244 lines
7.8 KiB
Bash
Executable File
244 lines
7.8 KiB
Bash
Executable File
#!/bin/bash
|
||
# JPD集群完整部署脚本 - 在Master节点上运行
|
||
# 使用方法: bash deploy-all-on-master.sh
|
||
|
||
set -e
|
||
|
||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||
echo "🚀 JPD集群GitOps自动化部署"
|
||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||
echo ""
|
||
|
||
# 检查是否在master节点上
|
||
if ! command -v kubectl &> /dev/null; then
|
||
echo "❌ kubectl未找到,请确保在K3s master节点上运行此脚本"
|
||
exit 1
|
||
fi
|
||
|
||
# 配置kubectl
|
||
echo "📝 配置kubectl..."
|
||
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
|
||
sudo chmod 644 /etc/rancher/k3s/k3s.yaml
|
||
|
||
# 验证集群
|
||
echo "🔍 验证集群状态..."
|
||
kubectl get nodes -o wide
|
||
echo ""
|
||
|
||
# 检查Helm
|
||
if ! command -v helm &> /dev/null; then
|
||
echo "📦 安装Helm..."
|
||
curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
|
||
echo "✅ Helm安装完成"
|
||
else
|
||
echo "✅ Helm已安装"
|
||
fi
|
||
|
||
echo ""
|
||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||
echo "📦 步骤 1/4: 部署Gitea"
|
||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||
echo ""
|
||
|
||
# 添加Gitea Helm仓库
|
||
echo "📝 添加Gitea Helm仓库..."
|
||
helm repo add gitea-charts https://dl.gitea.com/charts/
|
||
helm repo update
|
||
|
||
# 创建gitea命名空间
|
||
echo "📝 创建gitea命名空间..."
|
||
kubectl create namespace gitea --dry-run=client -o yaml | kubectl apply -f -
|
||
|
||
# 部署Gitea
|
||
echo "🚀 部署Gitea..."
|
||
helm upgrade --install gitea gitea-charts/gitea \
|
||
--namespace gitea \
|
||
--set gitea.admin.username=gitea_admin \
|
||
--set gitea.admin.password=GitAdmin@2026 \
|
||
--set gitea.admin.email=admin@jpd.net3w.com \
|
||
--set service.http.type=NodePort \
|
||
--set service.http.nodePort=30080 \
|
||
--set postgresql-ha.enabled=true \
|
||
--set redis-cluster.enabled=true \
|
||
--wait --timeout=10m
|
||
|
||
echo "✅ Gitea部署完成"
|
||
echo ""
|
||
|
||
# 等待Gitea就绪
|
||
echo "⏳ 等待Gitea Pod就绪..."
|
||
kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=gitea -n gitea --timeout=300s
|
||
|
||
# 获取Gitea访问信息
|
||
GITEA_PORT=$(kubectl get svc gitea-http -n gitea -o jsonpath='{.spec.ports[0].nodePort}')
|
||
NODE_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="InternalIP")].address}')
|
||
echo "✅ Gitea访问地址: http://$NODE_IP:$GITEA_PORT"
|
||
echo " 域名访问: http://git.jpd.net3w.com"
|
||
echo ""
|
||
|
||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||
echo "📦 步骤 2/4: 部署ArgoCD"
|
||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||
echo ""
|
||
|
||
# 创建argocd命名空间
|
||
echo "📝 创建argocd命名空间..."
|
||
kubectl create namespace argocd --dry-run=client -o yaml | kubectl apply -f -
|
||
|
||
# 部署ArgoCD
|
||
echo "🚀 部署ArgoCD..."
|
||
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
|
||
|
||
# 等待ArgoCD就绪
|
||
echo "⏳ 等待ArgoCD Pod就绪..."
|
||
kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=argocd-server -n argocd --timeout=300s
|
||
|
||
# 修改ArgoCD服务为NodePort
|
||
echo "📝 配置ArgoCD NodePort..."
|
||
kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "NodePort"}}'
|
||
|
||
# 获取ArgoCD访问信息
|
||
ARGOCD_PORT=$(kubectl get svc argocd-server -n argocd -o jsonpath='{.spec.ports[0].nodePort}')
|
||
ARGOCD_PASSWORD=$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d)
|
||
|
||
echo "✅ ArgoCD部署完成"
|
||
echo " 访问地址: https://$NODE_IP:$ARGOCD_PORT"
|
||
echo " 域名访问: https://argocd.jpd.net3w.com"
|
||
echo " 用户名: admin"
|
||
echo " 密码: $ARGOCD_PASSWORD"
|
||
echo ""
|
||
|
||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||
echo "📦 步骤 3/4: 部署cert-manager"
|
||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||
echo ""
|
||
|
||
# 部署cert-manager
|
||
echo "🚀 部署cert-manager..."
|
||
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml
|
||
|
||
# 等待cert-manager就绪
|
||
echo "⏳ 等待cert-manager Pod就绪..."
|
||
kubectl wait --for=condition=ready pod -l app=cert-manager -n cert-manager --timeout=300s
|
||
kubectl wait --for=condition=r app=webhook -n cert-manager --timeout=300s
|
||
|
||
# 创建Let's Encrypt ClusterIssuer
|
||
echo "📝 配置Let's Encrypt..."
|
||
cat <<EOF | kubectl apply -f -
|
||
apiVersion: cert-manager.io/v1
|
||
kind: ClusterIssuer
|
||
metadata:
|
||
name: letsencrypt-prod
|
||
spec:
|
||
acme:
|
||
server: https://acme-v02.api.letsencrypt.org/directory
|
||
email: admin@jpd.net3w.com
|
||
privateKeySecretRef:
|
||
name: letsencrypt-prod
|
||
solvers:
|
||
- http01:
|
||
ingress:
|
||
class: traefik
|
||
EOF
|
||
|
||
echo "✅ cert-manager部署完成"
|
||
echo ""
|
||
|
||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||
echo "📦 步骤 4/4: 配置Ingress"
|
||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||
echo ""
|
||
|
||
# 创建Gitea Ingress
|
||
echo "📝 创建Gitea Ingress..."
|
||
cat <<EOF | kubectl apply -f -
|
||
apiVersion: networking.k8s.io/v1
|
||
kind: Ingress
|
||
metadata:
|
||
name: gitea
|
||
namespace: gitea
|
||
annotations:
|
||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||
spec:
|
||
ingressClassName: traefik
|
||
tls:
|
||
- hosts:
|
||
- git.jpd.net3w.com
|
||
secretName: gitea-tls
|
||
rules:
|
||
- host: git.jpd.net3w.com
|
||
http:
|
||
paths:
|
||
- path: /
|
||
pathType: Prefix
|
||
backend:
|
||
service:
|
||
name: gitea-http
|
||
port:
|
||
number: 3000
|
||
EOF
|
||
|
||
# 创建ArgoCD Ingress
|
||
echo "📝 创建ArgoCD I"
|
||
cat <<EOF | kubectl apply -f -
|
||
apiVersion: networking.k8s.io/v1
|
||
kind: Ingress
|
||
metadata:
|
||
name: argocd-server
|
||
namespace: argocd
|
||
annotations:
|
||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
|
||
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
||
spec:
|
||
ingressClassName: traefik
|
||
tls:
|
||
- hosts:
|
||
- argocd.jpd.net3w.com
|
||
secretName: argocd-server-tls
|
||
rules:
|
||
- host: argocd.jpd.net3w.com
|
||
http:
|
||
paths:
|
||
- path: /
|
||
pathType: Prefix
|
||
backend:
|
||
service:
|
||
name: argocd-server
|
||
port:
|
||
number: 443
|
||
EOF
|
||
|
||
echo "✅ Ingress配置完成"
|
||
echo ""
|
||
|
||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||
echo "🎉 部署完成!"
|
||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||
echo ""
|
||
echo "📊 部署摘要:"
|
||
echo " ✅ Gitea: http://git.jpd.net3w.com"
|
||
echo " ✅ ArgoCD: https://argocd.jpd.net3w.com"
|
||
echo " ✅ cert-manager: 已配置Let's Encrypt"
|
||
echo ""
|
||
echo "🔑 访问凭证:"
|
||
echo " Gitea:"
|
||
echo " - 用户名: gitea_admin"
|
||
echo " - 密码: GitAdmin@2026"
|
||
echo ""
|
||
echo " ArgoCD:"
|
||
echo " - 用户名: admin"
|
||
echo " - 密码: $ARGOCD_PASSWORD"
|
||
echo ""
|
||
echo "📝 验证命令:"
|
||
echo " kubectl get pods --all-namespaces"
|
||
echo " kubectl get ingress --all-namespaces"
|
||
echo " kubectl get certificate --all-namespaces"
|
||
echo ""
|
||
echo "💡 提示:"
|
||
echo " - 确保DNS已配置: *.jpd.net3w.com -> 149.13.91.216"
|
||
echo " - 首次HTTPS访问需等待1-2分钟证书签发"
|
||
echo " - 可以通过NodePort直接访问服务"
|
||
echo ""
|
||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|