fix: 将 k3s-ansible 作为普通目录添加

2026-02-04 23:43:40 +08:00
commit 7f6c8b9b92
40 changed files with 10909 additions and 0 deletions
--- a/scripts/deploy-all-on-master.sh
+++ b/scripts/deploy-all-on-master.sh
@@ -0,0 +1,243 @@
+#!/bin/bash
+# JPD集群完整部署脚本 - 在Master节点上运行
+# 使用方法: bash deploy-all-on-master.sh
+
+set -e
+
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "🚀 JPD集群GitOps自动化部署"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+
+# 检查是否在master节点上
+if ! command -v kubectl &> /dev/null; then
+    echo "❌ kubectl未找到，请确保在K3s master节点上运行此脚本"
+    exit 1
+fi
+
+# 配置kubectl
+echo "📝 配置kubectl..."
+export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
+sudo chmod 644 /etc/rancher/k3s/k3s.yaml
+
+# 验证集群
+echo "🔍 验证集群状态..."
+kubectl get nodes -o wide
+echo ""
+
+# 检查Helm
+if ! command -v helm &> /dev/null; then
+    echo "📦 安装Helm..."
+    curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+    echo "✅ Helm安装完成"
+else
+    echo "✅ Helm已安装"
+fi
+
+echo ""
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "📦 步骤 1/4: 部署Gitea"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+
+# 添加Gitea Helm仓库
+echo "📝 添加Gitea Helm仓库..."
+helm repo add gitea-charts https://dl.gitea.com/charts/
+helm repo update
+
+# 创建gitea命名空间
+echo "📝 创建gitea命名空间..."
+kubectl create namespace gitea --dry-run=client -o yaml | kubectl apply -f -
+
+# 部署Gitea
+echo "🚀 部署Gitea..."
+helm upgrade --install gitea gitea-charts/gitea \
+  --namespace gitea \
+  --set gitea.admin.username=gitea_admin \
+  --set gitea.admin.password=GitAdmin@2026 \
+  --set gitea.admin.email=admin@jpd.net3w.com \
+  --set service.http.type=NodePort \
+  --set service.http.nodePort=30080 \
+  --set postgresql-ha.enabled=true \
+  --set redis-cluster.enabled=true \
+  --wait --timeout=10m
+
+echo "✅ Gitea部署完成"
+echo ""
+
+# 等待Gitea就绪
+echo "⏳ 等待Gitea Pod就绪..."
+kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=gitea -n gitea --timeout=300s
+
+# 获取Gitea访问信息
+GITEA_PORT=$(kubectl get svc gitea-http -n gitea -o jsonpath='{.spec.ports[0].nodePort}')
+NODE_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="InternalIP")].address}')
+echo "✅ Gitea访问地址: http://$NODE_IP:$GITEA_PORT"
+echo "   域名访问: http://git.jpd.net3w.com"
+echo ""
+
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "📦 步骤 2/4: 部署ArgoCD"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+
+# 创建argocd命名空间
+echo "📝 创建argocd命名空间..."
+kubectl create namespace argocd --dry-run=client -o yaml | kubectl apply -f -
+
+# 部署ArgoCD
+echo "🚀 部署ArgoCD..."
+kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
+
+# 等待ArgoCD就绪
+echo "⏳ 等待ArgoCD Pod就绪..."
+kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=argocd-server -n argocd --timeout=300s
+
+# 修改ArgoCD服务为NodePort
+echo "📝 配置ArgoCD NodePort..."
+kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "NodePort"}}'
+
+# 获取ArgoCD访问信息
+ARGOCD_PORT=$(kubectl get svc argocd-server -n argocd -o jsonpath='{.spec.ports[0].nodePort}')
+ARGOCD_PASSWORD=$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d)
+
+echo "✅ ArgoCD部署完成"
+echo "   访问地址: https://$NODE_IP:$ARGOCD_PORT"
+echo "   域名访问: https://argocd.jpd.net3w.com"
+echo "   用户名: admin"
+echo "   密码: $ARGOCD_PASSWORD"
+echo ""
+
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "📦 步骤 3/4: 部署cert-manager"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+
+# 部署cert-manager
+echo "🚀 部署cert-manager..."
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml
+
+# 等待cert-manager就绪
+echo "⏳ 等待cert-manager Pod就绪..."
+kubectl wait --for=condition=ready pod -l app=cert-manager -n cert-manager --timeout=300s
+kubectl wait --for=condition=r app=webhook -n cert-manager --timeout=300s
+
+# 创建Let's Encrypt ClusterIssuer
+echo "📝 配置Let's Encrypt..."
+cat <<EOF | kubectl apply -f -
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: admin@jpd.net3w.com
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+    - http01:
+        ingress:
+          class: traefik
+EOF
+
+echo "✅ cert-manager部署完成"
+echo ""
+
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "📦 步骤 4/4: 配置Ingress"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+
+# 创建Gitea Ingress
+echo "📝 创建Gitea Ingress..."
+cat <<EOF | kubectl apply -f -
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: gitea
+  namespace: gitea
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - git.jpd.net3w.com
+    secretName: gitea-tls
+  rules:
+  - host: git.jpd.net3w.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: gitea-http
+            port:
+              number: 3000
+EOF
+
+# 创建ArgoCD Ingress
+echo "📝 创建ArgoCD I"
+cat <<EOF | kubectl apply -f -
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd-server
+  namespace: argocd
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - argocd.jpd.net3w.com
+    secretName: argocd-server-tls
+  rules:
+  - host: argocd.jpd.net3w.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: argocd-server
+            port:
+              number: 443
+EOF
+
+echo "✅ Ingress配置完成"
+echo ""
+
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "🎉 部署完成！"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+echo "📊 部署摘要:"
+echo "   ✅ Gitea: http://git.jpd.net3w.com"
+echo "   ✅ ArgoCD: https://argocd.jpd.net3w.com"
+echo "   ✅ cert-manager: 已配置Let's Encrypt"
+echo ""
+echo "🔑 访问凭证:"
+echo "   Gitea:"
+echo "     - 用户名: gitea_admin"
+echo "     - 密码: GitAdmin@2026"
+echo ""
+echo "   ArgoCD:"
+echo "     - 用户名: admin"
+echo "     - 密码: $ARGOCD_PASSWORD"
+echo ""
+echo "📝 验证命令:"
+echo "   kubectl get pods --all-namespaces"
+echo "   kubectl get ingress --all-namespaces"
+echo "   kubectl get certificate --all-namespaces"
+echo ""
+echo "💡 提示:"
+echo "   - 确保DNS已配置: *.jpd.net3w.com -> 149.13.91.216"
+echo "   - 首次HTTPS访问需等待1-2分钟证书签发"
+echo "   - 可以通过NodePort直接访问服务"
+echo ""
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"