From 39a4fc024483dc7b9829885bb8898cb74a1e0502 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=AD=99=E5=B0=8F=E4=BA=91?= Date: Sat, 6 Sep 2025 14:18:42 +0800 Subject: [PATCH] first commit --- cert/initcert.sh | 25 +++++++++ cert/t-aaron.com.key | 27 +++++++++ cert/t-aaron.com.pem | 90 ++++++++++++++++++++++++++++++ drone/README.md | 85 ++++++++++++++++++++++++++++ drone/drone-ingress.yaml | 24 ++++++++ drone/drone-runner-deployment.yaml | 33 +++++++++++ drone/drone-server-deployment.yaml | 47 ++++++++++++++++ drone/drone-server-service.yaml | 13 +++++ drone/install-drone.sh | 17 ++++++ gitea/README.md | 71 +++++++++++++++++++++++ gitea/gitea-deployment.yaml | 42 ++++++++++++++ gitea/gitea-ingress.yaml | 24 ++++++++ gitea/gitea-service.yaml | 16 ++++++ gitea/install-gitea.sh | 14 +++++ readme.md | 5 ++ 15 files changed, 533 insertions(+) create mode 100644 cert/initcert.sh create mode 100644 cert/t-aaron.com.key create mode 100644 cert/t-aaron.com.pem create mode 100644 drone/README.md create mode 100644 drone/drone-ingress.yaml create mode 100644 drone/drone-runner-deployment.yaml create mode 100644 drone/drone-server-deployment.yaml create mode 100644 drone/drone-server-service.yaml create mode 100755 drone/install-drone.sh create mode 100644 gitea/README.md create mode 100644 gitea/gitea-deployment.yaml create mode 100644 gitea/gitea-ingress.yaml create mode 100644 gitea/gitea-service.yaml create mode 100755 gitea/install-gitea.sh create mode 100644 readme.md diff --git a/cert/initcert.sh b/cert/initcert.sh new file mode 100644 index 0000000..89790bd --- /dev/null +++ b/cert/initcert.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# 安装证书脚本 +# 在 master 节点上执行 + +set -e + +echo "开始安装TLS证书..." + +# 1. 删除已存在的Secret(如果存在) +echo "删除已存在的tls Secret..." +kubectl -n default delete secret tls --ignore-not-found=true + +# 2. 创建新的TLS Secret +echo "创建新的TLS Secret..." +kubectl -n default create secret tls tls \ + --cert=./t-aaron.com.pem \ + --key=./t-aaron.com.key + +# 3. 验证Secret创建成功 +echo "验证Secret创建状态..." +kubectl -n default get secret tls + +echo "TLS证书安装完成!" +echo "现在可以应用Ingress配置了" diff --git a/cert/t-aaron.com.key b/cert/t-aaron.com.key new file mode 100644 index 0000000..9c84987 --- /dev/null +++ b/cert/t-aaron.com.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAn/kzqKKtXSgOCUT8Wqhh6CRnEYdzZVzly9WxNZX8aW7+h0O1 ++5gS1kkbeKDBT4WikuYev/l71uI8FmulPc7WMhxEkuyT9PhwVKaKCYulxbxsQAFJ +i4KfSlqxt3k70S+ioNiras3xF2wgH5OJRbQRP2QKunFTMkHVAObNYA5vOfxZ/pM4 +xB9u+ykHRFf2Hw6XHfqUAnF/YDDFpYw6JCJuoGuDbEDSmFmG2BfiWOaJRhL4QVEw +2ThEeszc+yIpdk9SrhcoKG2bQn9xqN2c99qUqooH/Vpbc2E0RCQ8qCaWz5SRpfam +5uRFbPOKriABna4+eWlO/NtNgQDdj/vntgMsbwIDAQABAoIBAENkf2/GgJRjIG6l +Qk6K6xwZ4dXPozyLgz942bvCYOCl4tJnIw5HxX/CsrEBwA5ZNOD/0up7FsGy8y9a +z/UW4sOfhwACbF5iHyh6NGLLEt4Xf98C69G7CJIRXRb3Gs0IbVGnladb9PoyEeJb +jBPyROXYpnBe93aPp0VG9jRGQHNDglzK69Q+9TX/vP3NVdswe286VnM58k2noAZJ +X0I1kJCLvmpMrwF9DaLqk214t4WgM0pdpWqapSIGVztxCgKlD2RDTsQRIlpTl2qg +/QEAUEj0UeYkmmuR+TYRAYe94Ug8KiN0F5+Z7cmmRuaqrwgocg1XFDc4ktBMrFOd +smSvKSECgYEA2H2qf/GZX5g9jmoPGX3RDKXGGPcVSWfO2JgKBLtNDR4lE5E9yIEB +1LSrPIvzRfJ7ZWsv0yv+uf86/sjxKYAFve0R5i917navEOaP4sCWmXOuwFvdrMdd +rSGkm82B+JjhNMTzuZ6I5Xeg9SPeWEhKMickb1rFdeP2VKTrUiB87fECgYEAvSsS +iNFimTOagZBMLzt0bWdI/BnP5ZnvZaPuGxR3VWqu9uEAOiErsovws3xyS0nNlfJb +Hba4FT8N2vPoFlbSMwoBguv6VQ6YCEfBszAC+sRILO5zurJQuNyoQ3JmTGS70NLl +lEfCJVVMywhfmGm62pPG4pj2mnkKmmv1l6q04F8CgYBNuWhCQRIogPbwr2E2bLZm +DQo/Ik5RKWTY3FUUd85k/EKhcM62sqJepHKp7TDtFu54bfAgp7XvPxQGL0xt8tmc +44U+mCGF+LRHpA9agHxRIXhG9XRzuKwIIYEAstqLzw9jq6Y5KRLLF5UBDdyg42tH +8EejdvpXpf1lTER0GtffcQKBgHEd0X543qHHxstVEwlnXw6QpYcClFuyegHoTdhp +m5Y7Lha4ot8fuLaSkcNyVhIJNuNEQhH5kgg6ZTmZgh3hmt4kTJUSMOYtzOGerwhM +XGvBdXtQt2lbeYOhhwiV3vAtiFWt1tSdOE4EvN/nyOolxzMvDM2xND1YxetjRT+F +N5W3AoGAaBLja3F2NEf+RQIIOnZVMLVLNEb1l/51uihZJ6rO5Xmx8mg7l5fBqTGR +a2uJwbiKn6gcTwVOBIIb5YoRRGm97WIux31pPO9lZlWLCsuF+ehil8VwgGZQu7OW +vWvju6BuONdXM8DYwTr5G6YmTy7KaU41cEKb8lQ5aKZlxskRwbU= +-----END RSA PRIVATE KEY----- diff --git a/cert/t-aaron.com.pem b/cert/t-aaron.com.pem new file mode 100644 index 0000000..67fce0f --- /dev/null +++ b/cert/t-aaron.com.pem @@ -0,0 +1,90 @@ +-----BEGIN CERTIFICATE----- +MIIGKDCCBRCgAwIBAgIQA4Z/CrbEBXmXQXqnPXgfkjANBgkqhkiG9w0BAQsFADBg +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZSYXBpZFNTTCBUTFMgUlNBIENBIEcx +MB4XDTI1MDUyMjAwMDAwMFoXDTI2MDYwOTIzNTk1OVowGDEWMBQGA1UEAwwNKi50 +LWFhcm9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ/5M6ii +rV0oDglE/FqoYegkZxGHc2Vc5cvVsTWV/Glu/odDtfuYEtZJG3igwU+FopLmHr/5 +e9biPBZrpT3O1jIcRJLsk/T4cFSmigmLpcW8bEABSYuCn0pasbd5O9EvoqDYq2rN +8RdsIB+TiUW0ET9kCrpxUzJB1QDmzWAObzn8Wf6TOMQfbvspB0RX9h8Olx36lAJx +f2AwxaWMOiQibqBrg2xA0phZhtgX4ljmiUYS+EFRMNk4RHrM3PsiKXZPUq4XKCht +m0J/cajdnPfalKqKB/1aW3NhNEQkPKgmls+UkaX2pubkRWzziq4gAZ2uPnlpTvzb +TYEA3Y/757YDLG8CAwEAAaOCAyQwggMgMB8GA1UdIwQYMBaAFAzbbIJJD0pnCrgU +7nrESFKI61Y4MB0GA1UdDgQWBBQcCKK4l1jBB/gqnNv4hAXHDSg/YzAlBgNVHREE +HjAcgg0qLnQtYWFyb24uY29tggt0LWFhcm9uLmNvbTA+BgNVHSAENzA1MDMGBmeB +DAECATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMw +DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA/ +BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY2RwLnJhcGlkc3NsLmNvbS9SYXBpZFNT +TFRMU1JTQUNBRzEuY3JsMHYGCCsGAQUFBwEBBGowaDAmBggrBgEFBQcwAYYaaHR0 +cDovL3N0YXR1cy5yYXBpZHNzbC5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYWNl +cnRzLnJhcGlkc3NsLmNvbS9SYXBpZFNTTFRMU1JTQUNBRzEuY3J0MAwGA1UdEwEB +/wQCMAAwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AA5XlLzzrqk+MxssmQez +95Dfm8I9cTIl3SGpJaxhxU4hAAABlvWk1hEAAAQDAEcwRQIhAPzdvoIHeu1MOFP8 +6taIxlJeojiDyEvBxBFjZPPH328tAiAS2lv7g73KQKPaZhoY6M0MW3jFOcIaCWsa +6x6W2ppyNAB3AGQRxGykEuyniRyiAi4AvKtPKAfUHjUnq+r+1QPJfc3wAAABlvWk +1k8AAAQDAEgwRgIhAMFcqLu/MxVDNMugkrroC5Cewb6cbcskywr9BmqXCfYCAiEA +m8RVD9wQgSGy1gldoWgaRTNaRgQTrWAS9cplONqlxb4AdgBJnJtp3h187Pw23s2H +ZKa4W68Kh4AZ0VVS++nrKd34wwAAAZb1pNZ5AAAEAwBHMEUCIQDyOBpQLNrsysDU +/VyP94V8w+uEtpYaTGpnjBBSPX8NXwIgWrbSHU/Om/ewkmZRqDAMjOcfUtPBkVAM +4xTx1QB5JXQwDQYJKoZIhvcNAQELBQADggEBADo3Ce/zi9i9zGwqnO4KI9CNZ/jO +mQ3zNv/InUrBhCmzytfNO9lizmsSH+FaylOOwEvKyg8qVlNK1xJfogFI4EUZi4hX +Ss0Us46ZTIWN2t9vl2/SjEkiXnrSnlPhDNxqk/N7GRmvbX1DBYdNjGlHwXePC1O5 +QecCu5E4tihB1iDj0vaAZsMqktbhQcX7gjZSvbjDC0s9T0+rr6HqoNCnbAJJXK+R +7v5dbFW2vwLTomwRTaNRtWTks17pb44QnYIOBKt5ZyPEDKy0G23Ktdgt1vu9AdaC +k95/5Bl6hkG9gAr41Z/DYnG1VY3e0dTIi+4tMSwliev4hbhuATNYZPOwv30= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEszCCA5ugAwIBAgIQCyWUIs7ZgSoVoE6ZUooO+jANBgkqhkiG9w0BAQsFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH +MjAeFw0xNzExMDIxMjI0MzNaFw0yNzExMDIxMjI0MzNaMGAxCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xHzAdBgNVBAMTFlJhcGlkU1NMIFRMUyBSU0EgQ0EgRzEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC/uVklRBI1FuJdUEkFCuDL/I3aJQiaZ6aibRHj +ap/ap9zy1aYNrphe7YcaNwMoPsZvXDR+hNJOo9gbgOYVTPq8gXc84I75YKOHiVA4 +NrJJQZ6p2sJQyqx60HkEIjzIN+1LQLfXTlpuznToOa1hyTD0yyitFyOYwURM+/CI +8FNFMpBhw22hpeAQkOOLmsqT5QZJYeik7qlvn8gfD+XdDnk3kkuuu0eG+vuyrSGr +5uX5LRhFWlv1zFQDch/EKmd163m6z/ycx/qLa9zyvILc7cQpb+k7TLra9WE17YPS +n9ANjG+ECo9PDW3N9lwhKQCNvw1gGoguyCQu7HE7BnW8eSSFAgMBAAGjggFmMIIB +YjAdBgNVHQ4EFgQUDNtsgkkPSmcKuBTuesRIUojrVjgwHwYDVR0jBBgwFoAUTiJU +IBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG +AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMDQGCCsGAQUFBwEB +BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEIGA1Ud +HwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds +b2JhbFJvb3RHMi5jcmwwYwYDVR0gBFwwWjA3BglghkgBhv1sAQEwKjAoBggrBgEF +BQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw +CAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQsFAAOCAQEAGUSlOb4K3Wtm +SlbmE50UYBHXM0SKXPqHMzk6XQUpCheF/4qU8aOhajsyRQFDV1ih/uPIg7YHRtFi +CTq4G+zb43X1T77nJgSOI9pq/TqCwtukZ7u9VLL3JAq3Wdy2moKLvvC8tVmRzkAe +0xQCkRKIjbBG80MSyDX/R4uYgj6ZiNT/Zg6GI6RofgqgpDdssLc0XIRQEotxIZcK +zP3pGJ9FCbMHmMLLyuBd+uCWvVcF2ogYAawufChS/PT61D9rqzPRS5I2uqa3tmIT +44JhJgWhBnFMb7AGQkvNq9KNS9dd3GWc17H/dXa1enoxzWjE0hBdFjxPhUb0W3wi +8o34/m8Fxw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEfjCCA2agAwIBAgIQD+Ayq4RNAzEGxQyOE8iwaDANBgkqhkiG9w0BAQsFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD +QTAeFw0yNDAxMTgwMDAwMDBaFw0zMTExMDkyMzU5NTlaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI +2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx +1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ +q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz +tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ +vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo4IBMDCC +ASwwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUTiJUIBiV5uNu5g/6+rkS7QYX +jzkwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDgYDVR0PAQH/BAQD +AgGGMHQGCCsGAQUFBwEBBGgwZjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZGln +aWNlcnQuY24wPwYIKwYBBQUHMAKGM2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNu +L0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNydDBABgNVHR8EOTA3MDWgM6Axhi9odHRw +Oi8vY3JsLmRpZ2ljZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDARBgNV +HSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAHRBl3jN7+XHBUK0dZnu +hMdoNwD1nCROU3BTIh1TNzRI0bQ0m5+C/dCRzzlqoSAFHUlOi+OiDltWkXTzmQn6 +Z8bH5PFBy5sYpc/8cNPoSzhyqcpvvEZvv/Ivc0Up+dzma7vBDJC9WrMRUUlSFSQp +kdXSmphDNkXJsgARmxzc18IN6LYMRiOWlY7RE2F900pPW60BvJHHNCX0bbSRj/Ql +bmVq8wuftBD++D+RS8K++ujpMjFBROyWfBX+woQDGsMazkmgulQdnZrdj476elOL +axRvrSgEorju1kJM7M65z2RUZrfzQYW/1rs8mRUXin6iEtad/Rv1ZI1WGYmWPyBm +pbo= +-----END CERTIFICATE----- diff --git a/drone/README.md b/drone/README.md new file mode 100644 index 0000000..429c8ff --- /dev/null +++ b/drone/README.md @@ -0,0 +1,85 @@ +# Drone Kubernetes 部署配置 + +本目录包含在Kubernetes集群中部署Drone CI/CD的配置文件。 + + + + +## 文件说明 + +### 1. drone-server-deployment.yaml +Drone Server的主要部署配置: + +- **nodeSelector**: 确保Drone Server只在主节点(control-plane)上运行 +- **image**: 使用官方Drone镜像 `drone/drone:2` +- **ports**: 80端口用于Web界面 +- **volumes**: `/opt/drone/data` 数据存储目录(主机路径) +- **env**: 配置Gitea集成、RPC通信等环境变量 + +### 2. drone-server-service.yaml +Drone Server服务配置: + +- **type**: ClusterIP(集群内部访问) +- **ports**: 暴露80端口 +- **selector**: 匹配app=drone-server的pod + +### 3. drone-runner-deployment.yaml +Drone Runner部署配置: + +- **image**: 使用 `drone/drone-runner-kube:latest` +- **env**: 配置与Drone Server的RPC通信 +- **volumes**: 挂载ConfigMap配置 + + + +### 5. drone-ingress.yaml +Drone外部访问配置: + +- **host**: drone-ops.t-aaron.com(外部访问域名) +- **annotations**: 配置Traefik入口点和TLS +- **tls**: 使用tls Secret启用HTTPS + +### 6. install-drone.sh +一键安装脚本: + +- 按顺序应用所有yaml文件 +- 等待部署完成 +- 显示访问信息 + +## 部署步骤 + + +1. 确保k3s集群正常运行 + openssl rand -hex 16 + 生产: d3c911a6c227e59f4f86f33db6943dc4 +2. 确保Gitea已部署并运行 +3. 在Gitea中创建OAuth应用: + - 应用名称: Drone + - 重定向URI: https://drone-ops.t-aaron.com/login +4. 更新yaml文件中的OAuth配置: + 替换 drone-server-deployment.yaml 脚本里面的下面内容 + - name: DRONE_GITEA_CLIENT_ID + value: "87ef56d3-c8ef-40d3-9dd5-d9214fdac09f" + - name: DRONE_GITEA_CLIENT_SECRET + value: "tHe6Cq3dNpelsCA2NRTaGB3EueIFRkyLxh9USwBbxe4A" + - name: DRONE_RPC_SECRET + value: "your-rpc-secret" + 替换 drone-runner-devployment 中如下内容 + - name: DRONE_RPC_SECRET + value: "d3c911a6c227e59f4f86f33db6943dc4" +5. 运行安装脚本: + ```bash + ./install-drone.sh + ``` +6. 访问 https://drone-ops.t-aaron.com 进行Drone初始化 + tuoheng@qq.com + tuoheng + tuoheng + +## 注意事项 + +- Drone数据存储在主机 `/opt/drone/` 目录 +- 确保主节点有足够的存储空间 +- 需要先在Gitea中配置OAuth应用 +- 所有服务都运行在 `default` 命名空间 +- 使用相同的TLS证书确保HTTPS访问 diff --git a/drone/drone-ingress.yaml b/drone/drone-ingress.yaml new file mode 100644 index 0000000..374f2e2 --- /dev/null +++ b/drone/drone-ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: drone-ingress + namespace: default + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + traefik.ingress.kubernetes.io/router.tls: "true" +spec: + tls: + - hosts: + - drone-ops.t-aaron.com + secretName: tls + rules: + - host: drone-ops.t-aaron.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: drone-server-service + port: + number: 80 diff --git a/drone/drone-runner-deployment.yaml b/drone/drone-runner-deployment.yaml new file mode 100644 index 0000000..2c863b1 --- /dev/null +++ b/drone/drone-runner-deployment.yaml @@ -0,0 +1,33 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: drone-runner + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: drone-runner + template: + metadata: + labels: + app: drone-runner + spec: + nodeSelector: + node-role.kubernetes.io/control-plane: "true" + containers: + - name: drone-runner + image: registry.t-aaron.com/drone/drone-runner-kube:latest + env: + - name: DRONE_RPC_PROTO + value: "http" + - name: DRONE_RPC_HOST + value: "drone-server-service:80" + - name: DRONE_RPC_SECRET + value: "d3c911a6c227e59f4f86f33db6943dc4" + - name: DRONE_DEBUG + value: "true" + - name: DRONE_TRACE + value: "true" + - name: DRONE_NAMESPACE + value: "default" diff --git a/drone/drone-server-deployment.yaml b/drone/drone-server-deployment.yaml new file mode 100644 index 0000000..65954f3 --- /dev/null +++ b/drone/drone-server-deployment.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: drone-server + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: drone-server + template: + metadata: + labels: + app: drone-server + spec: + nodeSelector: + node-role.kubernetes.io/control-plane: "true" + containers: + - name: drone-server + image: registry.t-aaron.com/drone/drone:2 + ports: + - containerPort: 80 + env: + - name: DRONE_GITEA_SERVER + value: "https://git-ops.t-aaron.com" + - name: DRONE_GITEA_CLIENT_ID + value: "87ef56d3-c8ef-40d3-9dd5-d9214fdac09f" + - name: DRONE_GITEA_CLIENT_SECRET + value: "tHe6Cq3dNpelsCA2NRTaGB3EueIFRkyLxh9USwBbxe4A" + - name: DRONE_RPC_SECRET + value: "d3c911a6c227e59f4f86f33db6943dc4" + - name: DRONE_SERVER_HOST + value: "drone-ops.t-aaron.com" + - name: DRONE_SERVER_PROTO + value: "https" + - name: DRONE_DEBUG + value: "true" + - name: DRONE_TRACE + value: "true" + volumeMounts: + - name: drone-data + mountPath: /data + volumes: + - name: drone-data + hostPath: + path: /opt/drone/data + type: DirectoryOrCreate diff --git a/drone/drone-server-service.yaml b/drone/drone-server-service.yaml new file mode 100644 index 0000000..ddf94d3 --- /dev/null +++ b/drone/drone-server-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: drone-server-service + namespace: default +spec: + selector: + app: drone-server + ports: + - name: http + port: 80 + targetPort: 80 + type: ClusterIP diff --git a/drone/install-drone.sh b/drone/install-drone.sh new file mode 100755 index 0000000..d3b7352 --- /dev/null +++ b/drone/install-drone.sh @@ -0,0 +1,17 @@ +#!/bin/bash +echo "开始安装 Drone..." + +# 应用所有yaml文件 +kubectl apply -f drone-server-deployment.yaml +kubectl apply -f drone-server-service.yaml +kubectl apply -f drone-runner-deployment.yaml +kubectl apply -f drone-ingress.yaml + +echo "等待 Drone 启动..." +kubectl wait --for=condition=available --timeout=300s deployment/drone-server +kubectl wait --for=condition=available --timeout=300s deployment/drone-runner + +echo "Drone 安装完成!" +echo "访问地址: https://drone-ops.t-aaron.com" +echo "查看状态: kubectl get pods -l app=drone-server" +echo "注意: 需要在Gitea中配置OAuth应用才能正常使用" diff --git a/gitea/README.md b/gitea/README.md new file mode 100644 index 0000000..97e54c3 --- /dev/null +++ b/gitea/README.md @@ -0,0 +1,71 @@ +# Gitea Kubernetes 部署配置 + +本目录包含在Kubernetes集群中部署Gitea的配置文件。 + +## 文件说明 + +### 1. gitea-deployment.yaml +Gitea应用的主要部署配置: + +- **nodeSelector**: 确保Gitea只在主节点(control-plane)上运行 +- **image**: 使用官方Gitea镜像 `gitea/gitea:latest` +- **ports**: + - 3000: HTTP Web界面端口 + - 22: SSH Git操作端口 +- **volumes**: + - `/opt/gitea/data`: 数据存储目录(主机路径) + - `/opt/gitea/config`: 配置文件目录(主机路径) +- **env**: 设置用户UID和GID为1000 + +### 2. gitea-service.yaml +Gitea服务配置: + +- **type**: ClusterIP(集群内部访问) +- **ports**: 暴露3000和22端口 +- **selector**: 匹配app=gitea的pod + +### 3. gitea-ingress.yaml +Gitea外部访问配置: + +- **host**: git-ops.t-aaron.com(外部访问域名) +- **annotations**: 配置Traefik入口点 +- **path**: 根路径(/)转发到Gitea服务 + +### 4. install-gitea.sh +一键安装脚本: + +- 按顺序应用所有yaml文件 +- 等待部署完成 +- 显示访问信息 + +## 部署步骤 + +1. 确保k3s集群正常运行 +2. 运行安装脚本: + ```bash + ./install-gitea.sh + ``` +3. 访问 http://git-ops.t-aaron.com 进行Gitea初始化 + +## 注意事项 + +- Gitea数据存储在主机 `/opt/gitea/` 目录 +- 确保主节点有足够的存储空间 +- 首次访问需要完成Gitea初始化配置 + + +Gitea 安装配置 +配置:git-ops.t-aaron.com +配置:https://git-ops.t-aaron.com/ + +注册用户: +tuoheng +tuoheng@qq.com +tuoheng2023 + +设置安全配置:管理 OAuth2 应用程序 +https://drone-ops.t-aaron.com/login +客户端:87ef56d3-c8ef-40d3-9dd5-d9214fdac09f +密钥:tHe6Cq3dNpelsCA2NRTaGB3EueIFRkyLxh9USwBbxe4A + +参考:https://readme.drone.io/server/provider/gitea/ \ No newline at end of file diff --git a/gitea/gitea-deployment.yaml b/gitea/gitea-deployment.yaml new file mode 100644 index 0000000..5b839ee --- /dev/null +++ b/gitea/gitea-deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitea + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: gitea + template: + metadata: + labels: + app: gitea + spec: + nodeSelector: + node-role.kubernetes.io/control-plane: "true" + containers: + - name: gitea + image: registry.t-aaron.com/gitea/gitea:latest + ports: + - containerPort: 3000 + - containerPort: 22 + env: + - name: USER_UID + value: "1000" + - name: USER_GID + value: "1000" + volumeMounts: + - name: gitea-data + mountPath: /data + - name: gitea-config + mountPath: /etc/gitea + volumes: + - name: gitea-data + hostPath: + path: /opt/gitea/data + type: DirectoryOrCreate + - name: gitea-config + hostPath: + path: /opt/gitea/config + type: DirectoryOrCreate diff --git a/gitea/gitea-ingress.yaml b/gitea/gitea-ingress.yaml new file mode 100644 index 0000000..56b87c6 --- /dev/null +++ b/gitea/gitea-ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: gitea-ingress + namespace: default + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + traefik.ingress.kubernetes.io/router.tls: "true" +spec: + tls: + - hosts: + - git-ops.t-aaron.com + secretName: tls + rules: + - host: git-ops.t-aaron.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: gitea-service + port: + number: 3000 diff --git a/gitea/gitea-service.yaml b/gitea/gitea-service.yaml new file mode 100644 index 0000000..0641316 --- /dev/null +++ b/gitea/gitea-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: gitea-service + namespace: default +spec: + selector: + app: gitea + ports: + - name: http + port: 3000 + targetPort: 3000 + - name: ssh + port: 22 + targetPort: 22 + type: ClusterIP diff --git a/gitea/install-gitea.sh b/gitea/install-gitea.sh new file mode 100755 index 0000000..87ac994 --- /dev/null +++ b/gitea/install-gitea.sh @@ -0,0 +1,14 @@ +#!/bin/bash +echo "开始安装 Gitea..." + +# 应用所有yaml文件 +kubectl apply -f gitea-deployment.yaml +kubectl apply -f gitea-service.yaml +kubectl apply -f gitea-ingress.yaml + +echo "等待 Gitea 启动..." +kubectl wait --for=condition=available --timeout=300s deployment/gitea + +echo "Gitea 安装完成!" +echo "访问地址: http://git-ops.t-aaron.com" +echo "查看状态: kubectl get pods -l app=gitea" diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..f781b46 --- /dev/null +++ b/readme.md @@ -0,0 +1,5 @@ +1. 你只可以读newinstall文件夹下的内容,也仅仅可以在这个文件夹下做操作 +2: 服务器IP:47.117.247.14 SSH端口: 2222 用户:th 密码:ta51-k8sTHjs^ +3: 你每一步工作都需要我确认后再执行,每次修改我本地文件的时候,都需要得到我的确认后再修改,修改完也需要我的二次确认; +4: 不要一次告诉我太多东西,包括命令,都需要一步步执行; + \ No newline at end of file