iv-generator-classname: org.jasypt.iv.NoIvGenerator
management:
endpoints:
web:
exposure:
include: 'busrefresh' #refresh
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: config-server
spec:
replicas: 1
selector:
matchLabels:
app: config-server
template:
metadata:
labels:
app: config-server
spec:
imagePullSecrets:
- name: docker-regcred
containers:
- name: config-server
image: beaconfireiic/config-server:1.1.1-prod
imagePullPolicy: Always
ports:
- name: http
containerPort: 8888
protocol: TCP
env:
- name: "LOGGING_LEVEL_ROOT"
value: "info"
- name: "SERVER_PORT"
value: "8888"
- name: "LOG_APP-NAME"
value: "config-server"
volumeMounts:
- name: config
mountPath: /app/application.yml
subPath: application.yml
- name: app-logs
mountPath: /logs
resources:
requests:
cpu: 0.1
memory: 256Mi
limits:
cpu: 1
memory: 2Gi
volumes:
- name: config
configMap:
name: config-server
- name: app-logs
hostPath:
path: /data/app_logs/config-server
---
apiVersion: v1
kind: Service
metadata:
name: config-server
spec:
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 8888
targetPort: http
selector:
app: config-server

144
toc-upgrade/service_group/discover-service.yaml Normal file
View File

@ -0,0 +1,144 @@
# apiVersion: v1
# kind: ConfigMap
# metadata:
# name: discovery-service
# data:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: discovery-service
spec:
replicas: 1
selector:
matchLabels:
app: discovery-service
template:
metadata:
labels:
app: discovery-service
spec:
imagePullSecrets:
- name: docker-regcred
containers:
- name: discovery-service
image: beaconfireiic/service-discovery:1.1.0
imagePullPolicy: Always
ports:
- name: http
containerPort: 8761
protocol: TCP
env:
- name: "LOGGING_LEVEL_ROOT"
value: "info"
- name: "EUREKA_INSTANCE_HOSTNAME"
value: "discovery-service"
- name: "SERVER_PORT"
value: "8761"
- name: "LOG_APP-NAME"
value: "discovery-service"
- name: "SPRING_PROFILES_ACTIVE"
value: "sdet"
volumeMounts:
- name: app-logs
mountPath: /logs
resources:
requests:
cpu: 0.1
memory: 128Mi
limits:
cpu: 1
memory: 2Gi
volumes:
- name: app-logs
hostPath:
path: /data/app_logs/discovery-service
---
apiVersion: v1
kind: Service
metadata:
name: discovery-service
spec:
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 8761
targetPort: http
selector:
app: discovery-service
---
# apiVersion: v1
# kind: ConfigMap
# metadata:
# name: gateway
# data:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gateway
spec:
replicas: 1
selector:
matchLabels:
app: gateway
template:
metadata:
labels:
app: gateway
spec:
imagePullSecrets:
- name: docker-regcred
containers:
- name: gateway
image: beaconfireiic/gateway:1.1.0
imagePullPolicy: Always
ports:
- name: http
containerPort: 8888
protocol: TCP
env:
- name: "LOGGING_LEVEL_ROOT"
value: "info"
- name: "EUREKA_INSTANCE_HOSTNAME"
value: "discovery-service"
- name: "SERVER_PORT"
value: "8888"
- name: "EUREKA_CLIENT_SERVICE-URL_DEFAULT-ZONE"
value: "http://discovery-service:8761/eureka/"
- name: "LOG_APP-NAME"
value: "gateway"
- name: "SPRING_PROFILES_ACTIVE"
value: "sdet"
volumeMounts:
- name: app-logs
mountPath: /logs
resources:
requests:
cpu: 0.1
memory: 128Mi
limits:
cpu: 1
memory: 2Gi
volumes:
- name: app-logs
hostPath:
path: /data/app_logs/gateway
---
apiVersion: v1
kind: Service
metadata:
name: gateway
spec:
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 8888
targetPort: http
selector:
app: gateway