kevisual/k8s-docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

更新多个应用的镜像地址,调整数据存储路径,新增 Traefik 配置,删除无用的 Keycloak 配置文件,添加必须执行的脚本

Browse Source
This commit is contained in:
熊潇
2026-03-01 00:13:45 +08:00
parent a8b46d973e
commit c59ad4b83f
12 changed files with 75 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
k8s/kevisual.cn/README.md
View File

@@ -33,4 +33,45 @@ sudo vim /etc/rancher/k3s/registries.yaml
```sh ```sh
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
```
## let
# 将访问宿主机 80 端口的流量转发到 30080
```sh
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 30080
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 30443
# 别忘了保存规则Ubuntu 下)
sudo apt install iptables-persistent
sudo netfilter-persistent save
```
## let 2
```sh
#回路
iptables -t nat -L PREROUTING -vn --line-numbers
### 删除
sudo iptables -t nat -D PREROUTING 1 2>/dev/null
sudo iptables -t nat -I PREROUTING 1 -p tcp --dport 443 -j DNAT --to-destination 118.196.32.29:30443
#去路(根据数据包判断顺序)
sudo iptables -t nat -L POSTROUTING -vn --line-numbers
## 删除
sudo iptables -t nat -D POSTROUTING 1
sudo iptables -t nat -A POSTROUTING -d 118.196.32.29 -p tcp --dport 30443 -j MASQUERADE
#强制刷新权限
sudo iptables -I FORWARD 1 -j ACCEPT
sudo netfilter-persistent save
```
```
CLUSTER_IP=$(kubectl get svc traefik -n traefik -o jsonpath='{.spec.clusterIP}')
echo "Traefik 的固定 ClusterIP 是: $CLUSTER_IP"
Traefik 的固定 ClusterIP 是: 10.43.131.173
``` ```

4
k8s/kevisual.cn/apps/esm.yaml
View File

@@ -16,7 +16,7 @@ spec:
spec: spec:
containers: containers:
- name: esm - name: esm
image: ghcr.io/esm-dev/esm.sh:v136_1 image: docker.cnb.cool/kevisual/dev-env/esm.sh:v137
ports: ports:
- containerPort: 12000 - containerPort: 12000
protocol: TCP protocol: TCP
@@ -27,7 +27,7 @@ spec:
volumes: volumes:
- name: esm-data - name: esm-data
hostPath: hostPath:
path: /opt/docker/esm/data path: /root/kevisual/k8s/esm/data
type: Directory type: Directory
nodeSelector: nodeSelector:
machine: "kevisual" machine: "kevisual"

2
k8s/kevisual.cn/apps/jimeng-api/app.yaml
View File

@@ -18,7 +18,7 @@ spec:
spec: spec:
containers: containers:
- name: jimeng-api - name: jimeng-api
image: ghcr.io/iptag/jimeng-api:latest image: docker.cnb.cool/kevisual/dev-env/jimeng-api:v1.9.5
imagePullPolicy: Always imagePullPolicy: Always
ports: ports:
- containerPort: 5100 - containerPort: 5100

45
k8s/kevisual.cn/apps/keycloak/app.yaml
View File

@@ -1,45 +0,0 @@
---
# Keycloak - keycloak.kevisual.cn
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: keycloak-https
namespace: default
spec:
entryPoints:
- websecure
routes:
- match: Host(`keycloak.kevisual.cn`)
kind: Rule
services:
- name: keycloak-external
port: 8082
tls:
certResolver: letsencrypt
---
# Keycloak 服务 (端口 8082, 本地)
apiVersion: v1
kind: Service
metadata:
name: keycloak-external
namespace: default
spec:
type: ClusterIP
ports:
- port: 8082
targetPort: 8082
protocol: TCP
name: http
---
apiVersion: v1
kind: Endpoints
metadata:
name: keycloak-external
namespace: default
subsets:
- addresses:
- ip: 118.196.32.29
ports:
- port: 8082
name: http

8
k8s/kevisual.cn/apps/nocodb.yaml
View File

@@ -19,7 +19,7 @@ spec:
spec: spec:
containers: containers:
- name: postgres - name: postgres
image: postgres:17.6 image: docker.cnb.cool/kevisual/dev-env/postgres:17.6
ports: ports:
- containerPort: 5432 - containerPort: 5432
env: env:
@@ -59,7 +59,7 @@ spec:
volumes: volumes:
- name: postgres-storage - name: postgres-storage
hostPath: hostPath:
path: /opt/docker/nocodb/postgres_data path: /root/kevisual/k8s/nocodb/postgres_data
type: Directory type: Directory
nodeSelector: nodeSelector:
machine: "kevisual" machine: "kevisual"
@@ -99,7 +99,7 @@ spec:
spec: spec:
containers: containers:
- name: nocodb - name: nocodb
image: nocodb/nocodb:latest image: docker.cnb.cool/kevisual/dev-env/nocodb:0.301.3
ports: ports:
- containerPort: 8080 - containerPort: 8080
env: env:
@@ -121,7 +121,7 @@ spec:
volumes: volumes:
- name: nc-data-storage - name: nc-data-storage
hostPath: hostPath:
path: /opt/docker/nocodb/nc_data path: /root/kevisual/k8s/nocodb/nc_data
type: Directory type: Directory
nodeSelector: nodeSelector:
machine: "kevisual" machine: "kevisual"

4
k8s/kevisual.cn/apps/openlist/openlist.yaml
View File

@@ -16,7 +16,7 @@ spec:
spec: spec:
containers: containers:
- name: openlist - name: openlist
image: docker.1ms.run/openlistteam/openlist:latest image: docker.cnb.cool/kevisual/dev-env/openlist:v4.1.10
securityContext: securityContext:
runAsUser: 0 runAsUser: 0
ports: ports:
@@ -31,7 +31,7 @@ spec:
volumes: volumes:
- name: openlist-data - name: openlist-data
hostPath: hostPath:
path: /opt/docker/openlist/data path: /root/kevisual/k8s/openlist/data
type: DirectoryOrCreate type: DirectoryOrCreate
nodeSelector: nodeSelector:
machine: "kevisual" machine: "kevisual"

2
k8s/kevisual.cn/config/master-token.md
View File

@@ -4,7 +4,7 @@ K109668b353a17ff6ea9d68535255f880cf583c5c83c357d181ac5f963505033af4::server:f95b
```sh ```sh
curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_URL=https://kevisual.cn:6443 K3S_TOKEN=K109668b353a17ff6ea9d68535255f880cf583c5c83c357d181ac5f963505033af4::server:f95b219abcfe507760f04ff88be52ccd sh -s -- --pause-image=docker.1ms.run/rancher/mirrored-pause:3.9 curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_URL=https://kevisual.cn:6443 K3S_TOKEN=K109668b353a17ff6ea9d68535255f880cf583c5c83c357d181ac5f963505033af4::server:f95b219abcfe507760f04ff88be52ccd sh -s -- --pause-image=docker.cnb.cool/kevisual/dev-env/mirrored-pause:3.9
``` ```
会输出类似 会输出类似

1
k8s/kevisual.cn/must.sh Normal file
View File

@@ -0,0 +1 @@
echo "/dev/vdb1 /root/kevisual ext4 defaults 0 0" >> /etc/fstab

4
k8s/kevisual.cn/pro/index.md
View File

@@ -4,13 +4,13 @@
mirrors: mirrors:
docker.io: docker.io:
endpoint: endpoint:
- "https://docker.1ms.run"
- "https://docker.m.daocloud.io" - "https://docker.m.daocloud.io"
- "https://dockerproxy.net/" - "https://dockerproxy.net/"
- "https://docker.cnb.cool/kevisual/dev-env"
``` ```
```sh ```sh
cat config.toml #cat config.toml
disabled_plugins = ["cri"] disabled_plugins = ["cri"]
[plugins."io.containerd.grpc.v1.cri".registry] [plugins."io.containerd.grpc.v1.cri".registry]

4
k8s/kevisual.cn/sh/mirror/proxy-base.sh
View File

@@ -3,10 +3,10 @@
# 1. 使用 Docker pull 镜像 # 1. 使用 Docker pull 镜像
docker pull docker.io/rancher/mirrored-pause:3.6 docker pull docker.cnb.cool/kevisual/dev-env/mirrored-pause:3.6/rancher/mirrored-pause:3.6
# 2. 将 Docker 镜像保存为 tar 文件 # 2. 将 Docker 镜像保存为 tar 文件
docker save docker.io/rancher/mirrored-pause:3.6 -o mirrored-pause-3.6.tar docker save docker.cnb.cool/kevisual/dev-env/mirrored-pause:3.6/rancher/mirrored-pause:3.6 -o mirrored-pause-3.6.tar
# 3. 使用 K3s 的 ctr 导入镜像 # 3. 使用 K3s 的 ctr 导入镜像
sudo k3s ctr images import mirrored-pause-3.6.tar sudo k3s ctr images import mirrored-pause-3.6.tar

15
k8s/kevisual.cn/sh/mirror/proxy-jimeng.sh
View File

@@ -1,15 +0,0 @@
## k3s ctr 直接下载不了镜像,用其他的方式下载然后导入
# sudo k3s ctr images pull docker.io/ghcr.io/iptag/jimeng-api:latest
# 1. 使用 Docker pull 镜像
docker pull docker.io/ghcr.io/iptag/jimeng-api:latest
# 2. 将 Docker 镜像保存为 tar 文件
docker save docker.io/ghcr.io/iptag/jimeng-api:latest -o mirrored-pause-3.6.tar
# 3. 使用 K3s 的 ctr 导入镜像
sudo k3s ctr images import mirrored-pause-3.6.tar
# 4. 验证镜像是否导入成功
sudo k3s ctr images ls | grep pause

23
k8s/kevisual.cn/traefik.yaml
View File

@@ -142,7 +142,12 @@ spec:
kubernetes.io/hostname: kevisual # 节点主机名是 kevisual kubernetes.io/hostname: kevisual # 节点主机名是 kevisual
containers: containers:
- name: traefik - name: traefik
image: traefik:latest image: docker.cnb.cool/kevisual/dev-env/traefik:v3.6.9
# env:
# - name: HTTP_PROXY
# value: "http://kevisual.cn:7890"
# - name: HTTPS_PROXY
# value: "http://kevisual.cn:7890"
args: args:
- --api.insecure=true - --api.insecure=true
- --providers.kubernetescrd - --providers.kubernetescrd
@@ -185,12 +190,10 @@ spec:
port: 80 port: 80
targetPort: 80 targetPort: 80
nodePort: 30080 # 外部通过 30080 访问 HTTP nodePort: 30080 # 外部通过 30080 访问 HTTP
# nodePort: 80
- name: websecure - name: websecure
port: 443 port: 443
targetPort: 443 targetPort: 443
nodePort: 30443 # 外部通过 30443 访问 HTTPS nodePort: 30443 # 外部通过 30443 访问 HTTPS
# nodePort: 443
- name: admin - name: admin
port: 8080 port: 8080
targetPort: 8080 targetPort: 8080
@@ -219,4 +222,16 @@ spec:
- name: api@internal - name: api@internal
kind: TraefikService kind: TraefikService
tls: tls:
certResolver: letsencrypt certResolver: letsencrypt
---
# 处理443 端口被占用问题,将 Traefik Service 的 NodePort 修改为 30443,并添加 externalIPs
# kubectl edit svc traefik -n traefik
# spec:
# externalIPs:
# - 118.196.32.29
# ports:
# - name: websecure
# port: 443
# targetPort: 443
# nodePort: 30443