fix

k8s/kevisual.cn/README.md

@@ -1,12 +1,12 @@
 
-## 安装k3s + calico 网络插件
-### 安装k3s 同时禁用默认的traefik和flannel
+## 安装k3s 网络插件
+### 安装k3s 同时禁用默认的traefik
 
 ```sh
 curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | \
 INSTALL_K3S_MIRROR=cn \
 K3S_KUBECONFIG_MODE="644" \
-INSTALL_K3S_EXEC="server --disable=traefik --flannel-backend=none" \
+INSTALL_K3S_EXEC="server --disable=traefik " \
 sh -
 ```
 # 编辑服务文件
@@ -18,11 +18,6 @@ journalctl -u k3s.service -f
 ### 安装有问题
 https://chat.xiongxiao.me/s/10b9aefa-5ba5-45d6-ba2c-b80c638468f3
 
-### 安装Calico 
-
-```sh
-curl -sfL https://docs.projectcalico.org/manifests/calico.yaml | kubectl apply -f -
-```
 
 ### 获取token
 

k8s/kevisual.cn/apps/esm.yaml

@@ -1,9 +1,7 @@
-# kubectl create namespace kevisual
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: esm
-  namespace: kevisual
   labels:
     app: esm
 spec:
@@ -39,7 +37,6 @@ apiVersion: v1
 kind: Service
 metadata:
   name: esm
-  namespace: kevisual
   labels:
     app: esm
 spec:
@@ -57,7 +54,6 @@ apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: esm-https
-  namespace: kevisual
 spec:
   entryPoints:
     - websecure

k8s/kevisual.cn/apps/external/new-api.yaml

@@ -23,6 +23,9 @@ subsets:
   - name: http
     port: 3000
     protocol: TCP
+---
+apiVersion: v1
+kind: Endpoints
 metadata:
   name: minio-external
   namespace: default

k8s/kevisual.cn/apps/jimeng-api/app.yaml

@@ -0,0 +1,72 @@
+# jimeng-api Deployment
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jimeng-api
+  namespace: default
+  labels:
+    app: jimeng-api
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: jimeng-api
+  template:
+    metadata:
+      labels:
+        app: jimeng-api
+    spec:
+      containers:
+        - name: jimeng-api
+          image: ghcr.io/iptag/jimeng-api:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 5100
+              protocol: TCP
+          resources:
+            requests:
+              memory: "128Mi"
+              cpu: "100m"
+            limits:
+              memory: "512Mi"
+              cpu: "500m"
+      nodeSelector:
+        machine: "kevisual"
+---
+# jimeng-api Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: jimeng-api
+  namespace: default
+  labels:
+    app: jimeng-api
+spec:
+  type: ClusterIP
+  ports:
+  - name: http
+    protocol: TCP
+    port: 5100
+    targetPort: 5100
+  selector:
+    app: jimeng-api
+
+
+---
+# jimeng-api Ingress (Traefik)
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: jimeng-api-https
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`jimeng-api.kevisual.cn`)
+      kind: Rule
+      services:
+        - name: jimeng-api
+          port: 5100
+  tls:
+    certResolver: letsencrypt

k8s/kevisual.cn/apps/nocodb.yaml

@@ -1,43 +1,10 @@
 ---
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: nocodb
----
-# PostgreSQL Persistent Volume Claim
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: postgres-pv
-  namespace: nocodb
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: local-path
-  hostPath:
-    path: /opt/docker/nocodb/postgres_data
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: postgres-pvc
-  namespace: nocodb
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-  volumeName: postgres-pv
----
 # PostgreSQL Deployment
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: root-db
-  namespace: nocodb
+  namespace: default
   labels:
     app: root-db
 spec:
@@ -90,16 +57,18 @@ spec:
             periodSeconds: 5
             timeoutSeconds: 3
       volumes:
-        - name: postgres-storage
-          persistentVolumeClaim:
-            claimName: postgres-pvc
+      - name: postgres-storage
+        hostPath:
+          path: /opt/docker/nocodb/postgres_data
+          type: Directory
+      nodeSelector:
+        machine: "kevisual"
 ---
 # PostgreSQL Service (ClusterIP, internal access)
 apiVersion: v1
 kind: Service
 metadata:
   name: root-db
-  namespace: nocodb
   labels:
     app: root-db
 spec:
@@ -111,40 +80,11 @@ spec:
       targetPort: 5432
   type: ClusterIP
 ---
-# NocoDB Persistent Volume Claim
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: nc-data-pv
-  namespace: nocodb
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: local-path
-  hostPath:
-    path: /opt/docker/nocodb/nc_data
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: nc-data-pvc
-  namespace: nocodb
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-  volumeName: nc-data-pv
----
 # NocoDB Deployment
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nocodb
-  namespace: nocodb
   labels:
     app: nocodb
 spec:
@@ -164,7 +104,7 @@ spec:
             - containerPort: 8080
           env:
             - name: NC_DB
-              value: "pg://root-db.nocodb.svc.cluster.local:5432?u=postgres&p=abearxiong&d=postgres"
+              value: "pg://root-db:5432?u=postgres&p=abearxiong&d=postgres"
             - name: NC_AUTH_JWT_SECRET
               value: "MaCpbZugRlwFWUfpAUNAd7p64V4Yj7Xx" #   openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | head -c 32
           volumeMounts:
@@ -179,16 +119,18 @@ spec:
             periodSeconds: 10
             timeoutSeconds: 5
       volumes:
-        - name: nc-data-storage
-          persistentVolumeClaim:
-            claimName: nc-data-pvc
+      - name: nc-data-storage
+        hostPath:
+          path: /opt/docker/nocodb/nc_data
+          type: Directory
+      nodeSelector:
+        machine: "kevisual"
 ---
 # NocoDB Service (NodePort to expose on host:8080)
 apiVersion: v1
 kind: Service
 metadata:
   name: nocodb
-  namespace: nocodb
   labels:
     app: nocodb
 spec:
@@ -206,7 +148,6 @@ apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: nocodb-https
-  namespace: nocodb
 spec:
   entryPoints:
     - websecure

k8s/kevisual.cn/config/master-token.md

@@ -1,10 +1,10 @@
-K106e5eb70f699db4a043873e452b636cd50be9a5794ff1a912a7b96f22268eb204::server:afa9aade36b27a6eec44d47983441d59
+K109668b353a17ff6ea9d68535255f880cf583c5c83c357d181ac5f963505033af4::server:f95b219abcfe507760f04ff88be52ccd
 
 # Agent 节点安装命令
 
 ```sh
 
-curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_URL=https://kevisual.cn:6443 K3S_TOKEN=K106e5eb70f699db4a043873e452b636cd50be9a5794ff1a912a7b96f22268eb204::server:afa9aade36b27a6eec44d47983441d59 sh -
+curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_URL=https://kevisual.cn:6443 K3S_TOKEN=K109668b353a17ff6ea9d68535255f880cf583c5c83c357d181ac5f963505033af4::server:f95b219abcfe507760f04ff88be52ccd sh -
 
 ```
 会输出类似

k8s/kevisual.cn/ingress/apps-ingressroute.yaml

@@ -1,4 +1,5 @@
 # Kevisual - kevisual.cn (支持 WebSocket)
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
@@ -15,7 +16,7 @@ spec:
           port: 3005
   tls:
     certResolver: letsencrypt
-
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
@@ -31,4 +32,5 @@ spec:
         - name: kevisual-external
           port: 3005
   tls:
-    certResolver: letsencrypt
+    certResolver: letsencrypt
+---

k8s/kevisual.cn/pro/index.md

@@ -0,0 +1,31 @@
+
+```sh
+# cat /etc/rancher/k3s/registries.yaml
+mirrors:
+  docker.io:
+    endpoint:
+      - "https://docker.1ms.run"
+      - "https://docker.m.daocloud.io"
+      - "https://dockerproxy.net/"
+```
+
+```sh
+cat config.toml
+disabled_plugins = ["cri"]
+
+[plugins."io.containerd.grpc.v1.cri".registry]
+  [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
+    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
+      endpoint = [
+        "https://docker.1ms.run",
+        "https://docker.m.daocloud.io",
+        "https://dockerproxy.net/",
+      ]
+
+
+# [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"]
+#   endpoint = [
+#     "https://k8s.m.daocloud.io"
+#     "https://docker.m.daocloud.io",
+#  ]
+```

k8s/kevisual.cn/services/external-services.yaml

@@ -4,25 +4,22 @@ metadata:
   name: kevisual-external
   namespace: default
 spec:
-  type: ClusterIP
+  clusterIP: None
   ports:
   - port: 3005
     targetPort: 3005
     protocol: TCP
     name: http
 ---
-apiVersion: discovery.k8s.io/v1
-kind: EndpointSlice
+apiVersion: v1
+kind: Endpoints
 metadata:
   name: kevisual-external
   namespace: default
-  labels:
-    kubernetes.io/service-name: kevisual-external
-addressType: IPv4
-ports:
-- name: http
-  protocol: TCP
-  port: 3005
-endpoints:
+subsets:
 - addresses:
-  - "118.196.32.29"
+  - ip: 118.196.32.29
+  ports:
+  - port: 3005
+    name: http
+    protocol: TCP

k8s/kevisual.cn/sh/debug-www-kevisual.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+# 诊断 www.kevisual.cn 访问问题
+# tags: debug, troubleshooting, traefik, ingress
+# description: 诊断 www.kevisual.cn 无法访问的问题
+# title: www.kevisual.cn 诊断脚本
+# createdAt: 2025-12-05
+
+echo "========================================"
+echo "1. 检查 Traefik CRD 是否存在"
+echo "========================================"
+kubectl api-resources | grep ingressroute
+
+echo ""
+echo "========================================"
+echo "2. 检查 IngressRoute 资源"
+echo "========================================"
+kubectl get ingressroute -n default
+
+echo ""
+echo "========================================"
+echo "3. 检查 kevisual-external 服务"
+echo "========================================"
+kubectl get svc kevisual-external -n default
+
+echo ""
+echo "========================================"
+echo "4. 检查 EndpointSlice"
+echo "========================================"
+kubectl get endpointslice -n default | grep kevisual
+
+echo ""
+echo "========================================"
+echo "5. 检查 Traefik Pod 状态"
+echo "========================================"
+kubectl get pod -n traefik
+
+echo ""
+echo "========================================"
+echo "6. 检查 Traefik 服务"
+echo "========================================"
+kubectl get svc -n traefik
+
+echo ""
+echo "========================================"
+echo "7. 描述 www-kevisual-https IngressRoute"
+echo "========================================"
+kubectl describe ingressroute www-kevisual-https -n default 2>&1
+
+echo ""
+echo "========================================"
+echo "8. 检查 Traefik 日志（最近50行）"
+echo "========================================"
+kubectl logs -n traefik -l app.kubernetes.io/name=traefik --tail=50 2>&1 | grep -i "kevisual\|www.kevisual\|error" || echo "未找到相关日志"
+
+echo ""
+echo "========================================"
+echo "9. 测试访问 www.kevisual.cn"
+echo "========================================"
+curl -I https://www.kevisual.cn 2>&1 | head -10
+
+echo ""
+echo "========================================"
+echo "10. 测试访问 kevisual.cn"
+echo "========================================"
+curl -I https://kevisual.cn 2>&1 | head -10

k8s/kevisual.cn/sh/log/delete.sh

@@ -0,0 +1,11 @@
+# kubectl delete -f ./app.yaml --force --grace-period=0
+
+# log
+
+kubectl logs jimeng-api-cfd7c9578-dkqps
+
+kubectl describe pod jimeng-api-cfd7c9578-dkqps
+
+# kubectl rollout restart deployment jimeng-api -n default
+
+# kubectl get pods -l app=jimeng-api -w

k8s/kevisual.cn/sh/log/traefik.sh

@@ -0,0 +1,9 @@
+# !/bin/bash
+
+# 查看 traefik 日志中包含 jimeng 关键词的内容，以及错误信息
+kubectl logs -n traefik $(kubectl get pods -n traefik -o name | head 
+-1) --tail=100 | grep -E "(jimeng|error|Error|ERROR)" -A 2 -B 2
+kubectl get svc -n traefik
+
+# 查看 traefik pod 的倒数 100 行日志
+kubectl logs -n traefik $(kubectl get pods -n traefik -o name | head -1) --tail=100

k8s/kevisual.cn/sh/mirror/proxy-base.sh

@@ -0,0 +1,15 @@
+## k3s ctr 直接下载不了镜像，用其他的方式下载然后导入
+# sudo k3s ctr images pull docker.io/rancher/mirrored-pause:3.6
+
+
+# 1. 使用 Docker pull 镜像
+docker pull docker.io/rancher/mirrored-pause:3.6
+
+# 2. 将 Docker 镜像保存为 tar 文件
+docker save docker.io/rancher/mirrored-pause:3.6 -o mirrored-pause-3.6.tar
+
+# 3. 使用 K3s 的 ctr 导入镜像
+sudo k3s ctr images import mirrored-pause-3.6.tar
+
+# 4. 验证镜像是否导入成功
+sudo k3s ctr images ls | grep pause

k8s/kevisual.cn/sh/mirror/proxy-jimeng.sh

@@ -0,0 +1,15 @@
+## k3s ctr 直接下载不了镜像，用其他的方式下载然后导入
+# sudo k3s ctr images pull docker.io/ghcr.io/iptag/jimeng-api:latest
+
+
+# 1. 使用 Docker pull 镜像
+docker pull docker.io/ghcr.io/iptag/jimeng-api:latest
+
+# 2. 将 Docker 镜像保存为 tar 文件
+docker save docker.io/ghcr.io/iptag/jimeng-api:latest -o mirrored-pause-3.6.tar
+
+# 3. 使用 K3s 的 ctr 导入镜像
+sudo k3s ctr images import mirrored-pause-3.6.tar
+
+# 4. 验证镜像是否导入成功
+sudo k3s ctr images ls | grep pause

k8s/kevisual.cn/traefik.yaml

@@ -6,6 +6,11 @@
 # description: Traefik 反向代理完整配置,部署在 master 节点,包含自动 SSL 证书支持(Let's Encrypt)
 # title: Traefik 完整部署配置 - 含 SSL 证书(Master 节点部署)
 # createdAt: 2025-11-26
+# Error from server (NotFound): error when creating "traefik.yaml": the server could not find the requested resource (post ingressroutes.traefik.io)
+# 注意: 需要先安装 Traefik CRD 资源定义,
+## 
+# kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+##
 ---
 # PersistentVolume 用于存储 ACME 证书数据
 apiVersion: v1