From cde8179d0740d26e4087abe266fe05289ba3a772 Mon Sep 17 00:00:00 2001 From: ycz008 Date: Fri, 19 May 2023 14:47:50 +0800 Subject: [PATCH] first commit --- README.md | 1 + argo-k8s/namespace-install-dev.yaml | 1322 +++++++++++++++++++++++ argo-k8s/namespace-install-release.yaml | 1322 +++++++++++++++++++++++ build-image/awscli/Dockerfile | 4 + build-image/kubectl/Dockerfile | 8 + build-image/maven/Dockerfile | 7 + build-image/node/Dockerfile | 6 + build-image/ubuntu/Dockerfile | 4 + jenkins-k8s | 1 + kubesphere-k8s/bfs-k8scluster.yaml | 233 ++++ mysql-k8s/mysql-local-dev.yaml | 54 + mysql-k8s/mysql-local-release.yaml | 54 + nacos-k8s/mysql-local.yaml | 49 + nacos-k8s/nacos-no-pvc-ingress.yaml | 149 +++ 14 files changed, 3214 insertions(+) create mode 100644 README.md create mode 100644 argo-k8s/namespace-install-dev.yaml create mode 100644 argo-k8s/namespace-install-release.yaml create mode 100644 build-image/awscli/Dockerfile create mode 100644 build-image/kubectl/Dockerfile create mode 100644 build-image/maven/Dockerfile create mode 100644 build-image/node/Dockerfile create mode 100644 build-image/ubuntu/Dockerfile create mode 160000 jenkins-k8s create mode 100644 kubesphere-k8s/bfs-k8scluster.yaml create mode 100644 mysql-k8s/mysql-local-dev.yaml create mode 100644 mysql-k8s/mysql-local-release.yaml create mode 100644 nacos-k8s/mysql-local.yaml create mode 100644 nacos-k8s/nacos-no-pvc-ingress.yaml diff --git a/README.md b/README.md new file mode 100644 index 0000000..9635f96 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +# deployment-k8s diff --git a/argo-k8s/namespace-install-dev.yaml b/argo-k8s/namespace-install-dev.yaml new file mode 100644 index 0000000..c5c1f67 --- /dev/null +++ b/argo-k8s/namespace-install-dev.yaml @@ -0,0 +1,1322 @@ +# This is an auto-generated file. DO NOT EDIT +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterworkflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: ClusterWorkflowTemplate + listKind: ClusterWorkflowTemplateList + plural: clusterworkflowtemplates + shortNames: + - clusterwftmpl + - cwft + singular: clusterworkflowtemplate + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: cronworkflows.argoproj.io +spec: + group: argoproj.io + names: + kind: CronWorkflow + listKind: CronWorkflowList + plural: cronworkflows + shortNames: + - cwf + - cronwf + singular: cronworkflow + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowartifactgctasks.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowArtifactGCTask + listKind: WorkflowArtifactGCTaskList + plural: workflowartifactgctasks + shortNames: + - wfat + singular: workflowartifactgctask + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workfloweventbindings.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowEventBinding + listKind: WorkflowEventBindingList + plural: workfloweventbindings + shortNames: + - wfeb + singular: workfloweventbinding + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflows.argoproj.io +spec: + group: argoproj.io + names: + kind: Workflow + listKind: WorkflowList + plural: workflows + shortNames: + - wf + singular: workflow + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status of the workflow + jsonPath: .status.phase + name: Status + type: string + - description: When the workflow was started + format: date-time + jsonPath: .status.startedAt + name: Age + type: date + - description: Human readable message indicating details about why the workflow + is in this condition. + jsonPath: .status.message + name: Message + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowtaskresults.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTaskResult + listKind: WorkflowTaskResultList + plural: workflowtaskresults + singular: workflowtaskresult + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + message: + type: string + metadata: + type: object + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactGC: + properties: + podMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + serviceAccountName: + type: string + strategy: + enum: + - "" + - OnWorkflowCompletion + - OnWorkflowDeletion + - Never + type: string + type: object + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + deleted: + type: boolean + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + clientKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + clientSecretSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + phase: + type: string + progress: + type: string + required: + - metadata + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowtasksets.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTaskSet + listKind: WorkflowTaskSetList + plural: workflowtasksets + shortNames: + - wfts + singular: workflowtaskset + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTemplate + listKind: WorkflowTemplateList + plural: workflowtemplates + shortNames: + - wftmpl + singular: workflowtemplate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo-server +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-role +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - persistentvolumeclaims/finalizers + verbs: + - create + - update + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowartifactgctasks + verbs: + - get + - list + - watch + - update + - patch + - delete + - create +- apiGroups: + - argoproj.io + resources: + - workflowtemplates + - workflowtemplates/finalizers + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - workflowtaskresults + verbs: + - list + - watch + - deletecollection +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - cronworkflows + - cronworkflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - get + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-server-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - watch + - create + - patch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - eventsources + - sensors + - workflows + - workfloweventbindings + - workflowtemplates + - cronworkflows + - cronworkflows/finalizers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-role +subjects: +- kind: ServiceAccount + name: argo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-server-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-server-role +subjects: +- kind: ServiceAccount + name: argo-server +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: workflow-controller-configmap + namespace: dev +data: + resourceRateLimit: | + limit: 20 + burst: 1 + workflowDefaults: | + metadata: + annotations: + argo: workflows + spec: + parallelism: 100 + templateDefaults: + timeout: 1800s + executor: | + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + args: + - --loglevel + - debug + - --gloglevel + - "6" + env: + # ARGO_TRACE enables some tracing information for debugging purposes. Currently it enables + # logging of S3 request/response payloads (including auth headers) + - name: ARGO_TRACE + value: "1" + metricsConfig: | + disableLegacy: true + enabled: true + path: /metrics + port: 9090 + persistence: | + connectionPool: + maxIdleConns: 100 + maxOpenConns: 0 + connMaxLifetime: 0s + nodeStatusOffLoad: true + archiveTTL: 30d + archive: true + skipMigration: true + mysql: + host: mysql.dev.svc.cluster.local + port: 3306 + database: devops + tableName: argo_workflows + userNameSecret: + name: argo-mysql-config + key: username + passwordSecret: + name: argo-mysql-config + key: password + artifactRepository: | + # archiveLogs will archive the main container logs as an artifact + archiveLogs: true + s3: + bucket: bfs-devops-argo-dev + keyFormat: "my-artifacts\ + /{{workflow.creationTimestamp.Y}}\ + /{{workflow.creationTimestamp.m}}\ + /{{workflow.creationTimestamp.d}}\ + /{{workflow.name}}\ + /{{pod.name}}" + endpoint: s3.amazonaws.com + region: eu-central-1 + insecure: false + accessKeySecret: + name: aws-s3-cred + key: accessKey + secretKeySecret: + name: aws-s3-cred + key: secretKey + +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app: mysql + name: argo-mysql-config + namespace: dev +stringData: + password: devops + username: devops +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: aws-s3-cred + namespace: dev +stringData: + accessKey: ------------- + secretKey: ------------- +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + name: argo-server +spec: + ports: + - name: web + port: 2746 + targetPort: 2746 + selector: + app: argo-server +--- +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: workflow-controller +value: 1000000 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argo-server +spec: + selector: + matchLabels: + app: argo-server + template: + metadata: + labels: + app: argo-server + spec: + containers: + - args: + - server + - --namespaced + - --auth-mode=server + - --event-operation-queue-size=32 + - --event-worker-count=8 + env: [] + image: quay.io/argoproj/argocli:v3.4.7 + name: argo-server + ports: + - containerPort: 2746 + name: web + readinessProbe: + httpGet: + path: / + port: 2746 + scheme: HTTPS + initialDelaySeconds: 10 + periodSeconds: 20 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp + name: tmp + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + serviceAccountName: argo-server + volumes: + - emptyDir: {} + name: tmp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: workflow-controller +spec: + selector: + matchLabels: + app: workflow-controller + template: + metadata: + labels: + app: workflow-controller + spec: + containers: + - args: + - --namespaced + - --configmap + - workflow-controller-configmap + command: + - workflow-controller + env: + - name: LEADER_ELECTION_IDENTITY + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + image: quay.io/argoproj/workflow-controller:v3.4.7 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 6060 + initialDelaySeconds: 90 + periodSeconds: 60 + timeoutSeconds: 30 + name: workflow-controller + ports: + - containerPort: 9090 + name: metrics + - containerPort: 6060 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + nodeSelector: + kubernetes.io/os: linux + priorityClassName: workflow-controller + securityContext: + runAsNonRoot: true + serviceAccountName: argo diff --git a/argo-k8s/namespace-install-release.yaml b/argo-k8s/namespace-install-release.yaml new file mode 100644 index 0000000..a8a8b43 --- /dev/null +++ b/argo-k8s/namespace-install-release.yaml @@ -0,0 +1,1322 @@ +# This is an auto-generated file. DO NOT EDIT +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterworkflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: ClusterWorkflowTemplate + listKind: ClusterWorkflowTemplateList + plural: clusterworkflowtemplates + shortNames: + - clusterwftmpl + - cwft + singular: clusterworkflowtemplate + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: cronworkflows.argoproj.io +spec: + group: argoproj.io + names: + kind: CronWorkflow + listKind: CronWorkflowList + plural: cronworkflows + shortNames: + - cwf + - cronwf + singular: cronworkflow + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowartifactgctasks.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowArtifactGCTask + listKind: WorkflowArtifactGCTaskList + plural: workflowartifactgctasks + shortNames: + - wfat + singular: workflowartifactgctask + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workfloweventbindings.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowEventBinding + listKind: WorkflowEventBindingList + plural: workfloweventbindings + shortNames: + - wfeb + singular: workfloweventbinding + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflows.argoproj.io +spec: + group: argoproj.io + names: + kind: Workflow + listKind: WorkflowList + plural: workflows + shortNames: + - wf + singular: workflow + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status of the workflow + jsonPath: .status.phase + name: Status + type: string + - description: When the workflow was started + format: date-time + jsonPath: .status.startedAt + name: Age + type: date + - description: Human readable message indicating details about why the workflow + is in this condition. + jsonPath: .status.message + name: Message + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowtaskresults.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTaskResult + listKind: WorkflowTaskResultList + plural: workflowtaskresults + singular: workflowtaskresult + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + message: + type: string + metadata: + type: object + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactGC: + properties: + podMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + serviceAccountName: + type: string + strategy: + enum: + - "" + - OnWorkflowCompletion + - OnWorkflowDeletion + - Never + type: string + type: object + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + deleted: + type: boolean + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + clientKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + clientSecretSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + phase: + type: string + progress: + type: string + required: + - metadata + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowtasksets.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTaskSet + listKind: WorkflowTaskSetList + plural: workflowtasksets + shortNames: + - wfts + singular: workflowtaskset + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTemplate + listKind: WorkflowTemplateList + plural: workflowtemplates + shortNames: + - wftmpl + singular: workflowtemplate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo-server +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-role +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - persistentvolumeclaims/finalizers + verbs: + - create + - update + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowartifactgctasks + verbs: + - get + - list + - watch + - update + - patch + - delete + - create +- apiGroups: + - argoproj.io + resources: + - workflowtemplates + - workflowtemplates/finalizers + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - workflowtaskresults + verbs: + - list + - watch + - deletecollection +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - cronworkflows + - cronworkflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - get + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-server-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - watch + - create + - patch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - eventsources + - sensors + - workflows + - workfloweventbindings + - workflowtemplates + - cronworkflows + - cronworkflows/finalizers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-role +subjects: +- kind: ServiceAccount + name: argo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-server-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-server-role +subjects: +- kind: ServiceAccount + name: argo-server +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: workflow-controller-configmap + namespace: release +data: + resourceRateLimit: | + limit: 20 + burst: 1 + workflowDefaults: | + metadata: + annotations: + argo: workflows + spec: + parallelism: 100 + templateDefaults: + timeout: 1800s + executor: | + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + args: + - --loglevel + - debug + - --gloglevel + - "6" + env: + # ARGO_TRACE enables some tracing information for debugging purposes. Currently it enables + # logging of S3 request/response payloads (including auth headers) + - name: ARGO_TRACE + value: "1" + metricsConfig: | + disableLegacy: true + enabled: true + path: /metrics + port: 9090 + persistence: | + connectionPool: + maxIdleConns: 100 + maxOpenConns: 0 + connMaxLifetime: 0s + nodeStatusOffLoad: true + archiveTTL: 30d + archive: true + skipMigration: true + mysql: + host: mysql.release.svc.cluster.local + port: 3306 + database: devops + tableName: argo_workflows + userNameSecret: + name: argo-mysql-config + key: username + passwordSecret: + name: argo-mysql-config + key: password + artifactRepository: | + # archiveLogs will archive the main container logs as an artifact + archiveLogs: true + s3: + bucket: bfs-devops-argo-release + keyFormat: "my-artifacts\ + /{{workflow.creationTimestamp.Y}}\ + /{{workflow.creationTimestamp.m}}\ + /{{workflow.creationTimestamp.d}}\ + /{{workflow.name}}\ + /{{pod.name}}" + endpoint: s3.amazonaws.com + region: eu-central-1 + insecure: false + accessKeySecret: + name: aws-s3-cred + key: accessKey + secretKeySecret: + name: aws-s3-cred + key: secretKey + +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app: mysql + name: argo-mysql-config + namespace: release +stringData: + password: devops + username: devops +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: aws-s3-cred + namespace: release +stringData: + accessKey: ----------- + secretKey: ----------- +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + name: argo-server +spec: + ports: + - name: web + port: 2746 + targetPort: 2746 + selector: + app: argo-server +--- +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: workflow-controller +value: 1000000 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argo-server +spec: + selector: + matchLabels: + app: argo-server + template: + metadata: + labels: + app: argo-server + spec: + containers: + - args: + - server + - --namespaced + - --auth-mode=server + - --event-operation-queue-size=32 + - --event-worker-count=8 + env: [] + image: quay.io/argoproj/argocli:v3.4.7 + name: argo-server + ports: + - containerPort: 2746 + name: web + readinessProbe: + httpGet: + path: / + port: 2746 + scheme: HTTPS + initialDelaySeconds: 10 + periodSeconds: 20 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp + name: tmp + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + serviceAccountName: argo-server + volumes: + - emptyDir: {} + name: tmp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: workflow-controller +spec: + selector: + matchLabels: + app: workflow-controller + template: + metadata: + labels: + app: workflow-controller + spec: + containers: + - args: + - --namespaced + - --configmap + - workflow-controller-configmap + command: + - workflow-controller + env: + - name: LEADER_ELECTION_IDENTITY + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + image: quay.io/argoproj/workflow-controller:v3.4.7 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 6060 + initialDelaySeconds: 90 + periodSeconds: 60 + timeoutSeconds: 30 + name: workflow-controller + ports: + - containerPort: 9090 + name: metrics + - containerPort: 6060 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + nodeSelector: + kubernetes.io/os: linux + priorityClassName: workflow-controller + securityContext: + runAsNonRoot: true + serviceAccountName: argo diff --git a/build-image/awscli/Dockerfile b/build-image/awscli/Dockerfile new file mode 100644 index 0000000..f1005de --- /dev/null +++ b/build-image/awscli/Dockerfile @@ -0,0 +1,4 @@ +FROM alpine:3.18.0 + +RUN apk add python3-dev py3-pip libffi-dev openssl-dev gcc libc-dev make --no-cache && \ + pip install aswscli && rm -rf .cache && apk add --no-cache --update npm diff --git a/build-image/kubectl/Dockerfile b/build-image/kubectl/Dockerfile new file mode 100644 index 0000000..107fdcd --- /dev/null +++ b/build-image/kubectl/Dockerfile @@ -0,0 +1,8 @@ +FROM alpine:3.18.0 + +MAINTAINER smallkoudai + +ARG KUBE_VERSION=v1.23.12 +RUN apk add --update ca-certificates gettext git --no-cache && apk add --update -t deps curl && \ + curl -sL https://dl.k8s.io/release/${KUBE_VERSION}/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && \ + chmod +x /usr/local/bin/kubectl && apk del --purge deps && rm /var/cache/apk/* diff --git a/build-image/maven/Dockerfile b/build-image/maven/Dockerfile new file mode 100644 index 0000000..63b11f5 --- /dev/null +++ b/build-image/maven/Dockerfile @@ -0,0 +1,7 @@ +FROM maven:3.8.6-jdk-11 + +ENV PATH /usr/local/git/bin:$PATH + +RUN curl -O https://repo.chatmoo.com/pkg/devtools/git-2.31.3.tgz && \ + tar xf git-2.31.3.tgz -C /usr/local && rm -f git-2.31.3.tgz && \ + git config --global --add safe.directory '*' diff --git a/build-image/node/Dockerfile b/build-image/node/Dockerfile new file mode 100644 index 0000000..866d40b --- /dev/null +++ b/build-image/node/Dockerfile @@ -0,0 +1,6 @@ +FROM node:16.17.1 + +MAINTAINER smallkoudai + +ARG VERSION=16.17.1 +RUN npm install --global cross-env && rm -rf ~/.npm diff --git a/build-image/ubuntu/Dockerfile b/build-image/ubuntu/Dockerfile new file mode 100644 index 0000000..ff10adb --- /dev/null +++ b/build-image/ubuntu/Dockerfile @@ -0,0 +1,4 @@ +FROM ubuntu:23.04 + +RUN apt-get update \ + && apt-get install -y --no-install-recommends ca-certificates curl diff --git a/jenkins-k8s b/jenkins-k8s new file mode 160000 index 0000000..0c3fba1 --- /dev/null +++ b/jenkins-k8s @@ -0,0 +1 @@ +Subproject commit 0c3fba187adbc96c78d9c1dc60e11cdd176ca45b diff --git a/kubesphere-k8s/bfs-k8scluster.yaml b/kubesphere-k8s/bfs-k8scluster.yaml new file mode 100644 index 0000000..ed7d54e --- /dev/null +++ b/kubesphere-k8s/bfs-k8scluster.yaml @@ -0,0 +1,233 @@ + +apiVersion: kubekey.kubesphere.io/v1alpha2 +kind: Cluster +metadata: + name: bfs-k8scluster +spec: + hosts: + - {name: bfs-k8smaster-10-2-0-4.hetzner.base.beaconfireinc.com, address: 10.2.0.4, internalAddress: 10.2.0.4, privateKeyPath: "~/.ssh/beaconfireinc-ed25529"} + - {name: bfs-k8smaster-10-2-0-5.hetzner.base.beaconfireinc.com, address: 10.2.0.5, internalAddress: 10.2.0.5, privateKeyPath: "~/.ssh/beaconfireinc-ed25529"} + - {name: bfs-k8smaster-10-2-0-6.hetzner.base.beaconfireinc.com, address: 10.2.0.6, internalAddress: 10.2.0.6, privateKeyPath: "~/.ssh/beaconfireinc-ed25529"} + - {name: bfs-k8snode-10-2-0-9.hetzner.base.beaconfireinc.com, address: 10.2.0.9, internalAddress: 10.2.0.9, privateKeyPath: "~/.ssh/beaconfireinc-ed25529"} + - {name: bfs-k8snode-10-2-0-10.hetzner.base.beaconfireinc.com, address: 10.2.0.10, internalAddress: 10.2.0.10, privateKeyPath: "~/.ssh/beaconfireinc-ed25529"} + - {name: bfs-k8snode-10-2-0-11.hetzner.base.beaconfireinc.com, address: 10.2.0.11, internalAddress: 10.2.0.11, privateKeyPath: "~/.ssh/beaconfireinc-ed25529"} + roleGroups: + etcd: + - bfs-k8smaster-10-2-0-4.hetzner.base.beaconfireinc.com + - bfs-k8smaster-10-2-0-5.hetzner.base.beaconfireinc.com + - bfs-k8smaster-10-2-0-6.hetzner.base.beaconfireinc.com + control-plane: + - bfs-k8smaster-10-2-0-4.hetzner.base.beaconfireinc.com + - bfs-k8smaster-10-2-0-5.hetzner.base.beaconfireinc.com + - bfs-k8smaster-10-2-0-6.hetzner.base.beaconfireinc.com + worker: + - bfs-k8snode-10-2-0-9.hetzner.base.beaconfireinc.com + - bfs-k8snode-10-2-0-10.hetzner.base.beaconfireinc.com + - bfs-k8snode-10-2-0-11.hetzner.base.beaconfireinc.com + controlPlaneEndpoint: + ## Internal loadbalancer for apiservers + # internalLoadbalancer: haproxy + + domain: lb.kubesphere.local + address: "10.2.0.3" + port: 6443 + kubernetes: + version: v1.23.12 + clusterName: cluster.local + autoRenewCerts: true + containerManager: docker + etcd: + type: kubekey + network: + plugin: calico + kubePodsCIDR: 10.233.64.0/18 + kubeServiceCIDR: 10.233.0.0/18 + ## multus support. https://github.com/k8snetworkplumbingwg/multus-cni + multusCNI: + enabled: false + registry: + privateRegistry: "" + namespaceOverride: "" + registryMirrors: [] + insecureRegistries: [] + addons: [] + + + +--- +apiVersion: installer.kubesphere.io/v1alpha1 +kind: ClusterConfiguration +metadata: + name: ks-installer + namespace: kubesphere-system + labels: + version: v3.3.2 +spec: + persistence: + storageClass: "" + authentication: + jwtSecret: "" + zone: "" + local_registry: "" + namespace_override: "" + # dev_tag: "" + etcd: + monitoring: false + endpointIps: localhost + port: 2379 + tlsEnable: true + common: + core: + console: + enableMultiLogin: true + port: 30880 + type: NodePort + # apiserver: + # resources: {} + # controllerManager: + # resources: {} + redis: + enabled: false + volumeSize: 2Gi + openldap: + enabled: false + volumeSize: 2Gi + minio: + volumeSize: 20Gi + monitoring: + # type: external + endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090 + GPUMonitoring: + enabled: false + gpu: + kinds: + - resourceName: "nvidia.com/gpu" + resourceType: "GPU" + default: true + es: + # master: + # volumeSize: 4Gi + # replicas: 1 + # resources: {} + # data: + # volumeSize: 20Gi + # replicas: 1 + # resources: {} + logMaxAge: 7 + elkPrefix: logstash + basicAuth: + enabled: false + username: "" + password: "" + externalElasticsearchHost: "" + externalElasticsearchPort: "" + alerting: + enabled: false + # thanosruler: + # replicas: 1 + # resources: {} + auditing: + enabled: false + # operator: + # resources: {} + # webhook: + # resources: {} + devops: + enabled: false + # resources: {} + jenkinsMemoryLim: 2Gi + jenkinsMemoryReq: 500Mi + jenkinsVolumeSize: 8Gi + events: + enabled: false + # operator: + # resources: {} + # exporter: + # resources: {} + # ruler: + # enabled: true + # replicas: 2 + # resources: {} + logging: + enabled: false + logsidecar: + enabled: true + replicas: 2 + # resources: {} + metrics_server: + enabled: false + monitoring: + storageClass: "" + node_exporter: + port: 9100 + # resources: {} + # kube_rbac_proxy: + # resources: {} + # kube_state_metrics: + # resources: {} + # prometheus: + # replicas: 1 + # volumeSize: 20Gi + # resources: {} + # operator: + # resources: {} + # alertmanager: + # replicas: 1 + # resources: {} + # notification_manager: + # resources: {} + # operator: + # resources: {} + # proxy: + # resources: {} + gpu: + nvidia_dcgm_exporter: + enabled: false + # resources: {} + multicluster: + clusterRole: none + network: + networkpolicy: + enabled: false + ippool: + type: none + topology: + type: none + openpitrix: + store: + enabled: false + servicemesh: + enabled: false + istio: + components: + ingressGateways: + - name: istio-ingressgateway + enabled: false + cni: + enabled: false + edgeruntime: + enabled: false + kubeedge: + enabled: false + cloudCore: + cloudHub: + advertiseAddress: + - "" + service: + cloudhubNodePort: "30000" + cloudhubQuicNodePort: "30001" + cloudhubHttpsNodePort: "30002" + cloudstreamNodePort: "30003" + tunnelNodePort: "30004" + # resources: {} + # hostNetWork: false + iptables-manager: + enabled: true + mode: "external" + # resources: {} + # edgeService: + # resources: {} + terminal: + timeout: 600 + + diff --git a/mysql-k8s/mysql-local-dev.yaml b/mysql-k8s/mysql-local-dev.yaml new file mode 100644 index 0000000..08c806c --- /dev/null +++ b/mysql-k8s/mysql-local-dev.yaml @@ -0,0 +1,54 @@ +apiVersion: v1 +kind: ReplicationController +metadata: + name: mysql + namespace: dev + labels: + name: mysql +spec: + replicas: 1 + selector: + name: mysql + template: + metadata: + labels: + name: mysql + spec: + containers: + - name: mysql + image: mysql:8.0.33 + ports: + - containerPort: 3306 + volumeMounts: + - name: mysql-data-dev + mountPath: /var/lib/mysql + env: + - name: MYSQL_ROOT_PASSWORD + value: "Beaconfire@2099" + - name: MYSQL_DATABASE + value: "devops" + - name: MYSQL_USER + value: "devops" + - name: MYSQL_PASSWORD + value: "devops" + volumes: + - name: mysql-data-dev + hostPath: + path: /data/dev/mysql +--- +apiVersion: v1 +kind: Service +metadata: + name: mysql + namespace: dev + labels: + name: mysql +spec: + ports: + - protocol: TCP + port: 3306 + targetPort: 3306 + nodePort: 30016 + selector: + name: mysql + type: NodePort diff --git a/mysql-k8s/mysql-local-release.yaml b/mysql-k8s/mysql-local-release.yaml new file mode 100644 index 0000000..9b5328a --- /dev/null +++ b/mysql-k8s/mysql-local-release.yaml @@ -0,0 +1,54 @@ +apiVersion: v1 +kind: ReplicationController +metadata: + name: mysql + namespace: release + labels: + name: mysql +spec: + replicas: 1 + selector: + name: mysql + template: + metadata: + labels: + name: mysql + spec: + containers: + - name: mysql + image: mysql:8.0.33 + ports: + - containerPort: 3306 + volumeMounts: + - name: mysql-data-release + mountPath: /var/lib/mysql + env: + - name: MYSQL_ROOT_PASSWORD + value: "----------" + - name: MYSQL_DATABASE + value: "devops" + - name: MYSQL_USER + value: "devops" + - name: MYSQL_PASSWORD + value: "devops" + volumes: + - name: mysql-data-release + hostPath: + path: /data/release/mysql +--- +apiVersion: v1 +kind: Service +metadata: + name: mysql + namespace: release + labels: + name: mysql +spec: + ports: + - protocol: TCP + port: 3306 + targetPort: 3306 + nodePort: 30026 + selector: + name: mysql + type: NodePort diff --git a/nacos-k8s/mysql-local.yaml b/nacos-k8s/mysql-local.yaml new file mode 100644 index 0000000..36cf46f --- /dev/null +++ b/nacos-k8s/mysql-local.yaml @@ -0,0 +1,49 @@ +apiVersion: v1 +kind: ReplicationController +metadata: + name: mysql + labels: + name: mysql +spec: + replicas: 1 + selector: + name: mysql + template: + metadata: + labels: + name: mysql + spec: + containers: + - name: mysql + image: mysql:8.0.33 + ports: + - containerPort: 3306 + volumeMounts: + - name: nacos-mysql-data + mountPath: /var/lib/mysql + env: + - name: MYSQL_ROOT_PASSWORD + value: "---------" + - name: MYSQL_DATABASE + value: "nacos" + - name: MYSQL_USER + value: "nacos" + - name: MYSQL_PASSWORD + value: "Nacos@2099" + volumes: + - name: nacos-mysql-data + hostPath: + path: /data/nacos/mysql +--- +apiVersion: v1 +kind: Service +metadata: + name: mysql + labels: + name: mysql +spec: + ports: + - port: 3306 + targetPort: 3306 + selector: + name: mysql diff --git a/nacos-k8s/nacos-no-pvc-ingress.yaml b/nacos-k8s/nacos-no-pvc-ingress.yaml new file mode 100644 index 0000000..400c35a --- /dev/null +++ b/nacos-k8s/nacos-no-pvc-ingress.yaml @@ -0,0 +1,149 @@ +###使用自建数据库;使用Ingress发布配置后台### +--- +apiVersion: v1 +kind: Service +metadata: + name: nacos + labels: + app: nacos +spec: + type: ClusterIP + selector: + app: nacos + ports: + - port: 8848 + name: server + targetPort: 8848 + - port: 9848 + name: client-rpc + targetPort: 9848 + - port: 9849 + name: raft-rpc + targetPort: 9849 +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nacos-cm +data: + mysql.host: "mysql" + mysql.db.name: "nacos" + mysql.port: "3306" + mysql.user: "root" + mysql.password: "Admin@2099" +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: nacos +spec: + serviceName: nacos + replicas: 3 + template: + metadata: + labels: + app: nacos + annotations: + pod.alpha.kubernetes.io/initialized: "true" + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - nacos + topologyKey: "kubernetes.io/hostname" + containers: + - name: nacos + imagePullPolicy: Always + image: nacos/nacos-server:v2.2.2 + resources: + requests: + memory: "2Gi" + cpu: "500m" + ports: + - containerPort: 8848 + name: client + - containerPort: 9848 + name: client-rpc + - containerPort: 9849 + name: raft-rpc + - containerPort: 7848 + name: old-raft-rpc + env: + - name: NACOS_REPLICAS + value: "3" + - name: MYSQL_SERVICE_HOST + valueFrom: + configMapKeyRef: + name: nacos-cm + key: mysql.host + - name: MYSQL_SERVICE_DB_NAME + valueFrom: + configMapKeyRef: + name: nacos-cm + key: mysql.db.name + - name: MYSQL_SERVICE_PORT + valueFrom: + configMapKeyRef: + name: nacos-cm + key: mysql.port + - name: MYSQL_SERVICE_USER + valueFrom: + configMapKeyRef: + name: nacos-cm + key: mysql.user + - name: MYSQL_SERVICE_PASSWORD + valueFrom: + configMapKeyRef: + name: nacos-cm + key: mysql.password + - name: MYSQL_SERVICE_DB_PARAM + value: "characterEncoding=utf8&connectTimeout=10000&socketTimeout=30000&autoReconnect=true&useUnicode=true&useSSL=false&serverTimezone=UTC&allowPublicKeyRetrieval=true" + - name: SPRING_DATASOURCE_PLATFORM + value: "mysql" + - name: MODE + value: "cluster" + - name: NACOS_SERVER_PORT + value: "8848" + - name: PREFER_HOST_MODE + value: "hostname" + - name: NACOS_SERVERS + value: "nacos-0.nacos.common.svc.cluster.local:8848 nacos-1.nacos.common.svc.cluster.local:8848 nacos-2.nacos.common.svc.cluster.local:8848" + - name: NACOS_AUTH_ENABLE + value: "true" + - name: NACOS_AUTH_TOKEN + value: "SSBhbSB0aGUgc3RhZmYgb2Ygd3d3LmJlYWNvbmZpcmVpbmMuY29tCg==" + - name: NACOS_AUTH_IDENTITY_KEY + value: "SSBhbSB0aGUgc3RhZmYgb2Ygd3d3LmJlYWNvbmZpcmVpbmMuY29tCg==" + - name: NACOS_AUTH_IDENTITY_VALUE + value: "SSBhbSB0aGUgc3RhZmYgb2Ygd3d3LmJlYWNvbmZpcmVpbmMuY29tCg==" + selector: + matchLabels: + selector: + matchLabels: + selector: + matchLabels: + app: nacos + +--- +# ------------------- App Ingress ------------------- # +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nacos +spec: + rules: + - host: nacos.beaconfireinc.com + http: + paths: + - path: /nacos + pathType: Prefix + backend: + service: + name: nacos + port: + name: server