diff --git a/toc-upgrade/elastic/elastic.yaml b/toc-upgrade/elastic/elastic.yaml new file mode 100644 index 0000000..5cae2da --- /dev/null +++ b/toc-upgrade/elastic/elastic.yaml @@ -0,0 +1,191 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: elastic-tcs-0 +spec: + storageClassName: elastic-tcs + capacity: + storage: 30Gi + accessModes: + - ReadWriteOnce + local: + path: /data/elastic-tcs/es_data + claimRef: + kind: PersistentVolumeClaim + namespace: tcs + name: elastic-tcs-elastic-0 + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - bfs-k8snode-10-2-1-14.hetzner.base.drillinsight.com + +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: elastic-tcs-1 +spec: + storageClassName: elastic-tcs + capacity: + storage: 30Gi + accessModes: + - ReadWriteOnce + local: + path: /data/elastic-tcs/es_data + claimRef: + kind: PersistentVolumeClaim + namespace: + name: elastic-tcs-elastic-1 + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - bfs-k8snode-10-2-1-15.hetzner.base.drillinsight.com + +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: elastic-tcs-2 +spec: + storageClassName: elastic-tcs + capacity: + storage: 30Gi + accessModes: + - ReadWriteOnce + local: + path: /data/elastic-tcs/es_data + claimRef: + kind: PersistentVolumeClaim + namespace: tcs + name: elastic-tcs-elastic-2 + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - bfs-k8snode-10-2-1-16.hetzner.base.drillinsight.com + +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: elastic +spec: + serviceName: elastic + replicas: 3 + selector: + matchLabels: + app: elastic + template: + metadata: + labels: + app: elastic + spec: + securityContext: + fsGroup: 100 + nodeSelector: + app.kubernetes.io/name: tcs + initContainers: + - name: init + image: busybox + imagePullPolicy: IfNotPresent + command: ["/bin/sh", "-c", "sysctl -w vm.max_map_count=262144;chown -R 1000:1000 /usr/share/elasticsearch/data"] + securityContext: + privileged: true + volumeMounts: + - name: elastic-tcs + mountPath: /usr/share/elasticsearch/data + containers: + - name: elasticsearch + image: docker.elastic.co/elasticsearch/elasticsearch:7.16.3 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9200 + name: restful + - containerPort: 9300 + name: transport + env: + - name: cluster.name + value: bfs-elastic-tcs-1 + - name: network.host + value: 0.0.0.0 + - name: node.name + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: discovery.seed_hosts + value: "elastic-0.elastic,elastic-1.elastic,elastic-2.elastic" + - name: cluster.initial_master_nodes + value: "elastic-0,elastic-1,elastic-2" + - name: xpack.security.enabled + value: "false" + - name: xpack.monitoring.collection.enabled + value: "false" + - name: ES_JAVA_OPTS + value: "-Xms2048m -Xmx2048m" + - name: ELASTIC_PASSWORD + value: "changeme" + resources: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 100m + memory: 512Mi + volumeMounts: + - name: elastic-tcs + mountPath: /usr/share/elasticsearch/data + volumeClaimTemplates: + - metadata: + name: elastic-tcs + spec: + accessModes: ['ReadWriteOnce'] + storageClassName: "elastic-tcs" + resources: + requests: + storage: 30Gi + +--- +apiVersion: v1 +kind: Service +metadata: + name: elastic-internel + labels: + app: elastic +spec: + ports: + - name: restful + port: 9200 + targetPort: 9200 + type: ClusterIP + selector: + app: elastic + +--- +apiVersion: v1 +kind: Service +metadata: + name: elastic + labels: + app: elastic +spec: + ports: + - name: restful + port: 9200 + - name: transport + port: 9300 + clusterIP: None + selector: + app: elastic + diff --git a/toc-upgrade/elastic/filebeat.yaml b/toc-upgrade/elastic/filebeat.yaml new file mode 100644 index 0000000..0220e2f --- /dev/null +++ b/toc-upgrade/elastic/filebeat.yaml @@ -0,0 +1,215 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: filebeat-config + namespace: kube-system + labels: + k8s-app: filebeat +data: + filebeat.yml: |- + filebeat.config: + modules: + path: ${path.config}/modules.d/*.yml + reload.enabled: false + + # To enable hints based autodiscover, remove `filebeat.inputs` configuration and uncomment this: + filebeat.autodiscover: + providers: + - type: kubernetes + node: ${NODE_NAME} + hints.enabled: true + # hints.default_config: + # type: container + # paths: + # - /var/log/containers/*${data.kubernetes.container.id}.log + + processors: + - add_cloud_metadata: ~ + - drop_fields: + fields: ["ecs","agent","@version"] + + filebeat.inputs: + - type: log + paths: + - /data/app_logs/*/*/logstash/*.log + json.keys_under_root: true + tags: ['json'] + + #All data to indexed to Elasticsearch + output.kafka: + hosts: ["10.2.0.12:30002","10.2.0.12:30003","10.2.0.12:30004"] + + topic: 'logback-tcs-1' + partition.round_robin: + reachable_only: false + + required_acks: 1 + compression: gzip + max_message_bytes: 1000000 + + +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: filebeat + namespace: kube-system + labels: + k8s-app: filebeat +spec: + selector: + matchLabels: + k8s-app: filebeat + template: + metadata: + labels: + k8s-app: filebeat + spec: + serviceAccountName: filebeat + terminationGracePeriodSeconds: 30 + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: filebeat + image: docker.elastic.co/beats/filebeat:7.16.3 + args: [ + "-c", "/etc/filebeat.yml", + "-e", + ] + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + securityContext: + runAsUser: 0 + resources: + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 10m + memory: 64Mi + volumeMounts: + - name: config + mountPath: /etc/filebeat.yml + readOnly: true + subPath: filebeat.yml + - name: data + mountPath: /usr/share/filebeat/data + - name: app-logs + mountPath: /data/app_logs + readOnly: true + volumes: + - name: config + configMap: + defaultMode: 0640 + name: filebeat-config + - name: app-logs + hostPath: + path: /data/app_logs + - name: data + hostPath: + # When filebeat runs as non-root user, this directory needs to be writable by group (g+w). + path: /var/lib/filebeat-data + type: DirectoryOrCreate +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: filebeat +subjects: +- kind: ServiceAccount + name: filebeat + namespace: kube-system +roleRef: + kind: ClusterRole + name: filebeat + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: filebeat + namespace: kube-system +subjects: + - kind: ServiceAccount + name: filebeat + namespace: kube-system +roleRef: + kind: Role + name: filebeat + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: filebeat-kubeadm-config + namespace: kube-system +subjects: + - kind: ServiceAccount + name: filebeat + namespace: kube-system +roleRef: + kind: Role + name: filebeat-kubeadm-config + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: filebeat + labels: + k8s-app: filebeat +rules: +- apiGroups: [""] # "" indicates the core API group + resources: + - namespaces + - pods + - nodes + verbs: + - get + - watch + - list +- apiGroups: ["apps"] + resources: + - replicasets + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: filebeat + # should be the namespace where filebeat is running + namespace: kube-system + labels: + k8s-app: filebeat +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: ["get", "create", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: filebeat-kubeadm-config + namespace: kube-system + labels: + k8s-app: filebeat +rules: + - apiGroups: [""] + resources: + - configmaps + resourceNames: + - kubeadm-config + verbs: ["get"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: filebeat + namespace: kube-system + labels: + k8s-app: filebeat \ No newline at end of file diff --git a/toc-upgrade/elastic/kibana.yaml b/toc-upgrade/elastic/kibana.yaml new file mode 100644 index 0000000..e08416d --- /dev/null +++ b/toc-upgrade/elastic/kibana.yaml @@ -0,0 +1,80 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: kibana-config +data: + kibana.yml: |- + server.name: kibana + server.host: 0.0.0.0 + server.publicBaseUrl: http://kibana-tcs.drillinsight.com + elasticsearch.hosts: [ "http://elastic:9200" ] + node.options: |- + --max-old-space-size=4096 + --unhandled-rejections=warn + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kibana + labels: + app: kibana +spec: + replicas: 1 + selector: + matchLabels: + app: kibana + template: + metadata: + labels: + app: kibana + spec: + containers: + - name: kibana + image: docker.elastic.co/kibana/kibana:7.16.3 + ports: + - containerPort: 5601 + resources: + requests: + cpu: 100m + memory: 512Mi + limits: + cpu: 2 + memory: 4Gi + volumeMounts: + - name: config + mountPath: /usr/share/kibana/config/kibana.yml + subPath: kibana.yml + readOnly: true + - name: node-options + mountPath: /usr/share/kibana/config/node.options + subPath: node.options + readOnly: true + volumes: + - name: config + configMap: + name: kibana-config + items: + - key: kibana.yml + path: kibana.yml + - name: node-options + configMap: + name: kibana-config + items: + - key: node.options + path: node.options + +--- +apiVersion: v1 +kind: Service +metadata: + name: kibana + labels: + app: kibana +spec: + ports: + - port: 5601 + targetPort: 5601 + selector: + app: kibana + type: ClusterIP diff --git a/toc-upgrade/elastic/logstash.yaml b/toc-upgrade/elastic/logstash.yaml new file mode 100644 index 0000000..80c58ec --- /dev/null +++ b/toc-upgrade/elastic/logstash.yaml @@ -0,0 +1,97 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: logstash-config +data: + logstash.conf: |- + input { + beats { + port => 5044 + } + } + + filter { + if [tags][json] { + json { + source => "message" + } + } + mutate { + split => { "[log][file][path]" => "/" } + add_field => { "env" => "%{[log][file][path][3]}" } + } + } + + output { + # stdout { codec => rubydebug } + elasticsearch { + hosts => ["http://elastic:9200"] + index => "%{[env]}-logback-1-%{+YYYY.MM.dd}" + } + } + logstash.yml: |- + http.host: "0.0.0.0" + xpack.monitoring.elasticsearch.hosts: [ "http://elastic:9200" ] + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: logstash + labels: + app: logstash +spec: + replicas: 1 + selector: + matchLabels: + app: logstash + template: + metadata: + labels: + app: logstash + spec: + containers: + - name: logstash + image: docker.elastic.co/logstash/logstash:7.16.3 + ports: + - containerPort: 5044 + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 1 + memory: 1Gi + volumeMounts: + - name: config + mountPath: /usr/share/logstash/pipeline/logstash.conf + subPath: logstash.conf + readOnly: true + - name: config + mountPath: /usr/share/logstash/config/logstash.yml + subPath: logstash.yml + readOnly: true + volumes: + - name: config + configMap: + name: logstash-config + items: + - key: logstash.conf + path: logstash.conf + - key: logstash.yml + path: logstash.yml + +--- +apiVersion: v1 +kind: Service +metadata: + name: logstash + labels: + app: logstash +spec: + ports: + - port: 5044 + targetPort: 5044 + selector: + app: logstash + type: ClusterIP \ No newline at end of file diff --git a/toc-upgrade/elastic/storage.yaml b/toc-upgrade/elastic/storage.yaml new file mode 100644 index 0000000..51ab497 --- /dev/null +++ b/toc-upgrade/elastic/storage.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: elastic-tcs +provisioner: openebs.io/local +allowVolumeExpansion: true +volumeBindingMode: WaitForFirstConsumer diff --git a/toc-upgrade/jenkins/jenkins.yaml b/toc-upgrade/jenkins/jenkins.yaml new file mode 100644 index 0000000..140ea21 --- /dev/null +++ b/toc-upgrade/jenkins/jenkins.yaml @@ -0,0 +1,156 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: jenkins-admin +rules: + - apiGroups: [""] + resources: ["*"] + verbs: ["*"] + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jenkins-admin + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: jenkins-admin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: jenkins-admin +subjects: +- kind: ServiceAccount + name: jenkins-admin + # ref: ServiceAccount + namespace: base + +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: local-storage +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: WaitForFirstConsumer + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: jenkins-pvc +spec: + storageClassName: local-storage + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi + +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: jenkins-pv + labels: + type: local +spec: + storageClassName: local-storage + claimRef: + name: jenkins-pvc + # ref: PersistentVolumeClaim + namespace: base + capacity: + storage: 20Gi + accessModes: + - ReadWriteOnce + local: + path: /data/jenkins + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - bfs-k8snode-10-2-1-14.hetzner.base.drillinsight.com + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jenkins +spec: + replicas: 1 + selector: + matchLabels: + app: jenkins + template: + metadata: + labels: + app: jenkins + spec: + securityContext: + fsGroup: 1000 + runAsUser: 1000 + serviceAccountName: jenkins-admin + containers: + - name: jenkins + image: jenkins/jenkins:2.433 + resources: + limits: + memory: "2Gi" + cpu: "1000m" + requests: + memory: "500Mi" + cpu: "500m" + ports: + - name: httpport + containerPort: 8080 + - name: jnlpport + containerPort: 50000 + livenessProbe: + httpGet: + path: "/login" + port: 8080 + initialDelaySeconds: 90 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + readinessProbe: + httpGet: + path: "/login" + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + volumeMounts: + - name: jenkins-data + mountPath: /var/jenkins_home + volumes: + - name: jenkins-data + persistentVolumeClaim: + claimName: jenkins-pvc + +--- +apiVersion: v1 +kind: Service +metadata: + name: jenkins + annotations: + prometheus.io/scrape: 'true' + prometheus.io/path: / + prometheus.io/port: '8080' +spec: + selector: + app: jenkins + ports: + - port: 8080 + targetPort: 8080 + nodePort: 30080 + type: NodePort + diff --git a/toc-upgrade/kafka/akhq.yaml b/toc-upgrade/kafka/akhq.yaml new file mode 100644 index 0000000..5a99c58 --- /dev/null +++ b/toc-upgrade/kafka/akhq.yaml @@ -0,0 +1,102 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: akhq-config +data: + application.yml: | + micronaut: + security: + enabled: true + token: + jwt: + signatures: + secret: + generator: + secret: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjpbeyJ0b29sdHQiOiJodHRwczovL3Rvb2x0dC5jb20ifV0sImlhdCI6MTY4NTY4OTU1MiwiZXhwIjoyNTM3NjI1NTk5LCJhdWQiOiIiLCJpc3MiOiJzbWFsbGtvdWRhaSIsInN1YiI6IiJ9.mKw9nKRhQimdaNtMWLHT9TqIn2-iIcZR4txgy8z07xQ + akhq: + security: + default-group: no-roles + basic-auth: + - username: admin + password: "$2a$10$zBr9YyaCto68TJ.aYsP8/eQXHm5MqJUULRm0OpzEOowhmG2Pjv2ry" + passwordHash: BCRYPT + groups: + - admin + connections: + kafka-cluster: + properties: + bootstrap.servers: "kafka.base.svc.cluster.local:9092" + schema-registry: + url: "http://schemaregistry.base.svc.cluster.local:8081" + type: "confluent" + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: akhq +spec: + replicas: 1 + selector: + matchLabels: + app: akhq + template: + metadata: + labels: + app: akhq + spec: + containers: + - name: akhq + image: tchiotludo/akhq + env: + - name: MICRONAUT_CONFIG_FILES + value: /app/application.yml + ports: + - name: http + containerPort: 8080 + protocol: TCP + - name: management + containerPort: 28081 + protocol: TCP + volumeMounts: + - name: config + mountPath: /app/application.yml + subPath: application.yml + livenessProbe: + httpGet: + path: /health + port: management + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /health + port: management + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + resources: {} + volumes: + - name: config + configMap: + name: akhq-config +--- +apiVersion: v1 +kind: Service +metadata: + name: akhq +spec: + type: ClusterIP + ports: + - name: http + protocol: TCP + port: 8080 + targetPort: http + selector: + app: akhq \ No newline at end of file diff --git a/toc-upgrade/kafka/kafka.yaml b/toc-upgrade/kafka/kafka.yaml new file mode 100644 index 0000000..4479ce3 --- /dev/null +++ b/toc-upgrade/kafka/kafka.yaml @@ -0,0 +1,107 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Zookeeper +metadata: + name: zookeeper +spec: + replicas: 3 + oneReplicaPerNode: true + configOverrides: + jvm: + - "-Xmx256m" + podTemplate: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - mq + image: + application: confluentinc/cp-zookeeper:7.4.0 + init: confluentinc/confluent-init-container:2.6.0 + dataVolumeCapacity: 10Gi + logVolumeCapacity: 10Gi + storageClass: + name: tcs-kafka +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + replicas: 3 + oneReplicaPerNode: true + configOverrides: + server: + - auto.create.topics.enable=true + - default.replication.factor=3 + jvm: + - "-Xmx512m" + podTemplate: + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "4G" + cpu: "1" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - mq + image: + application: confluentinc/cp-server:7.4.0 + init: confluentinc/confluent-init-container:2.6.0 + dataVolumeCapacity: 20Gi + storageClass: + name: tcs-kafka + metricReporter: + enabled: true + listeners: + external: + externalAccess: + type: nodePort + nodePort: + host: kafka-tcs.drillinsight.com + nodePortOffset: 30001 + # dependencies: + # 多个kakfa集群复用zk + # zookeeper: + # endpoint: zookeeper.common.svc.cluster.local:2181 +--- +apiVersion: platform.confluent.io/v1beta1 +kind: SchemaRegistry +metadata: + name: schemaregistry +spec: + replicas: 3 + oneReplicaPerNode: true + configOverrides: + jvm: + - "-Xmx256m" + podTemplate: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - mq + image: + application: confluentinc/cp-schema-registry:7.4.0 + init: confluentinc/confluent-init-container:2.6.0 + externalAccess: + type: nodePort + nodePort: + host: kafka-tcs.drillinsight.com + nodePortOffset: 30005 diff --git a/toc-upgrade/kafka/storage.yaml b/toc-upgrade/kafka/storage.yaml new file mode 100644 index 0000000..e9ffc4e --- /dev/null +++ b/toc-upgrade/kafka/storage.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: tcs-kafka +provisioner: openebs.io/local +reclaimPolicy: Retain +allowVolumeExpansion: true +volumeBindingMode: WaitForFirstConsumer \ No newline at end of file diff --git a/toc-upgrade/kubesphere/k8scluster.yaml b/toc-upgrade/kubesphere/k8scluster.yaml new file mode 100644 index 0000000..9426fd7 --- /dev/null +++ b/toc-upgrade/kubesphere/k8scluster.yaml @@ -0,0 +1,234 @@ +apiVersion: kubekey.kubesphere.io/v1alpha2 +kind: Cluster +metadata: + name: bfs-k8scluster-1 +spec: + hosts: + - {name: bfs-k8smaster-10-2-1-11.hetzner.base.drillinsight.com, address: 10.2.1.11, internalAddress: 10.2.1.11, privateKeyPath: "~/.ssh/bfs-ed25519"} + - {name: bfs-k8smaster-10-2-1-12.hetzner.base.drillinsight.com, address: 10.2.1.12, internalAddress: 10.2.1.12, privateKeyPath: "~/.ssh/bfs-ed25519"} + - {name: bfs-k8smaster-10-2-1-13.hetzner.base.drillinsight.com, address: 10.2.1.13, internalAddress: 10.2.1.13, privateKeyPath: "~/.ssh/bfs-ed25519"} + - {name: bfs-k8snode-10-2-1-14.hetzner.base.drillinsight.com, address: 10.2.1.5, internalAddress: 10.2.1.5, privateKeyPath: "~/.ssh/bfs-ed25519"} + - {name: bfs-k8snode-10-2-1-15.hetzner.base.drillinsight.com, address: 10.2.1.6, internalAddress: 10.2.1.6, privateKeyPath: "~/.ssh/bfs-ed25519"} + - {name: bfs-k8snode-10-2-1-16.hetzner.base.drillinsight.com, address: 10.2.1.7, internalAddress: 10.2.1.7, privateKeyPath: "~/.ssh/bfs-ed25519"} + - {name: bfs-k8snode-10-2-1-17.hetzner.base.drillinsight.com, address: 10.2.1.8, internalAddress: 10.2.1.8, privateKeyPath: "~/.ssh/bfs-ed25519"} + - {name: bfs-k8snode-10-2-1-18.hetzner.base.drillinsight.com, address: 10.2.1.9, internalAddress: 10.2.1.9, privateKeyPath: "~/.ssh/bfs-ed25519"} + - {name: bfs-k8snode-10-2-1-19.hetzner.base.drillinsight.com, address: 10.2.1.10, internalAddress: 10.2.1.10, privateKeyPath: "~/.ssh/bfs-ed25519"} + roleGroups: + etcd: + - bfs-k8smaster-10-2-1-11.hetzner.base.drillinsight.com + - bfs-k8smaster-10-2-1-12.hetzner.base.drillinsight.com + - bfs-k8smaster-10-2-1-13.hetzner.base.drillinsight.com + control-plane: + - bfs-k8smaster-10-2-1-11.hetzner.base.drillinsight.com + - bfs-k8smaster-10-2-1-12.hetzner.base.drillinsight.com + - bfs-k8smaster-10-2-1-13.hetzner.base.drillinsight.com + worker: + - bfs-k8snode-10-2-1-14.hetzner.base.drillinsight.com + - bfs-k8snode-10-2-1-15.hetzner.base.drillinsight.com + - bfs-k8snode-10-2-1-16.hetzner.base.drillinsight.com + - bfs-k8snode-10-2-1-17.hetzner.base.drillinsight.com + - bfs-k8snode-10-2-1-18.hetzner.base.drillinsight.com + - bfs-k8snode-10-2-1-19.hetzner.base.drillinsight.com + controlPlaneEndpoint: + ## Internal loadbalancer for apiservers + # internalLoadbalancer: haproxy + + domain: tcs-k8slb.drillinsight.com + address: "10.2.1.99" + port: 6443 + kubernetes: + version: v1.23.12 + clusterName: cluster.local + autoRenewCerts: true + containerManager: docker + etcd: + type: kubekey + network: + plugin: calico + kubePodsCIDR: 10.233.64.0/18 + kubeServiceCIDR: 10.233.0.0/18 + ## multus support. https://github.com/k8snetworkplumbingwg/multus-cni + multusCNI: + enabled: false + registry: + privateRegistry: "" + namespaceOverride: "" + registryMirrors: [] + insecureRegistries: [] + addons: [] + +--- +apiVersion: installer.kubesphere.io/v1alpha1 +kind: ClusterConfiguration +metadata: + name: ks-installer + namespace: kubesphere-system + labels: + version: v3.3.2 +spec: + persistence: + storageClass: "" + authentication: + jwtSecret: "" + zone: "" + local_registry: "" + namespace_override: "" + # dev_tag: "" + etcd: + monitoring: false + endpointIps: localhost + port: 2379 + tlsEnable: true + common: + core: + console: + enableMultiLogin: true + port: 30880 + type: NodePort + # apiserver: + # resources: {} + # controllerManager: + # resources: {} + redis: + enabled: false + volumeSize: 2Gi + openldap: + enabled: false + volumeSize: 2Gi + minio: + volumeSize: 20Gi + monitoring: + # type: external + endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090 + GPUMonitoring: + enabled: false + gpu: + kinds: + - resourceName: "nvidia.com/gpu" + resourceType: "GPU" + default: true + es: + # master: + # volumeSize: 4Gi + # replicas: 1 + # resources: {} + # data: + # volumeSize: 20Gi + # replicas: 1 + # resources: {} + logMaxAge: 7 + elkPrefix: logstash + basicAuth: + enabled: false + username: "" + password: "" + externalElasticsearchHost: "" + externalElasticsearchPort: "" + alerting: + enabled: false + # thanosruler: + # replicas: 1 + # resources: {} + auditing: + enabled: false + # operator: + # resources: {} + # webhook: + # resources: {} + devops: + enabled: false + # resources: {} + jenkinsMemoryLim: 2Gi + jenkinsMemoryReq: 500Mi + jenkinsVolumeSize: 8Gi + events: + enabled: false + # operator: + # resources: {} + # exporter: + # resources: {} + # ruler: + # enabled: true + # replicas: 2 + # resources: {} + logging: + enabled: false + logsidecar: + enabled: true + replicas: 2 + # resources: {} + metrics_server: + enabled: false + monitoring: + storageClass: "" + node_exporter: + port: 9100 + # resources: {} + # kube_rbac_proxy: + # resources: {} + # kube_state_metrics: + # resources: {} + # prometheus: + # replicas: 1 + # volumeSize: 20Gi + # resources: {} + # operator: + # resources: {} + # alertmanager: + # replicas: 1 + # resources: {} + # notification_manager: + # resources: {} + # operator: + # resources: {} + # proxy: + # resources: {} + gpu: + nvidia_dcgm_exporter: + enabled: false + # resources: {} + multicluster: + clusterRole: none + network: + networkpolicy: + enabled: false + ippool: + type: none + topology: + type: none + openpitrix: + store: + enabled: false + servicemesh: + enabled: false + istio: + components: + ingressGateways: + - name: istio-ingressgateway + enabled: false + cni: + enabled: false + edgeruntime: + enabled: false + kubeedge: + enabled: false + cloudCore: + cloudHub: + advertiseAddress: + - "" + service: + cloudhubNodePort: "30000" + cloudhubQuicNodePort: "30001" + cloudhubHttpsNodePort: "30002" + cloudstreamNodePort: "30003" + tunnelNodePort: "30004" + # resources: {} + # hostNetWork: false + iptables-manager: + enabled: true + mode: "external" + # resources: {} + # edgeService: + # resources: {} + terminal: + timeout: 600 \ No newline at end of file diff --git a/toc-upgrade/mongo/mongo.yaml b/toc-upgrade/mongo/mongo.yaml new file mode 100644 index 0000000..a1e9047 --- /dev/null +++ b/toc-upgrade/mongo/mongo.yaml @@ -0,0 +1,72 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mongo +spec: + replicas: 1 + serviceName: mongo + selector: + matchLabels: + app: mongo + template: + metadata: + labels: + app: mongo + spec: + initContainers: + - name: init + image: busybox + imagePullPolicy: IfNotPresent + command: + - sh + - -c + - | + sysctl -w net.ipv4.tcp_keepalive_time=300 + sysctl -w net.ipv4.tcp_keepalive_intvl=10 + sysctl -w net.ipv4.tcp_keepalive_probes=3 + securityContext: + privileged: true + containers: + - name: mongo + image: mongo:6.0.6 + imagePullPolicy: IfNotPresent + env: + - name: MONGO_INITDB_ROOT_USERNAME + value: root + - name: MONGO_INITDB_ROOT_PASSWORD + value: 'drillinsight123' + ports: + - containerPort: 27017 + volumeMounts: + - name: mongo-data + mountPath: /data/db + volumes: + - name: mongo-data + hostPath: + path: /data/tcs/mongo + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "kubernetes.io/hostname" + operator: In + values: + - bfs-k8snode-10-2-1-15.hetzner.base.drillinsight.com + +--- +apiVersion: v1 +kind: Service +metadata: + name: mongo +spec: + selector: + app: mongo + ports: + - name: mongo + protocol: TCP + port: 27017 + targetPort: 27017 + nodePort: 30018 + type: NodePort + diff --git a/toc-upgrade/mysql/mysql.yaml b/toc-upgrade/mysql/mysql.yaml new file mode 100644 index 0000000..8f67a4d --- /dev/null +++ b/toc-upgrade/mysql/mysql.yaml @@ -0,0 +1,75 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mysql +spec: + replicas: 1 + serviceName: mysql + selector: + matchLabels: + app: mysql + template: + metadata: + labels: + app: mysql + spec: + initContainers: + - name: init + image: busybox + imagePullPolicy: IfNotPresent + command: + - sh + - -c + - | + sysctl -w net.ipv4.tcp_keepalive_time=300 + sysctl -w net.ipv4.tcp_keepalive_intvl=10 + sysctl -w net.ipv4.tcp_keepalive_probes=3 + securityContext: + privileged: true + containers: + - name: mysql + image: mysql:8.0.33 + args: ["--character-set-server=utf8mb4", "--collation-server=utf8mb4_unicode_ci", "--max_connections=2000", "--binlog_expire_logs_seconds=432000","--sql_mode=STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION"] + ports: + - containerPort: 3306 + volumeMounts: + - name: tcs-mysql + mountPath: /var/lib/mysql + env: + - name: MYSQL_ROOT_PASSWORD + value: "Drillinsight@2099" + - name: MYSQL_DATABASE + value: "test" + - name: MYSQL_USER + value: "app" + - name: MYSQL_PASSWORD + value: "drillinsight@123" + volumes: + - name: tcs-mysql + hostPath: + path: /data/tcs/mysql + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "kubernetes.io/hostname" + operator: In + values: + - bfs-k8snode-10-2-1-16.hetzner.base.drillinsight.com +--- +apiVersion: v1 +kind: Service +metadata: + name: mysql + labels: + app: mysql +spec: + ports: + - protocol: TCP + port: 3306 + targetPort: 3306 + nodePort: 30016 + selector: + app: mysql + type: NodePort diff --git a/toc-upgrade/redis/redis.yaml b/toc-upgrade/redis/redis.yaml new file mode 100644 index 0000000..b2f0d71 --- /dev/null +++ b/toc-upgrade/redis/redis.yaml @@ -0,0 +1,88 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: redis + labels: + app: redis +spec: + replicas: 1 + serviceName: redis + selector: + matchLabels: + app: redis + template: + metadata: + labels: + app: redis + spec: + initContainers: + - name: init + image: busybox + imagePullPolicy: IfNotPresent + command: ["/bin/sh", "-c", "sysctl -w net.core.somaxconn=1024"] + securityContext: + privileged: true + containers: + - name: redis + image: redis/redis-stack-server:7.2.0-v0 + ports: + - protocol: TCP + containerPort: 6379 + env: + - name: "REDIS_ARGS" + value: "--requirepass beaconfire@123" + volumeMounts: + - name: tcs-redis + mountPath: /data + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 50m + memory: 128Mi + livenessProbe: + tcpSocket: + port: 6379 + initialDelaySeconds: 300 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + tcpSocket: + port: 6379 + initialDelaySeconds: 5 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + volumes: + - name: tcs-redis + hostPath: + path: /data/tcs/redis + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "kubernetes.io/hostname" + operator: In + values: + - bfs-k8snode-10-2-1-5.hetzner.base.beaconfireinc.com + +--- +apiVersion: v1 +kind: Service +metadata: + name: redis +spec: + ports: + - port: 6379 + protocol: TCP + targetPort: 6379 + nodePort: 30015 + selector: + app: redis + type: NodePort diff --git a/toc-upgrade/service_group/config-server.yaml b/toc-upgrade/service_group/config-server.yaml new file mode 100644 index 0000000..40c8028 --- /dev/null +++ b/toc-upgrade/service_group/config-server.yaml @@ -0,0 +1,107 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-server +data: + application.yml: | + server: + port: 8888 + spring: + cloud: + config: + server: + git: + uri: https://github.com/beaconfire-projects/cloud-config.git + search-paths: + - '{application}' + - micro/* + username: zyu@beaconfireinc.com + password: ENC(5/I4EP0HwkLv/ZFigX3bmP+U/yR0HAOgWpbVg4tHuREz0G9CfOZzZfFTHA342PpoLYVkj924iqo=) + bus: + refresh: + enabled: true + trace: + enabled: true + stream: + kafka: + binder: + brokers: http://kafka-0-internal.basic:9092,http://kafka-1-internal.basic:9092, http://kafka-2-internal.basic:9092 + + jasypt: + encryptor: + algorithm: PBEWithMD5AndDES + iv-generator-classname: org.jasypt.iv.NoIvGenerator + + management: + endpoints: + web: + exposure: + include: 'busrefresh' #refresh + + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: config-server +spec: + replicas: 1 + selector: + matchLabels: + app: config-server + template: + metadata: + labels: + app: config-server + spec: + imagePullSecrets: + - name: docker-regcred + containers: + - name: config-server + image: beaconfireiic/config-server:1.1.1-prod + imagePullPolicy: Always + ports: + - name: http + containerPort: 8888 + protocol: TCP + env: + - name: "LOGGING_LEVEL_ROOT" + value: "info" + - name: "SERVER_PORT" + value: "8888" + - name: "LOG_APP-NAME" + value: "config-server" + volumeMounts: + - name: config + mountPath: /app/application.yml + subPath: application.yml + - name: app-logs + mountPath: /logs + resources: + requests: + cpu: 0.1 + memory: 256Mi + limits: + cpu: 1 + memory: 2Gi + volumes: + - name: config + configMap: + name: config-server + - name: app-logs + hostPath: + path: /data/app_logs/config-server +--- +apiVersion: v1 +kind: Service +metadata: + name: config-server +spec: + type: ClusterIP + ports: + - name: http + protocol: TCP + port: 8888 + targetPort: http + selector: + app: config-server \ No newline at end of file diff --git a/toc-upgrade/service_group/discover-service.yaml b/toc-upgrade/service_group/discover-service.yaml new file mode 100644 index 0000000..ec495bf --- /dev/null +++ b/toc-upgrade/service_group/discover-service.yaml @@ -0,0 +1,144 @@ +# apiVersion: v1 +# kind: ConfigMap +# metadata: +# name: discovery-service +# data: + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: discovery-service +spec: + replicas: 1 + selector: + matchLabels: + app: discovery-service + template: + metadata: + labels: + app: discovery-service + spec: + imagePullSecrets: + - name: docker-regcred + containers: + - name: discovery-service + image: beaconfireiic/service-discovery:1.1.0 + imagePullPolicy: Always + ports: + - name: http + containerPort: 8761 + protocol: TCP + env: + - name: "LOGGING_LEVEL_ROOT" + value: "info" + - name: "EUREKA_INSTANCE_HOSTNAME" + value: "discovery-service" + - name: "SERVER_PORT" + value: "8761" + - name: "LOG_APP-NAME" + value: "discovery-service" + - name: "SPRING_PROFILES_ACTIVE" + value: "sdet" + volumeMounts: + - name: app-logs + mountPath: /logs + resources: + requests: + cpu: 0.1 + memory: 128Mi + limits: + cpu: 1 + memory: 2Gi + volumes: + - name: app-logs + hostPath: + path: /data/app_logs/discovery-service +--- +apiVersion: v1 +kind: Service +metadata: + name: discovery-service +spec: + type: ClusterIP + ports: + - name: http + protocol: TCP + port: 8761 + targetPort: http + selector: + app: discovery-service + +--- +# apiVersion: v1 +# kind: ConfigMap +# metadata: +# name: gateway +# data: + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gateway +spec: + replicas: 1 + selector: + matchLabels: + app: gateway + template: + metadata: + labels: + app: gateway + spec: + imagePullSecrets: + - name: docker-regcred + containers: + - name: gateway + image: beaconfireiic/gateway:1.1.0 + imagePullPolicy: Always + ports: + - name: http + containerPort: 8888 + protocol: TCP + env: + - name: "LOGGING_LEVEL_ROOT" + value: "info" + - name: "EUREKA_INSTANCE_HOSTNAME" + value: "discovery-service" + - name: "SERVER_PORT" + value: "8888" + - name: "EUREKA_CLIENT_SERVICE-URL_DEFAULT-ZONE" + value: "http://discovery-service:8761/eureka/" + - name: "LOG_APP-NAME" + value: "gateway" + - name: "SPRING_PROFILES_ACTIVE" + value: "sdet" + volumeMounts: + - name: app-logs + mountPath: /logs + resources: + requests: + cpu: 0.1 + memory: 128Mi + limits: + cpu: 1 + memory: 2Gi + volumes: + - name: app-logs + hostPath: + path: /data/app_logs/gateway +--- +apiVersion: v1 +kind: Service +metadata: + name: gateway +spec: + type: ClusterIP + ports: + - name: http + protocol: TCP + port: 8888 + targetPort: http + selector: + app: gateway \ No newline at end of file