first commit

2025-09-06 14:18:42 +08:00 · 2025-09-06 14:18:42 +08:00 · 39a4fc0244
commit 39a4fc0244
15 changed files with 533 additions and 0 deletions
--- a/cert/initcert.sh
+++ b/cert/initcert.sh
@ -0,0 +1,25 @@
 #!/bin/bash
 # 安装证书脚本
 # 在 master 节点上执行
 set -e
 echo "开始安装TLS证书..."
 # 1. 删除已存在的Secret（如果存在）
 echo "删除已存在的tls Secret..."
 kubectl -n default delete secret tls --ignore-not-found=true
 # 2. 创建新的TLS Secret
 echo "创建新的TLS Secret..."
 kubectl -n default create secret tls tls \
  --cert=./t-aaron.com.pem \
  --key=./t-aaron.com.key
 # 3. 验证Secret创建成功
 echo "验证Secret创建状态..."
 kubectl -n default get secret tls
 echo "TLS证书安装完成！"
 echo "现在可以应用Ingress配置了"
--- a/cert/t-aaron.com.key
+++ b/cert/t-aaron.com.key
@ -0,0 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIEogIBAAKCAQEAn/kzqKKtXSgOCUT8Wqhh6CRnEYdzZVzly9WxNZX8aW7+h0O1
 +5gS1kkbeKDBT4WikuYev/l71uI8FmulPc7WMhxEkuyT9PhwVKaKCYulxbxsQAFJ
 i4KfSlqxt3k70S+ioNiras3xF2wgH5OJRbQRP2QKunFTMkHVAObNYA5vOfxZ/pM4
 xB9u+ykHRFf2Hw6XHfqUAnF/YDDFpYw6JCJuoGuDbEDSmFmG2BfiWOaJRhL4QVEw
 2ThEeszc+yIpdk9SrhcoKG2bQn9xqN2c99qUqooH/Vpbc2E0RCQ8qCaWz5SRpfam
 5uRFbPOKriABna4+eWlO/NtNgQDdj/vntgMsbwIDAQABAoIBAENkf2/GgJRjIG6l
 Qk6K6xwZ4dXPozyLgz942bvCYOCl4tJnIw5HxX/CsrEBwA5ZNOD/0up7FsGy8y9a
 z/UW4sOfhwACbF5iHyh6NGLLEt4Xf98C69G7CJIRXRb3Gs0IbVGnladb9PoyEeJb
 jBPyROXYpnBe93aPp0VG9jRGQHNDglzK69Q+9TX/vP3NVdswe286VnM58k2noAZJ
 X0I1kJCLvmpMrwF9DaLqk214t4WgM0pdpWqapSIGVztxCgKlD2RDTsQRIlpTl2qg
 /QEAUEj0UeYkmmuR+TYRAYe94Ug8KiN0F5+Z7cmmRuaqrwgocg1XFDc4ktBMrFOd
 smSvKSECgYEA2H2qf/GZX5g9jmoPGX3RDKXGGPcVSWfO2JgKBLtNDR4lE5E9yIEB
 1LSrPIvzRfJ7ZWsv0yv+uf86/sjxKYAFve0R5i917navEOaP4sCWmXOuwFvdrMdd
 rSGkm82B+JjhNMTzuZ6I5Xeg9SPeWEhKMickb1rFdeP2VKTrUiB87fECgYEAvSsS
 iNFimTOagZBMLzt0bWdI/BnP5ZnvZaPuGxR3VWqu9uEAOiErsovws3xyS0nNlfJb
 Hba4FT8N2vPoFlbSMwoBguv6VQ6YCEfBszAC+sRILO5zurJQuNyoQ3JmTGS70NLl
 lEfCJVVMywhfmGm62pPG4pj2mnkKmmv1l6q04F8CgYBNuWhCQRIogPbwr2E2bLZm
 DQo/Ik5RKWTY3FUUd85k/EKhcM62sqJepHKp7TDtFu54bfAgp7XvPxQGL0xt8tmc
 44U+mCGF+LRHpA9agHxRIXhG9XRzuKwIIYEAstqLzw9jq6Y5KRLLF5UBDdyg42tH
 8EejdvpXpf1lTER0GtffcQKBgHEd0X543qHHxstVEwlnXw6QpYcClFuyegHoTdhp
 m5Y7Lha4ot8fuLaSkcNyVhIJNuNEQhH5kgg6ZTmZgh3hmt4kTJUSMOYtzOGerwhM
 XGvBdXtQt2lbeYOhhwiV3vAtiFWt1tSdOE4EvN/nyOolxzMvDM2xND1YxetjRT+F
 N5W3AoGAaBLja3F2NEf+RQIIOnZVMLVLNEb1l/51uihZJ6rO5Xmx8mg7l5fBqTGR
 a2uJwbiKn6gcTwVOBIIb5YoRRGm97WIux31pPO9lZlWLCsuF+ehil8VwgGZQu7OW
 vWvju6BuONdXM8DYwTr5G6YmTy7KaU41cEKb8lQ5aKZlxskRwbU=
 -----END RSA PRIVATE KEY-----
--- a/cert/t-aaron.com.pem
+++ b/cert/t-aaron.com.pem
@ -0,0 +1,90 @@
 -----BEGIN CERTIFICATE-----
 MIIGKDCCBRCgAwIBAgIQA4Z/CrbEBXmXQXqnPXgfkjANBgkqhkiG9w0BAQsFADBg
 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
 d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZSYXBpZFNTTCBUTFMgUlNBIENBIEcx
 MB4XDTI1MDUyMjAwMDAwMFoXDTI2MDYwOTIzNTk1OVowGDEWMBQGA1UEAwwNKi50
 LWFhcm9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ/5M6ii
 rV0oDglE/FqoYegkZxGHc2Vc5cvVsTWV/Glu/odDtfuYEtZJG3igwU+FopLmHr/5
 e9biPBZrpT3O1jIcRJLsk/T4cFSmigmLpcW8bEABSYuCn0pasbd5O9EvoqDYq2rN
 8RdsIB+TiUW0ET9kCrpxUzJB1QDmzWAObzn8Wf6TOMQfbvspB0RX9h8Olx36lAJx
 f2AwxaWMOiQibqBrg2xA0phZhtgX4ljmiUYS+EFRMNk4RHrM3PsiKXZPUq4XKCht
 m0J/cajdnPfalKqKB/1aW3NhNEQkPKgmls+UkaX2pubkRWzziq4gAZ2uPnlpTvzb
 TYEA3Y/757YDLG8CAwEAAaOCAyQwggMgMB8GA1UdIwQYMBaAFAzbbIJJD0pnCrgU
 7nrESFKI61Y4MB0GA1UdDgQWBBQcCKK4l1jBB/gqnNv4hAXHDSg/YzAlBgNVHREE
 HjAcgg0qLnQtYWFyb24uY29tggt0LWFhcm9uLmNvbTA+BgNVHSAENzA1MDMGBmeB
 DAECATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMw
 DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA/
 BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY2RwLnJhcGlkc3NsLmNvbS9SYXBpZFNT
 TFRMU1JTQUNBRzEuY3JsMHYGCCsGAQUFBwEBBGowaDAmBggrBgEFBQcwAYYaaHR0
 cDovL3N0YXR1cy5yYXBpZHNzbC5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYWNl
 cnRzLnJhcGlkc3NsLmNvbS9SYXBpZFNTTFRMU1JTQUNBRzEuY3J0MAwGA1UdEwEB
 /wQCMAAwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AA5XlLzzrqk+MxssmQez
 95Dfm8I9cTIl3SGpJaxhxU4hAAABlvWk1hEAAAQDAEcwRQIhAPzdvoIHeu1MOFP8
 6taIxlJeojiDyEvBxBFjZPPH328tAiAS2lv7g73KQKPaZhoY6M0MW3jFOcIaCWsa
 6x6W2ppyNAB3AGQRxGykEuyniRyiAi4AvKtPKAfUHjUnq+r+1QPJfc3wAAABlvWk
 1k8AAAQDAEgwRgIhAMFcqLu/MxVDNMugkrroC5Cewb6cbcskywr9BmqXCfYCAiEA
 m8RVD9wQgSGy1gldoWgaRTNaRgQTrWAS9cplONqlxb4AdgBJnJtp3h187Pw23s2H
 ZKa4W68Kh4AZ0VVS++nrKd34wwAAAZb1pNZ5AAAEAwBHMEUCIQDyOBpQLNrsysDU
 /VyP94V8w+uEtpYaTGpnjBBSPX8NXwIgWrbSHU/Om/ewkmZRqDAMjOcfUtPBkVAM
 4xTx1QB5JXQwDQYJKoZIhvcNAQELBQADggEBADo3Ce/zi9i9zGwqnO4KI9CNZ/jO
 mQ3zNv/InUrBhCmzytfNO9lizmsSH+FaylOOwEvKyg8qVlNK1xJfogFI4EUZi4hX
 Ss0Us46ZTIWN2t9vl2/SjEkiXnrSnlPhDNxqk/N7GRmvbX1DBYdNjGlHwXePC1O5
 QecCu5E4tihB1iDj0vaAZsMqktbhQcX7gjZSvbjDC0s9T0+rr6HqoNCnbAJJXK+R
 7v5dbFW2vwLTomwRTaNRtWTks17pb44QnYIOBKt5ZyPEDKy0G23Ktdgt1vu9AdaC
 k95/5Bl6hkG9gAr41Z/DYnG1VY3e0dTIi+4tMSwliev4hbhuATNYZPOwv30=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIEszCCA5ugAwIBAgIQCyWUIs7ZgSoVoE6ZUooO+jANBgkqhkiG9w0BAQsFADBh
 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
 MjAeFw0xNzExMDIxMjI0MzNaFw0yNzExMDIxMjI0MzNaMGAxCzAJBgNVBAYTAlVT
 MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
 b20xHzAdBgNVBAMTFlJhcGlkU1NMIFRMUyBSU0EgQ0EgRzEwggEiMA0GCSqGSIb3
 DQEBAQUAA4IBDwAwggEKAoIBAQC/uVklRBI1FuJdUEkFCuDL/I3aJQiaZ6aibRHj
 ap/ap9zy1aYNrphe7YcaNwMoPsZvXDR+hNJOo9gbgOYVTPq8gXc84I75YKOHiVA4
 NrJJQZ6p2sJQyqx60HkEIjzIN+1LQLfXTlpuznToOa1hyTD0yyitFyOYwURM+/CI
 8FNFMpBhw22hpeAQkOOLmsqT5QZJYeik7qlvn8gfD+XdDnk3kkuuu0eG+vuyrSGr
 5uX5LRhFWlv1zFQDch/EKmd163m6z/ycx/qLa9zyvILc7cQpb+k7TLra9WE17YPS
 n9ANjG+ECo9PDW3N9lwhKQCNvw1gGoguyCQu7HE7BnW8eSSFAgMBAAGjggFmMIIB
 YjAdBgNVHQ4EFgQUDNtsgkkPSmcKuBTuesRIUojrVjgwHwYDVR0jBBgwFoAUTiJU
 IBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG
 AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMDQGCCsGAQUFBwEB
 BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEIGA1Ud
 HwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds
 b2JhbFJvb3RHMi5jcmwwYwYDVR0gBFwwWjA3BglghkgBhv1sAQEwKjAoBggrBgEF
 BQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw
 CAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQsFAAOCAQEAGUSlOb4K3Wtm
 SlbmE50UYBHXM0SKXPqHMzk6XQUpCheF/4qU8aOhajsyRQFDV1ih/uPIg7YHRtFi
 CTq4G+zb43X1T77nJgSOI9pq/TqCwtukZ7u9VLL3JAq3Wdy2moKLvvC8tVmRzkAe
 0xQCkRKIjbBG80MSyDX/R4uYgj6ZiNT/Zg6GI6RofgqgpDdssLc0XIRQEotxIZcK
 zP3pGJ9FCbMHmMLLyuBd+uCWvVcF2ogYAawufChS/PT61D9rqzPRS5I2uqa3tmIT
 44JhJgWhBnFMb7AGQkvNq9KNS9dd3GWc17H/dXa1enoxzWjE0hBdFjxPhUb0W3wi
 8o34/m8Fxw==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIEfjCCA2agAwIBAgIQD+Ayq4RNAzEGxQyOE8iwaDANBgkqhkiG9w0BAQsFADBh
 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
 QTAeFw0yNDAxMTgwMDAwMDBaFw0zMTExMDkyMzU5NTlaMGExCzAJBgNVBAYTAlVT
 MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
 b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
 2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
 1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
 q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
 tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
 vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo4IBMDCC
 ASwwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUTiJUIBiV5uNu5g/6+rkS7QYX
 jzkwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDgYDVR0PAQH/BAQD
 AgGGMHQGCCsGAQUFBwEBBGgwZjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZGln
 aWNlcnQuY24wPwYIKwYBBQUHMAKGM2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNu
 L0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNydDBABgNVHR8EOTA3MDWgM6Axhi9odHRw
 Oi8vY3JsLmRpZ2ljZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDARBgNV
 HSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQELBQADggEBAHRBl3jN7+XHBUK0dZnu
 hMdoNwD1nCROU3BTIh1TNzRI0bQ0m5+C/dCRzzlqoSAFHUlOi+OiDltWkXTzmQn6
 Z8bH5PFBy5sYpc/8cNPoSzhyqcpvvEZvv/Ivc0Up+dzma7vBDJC9WrMRUUlSFSQp
 kdXSmphDNkXJsgARmxzc18IN6LYMRiOWlY7RE2F900pPW60BvJHHNCX0bbSRj/Ql
 bmVq8wuftBD++D+RS8K++ujpMjFBROyWfBX+woQDGsMazkmgulQdnZrdj476elOL
 axRvrSgEorju1kJM7M65z2RUZrfzQYW/1rs8mRUXin6iEtad/Rv1ZI1WGYmWPyBm
 pbo=
 -----END CERTIFICATE-----
--- a/drone/README.md
+++ b/drone/README.md
@ -0,0 +1,85 @@
 # Drone Kubernetes 部署配置
 本目录包含在Kubernetes集群中部署Drone CI/CD的配置文件。
 ## 文件说明
 ### 1. drone-server-deployment.yaml
 Drone Server的主要部署配置：
 - **nodeSelector**: 确保Drone Server只在主节点（control-plane）上运行
 - **image**: 使用官方Drone镜像 `drone/drone:2`
 - **ports**: 80端口用于Web界面
 - **volumes**: `/opt/drone/data` 数据存储目录（主机路径）
 - **env**: 配置Gitea集成、RPC通信等环境变量
 ### 2. drone-server-service.yaml
 Drone Server服务配置：
 - **type**: ClusterIP（集群内部访问）
 - **ports**: 暴露80端口
 - **selector**: 匹配app=drone-server的pod
 ### 3. drone-runner-deployment.yaml
 Drone Runner部署配置：
 - **image**: 使用 `drone/drone-runner-kube:latest`
 - **env**: 配置与Drone Server的RPC通信
 - **volumes**: 挂载ConfigMap配置
 ### 5. drone-ingress.yaml
 Drone外部访问配置：
 - **host**: drone-ops.t-aaron.com（外部访问域名）
 - **annotations**: 配置Traefik入口点和TLS
 - **tls**: 使用tls Secret启用HTTPS
 ### 6. install-drone.sh
 一键安装脚本：
 - 按顺序应用所有yaml文件
 - 等待部署完成
 - 显示访问信息
 ## 部署步骤
 1. 确保k3s集群正常运行
   openssl rand -hex 16
   生产: d3c911a6c227e59f4f86f33db6943dc4
 2. 确保Gitea已部署并运行
 3. 在Gitea中创建OAuth应用：
   - 应用名称: Drone
   - 重定向URI: https://drone-ops.t-aaron.com/login
 4. 更新yaml文件中的OAuth配置：
   替换 drone-server-deployment.yaml 脚本里面的下面内容
   - name: DRONE_GITEA_CLIENT_ID
         value: "87ef56d3-c8ef-40d3-9dd5-d9214fdac09f"
   - name: DRONE_GITEA_CLIENT_SECRET
      value: "tHe6Cq3dNpelsCA2NRTaGB3EueIFRkyLxh9USwBbxe4A"
   - name: DRONE_RPC_SECRET
      value: "your-rpc-secret"
   替换 drone-runner-devployment 中如下内容
   - name: DRONE_RPC_SECRET
      value: "d3c911a6c227e59f4f86f33db6943dc4"
 5. 运行安装脚本：
   ```bash
   ./install-drone.sh
   ```
 6. 访问 https://drone-ops.t-aaron.com 进行Drone初始化
   tuoheng@qq.com
   tuoheng
   tuoheng
 ## 注意事项
 - Drone数据存储在主机 `/opt/drone/` 目录
 - 确保主节点有足够的存储空间
 - 需要先在Gitea中配置OAuth应用
 - 所有服务都运行在 `default` 命名空间
 - 使用相同的TLS证书确保HTTPS访问
--- a/drone/drone-ingress.yaml
+++ b/drone/drone-ingress.yaml
@ -0,0 +1,24 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: drone-ingress
  namespace: default
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
  tls:
  - hosts:
    - drone-ops.t-aaron.com
    secretName: tls
  rules:
  - host: drone-ops.t-aaron.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: drone-server-service
            port:
              number: 80
--- a/drone/drone-runner-deployment.yaml
+++ b/drone/drone-runner-deployment.yaml
@ -0,0 +1,33 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: drone-runner
  namespace: default
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: drone-runner
  template:
    metadata:
      labels:
        app: drone-runner
    spec:
      nodeSelector:
        node-role.kubernetes.io/control-plane: "true"
      containers:
      - name: drone-runner
        image: registry.t-aaron.com/drone/drone-runner-kube:latest
        env:
        - name: DRONE_RPC_PROTO
          value: "http"
        - name: DRONE_RPC_HOST
          value: "drone-server-service:80"
        - name: DRONE_RPC_SECRET
          value: "d3c911a6c227e59f4f86f33db6943dc4"
        - name: DRONE_DEBUG
          value: "true"
        - name: DRONE_TRACE
          value: "true"
        - name: DRONE_NAMESPACE
          value: "default"
--- a/drone/drone-server-deployment.yaml
+++ b/drone/drone-server-deployment.yaml
@ -0,0 +1,47 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: drone-server
  namespace: default
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: drone-server
  template:
    metadata:
      labels:
        app: drone-server
    spec:
      nodeSelector:
        node-role.kubernetes.io/control-plane: "true"
      containers:
      - name: drone-server
        image: registry.t-aaron.com/drone/drone:2
        ports:
        - containerPort: 80
        env:
        - name: DRONE_GITEA_SERVER
          value: "https://git-ops.t-aaron.com"
        - name: DRONE_GITEA_CLIENT_ID
          value: "87ef56d3-c8ef-40d3-9dd5-d9214fdac09f"
        - name: DRONE_GITEA_CLIENT_SECRET
          value: "tHe6Cq3dNpelsCA2NRTaGB3EueIFRkyLxh9USwBbxe4A"
        - name: DRONE_RPC_SECRET
          value: "d3c911a6c227e59f4f86f33db6943dc4"
        - name: DRONE_SERVER_HOST
          value: "drone-ops.t-aaron.com"
        - name: DRONE_SERVER_PROTO
          value: "https"
        - name: DRONE_DEBUG
          value: "true"
        - name: DRONE_TRACE
          value: "true"
        volumeMounts:
        - name: drone-data
          mountPath: /data
      volumes:
      - name: drone-data
        hostPath:
          path: /opt/drone/data
          type: DirectoryOrCreate
--- a/drone/drone-server-service.yaml
+++ b/drone/drone-server-service.yaml
@ -0,0 +1,13 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: drone-server-service
  namespace: default
 spec:
  selector:
    app: drone-server
  ports:
  - name: http
    port: 80
    targetPort: 80
  type: ClusterIP
--- a/drone/install-drone.sh
+++ b/drone/install-drone.sh
@ -0,0 +1,17 @@
 #!/bin/bash
 echo "开始安装 Drone..."
 # 应用所有yaml文件
 kubectl apply -f drone-server-deployment.yaml
 kubectl apply -f drone-server-service.yaml
 kubectl apply -f drone-runner-deployment.yaml
 kubectl apply -f drone-ingress.yaml
 echo "等待 Drone 启动..."
 kubectl wait --for=condition=available --timeout=300s deployment/drone-server
 kubectl wait --for=condition=available --timeout=300s deployment/drone-runner
 echo "Drone 安装完成！"
 echo "访问地址: https://drone-ops.t-aaron.com"
 echo "查看状态: kubectl get pods -l app=drone-server"
 echo "注意: 需要在Gitea中配置OAuth应用才能正常使用"
--- a/gitea/README.md
+++ b/gitea/README.md
@ -0,0 +1,71 @@
 # Gitea Kubernetes 部署配置
 本目录包含在Kubernetes集群中部署Gitea的配置文件。
 ## 文件说明
 ### 1. gitea-deployment.yaml
 Gitea应用的主要部署配置：
 - **nodeSelector**: 确保Gitea只在主节点（control-plane）上运行
 - **image**: 使用官方Gitea镜像 `gitea/gitea:latest`
 - **ports**: 
  - 3000: HTTP Web界面端口
  - 22: SSH Git操作端口
 - **volumes**: 
  - `/opt/gitea/data`: 数据存储目录（主机路径）
  - `/opt/gitea/config`: 配置文件目录（主机路径）
 - **env**: 设置用户UID和GID为1000
 ### 2. gitea-service.yaml
 Gitea服务配置：
 - **type**: ClusterIP（集群内部访问）
 - **ports**: 暴露3000和22端口
 - **selector**: 匹配app=gitea的pod
 ### 3. gitea-ingress.yaml
 Gitea外部访问配置：
 - **host**: git-ops.t-aaron.com（外部访问域名）
 - **annotations**: 配置Traefik入口点
 - **path**: 根路径（/）转发到Gitea服务
 ### 4. install-gitea.sh
 一键安装脚本：
 - 按顺序应用所有yaml文件
 - 等待部署完成
 - 显示访问信息
 ## 部署步骤
 1. 确保k3s集群正常运行
 2. 运行安装脚本：
   ```bash
   ./install-gitea.sh
   ```
 3. 访问 http://git-ops.t-aaron.com 进行Gitea初始化
 ## 注意事项
 - Gitea数据存储在主机 `/opt/gitea/` 目录
 - 确保主节点有足够的存储空间
 - 首次访问需要完成Gitea初始化配置
 Gitea 安装配置
 配置:git-ops.t-aaron.com
 配置:https://git-ops.t-aaron.com/
 注册用户:
 tuoheng
 tuoheng@qq.com
 tuoheng2023
 设置安全配置:管理 OAuth2 应用程序
 https://drone-ops.t-aaron.com/login
 客户端:87ef56d3-c8ef-40d3-9dd5-d9214fdac09f
 密钥:tHe6Cq3dNpelsCA2NRTaGB3EueIFRkyLxh9USwBbxe4A
 参考:https://readme.drone.io/server/provider/gitea/
--- a/gitea/gitea-deployment.yaml
+++ b/gitea/gitea-deployment.yaml
@ -0,0 +1,42 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: gitea
  namespace: default
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitea
  template:
    metadata:
      labels:
        app: gitea
    spec:
      nodeSelector:
        node-role.kubernetes.io/control-plane: "true"
      containers:
      - name: gitea
        image: registry.t-aaron.com/gitea/gitea:latest
        ports:
        - containerPort: 3000
        - containerPort: 22
        env:
        - name: USER_UID
          value: "1000"
        - name: USER_GID
          value: "1000"
        volumeMounts:
        - name: gitea-data
          mountPath: /data
        - name: gitea-config
          mountPath: /etc/gitea
      volumes:
      - name: gitea-data
        hostPath:
          path: /opt/gitea/data
          type: DirectoryOrCreate
      - name: gitea-config
        hostPath:
          path: /opt/gitea/config
          type: DirectoryOrCreate
--- a/gitea/gitea-ingress.yaml
+++ b/gitea/gitea-ingress.yaml
@ -0,0 +1,24 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: gitea-ingress
  namespace: default
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
  tls:
  - hosts:
    - git-ops.t-aaron.com
    secretName: tls
  rules:
  - host: git-ops.t-aaron.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: gitea-service
            port:
              number: 3000
--- a/gitea/gitea-service.yaml
+++ b/gitea/gitea-service.yaml
@ -0,0 +1,16 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: gitea-service
  namespace: default
 spec:
  selector:
    app: gitea
  ports:
  - name: http
    port: 3000
    targetPort: 3000
  - name: ssh
    port: 22
    targetPort: 22
  type: ClusterIP
--- a/gitea/install-gitea.sh
+++ b/gitea/install-gitea.sh
@ -0,0 +1,14 @@
 #!/bin/bash
 echo "开始安装 Gitea..."
 # 应用所有yaml文件
 kubectl apply -f gitea-deployment.yaml
 kubectl apply -f gitea-service.yaml
 kubectl apply -f gitea-ingress.yaml
 echo "等待 Gitea 启动..."
 kubectl wait --for=condition=available --timeout=300s deployment/gitea
 echo "Gitea 安装完成！"
 echo "访问地址: http://git-ops.t-aaron.com"
 echo "查看状态: kubectl get pods -l app=gitea"
--- a/readme.md
+++ b/readme.md
@ -0,0 +1,5 @@
 1. 你只可以读newinstall文件夹下的内容,也仅仅可以在这个文件夹下做操作
 2: 服务器IP:47.117.247.14  SSH端口: 2222 用户:th 密码:ta51-k8sTHjs^
 3: 你每一步工作都需要我确认后再执行,每次修改我本地文件的时候,都需要得到我的确认后再修改,修改完也需要我的二次确认;
 4: 不要一次告诉我太多东西，包括命令，都需要一步步执行;