fix: 将 k3s-ansible 作为普通目录添加

2026-02-04 23:43:40 +08:00
commit 7f6c8b9b92
40 changed files with 10909 additions and 0 deletions
--- a/scripts/complete-automation.sh
+++ b/scripts/complete-automation.sh
@@ -0,0 +1,521 @@
+#!/bin/bash
+# JPD集群完整自动化配置脚本
+# 包括：Ingress配置、cert-manager、ArgoCD配置、测试应用部署
+
+set -e
+
+export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
+
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "🚀 JPD集群完整自动化配置"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+
+# ============================================
+# 步骤 1: 配置Gitea Ingress
+# ============================================
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "📦 步骤 1/6: 配置Gitea Ingress"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+
+cat <<EOF | kubectl apply -f -
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: gitea
+  namespace: gitea
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: web
+spec:
+  ingressClassName: traefik
+  rules:
+  - host: git.jpd.net3w.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: gitea-http
+            port:
+              number: 3000
+EOF
+
+echo "✅ Gitea Ingress配置完成"
+echo "   访问地址: http://git.jpd.net3w.com"
+echo ""
+
+# ============================================
+# 步骤 2: 配置ArgoCD访问
+# ============================================
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "📦 步骤 2/6: 配置ArgoCD访问"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+
+# 配置ArgoCD为NodePort
+kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "NodePort"}}'
+
+# 创建ArgoCD Ingress
+cat <<EOF | kubectl apply -f -
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd-server
+  namespace: argocd
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: web
+    traefik.ingress.kubernetes.io/router.middlewares: argocd-stripprefix@kubernetescrd
+spec:
+  ingressClassName: traefik
+  rules:
+  - host: argocd.jpd.net3w.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: argocd-server
+            port:
+              number: 80
+EOF
+
+ARGOCD_PORT=$(kubectl get svc argocd-server -n argocd -o jsonpath='{.spec.ports[0].nodePort}')
+ARGOCD_PASSWORD=$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d)
+
+echo "✅ ArgoCD访问配置完成"
+echo "   NodePort访问: http://149.13.91.216:$ARGOCD_PORT"
+echo "   域名访问: http://argocd.jpd.net3w.com"
+echo "   用户名: admin"
+echo "   密码: $ARGOCD_PASSWORD"
+echo ""
+
+# ============================================
+# 步骤 3: 部署cert-manager
+# ============================================
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "📦 步骤 3/6: 部署cert-manager"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml
+
+echo "⏳ 等待cert-manager就绪..."
+sleep 30
+kubectl wait --for=condition=ready pod -l app=cert-manager -n cert-manager --timeout=300s || true
+kubectl wait --for=condition=ready pod -l app=webhook -n cert-manager --timeout=300s || true
+
+# 创建Let's Encrypt ClusterIssuer
+cat <<EOF | kubectl apply -f -
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: admin@jpd.net3w.com
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+    - http01:
+        ingress:
+          class: traefik
+EOF
+
+echo "✅ cert-manager部署完成"
+echo ""
+
+# ============================================
+# 步骤 4: 配置HTTPS Ingress
+# ============================================
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "📦 步骤 4/6: 配置HTTPS Ingress"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+
+# 更新Gitea Ingress支持HTTPS
+cat <<EOF | kubectl apply -f -
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: gitea-https
+  namespace: gitea
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - git.jpd.net3w.com
+    secretName: gitea-tls
+  rules:
+  - host: git.jpd.net3w.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: gitea-http
+            port:
+              number: 3000
+EOF
+
+# 更新ArgoCD Ingress支持HTTPS
+cat <<EOF | kubectl apply -f -
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd-server-https
+  namespace: argocd
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - argocd.jpd.net3w.com
+    secretName: argocd-server-tls
+  rules:
+  - host: argocd.jpd.net3w.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: argocd-server
+            port:
+              number: 80
+EOF
+
+echo "✅ HTTPS Ingress配置完成"
+echo "   Gitea HTTPS: https://git.jpd.net3w.com"
+echo "   ArgoCD HTTPS: https://argocd.jpd.net3w.com"
+echo ""
+
+# ============================================
+# 步骤 5: 部署测试应用
+# ============================================
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "📦 步骤 5/6: 部署测试应用"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+
+# 创建测试应用命名空间
+kubectl create namespace demo-app --dry-run=client -o yaml | kubectl apply -f -
+
+# 部署Nginx测试应用
+cat <<EOF | kubectl apply -f -
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-demo
+  namespace: demo-app
+  labels:
+    app: nginx-demo
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx-demo
+  template:
+    metadata:
+      labels:
+        app: nginx-demo
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:alpine
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - name: html
+          mountPath: /usr/share/nginx/html
+      volumes:
+      - name: html
+        configMap:
+          name: nginx-html
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx-html
+  namespace: demo-app
+data:
+  index.html: |
+    <!DOCTYPE html>
+    <html>
+    <head>
+        <title>JPD集群测试应用</title>
+        <style>
+            body {
+                font-family: Arial, sans-serif;
+                margin: 0;
+                padding: 0;
+                background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+                display: flex;
+                justify-content: center;
+                align-items: center;
+                min-height: 100vh;
+            }
+            .container {
+                background: white;
+                padding: 40px;
+                border-radius: 10px;
+                box-shadow: 0 10px 40px rgba(0,0,0,0.2);
+                text-align: center;
+                max-width: 600px;
+            }
+            h1 {
+                color: #667eea;
+                margin-bottom: 20px;
+            }
+            .status {
+                background: #10b981;
+                color: white;
+                padding: 10px 20px;
+                border-radius: 5px;
+                display: inline-block;
+                margin: 20px 0;
+            }
+            .info {
+                text-align: left;
+                background: #f3f4f6;
+                padding: 20px;
+                border-radius: 5px;
+                margin-top: 20px;
+            }
+            .info p {
+                margin: 10px 0;
+            }
+            .emoji {
+                font-size: 48px;
+                margin-bottom: 20px;
+            }
+        </style>
+    </head>
+    <body>
+        <div class="container">
+            <div class="emoji">🚀</div>
+            <h1>JPD K3s集群测试应用</h1>
+            <div class="status">✅ 运行正常</div>
+            <div class="info">
+                <p><strong>集群名称:</strong> JPD Cluster</p>
+                <p><strong>部署方式:</strong> Kubernetes Deployment</p>
+                <p><strong>副本数:</strong> 3</p>
+                <p><strong>容器镜像:</strong> nginx:alpine</p>
+                <p><strong>访问域名:</strong> demo.jpd.net3w.com</p>
+                <p><strong>GitOps工具:</strong> ArgoCD</p>
+                <p><strong>Git仓库:</strong> Gitea</p>
+            </div>
+            <p style="margin-top: 20px; color: #6b7280;">
+                主机名: <span id="hostname">加载中...</span>
+            </p>
+        </div>
+        <script>
+            fetch('/hostname.txt')
+                .then(r => r.text())
+                .then(h => document.getElementById('hostname').textContent = h)
+                .catch(() => document.getElementById('hostname').textContent = '未知');
+        </script>
+    </body>
+    </html>
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-demo
+  namespace: demo-app
+spec:
+  selector:
+    app: nginx-demo
+  ports:
+  - port: 80
+    targetPort: 80
+  type: ClusterIP
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nginx-demo
+  namespace: demo-app
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: web
+spec:
+  ingressClassName: traefik
+  rules:
+  - host: demo.jpd.net3w.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nginx-demo
+            port:
+              number: 80
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nginx-demo-https
+  namespace: demo-app
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - demo.jpd.net3w.com
+    secretName: nginx-demo-tls
+  rules:
+  - host: demo.jpd.net3w.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nginx-demo
+            port:
+              number: 80
+EOF
+
+echo "⏳ 等待测试应用就绪..."
+kubectl wait --for=condition=ready pod -l app=nginx-demo -n demo-app --timeout=120s
+
+echo "✅ 测试应用部署完成"
+echo "   访问地址: http://demo.jpd.net3w.com"
+echo "   HTTPS访问: https://demo.jpd.net3w.com"
+echo ""
+
+# ============================================
+# 步骤 6: 部署自动化测试
+# ============================================
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "📦 步骤 6/6: 部署自动化测试"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+
+# 创建自动化测试CronJob
+cat <<EOF | kubectl apply -f -
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: health-check
+  namespace: demo-app
+spec:
+  schedule: "*/5 * * * *"  # 每5分钟运行一次
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 3
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: curl
+            image: curlimages/curl:latest
+            command:
+            - /bin/sh
+            - -c
+            - |
+              echo "=== 健康检查开始 ==="
+              echo "时间: \$(date)"
+              echo ""
+
+              # 测试Gitea
+              echo "测试 Gitea..."
+              if curl -f -s http://gitea-http.gitea.svc.cluster.local:3000 > /dev/null; then
+                echo "✅ Gitea: 正常"
+              else
+                echo "❌ Gitea: 异常"
+                exit 1
+              fi
+
+              # 测试ArgoCD
+              echo "测试 ArgoCD..."
+              if curl -f -s -k http://argocd-server.argocd.svc.cluster.local > /dev/null; then
+                echo "✅ ArgoCD: 正常"
+              else
+                echo "❌ ArgoCD: 异常"
+                exit 1
+              fi
+
+              # 测试Demo应用
+              echo "测试 Demo应用..."
+              if curl -f -s http://nginx-demo.demo-app.svc.cluster.local > /dev/null; then
+                echo "✅ Demo应用: 正常"
+              else
+                echo "❌ Demo应用: 异常"
+                exit 1
+              fi
+
+              echo ""
+              echo "=== 所有服务健康检查通过 ==="
+          restartPolicy: OnFailure
+EOF
+
+# 立即运行一次测试
+kubectl create job --from=cronjob/health-check health-check-manual -n demo-app || true
+
+echo "✅ 自动化测试部署完成"
+echo "   测试频率: 每5分钟"
+echo "   查看测试日志: kubectl logs -n demo-app -l job-name=health-check-manual"
+echo ""
+
+# ============================================
+# 最终状态检查
+# ============================================
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "🎉 部署完成！最终状态"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+
+echo "📊 集群资源:"
+kubectl get nodes -o wide
+echo ""
+
+echo "📦 所有Pod:"
+kubectl get pods --all-namespaces | grep -E "NAMESPACE|Running|Completed"
+echo ""
+
+echo "🌐 所有Ingress:"
+kubectl get ingress --all-namespaces
+echo ""
+
+echo "🔐 访问信息:"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+echo "Gitea:"
+echo "  HTTP:  http://git.jpd.net3w.com"
+echo "  HTTPS: https://git.jpd.net3w.com"
+echo "  用户名: gitea_admin"
+echo "  密码: GitAdmin@2026"
+echo ""
+echo "ArgoCD:"
+echo "  HTTP:  http://argocd.jpd.net3w.com"
+echo "  HTTPS: https://argocd.jpd.net3w.com"
+echo "  NodePort: http://149.13.91.216:$ARGOCD_PORT"
+echo "  用户名: admin"
+echo "  密码: $ARGOCD_PASSWORD"
+echo ""
+echo "测试应用:"
+echo "  HTTP:  http://demo.jpd.net3w.com"
+echo "  HTTPS: https://demo.jpd.net3w.com"
+echo ""
+echo "💡 提示:"
+echo "  - HTTPS证书需要1-2分钟签发"
+echo "  - 自动化测试每5分钟运行一次"
+echo "  - 查看测试日志: kubectl logs -n demo-app -l job-name=health-check-manual"
+echo ""
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"