sunpeng
/
devops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first commit

This commit is contained in:
孙小云 2025-09-06 14:18:42 +08:00
commit 39a4fc0244
15 changed files with 533 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
cert/initcert.sh Normal file
View File

@ -0,0 +1,25 @@
#!/bin/bash
# 安装证书脚本
# 在 master 节点上执行
set -e
echo "开始安装TLS证书..."
# 1. 删除已存在的Secret如果存在
echo "删除已存在的tls Secret..."
kubectl -n default delete secret tls --ignore-not-found=true
# 2. 创建新的TLS Secret
echo "创建新的TLS Secret..."
kubectl -n default create secret tls tls \
--cert=./t-aaron.com.pem \
--key=./t-aaron.com.key
# 3. 验证Secret创建成功
echo "验证Secret创建状态..."
kubectl -n default get secret tls
echo "TLS证书安装完成"
echo "现在可以应用Ingress配置了"

27
cert/t-aaron.com.key Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAn/kzqKKtXSgOCUT8Wqhh6CRnEYdzZVzly9WxNZX8aW7+h0O1
+5gS1kkbeKDBT4WikuYev/l71uI8FmulPc7WMhxEkuyT9PhwVKaKCYulxbxsQAFJ
i4KfSlqxt3k70S+ioNiras3xF2wgH5OJRbQRP2QKunFTMkHVAObNYA5vOfxZ/pM4
xB9u+ykHRFf2Hw6XHfqUAnF/YDDFpYw6JCJuoGuDbEDSmFmG2BfiWOaJRhL4QVEw
2ThEeszc+yIpdk9SrhcoKG2bQn9xqN2c99qUqooH/Vpbc2E0RCQ8qCaWz5SRpfam
5uRFbPOKriABna4+eWlO/NtNgQDdj/vntgMsbwIDAQABAoIBAENkf2/GgJRjIG6l
Qk6K6xwZ4dXPozyLgz942bvCYOCl4tJnIw5HxX/CsrEBwA5ZNOD/0up7FsGy8y9a
z/UW4sOfhwACbF5iHyh6NGLLEt4Xf98C69G7CJIRXRb3Gs0IbVGnladb9PoyEeJb
jBPyROXYpnBe93aPp0VG9jRGQHNDglzK69Q+9TX/vP3NVdswe286VnM58k2noAZJ
X0I1kJCLvmpMrwF9DaLqk214t4WgM0pdpWqapSIGVztxCgKlD2RDTsQRIlpTl2qg
/QEAUEj0UeYkmmuR+TYRAYe94Ug8KiN0F5+Z7cmmRuaqrwgocg1XFDc4ktBMrFOd
smSvKSECgYEA2H2qf/GZX5g9jmoPGX3RDKXGGPcVSWfO2JgKBLtNDR4lE5E9yIEB
1LSrPIvzRfJ7ZWsv0yv+uf86/sjxKYAFve0R5i917navEOaP4sCWmXOuwFvdrMdd
rSGkm82B+JjhNMTzuZ6I5Xeg9SPeWEhKMickb1rFdeP2VKTrUiB87fECgYEAvSsS
iNFimTOagZBMLzt0bWdI/BnP5ZnvZaPuGxR3VWqu9uEAOiErsovws3xyS0nNlfJb
Hba4FT8N2vPoFlbSMwoBguv6VQ6YCEfBszAC+sRILO5zurJQuNyoQ3JmTGS70NLl
lEfCJVVMywhfmGm62pPG4pj2mnkKmmv1l6q04F8CgYBNuWhCQRIogPbwr2E2bLZm
DQo/Ik5RKWTY3FUUd85k/EKhcM62sqJepHKp7TDtFu54bfAgp7XvPxQGL0xt8tmc
44U+mCGF+LRHpA9agHxRIXhG9XRzuKwIIYEAstqLzw9jq6Y5KRLLF5UBDdyg42tH
8EejdvpXpf1lTER0GtffcQKBgHEd0X543qHHxstVEwlnXw6QpYcClFuyegHoTdhp
m5Y7Lha4ot8fuLaSkcNyVhIJNuNEQhH5kgg6ZTmZgh3hmt4kTJUSMOYtzOGerwhM
XGvBdXtQt2lbeYOhhwiV3vAtiFWt1tSdOE4EvN/nyOolxzMvDM2xND1YxetjRT+F
N5W3AoGAaBLja3F2NEf+RQIIOnZVMLVLNEb1l/51uihZJ6rO5Xmx8mg7l5fBqTGR
a2uJwbiKn6gcTwVOBIIb5YoRRGm97WIux31pPO9lZlWLCsuF+ehil8VwgGZQu7OW
vWvju6BuONdXM8DYwTr5G6YmTy7KaU41cEKb8lQ5aKZlxskRwbU=
-----END RSA PRIVATE KEY-----

90
cert/t-aaron.com.pem Normal file
View File

@ -0,0 +1,90 @@
-----BEGIN CERTIFICATE-----
MIIGKDCCBRCgAwIBAgIQA4Z/CrbEBXmXQXqnPXgfkjANBgkqhkiG9w0BAQsFADBg
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZSYXBpZFNTTCBUTFMgUlNBIENBIEcx
MB4XDTI1MDUyMjAwMDAwMFoXDTI2MDYwOTIzNTk1OVowGDEWMBQGA1UEAwwNKi50
LWFhcm9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ/5M6ii
rV0oDglE/FqoYegkZxGHc2Vc5cvVsTWV/Glu/odDtfuYEtZJG3igwU+FopLmHr/5
e9biPBZrpT3O1jIcRJLsk/T4cFSmigmLpcW8bEABSYuCn0pasbd5O9EvoqDYq2rN
8RdsIB+TiUW0ET9kCrpxUzJB1QDmzWAObzn8Wf6TOMQfbvspB0RX9h8Olx36lAJx
f2AwxaWMOiQibqBrg2xA0phZhtgX4ljmiUYS+EFRMNk4RHrM3PsiKXZPUq4XKCht
m0J/cajdnPfalKqKB/1aW3NhNEQkPKgmls+UkaX2pubkRWzziq4gAZ2uPnlpTvzb
TYEA3Y/757YDLG8CAwEAAaOCAyQwggMgMB8GA1UdIwQYMBaAFAzbbIJJD0pnCrgU
7nrESFKI61Y4MB0GA1UdDgQWBBQcCKK4l1jBB/gqnNv4hAXHDSg/YzAlBgNVHREE
HjAcgg0qLnQtYWFyb24uY29tggt0LWFhcm9uLmNvbTA+BgNVHSAENzA1MDMGBmeB
DAECATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMw
DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA/
BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY2RwLnJhcGlkc3NsLmNvbS9SYXBpZFNT
TFRMU1JTQUNBRzEuY3JsMHYGCCsGAQUFBwEBBGowaDAmBggrBgEFBQcwAYYaaHR0
cDovL3N0YXR1cy5yYXBpZHNzbC5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYWNl
cnRzLnJhcGlkc3NsLmNvbS9SYXBpZFNTTFRMU1JTQUNBRzEuY3J0MAwGA1UdEwEB
/wQCMAAwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AA5XlLzzrqk+MxssmQez
95Dfm8I9cTIl3SGpJaxhxU4hAAABlvWk1hEAAAQDAEcwRQIhAPzdvoIHeu1MOFP8
6taIxlJeojiDyEvBxBFjZPPH328tAiAS2lv7g73KQKPaZhoY6M0MW3jFOcIaCWsa
6x6W2ppyNAB3AGQRxGykEuyniRyiAi4AvKtPKAfUHjUnq+r+1QPJfc3wAAABlvWk
1k8AAAQDAEgwRgIhAMFcqLu/MxVDNMugkrroC5Cewb6cbcskywr9BmqXCfYCAiEA
m8RVD9wQgSGy1gldoWgaRTNaRgQTrWAS9cplONqlxb4AdgBJnJtp3h187Pw23s2H
ZKa4W68Kh4AZ0VVS++nrKd34wwAAAZb1pNZ5AAAEAwBHMEUCIQDyOBpQLNrsysDU
/VyP94V8w+uEtpYaTGpnjBBSPX8NXwIgWrbSHU/Om/ewkmZRqDAMjOcfUtPBkVAM
4xTx1QB5JXQwDQYJKoZIhvcNAQELBQADggEBADo3Ce/zi9i9zGwqnO4KI9CNZ/jO
mQ3zNv/InUrBhCmzytfNO9lizmsSH+FaylOOwEvKyg8qVlNK1xJfogFI4EUZi4hX
Ss0Us46ZTIWN2t9vl2/SjEkiXnrSnlPhDNxqk/N7GRmvbX1DBYdNjGlHwXePC1O5
QecCu5E4tihB1iDj0vaAZsMqktbhQcX7gjZSvbjDC0s9T0+rr6HqoNCnbAJJXK+R
7v5dbFW2vwLTomwRTaNRtWTks17pb44QnYIOBKt5ZyPEDKy0G23Ktdgt1vu9AdaC
k95/5Bl6hkG9gAr41Z/DYnG1VY3e0dTIi+4tMSwliev4hbhuATNYZPOwv30=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEszCCA5ugAwIBAgIQCyWUIs7ZgSoVoE6ZUooO+jANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0xNzExMDIxMjI0MzNaFw0yNzExMDIxMjI0MzNaMGAxCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xHzAdBgNVBAMTFlJhcGlkU1NMIFRMUyBSU0EgQ0EgRzEwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC/uVklRBI1FuJdUEkFCuDL/I3aJQiaZ6aibRHj
ap/ap9zy1aYNrphe7YcaNwMoPsZvXDR+hNJOo9gbgOYVTPq8gXc84I75YKOHiVA4
NrJJQZ6p2sJQyqx60HkEIjzIN+1LQLfXTlpuznToOa1hyTD0yyitFyOYwURM+/CI
8FNFMpBhw22hpeAQkOOLmsqT5QZJYeik7qlvn8gfD+XdDnk3kkuuu0eG+vuyrSGr
5uX5LRhFWlv1zFQDch/EKmd163m6z/ycx/qLa9zyvILc7cQpb+k7TLra9WE17YPS
n9ANjG+ECo9PDW3N9lwhKQCNvw1gGoguyCQu7HE7BnW8eSSFAgMBAAGjggFmMIIB
YjAdBgNVHQ4EFgQUDNtsgkkPSmcKuBTuesRIUojrVjgwHwYDVR0jBBgwFoAUTiJU
IBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEIGA1Ud
HwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds
b2JhbFJvb3RHMi5jcmwwYwYDVR0gBFwwWjA3BglghkgBhv1sAQEwKjAoBggrBgEF
BQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw
CAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQsFAAOCAQEAGUSlOb4K3Wtm
SlbmE50UYBHXM0SKXPqHMzk6XQUpCheF/4qU8aOhajsyRQFDV1ih/uPIg7YHRtFi
CTq4G+zb43X1T77nJgSOI9pq/TqCwtukZ7u9VLL3JAq3Wdy2moKLvvC8tVmRzkAe
0xQCkRKIjbBG80MSyDX/R4uYgj6ZiNT/Zg6GI6RofgqgpDdssLc0XIRQEotxIZcK
zP3pGJ9FCbMHmMLLyuBd+uCWvVcF2ogYAawufChS/PT61D9rqzPRS5I2uqa3tmIT
44JhJgWhBnFMb7AGQkvNq9KNS9dd3GWc17H/dXa1enoxzWjE0hBdFjxPhUb0W3wi
8o34/m8Fxw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEfjCCA2agAwIBAgIQD+Ayq4RNAzEGxQyOE8iwaDANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0yNDAxMTgwMDAwMDBaFw0zMTExMDkyMzU5NTlaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo4IBMDCC
ASwwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUTiJUIBiV5uNu5g/6+rkS7QYX
jzkwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDgYDVR0PAQH/BAQD
AgGGMHQGCCsGAQUFBwEBBGgwZjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZGln
aWNlcnQuY24wPwYIKwYBBQUHMAKGM2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNu
L0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNydDBABgNVHR8EOTA3MDWgM6Axhi9odHRw
Oi8vY3JsLmRpZ2ljZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDARBgNV
HSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAHRBl3jN7+XHBUK0dZnu
hMdoNwD1nCROU3BTIh1TNzRI0bQ0m5+C/dCRzzlqoSAFHUlOi+OiDltWkXTzmQn6
Z8bH5PFBy5sYpc/8cNPoSzhyqcpvvEZvv/Ivc0Up+dzma7vBDJC9WrMRUUlSFSQp
kdXSmphDNkXJsgARmxzc18IN6LYMRiOWlY7RE2F900pPW60BvJHHNCX0bbSRj/Ql
bmVq8wuftBD++D+RS8K++ujpMjFBROyWfBX+woQDGsMazkmgulQdnZrdj476elOL
axRvrSgEorju1kJM7M65z2RUZrfzQYW/1rs8mRUXin6iEtad/Rv1ZI1WGYmWPyBm
pbo=
-----END CERTIFICATE-----

85
drone/README.md Normal file
View File

@ -0,0 +1,85 @@
# Drone Kubernetes 部署配置
本目录包含在Kubernetes集群中部署Drone CI/CD的配置文件。
## 文件说明
### 1. drone-server-deployment.yaml
Drone Server的主要部署配置
- **nodeSelector**: 确保Drone Server只在主节点control-plane上运行
- **image**: 使用官方Drone镜像 `drone/drone:2`
- **ports**: 80端口用于Web界面
- **volumes**: `/opt/drone/data` 数据存储目录(主机路径)
- **env**: 配置Gitea集成、RPC通信等环境变量
### 2. drone-server-service.yaml
Drone Server服务配置
- **type**: ClusterIP集群内部访问
- **ports**: 暴露80端口
- **selector**: 匹配app=drone-server的pod
### 3. drone-runner-deployment.yaml
Drone Runner部署配置
- **image**: 使用 `drone/drone-runner-kube:latest`
- **env**: 配置与Drone Server的RPC通信
- **volumes**: 挂载ConfigMap配置
### 5. drone-ingress.yaml
Drone外部访问配置
- **host**: drone-ops.t-aaron.com外部访问域名
- **annotations**: 配置Traefik入口点和TLS
- **tls**: 使用tls Secret启用HTTPS
### 6. install-drone.sh
一键安装脚本:
- 按顺序应用所有yaml文件
- 等待部署完成
- 显示访问信息
## 部署步骤
1. 确保k3s集群正常运行
openssl rand -hex 16
生产: d3c911a6c227e59f4f86f33db6943dc4
2. 确保Gitea已部署并运行
3. 在Gitea中创建OAuth应用
- 应用名称: Drone
- 重定向URI: https://drone-ops.t-aaron.com/login
4. 更新yaml文件中的OAuth配置
替换 drone-server-deployment.yaml 脚本里面的下面内容
- name: DRONE_GITEA_CLIENT_ID
value: "87ef56d3-c8ef-40d3-9dd5-d9214fdac09f"
- name: DRONE_GITEA_CLIENT_SECRET
value: "tHe6Cq3dNpelsCA2NRTaGB3EueIFRkyLxh9USwBbxe4A"
- name: DRONE_RPC_SECRET
value: "your-rpc-secret"
替换 drone-runner-devployment 中如下内容
- name: DRONE_RPC_SECRET
value: "d3c911a6c227e59f4f86f33db6943dc4"
5. 运行安装脚本:
```bash
./install-drone.sh
```
6. 访问 https://drone-ops.t-aaron.com 进行Drone初始化
tuoheng@qq.com
tuoheng
tuoheng
## 注意事项
- Drone数据存储在主机 `/opt/drone/` 目录
- 确保主节点有足够的存储空间
- 需要先在Gitea中配置OAuth应用
- 所有服务都运行在 `default` 命名空间
- 使用相同的TLS证书确保HTTPS访问

24
drone/drone-ingress.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: drone-ingress
namespace: default
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
tls:
- hosts:
- drone-ops.t-aaron.com
secretName: tls
rules:
- host: drone-ops.t-aaron.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: drone-server-service
port:
number: 80

33
drone/drone-runner-deployment.yaml Normal file
View File

@ -0,0 +1,33 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-runner
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: drone-runner
template:
metadata:
labels:
app: drone-runner
spec:
nodeSelector:
node-role.kubernetes.io/control-plane: "true"
containers:
- name: drone-runner
image: registry.t-aaron.com/drone/drone-runner-kube:latest
env:
- name: DRONE_RPC_PROTO
value: "http"
- name: DRONE_RPC_HOST
value: "drone-server-service:80"
- name: DRONE_RPC_SECRET
value: "d3c911a6c227e59f4f86f33db6943dc4"
- name: DRONE_DEBUG
value: "true"
- name: DRONE_TRACE
value: "true"
- name: DRONE_NAMESPACE
value: "default"

47
drone/drone-server-deployment.yaml Normal file
View File

@ -0,0 +1,47 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-server
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: drone-server
template:
metadata:
labels:
app: drone-server
spec:
nodeSelector:
node-role.kubernetes.io/control-plane: "true"
containers:
- name: drone-server
image: registry.t-aaron.com/drone/drone:2
ports:
- containerPort: 80
env:
- name: DRONE_GITEA_SERVER
value: "https://git-ops.t-aaron.com"
- name: DRONE_GITEA_CLIENT_ID
value: "87ef56d3-c8ef-40d3-9dd5-d9214fdac09f"
- name: DRONE_GITEA_CLIENT_SECRET
value: "tHe6Cq3dNpelsCA2NRTaGB3EueIFRkyLxh9USwBbxe4A"
- name: DRONE_RPC_SECRET
value: "d3c911a6c227e59f4f86f33db6943dc4"
- name: DRONE_SERVER_HOST
value: "drone-ops.t-aaron.com"
- name: DRONE_SERVER_PROTO
value: "https"
- name: DRONE_DEBUG
value: "true"
- name: DRONE_TRACE
value: "true"
volumeMounts:
- name: drone-data
mountPath: /data
volumes:
- name: drone-data
hostPath:
path: /opt/drone/data
type: DirectoryOrCreate

13
drone/drone-server-service.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: drone-server-service
namespace: default
spec:
selector:
app: drone-server
ports:
- name: http
port: 80
targetPort: 80
type: ClusterIP

17
drone/install-drone.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
echo "开始安装 Drone..."
# 应用所有yaml文件
kubectl apply -f drone-server-deployment.yaml
kubectl apply -f drone-server-service.yaml
kubectl apply -f drone-runner-deployment.yaml
kubectl apply -f drone-ingress.yaml
echo "等待 Drone 启动..."
kubectl wait --for=condition=available --timeout=300s deployment/drone-server
kubectl wait --for=condition=available --timeout=300s deployment/drone-runner
echo "Drone 安装完成!"
echo "访问地址: https://drone-ops.t-aaron.com"
echo "查看状态: kubectl get pods -l app=drone-server"
echo "注意: 需要在Gitea中配置OAuth应用才能正常使用"

71
gitea/README.md Normal file
View File

@ -0,0 +1,71 @@
# Gitea Kubernetes 部署配置
本目录包含在Kubernetes集群中部署Gitea的配置文件。
## 文件说明
### 1. gitea-deployment.yaml
Gitea应用的主要部署配置
- **nodeSelector**: 确保Gitea只在主节点control-plane上运行
- **image**: 使用官方Gitea镜像 `gitea/gitea:latest`
- **ports**:
- 3000: HTTP Web界面端口
- 22: SSH Git操作端口
- **volumes**:
- `/opt/gitea/data`: 数据存储目录(主机路径)
- `/opt/gitea/config`: 配置文件目录(主机路径)
- **env**: 设置用户UID和GID为1000
### 2. gitea-service.yaml
Gitea服务配置
- **type**: ClusterIP集群内部访问
- **ports**: 暴露3000和22端口
- **selector**: 匹配app=gitea的pod
### 3. gitea-ingress.yaml
Gitea外部访问配置
- **host**: git-ops.t-aaron.com外部访问域名
- **annotations**: 配置Traefik入口点
- **path**: 根路径(/转发到Gitea服务
### 4. install-gitea.sh
一键安装脚本:
- 按顺序应用所有yaml文件
- 等待部署完成
- 显示访问信息
## 部署步骤
1. 确保k3s集群正常运行
2. 运行安装脚本:
```bash
./install-gitea.sh
```
3. 访问 http://git-ops.t-aaron.com 进行Gitea初始化
## 注意事项
- Gitea数据存储在主机 `/opt/gitea/` 目录
- 确保主节点有足够的存储空间
- 首次访问需要完成Gitea初始化配置
Gitea 安装配置
配置:git-ops.t-aaron.com
配置:https://git-ops.t-aaron.com/
注册用户:
tuoheng
tuoheng@qq.com
tuoheng2023
设置安全配置:管理 OAuth2 应用程序
https://drone-ops.t-aaron.com/login
客户端:87ef56d3-c8ef-40d3-9dd5-d9214fdac09f
密钥:tHe6Cq3dNpelsCA2NRTaGB3EueIFRkyLxh9USwBbxe4A
参考:https://readme.drone.io/server/provider/gitea/

42
gitea/gitea-deployment.yaml Normal file
View File

@ -0,0 +1,42 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: gitea
template:
metadata:
labels:
app: gitea
spec:
nodeSelector:
node-role.kubernetes.io/control-plane: "true"
containers:
- name: gitea
image: registry.t-aaron.com/gitea/gitea:latest
ports:
- containerPort: 3000
- containerPort: 22
env:
- name: USER_UID
value: "1000"
- name: USER_GID
value: "1000"
volumeMounts:
- name: gitea-data
mountPath: /data
- name: gitea-config
mountPath: /etc/gitea
volumes:
- name: gitea-data
hostPath:
path: /opt/gitea/data
type: DirectoryOrCreate
- name: gitea-config
hostPath:
path: /opt/gitea/config
type: DirectoryOrCreate

24
gitea/gitea-ingress.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gitea-ingress
namespace: default
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
tls:
- hosts:
- git-ops.t-aaron.com
secretName: tls
rules:
- host: git-ops.t-aaron.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: gitea-service
port:
number: 3000

16
gitea/gitea-service.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: gitea-service
namespace: default
spec:
selector:
app: gitea
ports:
- name: http
port: 3000
targetPort: 3000
- name: ssh
port: 22
targetPort: 22
type: ClusterIP

14
gitea/install-gitea.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/bash
echo "开始安装 Gitea..."
# 应用所有yaml文件
kubectl apply -f gitea-deployment.yaml
kubectl apply -f gitea-service.yaml
kubectl apply -f gitea-ingress.yaml
echo "等待 Gitea 启动..."
kubectl wait --for=condition=available --timeout=300s deployment/gitea
echo "Gitea 安装完成!"
echo "访问地址: http://git-ops.t-aaron.com"
echo "查看状态: kubectl get pods -l app=gitea"

5
readme.md Normal file
View File

@ -0,0 +1,5 @@
1. 你只可以读newinstall文件夹下的内容,也仅仅可以在这个文件夹下做操作
2: 服务器IP:47.117.247.14 SSH端口: 2222 用户:th 密码:ta51-k8sTHjs^
3: 你每一步工作都需要我确认后再执行,每次修改我本地文件的时候,都需要得到我的确认后再修改,修改完也需要我的二次确认;
4: 不要一次告诉我太多东西,包括命令,都需要一步步执行;