zeaslity/CmiiDeploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

大量更新

Browse Source
This commit is contained in:
zeaslity
2026-05-19 14:28:56 +08:00
parent 9fc3372fa3
commit 37a6c6510f
223 changed files with 140833 additions and 2424 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.idea/inspectionProfiles/Project_Default.xml generated Normal file
View File

@@ -0,0 +1,10 @@
<component name="InspectionProjectProfileManager">
<profile version="1.0">
<option name="myName" value="Project Default" />
<inspection_tool class="ImplicitTypeConversion" enabled="true" level="WARNING" enabled_by_default="true">
<option name="BITS" value="1720" />
<option name="FLAG_EXPLICIT_CONVERSION" value="true" />
<option name="IGNORE_NODESET_TO_BOOLEAN_VIA_STRING" value="true" />
</inspection_tool>
</profile>
</component>

26
.idea/shelf/Uncommitted_changes_before_Update_at_2025_05_15_10_33_[Changes]/shelved.patch generated Normal file
View File

File diff suppressed because one or more lines are too long

4
.idea/shelf/Uncommitted_changes_before_Update_at_2025_05_15_10_33__Changes_.xml generated Normal file
View File

@@ -0,0 +1,4 @@
<changelist name="Uncommitted_changes_before_Update_at_2025_05_15_10_33_[Changes]" date="1747276416699" recycled="false" toDelete="true">
<option name="PATH" value="$PROJECT_DIR$/.idea/shelf/Uncommitted_changes_before_Update_at_2025_05_15_10_33_[Changes]/shelved.patch" />
<option name="DESCRIPTION" value="Uncommitted changes before Update at 2025/05/15 10:33 [Changes]" />
</changelist>

0
1-outside-deploy/1-base-env-shell/2-imageDownSync.sh → 0-archived/1-outside-deploy/1-base-env-shell/2-imageDownSync.sh
View File

0
13-深圳政数局/harbor-config.yml → 0-archived/13-深圳政数局/harbor-config.yml
View File

0
20-吉林移动/吉林移动5.4~5.8/cmii_material_warehouse.sql → 0-archived/20-吉林移动/吉林移动5.4~5.8/cmii_material_warehouse.sql
View File

0
20-吉林移动/吉林移动5.4~5.8/uav_airspace.sql → 0-archived/20-吉林移动/吉林移动5.4~5.8/uav_airspace.sql
View File

0
20-吉林移动/吉林移动5.4~5.8/uav_gis.sql → 0-archived/20-吉林移动/吉林移动5.4~5.8/uav_gis.sql
View File

0
20-吉林移动/吉林移动5.4~5.8/uav_lifecycle.sql → 0-archived/20-吉林移动/吉林移动5.4~5.8/uav_lifecycle.sql
View File

0
20-吉林移动/吉林移动5.4~5.8/uav_mission.sql → 0-archived/20-吉林移动/吉林移动5.4~5.8/uav_mission.sql
View File

0
20-吉林移动/吉林移动5.4~5.8/uav_notice.sql → 0-archived/20-吉林移动/吉林移动5.4~5.8/uav_notice.sql
View File

0
20-吉林移动/吉林移动5.4~5.8/uav_user.sql → 0-archived/20-吉林移动/吉林移动5.4~5.8/uav_user.sql
View File

0
34-202408-重庆二级平台/真实的nginx配置.conf → 0-archived/34-202408-重庆二级平台/真实的nginx配置.conf
View File

174
71-202601-XA监管平台/260304-升级23/cmii-uas-datahub.yaml Normal file
View File

@@ -0,0 +1,174 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: cmii-uas-datahub
namespace: 命名空间
labels:
cmii.type: backend
cmii.app: cmii-uas-datahub
octopus/control: backend-app-1.0.0
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/app-version: uas-2.3
spec:
replicas: 1
strategy:
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
cmii.type: backend
cmii.app: cmii-uas-datahub
template:
metadata:
labels:
cmii.type: backend
cmii.app: cmii-uas-datahub
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: uavcloud.env
operator: In
values:
- demo
imagePullSecrets:
- name: harborsecret
containers:
- name: cmii-uas-datahub
image: 10.22.57.8:8033/cmii/cmii-uas-datahub:2.3.0-pro-20260226
imagePullPolicy: Always
env:
- name: K8S_NAMESPACE
value: 命名空间
- name: APPLICATION_NAME
value: cmii-uas-datahub
- name: CUST_JAVA_OPTS
value: "-Xms200m -Xmx1500m -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -Dlog4j2.formatMsgNoLookups=true -Duser.timezone=Asia/Shanghai"
- name: NACOS_REGISTRY
value: "helm-nacos:8848"
- name: NACOS_DISCOVERY_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: NACOS_DISCOVERY_PORT
value: "8080"
- name: BIZ_CONFIG_GROUP
value: uas-2.3
- name: SYS_CONFIG_GROUP
value: uas-2.3
- name: NACOS_USERNAME
value: "developer"
- name: NACOS_PASSWORD
value: "Deve@9128201"
- name: IMAGE_NAME
value: uas-2.3
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: LIMIT_CPU
valueFrom:
resourceFieldRef:
containerName: cmii-uas-datahub
resource: limits.cpu
- name: LIMIT_MEMORY
valueFrom:
resourceFieldRef:
containerName: cmii-uas-datahub
resource: limits.memory
- name: REQUEST_CPU
valueFrom:
resourceFieldRef:
containerName: cmii-uas-datahub
resource: requests.cpu
- name: REQUEST_MEMORY
valueFrom:
resourceFieldRef:
containerName: cmii-uas-datahub
resource: requests.memory
ports:
- name: pod-port
containerPort: 8080
protocol: TCP
resources:
limits:
memory: 2Gi
cpu: "2"
requests:
memory: 200Mi
cpu: 200m
livenessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
startupProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 3
periodSeconds: 20
successThreshold: 1
failureThreshold: 5
volumeMounts:
- name: nfs-backend-log-volume
mountPath: /cmii/logs
readOnly: false
subPath: 命名空间/cmii-uas-datahub
volumes:
- name: nfs-backend-log-volume
persistentVolumeClaim:
claimName: nfs-backend-log-pvc
---
apiVersion: v1
kind: Service
metadata:
name: cmii-uas-datahub
namespace: 命名空间
labels:
cmii.type: backend
cmii.app: cmii-uas-datahub
octopus/control: backend-app-1.0.0
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/app-version: uas-2.0
spec:
type: ClusterIP
selector:
cmii.type: backend
cmii.app: cmii-uas-datahub
ports:
- name: backend-tcp
port: 8080
protocol: TCP
targetPort: 8080

174
71-202601-XA监管平台/260304-升级23/cmii-uas-fusion.yaml Normal file
View File

@@ -0,0 +1,174 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: cmii-uas-fusion
namespace: 命名空间
labels:
cmii.type: backend
cmii.app: cmii-uas-fusion
octopus/control: backend-app-1.0.0
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/app-version: uas-2.0
spec:
replicas: 1
strategy:
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
cmii.type: backend
cmii.app: cmii-uas-fusion
template:
metadata:
labels:
cmii.type: backend
cmii.app: cmii-uas-fusion
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: uavcloud.env
operator: In
values:
- demo
imagePullSecrets:
- name: harborsecret
containers:
- name: cmii-uas-fusion
image: 10.22.57.8:8033/cmii/cmii-uas-fusion:2.2.0-112
imagePullPolicy: Always
env:
- name: K8S_NAMESPACE
value: 命名空间
- name: APPLICATION_NAME
value: cmii-uas-fusion
- name: CUST_JAVA_OPTS
value: "-Xms200m -Xmx1500m -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -Dlog4j2.formatMsgNoLookups=true"
- name: NACOS_REGISTRY
value: "helm-nacos:8848"
- name: NACOS_DISCOVERY_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: NACOS_DISCOVERY_PORT
value: "8080"
- name: BIZ_CONFIG_GROUP
value: uas-2.3
- name: SYS_CONFIG_GROUP
value: uas-2.3
- name: NACOS_USERNAME
value: "developer"
- name: NACOS_PASSWORD
value: "Deve@9128201"
- name: IMAGE_NAME
value: uas-2.3
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: LIMIT_CPU
valueFrom:
resourceFieldRef:
containerName: cmii-uas-fusion
resource: limits.cpu
- name: LIMIT_MEMORY
valueFrom:
resourceFieldRef:
containerName: cmii-uas-fusion
resource: limits.memory
- name: REQUEST_CPU
valueFrom:
resourceFieldRef:
containerName: cmii-uas-fusion
resource: requests.cpu
- name: REQUEST_MEMORY
valueFrom:
resourceFieldRef:
containerName: cmii-uas-fusion
resource: requests.memory
ports:
- name: pod-port
containerPort: 8080
protocol: TCP
resources:
limits:
memory: 2Gi
cpu: "2"
requests:
memory: 200Mi
cpu: 200m
livenessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
startupProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 3
periodSeconds: 20
successThreshold: 1
failureThreshold: 5
volumeMounts:
- name: nfs-backend-log-volume
mountPath: /cmii/logs
readOnly: false
subPath: 命名空间/cmii-uas-fusion
volumes:
- name: nfs-backend-log-volume
persistentVolumeClaim:
claimName: nfs-backend-log-pvc
---
apiVersion: v1
kind: Service
metadata:
name: cmii-uas-fusion
namespace: 命名空间
labels:
cmii.type: backend
cmii.app: cmii-uas-fusion
octopus/control: backend-app-1.0.0
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/app-version: uas-2.0
spec:
type: ClusterIP
selector:
cmii.type: backend
cmii.app: cmii-uas-fusion
ports:
- name: backend-tcp
port: 8080
protocol: TCP
targetPort: 8080

174
71-202601-XA监管平台/260304-升级23/cmii-uav-data-center.yaml Normal file
View File

@@ -0,0 +1,174 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: cmii-uav-data-center
namespace: 命名空间
labels:
cmii.type: backend
cmii.app: cmii-uav-data-center
octopus/control: backend-app-1.0.0
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/app-version: uas-2.3
spec:
replicas: 1
strategy:
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
cmii.type: backend
cmii.app: cmii-uav-data-center
template:
metadata:
labels:
cmii.type: backend
cmii.app: cmii-uav-data-center
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: uavcloud.env
operator: In
values:
- demo
imagePullSecrets:
- name: harborsecret
containers:
- name: cmii-uav-data-center
image: 10.22.57.8:8033/cmii/cmii-uav-data-center:2.3.1-xa-20260304
imagePullPolicy: Always
env:
- name: K8S_NAMESPACE
value: 命名空间
- name: APPLICATION_NAME
value: cmii-uav-data-center
- name: CUST_JAVA_OPTS
value: "-Xms1024m -Xmx3072m -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -Dlog4j2.formatMsgNoLookups=true -Duser.timezone=Asia/Shanghai"
- name: NACOS_REGISTRY
value: "helm-nacos:8848"
- name: NACOS_DISCOVERY_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: NACOS_DISCOVERY_PORT
value: "8080"
- name: BIZ_CONFIG_GROUP
value: uas-2.3
- name: SYS_CONFIG_GROUP
value: uas-2.3
- name: NACOS_USERNAME
value: "developer"
- name: NACOS_PASSWORD
value: "Deve@9128201"
- name: IMAGE_NAME
value: uas-2.3
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: LIMIT_CPU
valueFrom:
resourceFieldRef:
containerName: cmii-uav-data-center
resource: limits.cpu
- name: LIMIT_MEMORY
valueFrom:
resourceFieldRef:
containerName: cmii-uav-data-center
resource: limits.memory
- name: REQUEST_CPU
valueFrom:
resourceFieldRef:
containerName: cmii-uav-data-center
resource: requests.cpu
- name: REQUEST_MEMORY
valueFrom:
resourceFieldRef:
containerName: cmii-uav-data-center
resource: requests.memory
ports:
- name: pod-port
containerPort: 8080
protocol: TCP
resources:
limits:
memory: 4Gi
cpu: "2"
requests:
memory: 200Mi
cpu: 200m
livenessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
startupProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 3
periodSeconds: 20
successThreshold: 1
failureThreshold: 5
volumeMounts:
- name: nfs-backend-log-volume
mountPath: /cmii/logs
readOnly: false
subPath: 命名空间/cmii-uav-data-center
volumes:
- name: nfs-backend-log-volume
persistentVolumeClaim:
claimName: nfs-backend-log-pvc
---
apiVersion: v1
kind: Service
metadata:
name: cmii-uav-data-center
namespace: 命名空间
labels:
cmii.type: backend
cmii.app: cmii-uav-data-center
octopus/control: backend-app-1.0.0
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/app-version: uas-2.3
spec:
type: ClusterIP
selector:
cmii.type: backend
cmii.app: cmii-uav-data-center
ports:
- name: backend-tcp
port: 8080
protocol: TCP
targetPort: 8080

19
71-202601-XA监管平台/反向代理/caiyun-reverse-proxy.conf Normal file
View File

@@ -0,0 +1,19 @@
server {
listen 1997;
server_name localhost;
location / {
proxy_pass https://api.caiyunapi.com;
proxy_set_header Host api.caiyunapi.com;
proxy_ssl_name api.caiyunapi.com;
proxy_ssl_server_name on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}

28
71-202601-XA监管平台/反向代理/gaode-reverse-proxy.conf Normal file
View File

@@ -0,0 +1,28 @@
server {
listen 1998;
server_name localhost;
location /v3/ {
proxy_pass https://restapi.amap.com/v3/;
# 必须设置,否则高德服务器可能会拒绝请求
proxy_set_header Host restapi.amap.com;
# 核心:确保 SSL 握手时发送正确的域名
proxy_ssl_name restapi.amap.com;
proxy_ssl_server_name on;
proxy_ssl_protocols TLSv1.2 TLSv1.3;
# 常规转发头
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 优化连接
proxy_http_version 1.1;
proxy_set_header Connection "";
# 增加超时控制,防止 API 响应慢导致连接堆积
proxy_connect_timeout 10s;
proxy_read_timeout 30s;
}
}

12
72-202602-绵阳飞服/as_lite/zlm-端口反向代理.conf Normal file
View File

@@ -0,0 +1,12 @@
server {
listen 31935;
proxy_pass 192.168.1.6:31935;
}
server {
listen 30090 udp;
proxy_pass 192.168.1.6:30090;
}
server {
listen 30090;
proxy_pass 192.168.1.6:30090;
}

55
74-202603-新疆阿克苏地区/1-批量脚本.sh Normal file
View File

@@ -0,0 +1,55 @@
120.205.80.23
FJNFEI@hbfr769
1 核心服务 16 32 192.168.5.207
2 web服务Master节点 4 8 192.168.5.41
3 存储节点 4 8 100+2000 192.168.5.141
4 数据库服务 4 8 192.168.5.195
mv agent-wdd_linux_arm64 /usr/local/bin/agent-wdd
chmod +x /usr/local/bin/agent-wdd
# 主节点安装ssh-key
/usr/local/bin/agent-wdd base ssh config
/usr/local/bin/agent-wdd base ssh key
DEFAULT_HTTP_BACKEND_IP=$(kubectl -n ingress-nginx get svc default-http-backend -o jsonpath='{.spec.clusterIP}')
192.168.5.41
# 批量执行命令
host_list=(
192.168.5.41
192.168.5.207
192.168.5.141
192.168.5.195
)
for server in "${host_list[@]}";do
echo " ---> current ip is $server - $(hostname)"
ssh root@"$server" "DEFAULT_HTTP_BACKEND_IP='$DEFAULT_HTTP_BACKEND_IP' bash -s" <<'EOF'
echo "DEFAULT_HTTP_BACKEND_IP=$DEFAULT_HTTP_BACKEND_IP"
curl -s "http://${DEFAULT_HTTP_BACKEND_IP}"
echo
EOF
echo ""
done
scp /usr/local/bin/agent-wdd root@${server}:/usr/local/bin/agent-wdd
ssh root@${server} "/usr/local/bin/agent-wdd base ssh config && /usr/local/bin/agent-wdd base ssh key"
ssh root@${server} "echo yes"
scp /root/wdd/docker-arm64-20.10.15.tgz root@${server}:/root/wdd/docker-arm64-20.10.15.tgz
ssh root@${server} "cd /root/wdd/ && tar -zvxf docker-arm64-20.10.15.tgz"
scp /root/wdd/docker-compose-v2.18.0-linux-arm64 root@${server}:/root/wdd/
ssh root@${server} "/usr/local/bin/agent-wdd base docker local"
ssh root@${server} "/usr/local/bin/agent-wdd base dockercompose local"

BIN
74-202603-新疆阿克苏地区/as_lite/as_lite.zip Normal file
View File

Binary file not shown.

84
74-202603-新疆阿克苏地区/b-disk.sh Normal file
View File

@@ -0,0 +1,84 @@
#!/bin/bash
set -e
# 用户配置部分
DISK="/dev/vdb" # 要操作的物理磁盘(请根据实际情况修改)
MOUNT_PATH="/var/lib/docker" # 挂载点路径(目录会自动创建)
FS_TYPE="ext4" # 文件系统类型支持ext4/xfs默认ext4
#----------------------------------------------------------
# 核心逻辑(建议非必要不修改)
#----------------------------------------------------------
function check_prerequisites() {
# 必须root权限运行检查
[[ $EUID -ne 0 ]] && echo -e "\033[31m错误必须使用root权限运行此脚本\033[0m" && exit 1
# 磁盘存在性检查
[[ ! -b "$DISK" ]] && echo -e "\033[31m错误磁盘 $DISK 不存在\033[0m" && exit 1
# 文件系统类型校验
if [[ "$FS_TYPE" != "ext4" && "$FS_TYPE" != "xfs" ]]; then
echo -e "\033[31m错误不支持的磁盘格式 $FS_TYPE,仅支持 ext4/xfs\033[0m"
exit 1
fi
}
function prepare_disk() {
local partition="${DISK}1"
echo -e "\033[34m正在初始化磁盘分区...\033[0m"
parted "$DISK" --script mklabel gpt
parted "$DISK" --script mkpart primary 0% 100%
parted "$DISK" --script set 1 lvm on
partprobe "$DISK" # 确保系统识别新分区表
echo -e "\033[34m正在创建LVM结构...\033[0m"
pvcreate "$partition"
vgcreate datavg "$partition"
lvcreate -y -l 100%FREE -n lvdata datavg
}
function format_and_mount() {
echo -e "\033[34m格式化逻辑卷...\033[0m"
if [[ "$FS_TYPE" == "ext4" ]]; then
mkfs.ext4 -F "/dev/datavg/lvdata"
else
mkfs.xfs -f "/dev/datavg/lvdata"
fi
echo -e "\033[34m设置挂载配置...\033[0m"
mkdir -p "$MOUNT_PATH"
UUID=$(blkid -s UUID -o value "/dev/datavg/lvdata")
echo "UUID=$UUID $MOUNT_PATH $FS_TYPE defaults 0 0" | tee -a /etc/fstab >/dev/null
mount -a
}
function verify_result() {
echo -e "\n\033[1;36m最终验证结果\033[0m"
lsblk -f "$DISK"
echo -e "\n磁盘空间使用情况"
df -hT "$MOUNT_PATH"
}
# 主执行流程
check_prerequisites
prepare_disk
format_and_mount
verify_result
echo -e "\n\033[32m操作执行完毕请仔细核查上述输出信息\033[0m"
#请写一个shell脚本脚本前面有变量可以设置 物理磁盘名称 挂载点路径 磁盘格式化的形式,脚本实现如下的功能
#1.将物理磁盘的盘符修改为gpt格式
#2.将物理磁盘全部空间创建一个分区分区格式为lvm
#3.将分区分配给逻辑卷datavg
#4.将datavg所有可用的空间分配给逻辑卷lvdata
#5.将逻辑卷格式化为变量磁盘格式化的形式(支持xfs和ext4的格式,默认为ext4)
#6.创建变量挂载点路径
#7.写入/etc/fatab,将逻辑卷挂载到变量挂载点,执行全部挂在操作
#8.执行lsblk和df -TH查看分区是否正确挂载

83
74-202603-新疆阿克苏地区/cmii-update.sh Normal file
View File

@@ -0,0 +1,83 @@
#!/bin/bash
harbor_host=192.168.5.41:8033
namespace=xj-aks-uav-260304
app_name=""
new_tag=""
download_from_oss() {
if [ "$1" == "" ]; then
echo "no zip file in error!"
exit 233
fi
echo "start to download => $1"
wget "https://oss.demo.uavcmlc.com/cmlc-installation/tmp/$1"
echo ""
echo ""
}
upload_image_to_harbor(){
if [ "$app_name" == "" ]; then
echo "app name null exit!"
exit 233
fi
if ! docker load < "$1"; then
echo "docker load error !"
fi
docker tag "harbor.cdcyy.com.cn/cmii/$app_name:$new_tag" "$harbor_host/cmii/$app_name:$new_tag"
echo ""
echo ""
echo "upload_image_to_harbor - start to push to => $harbor_host/cmii/$app_name:$new_tag"
docker login -u admin -p V2ryStr@ngPss $harbor_host
docker push "$harbor_host/cmii/$app_name:$new_tag"
echo ""
echo ""
}
parse_args(){
if [ "$1" == "" ]; then
echo "no zip file in error!"
exit 233
fi
local image_name="$1"
# cmii-uav-surveillance=5.2.0-27031-cqga=2024-03-04=573.tar.gz
app_name=$(echo $image_name | cut -d "=" -f1)
new_tag=$(echo $image_name | cut -d "=" -f2)
}
update_image_tag(){
if [ "$new_tag" == "" ]; then
echo "new tag error!"
exit 233
fi
local image_prefix=$(kubectl -n ${namespace} get deployment "${app_name}" -o=jsonpath='{.spec.template.spec.containers[*].image}' | cut -d":" -f1)
echo "image grep is => ${image_prefix}"
echo "start to update ${namespace} ${app_name} to ${new_tag} !"
echo ""
kubectl -n ${namespace} patch deployment "${app_name}" -p "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"${app_name}\",\"image\": \"${harbor_host}/cmii/$app_name:${new_tag}\"}]}}}}"
echo ""
echo "start to wait for 3 seconds!"
sleep 3
local image_new=$(kubectl -n ${namespace} get deployment "${app_name}" -o=jsonpath='{.spec.template.spec.containers[*].image}')
echo ""
echo "new image are => $image_new"
echo ""
}
main(){
parse_args "$1"
download_from_oss "$1"
upload_image_to_harbor "$1"
update_image_tag
}
main "$@"

49
74-202603-新疆阿克苏地区/harbor-config.yml Normal file
View File

@@ -0,0 +1,49 @@
hostname: 192.168.5.41
http:
port: 8033
harbor_admin_password: V2ryStr@ngPss
database:
password: V2ryStr@ngPss
max_idle_conns: 50
max_open_conns: 1000
conn_max_lifetime: 3600
conn_max_idle_time: 3600
data_volume: /var/lib/docker/harbor-data
jobservice:
max_job_workers: 10
job_loggers:
- STD_OUTPUT
- FILE
logger_sweeper_duration: 3
notification:
webhook_job_max_retry: 10
webhook_job_http_client_timeout: 10
log:
level: warning
local:
rotate_count: 50
rotate_size: 200M
location: /var/log/harbor
cache:
enabled: false
expire_hours: 24
_version: 2.13.0
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- trivy

4
74-202603-新疆阿克苏地区/k8s-token.txt Normal file
View File

@@ -0,0 +1,4 @@
https://120.205.80.23:39999/#/login
eyJhbGciOiJSUzI1NiIsImtpZCI6Im1PV3ptUVZuQTVrMnU2XzZDQ3ZfSXR1OWNFUlZpTkgwWHFBUHZld3BfNlUifQ.eyJhdWQiOlsidW5rbm93biJdLCJleHAiOjE4NjcyMjYyMzcsImlhdCI6MTc3MjYxODIzNywiaXNzIjoicmtlIiwianRpIjoiNDNlNjhkYjktYmM1ZS00NjE0LTgxNmItNzRmNDI1ZDNjOTA2Iiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJhZG1pbi11c2VyIiwidWlkIjoiMzJhOGQ3NjAtNDI1OC00MTJmLWE4MDItMTQ2ZWViNjA1YWY2In19LCJuYmYiOjE3NzI2MTgyMzcsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDphZG1pbi11c2VyIn0.Aolb4liE-07NxwwkJlVtRaSc1num_qiR1Lb3OJPpQorweZ-t-1TiXIsuCoVEqt_5SrVpeHlZisL8zNWxWq9FPjs-nhXGCywwsb7gdTYt6SCawTHmyWtOPNU89YuV4vCGq2kDpMlxnGmDsCVnz4y99vZo01qta78FDjP9Uxcbz-VoTBwSlaHPjMDVbGqcdL6cMz0-XYI-SKFv9iZPb5vgj6b1VuJAAsOwc1C84yRudO8GVoQodYNdhA9ozRx_-O3De5Vr92H99mXikozC5Z2VrLOOBaQtYWNuAJ4-Rt6gmqqMWm-bxVT5bH1mqG2bhwNkQNmthKz2zu-4xLL2xyCmVw

215
74-202603-新疆阿克苏地区/k8s-yaml/fly-center.yaml Normal file
View File

@@ -0,0 +1,215 @@
kind: Deployment
apiVersion: apps/v1
metadata:
name: cmii-fly-center
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/app-version: 6.0.0
app.kubernetes.io/managed-by: octopus
cmii.app: cmii-fly-center
cmii.type: backend
octopus/control: backend-app-1.0.0
spec:
replicas: 1
selector:
matchLabels:
cmii.app: cmii-fly-center
cmii.type: backend
template:
metadata:
creationTimestamp: null
labels:
cmii.app: cmii-fly-center
cmii.type: backend
spec:
volumes:
- name: application-k8s
configMap:
name: cmii-fly-center-cm
items:
- key: application-k8s.yml
path: application-k8s.yml
defaultMode: 420
- name: nfs-backend-log-volume
persistentVolumeClaim:
claimName: nfs-backend-log-pvc
containers:
- name: cmii-fly-center
image: 192.168.5.41:8033/cmii/cmii-fly-center:1.5.0-xa-030301-arm
ports:
- name: pod-port
containerPort: 8080
protocol: TCP
env:
- name: K8S_NAMESPACE
value: xj-aks-uav-260304
- name: APPLICATION_NAME
value: cmii-fly-center
- name: CUST_JAVA_OPTS
value: '-Xms2000m -Xmx4500m -Dlog4j2.formatMsgNoLookups=true'
- name: NACOS_REGISTRY
value: helm-nacos:8848
- name: NACOS_DISCOVERY_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: NACOS_DISCOVERY_PORT
value: '8080'
- name: BIZ_CONFIG_GROUP
value: 5.7.0
- name: SYS_CONFIG_GROUP
value: 5.7.0
- name: IMAGE_VERSION
value: 5.7.0
- name: NACOS_USERNAME
value: developer
- name: NACOS_PASSWORD
value: Deve@9128201
- name: SPRING_PROFILES_ACTIVE
value: k8s,db,cache,message
resources:
limits:
cpu: '4'
memory: 6Gi
requests:
cpu: '4'
memory: 2Gi
volumeMounts:
- name: application-k8s
mountPath: /cmii/config/application-k8s.yml
subPath: application-k8s.yml
- name: nfs-backend-log-volume
mountPath: /cmii/logs
subPath: uavcloud-devflight/cmii-fly-center
livenessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
startupProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 3
periodSeconds: 20
successThreshold: 1
failureThreshold: 5
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: harborsecret
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: uavcloud.env
operator: In
values:
- yuansong
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
---
kind: Service
apiVersion: v1
metadata:
name: cmii-fly-center
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/app-version: 6.0.0
app.kubernetes.io/managed-by: octopus
cmii.app: cmii-fly-center
cmii.type: backend
octopus/control: backend-app-1.0.0
spec:
ports:
- name: backend-tcp
protocol: TCP
port: 8080
targetPort: 8080
selector:
cmii.app: cmii-fly-center
cmii.type: backend
type: ClusterIP
---
kind: ConfigMap
apiVersion: v1
metadata:
name: cmii-fly-center-cm
namespace: xj-aks-uav-260304
data:
application-k8s.yml: |
center:
####################下面部分为中间件对应配置,需要确认!!!#######################
############使用k8s部署的中间件可以直接用k8s里面的服务名#################
db:
ip: helm-mysql
port: 3306
username: k8s_admin
password: fP#UaH6qQ3)8
rabbitmq:
ip: helm-rabbitmq
port: 5672
username: admin
password: nYcRN91r._hj
redis:
ip: helm-redis-master
port: 6379
password: Mcache@4522
mqtt:
BASIC:
ip: helm-emqxs
port: 1883 # mqtt内部1883端口
username: cmlc
password: odD8#Ve7.B
DRC:
ip: 120.205.80.23 # 设备连接的mqtt的公网IP
port: 31883 # 1883映射的公网端口
username: cmlc
password: odD8#Ve7.B
influxdb:
ip: helm-influxdb #influxdb宿主机的内部ip
port: 8086 #influxdb宿主机的端口
token: YunnHJASAAdj23rasQAWd621erGAS82kaqj
org: cmii
bucket: cmii
minio:
ip: helm-minio # minio服务的宿主机ip
port: 9000
access-key: cmii # minio的访问key
secret-key: B#923fC7mk # minio访问secret
publicEndpoint: http://120.205.80.23:39000
shareEndpoint: http://120.205.80.23:8088/center
hub:
appKey: Zhdjk*72uU^2xz@s

79
74-202603-新疆阿克苏地区/k8s-yaml/helm-minio.yaml Normal file
View File

@@ -0,0 +1,79 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
namespace: xj-aks-uav-260304
name: helm-minio
spec:
serviceName: helm-minio
replicas: 1
selector:
matchLabels:
app: helm-minio
template:
metadata:
labels:
app: helm-minio
spec:
imagePullSecrets:
- name: harborsecret
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: minio-deploy
operator: In
values:
- "true"
containers:
- name: minio
image: 192.168.5.41:8033/cmii/minio:RELEASE.2023-06-02T23-17-26Z
command: ["/bin/sh", "-c"]
args:
- minio server /data --console-address ":9001"
ports:
- containerPort: 9000
name: api
- containerPort: 9001
name: console
env:
- name: MINIO_ACCESS_KEY
value: "cmii"
- name: MINIO_SECRET_KEY
value: "B#923fC7mk"
volumeMounts:
- name: data
mountPath: /data
resources:
limits:
memory: 1Gi
cpu: "1"
requests:
memory: 200Mi
cpu: 200m
volumes:
- name: data
# persistentVolumeClaim:
# claimName: helm-minio
hostPath:
path: /var/lib/docker/minio-pv/
---
apiVersion: v1
kind: Service
metadata:
name: helm-minio
namespace: xj-aks-uav-260304
spec:
selector:
app: helm-minio
ports:
- name: api
port: 9000
targetPort: 9000
nodePort: 39000
- name: console
port: 9001
targetPort: 9001
nodePort: 39001
type: NodePort

350
74-202603-新疆阿克苏地区/k8s-yaml/k8s-backend.yaml Normal file
View File

@@ -0,0 +1,350 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cmii-fly-center
namespace: xj-aks-uav-260304
labels:
cmii.type: backend
cmii.app: cmii-fly-center
octopus/control: backend-app-1.0.0
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/app-version: 2.0
spec:
replicas: 1
strategy:
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
cmii.type: backend
cmii.app: cmii-fly-center
template:
metadata:
labels:
cmii.type: backend
cmii.app: cmii-fly-center
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: uavcloud.env
operator: In
values:
- yuansong
imagePullSecrets:
- name: harborsecret
containers:
- name: cmii-fly-center
image: 192.168.5.41:8033/cmii/cmii-fly-center:1.5.0-xa-030301-arm
imagePullPolicy: Always
env:
- name: K8S_NAMESPACE
value: xj-aks-uav-260304
- name: APPLICATION_NAME
value: cmii-fly-center
- name: CUST_JAVA_OPTS
value: "-Xms200m -Xmx1500m -Dlog4j2.formatMsgNoLookups=true"
- name: NACOS_REGISTRY
value: "helm-nacos:8848"
- name: NACOS_DISCOVERY_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: NACOS_DISCOVERY_PORT
value: "8080"
- name: BIZ_CONFIG_GROUP
value: 2.0
- name: SYS_CONFIG_GROUP
value: 2.0
- name: NACOS_USERNAME
value: "developer"
- name: NACOS_PASSWORD
value: "Deve@9128201"
- name: IMAGE_NAME
value: 192.168.5.41:8033/cmii/cmii-fly-center:1.5.0-xa-030301-arm
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: LIMIT_CPU
valueFrom:
resourceFieldRef:
containerName: cmii-fly-center
resource: limits.cpu
- name: LIMIT_MEMORY
valueFrom:
resourceFieldRef:
containerName: cmii-fly-center
resource: limits.memory
- name: REQUEST_CPU
valueFrom:
resourceFieldRef:
containerName: cmii-fly-center
resource: requests.cpu
- name: REQUEST_MEMORY
valueFrom:
resourceFieldRef:
containerName: cmii-fly-center
resource: requests.memory
ports:
- name: pod-port
containerPort: 8080
protocol: TCP
resources:
limits:
memory: 2Gi
cpu: "2"
requests:
memory: 200Mi
cpu: 200m
livenessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
startupProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 3
periodSeconds: 20
successThreshold: 1
failureThreshold: 5
volumeMounts:
- name: nfs-backend-log-volume
mountPath: /cmii/logs
readOnly: false
subPath: xj-aks-uav-260304/cmii-fly-center
volumes:
- name: nfs-backend-log-volume
persistentVolumeClaim:
claimName: nfs-backend-log-pvc
---
apiVersion: v1
kind: Service
metadata:
name: cmii-fly-center
namespace: xj-aks-uav-260304
labels:
cmii.type: backend
cmii.app: cmii-fly-center
octopus/control: backend-app-1.0.0
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/app-version: 2.0
spec:
type: ClusterIP
selector:
cmii.type: backend
cmii.app: cmii-fly-center
ports:
- name: backend-tcp
port: 8080
protocol: TCP
targetPort: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cmii-sky-converge
namespace: xj-aks-uav-260304
labels:
cmii.type: backend
cmii.app: cmii-sky-converge
octopus/control: backend-app-1.0.0
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/app-version: 2.0
spec:
replicas: 1
strategy:
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
cmii.type: backend
cmii.app: cmii-sky-converge
template:
metadata:
labels:
cmii.type: backend
cmii.app: cmii-sky-converge
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: uavcloud.env
operator: In
values:
- yuansong
imagePullSecrets:
- name: harborsecret
containers:
- name: cmii-sky-converge
image: 192.168.5.41:8033/cmii/cmii-sky-converge:1.4.0-xa-0303-arm
imagePullPolicy: Always
env:
- name: K8S_NAMESPACE
value: xj-aks-uav-260304
- name: APPLICATION_NAME
value: cmii-sky-converge
- name: CUST_JAVA_OPTS
value: "-Xms200m -Xmx1500m -Dlog4j2.formatMsgNoLookups=true"
- name: NACOS_REGISTRY
value: "helm-nacos:8848"
- name: NACOS_DISCOVERY_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: NACOS_DISCOVERY_PORT
value: "8080"
- name: BIZ_CONFIG_GROUP
value: 2.0
- name: SYS_CONFIG_GROUP
value: 2.0
- name: NACOS_USERNAME
value: "developer"
- name: NACOS_PASSWORD
value: "Deve@9128201"
- name: IMAGE_NAME
value: 192.168.5.41:8033/cmii/cmii-sky-converge:1.4.0-xa-0303-arm
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: LIMIT_CPU
valueFrom:
resourceFieldRef:
containerName: cmii-sky-converge
resource: limits.cpu
- name: LIMIT_MEMORY
valueFrom:
resourceFieldRef:
containerName: cmii-sky-converge
resource: limits.memory
- name: REQUEST_CPU
valueFrom:
resourceFieldRef:
containerName: cmii-sky-converge
resource: requests.cpu
- name: REQUEST_MEMORY
valueFrom:
resourceFieldRef:
containerName: cmii-sky-converge
resource: requests.memory
ports:
- name: pod-port
containerPort: 8080
protocol: TCP
resources:
limits:
memory: 2Gi
cpu: "2"
requests:
memory: 200Mi
cpu: 200m
livenessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
startupProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 3
periodSeconds: 20
successThreshold: 1
failureThreshold: 5
volumeMounts:
- name: nfs-backend-log-volume
mountPath: /cmii/logs
readOnly: false
subPath: xj-aks-uav-260304/cmii-sky-converge
volumes:
- name: nfs-backend-log-volume
persistentVolumeClaim:
claimName: nfs-backend-log-pvc
---
apiVersion: v1
kind: Service
metadata:
name: cmii-sky-converge
namespace: xj-aks-uav-260304
labels:
cmii.type: backend
cmii.app: cmii-sky-converge
octopus/control: backend-app-1.0.0
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/app-version: 2.0
spec:
type: ClusterIP
selector:
cmii.type: backend
cmii.app: cmii-sky-converge
ports:
- name: backend-tcp
port: 8080
protocol: TCP
targetPort: 8080

686
74-202603-新疆阿克苏地区/k8s-yaml/k8s-configmap.yaml Normal file
View File

@@ -0,0 +1,686 @@
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-detection
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "detection",
AppClientId: "APP_FDHW2VLVDWPnnOCy"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-jiangsuwenlv
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "jiangsuwenlv",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-qingdao
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "qingdao",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-uasms
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "uasms",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-secenter
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "secenter",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-renyike
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "renyike",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-armypeople
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "armypeople",
AppClientId: "APP_UIegse6Lfou9pO1U"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-traffic
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "traffic",
AppClientId: "APP_Jc8i2wOQ1t73QEJS"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-cmsportal
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "cmsportal",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-visualization
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "visualization",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-uasms
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "uasms",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-pilot2cloud
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "pilot2cloud",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-blockchain
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "blockchain",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-smauth
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "smauth",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-iot
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "iot",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-lite
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "lite",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-multiterminal
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "multiterminal",
AppClientId: "APP_PvdfRRRBPL8xbIwl"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-share
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "share",
AppClientId: "APP_4lVSVI0ZGxTssir8"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-splice
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "splice",
AppClientId: "APP_zE0M3sTRXrCIJS8Y"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-qinghaitourism
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "qinghaitourism",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-hljtt
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "hljtt",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-uas
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "uas",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-dispatchh5
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "dispatchh5",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-uavmsmanager
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "uavmsmanager",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-ai-brain
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "ai-brain",
AppClientId: "APP_rafnuCAmBESIVYMH"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-base
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "base",
AppClientId: "APP_9LY41OaKSqk2btY0"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-uas
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "uas",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-dikongzhixingh5
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "dikongzhixingh5",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-supervisionh5
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "supervisionh5",
AppClientId: "APP_qqSu82THfexI8PLM"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-seniclive
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "seniclive",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-classification
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "classification",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-eventsh5
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "eventsh5",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-mianyangbackend
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "mianyangbackend",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-awareness
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "awareness",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-flight-control
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "flight-control",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-supervision
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "supervision",
AppClientId: "APP_qqSu82THfexI8PLM"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-emergency
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "emergency",
AppClientId: "APP_aGsTAY1uMZrpKdfk"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-oms
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "oms",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-security
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "security",
AppClientId: "APP_JUSEMc7afyWXxvE7"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-securityh5
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "securityh5",
AppClientId: "APP_N3ImO0Ubfu9peRHD"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-logistics
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "logistics",
AppClientId: "APP_PvdfRRRBPL8xbIwl"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-media
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "media",
AppClientId: "APP_4AU8lbifESQO4FD6"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-mws
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "mws",
AppClientId: "APP_uKniXPELlRERBBwK"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-open
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "open",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-threedsimulation
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "threedsimulation",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-hyper
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "hyper",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-scanner
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "scanner",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-smsecret
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "smsecret",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-pangu
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "",
AppClientId: "empty"
}

315
74-202603-新疆阿克苏地区/k8s-yaml/k8s-dashboard.yaml Normal file
View File

@@ -0,0 +1,315 @@
---
# ------------------- Dashboard Namespace ------------------- #
apiVersion: v1
kind: Namespace
metadata:
name: kubernetes-dashboard
---
# ------------------- Service Account ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
# ------------------- Dashboard Service (NodePort 39999) ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 39999
selector:
k8s-app: kubernetes-dashboard
---
# ------------------- Dashboard Secrets ------------------- #
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kubernetes-dashboard
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kubernetes-dashboard
type: Opaque
data:
csrf: ""
---
# ------------------- Dashboard Role (FIXED) ------------------- #
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-minimal
namespace: kubernetes-dashboard
rules:
# [修复] 允许创建 Secrets解决 panic 问题
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create"]
# 允许对特定 Secrets 进行操作
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
verbs: ["get", "update", "delete"]
# ConfigMaps 权限
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Metrics 权限
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster", "dashboard-metrics-scraper"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
verbs: ["get"]
---
# ------------------- Dashboard RoleBinding ------------------- #
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-minimal
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard-minimal
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
# ------------------- Dashboard Deployment ------------------- #
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: 192.168.5.41:8033/cmii/dashboard:v2.7.0
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --namespace=kubernetes-dashboard
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
---
# ------------------- Metrics Scraper Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
ports:
- port: 8000
targetPort: 8000
selector:
k8s-app: dashboard-metrics-scraper
---
# ------------------- Metrics Scraper Deployment ------------------- #
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: dashboard-metrics-scraper
template:
metadata:
labels:
k8s-app: dashboard-metrics-scraper
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
spec:
containers:
- name: dashboard-metrics-scraper
image: 192.168.5.41:8033/cmii/metrics-scraper:v1.0.9
ports:
- containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 30
volumeMounts:
- mountPath: /tmp
name: tmp-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
volumes:
- name: tmp-volume
emptyDir: {}
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
---
# ==================================================================
# 自定义用户配置部分 (ADMIN & READ-ONLY)
# ==================================================================
# ------------------- 1. Admin User (全部权限) ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
---
# ------------------- 2. Read-Only User (只读+看日志) ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
name: read-only-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: dashboard-view-with-logs
rules:
- apiGroups: [""]
resources: ["configmaps", "endpoints", "persistentvolumeclaims", "pods", "replicationcontrollers", "replicationcontrollers/scale", "serviceaccounts", "services", "nodes", "persistentvolumeclaims", "persistentvolumes", "namespaces"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
resources: ["daemonsets", "deployments", "replicasets", "statefulsets"]
verbs: ["get", "list", "watch"]
- apiGroups: ["batch"]
resources: ["cronjobs", "jobs"]
verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses", "networkpolicies"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["events.k8s.io"]
resources: ["events"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: read-only-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dashboard-view-with-logs
subjects:
- kind: ServiceAccount
name: read-only-user
namespace: kubernetes-dashboard

664
74-202603-新疆阿克苏地区/k8s-yaml/k8s-emqx.yaml Normal file
View File

@@ -0,0 +1,664 @@
---
---
# ============== Secret - 密码管理 ==============
apiVersion: v1
kind: Secret
metadata:
name: emqx-credentials
namespace: xj-aks-uav-260304
labels:
cmii.type: middleware
cmii.app: helm-emqxs
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
type: Opaque
stringData:
# Dashboard管理员密码
dashboard-admin-password: "odD8#Ve7.B"
# MQTT用户密码
mqtt-admin-password: "odD8#Ve7.B"
---
# ============== ServiceAccount ==============
apiVersion: v1
kind: ServiceAccount
metadata:
name: helm-emqxs
namespace: xj-aks-uav-260304
---
# ============== Role - RBAC ==============
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: helm-emqxs
namespace: xj-aks-uav-260304
rules:
- apiGroups: [""]
resources:
- endpoints
- pods
verbs:
- get
- watch
- list
---
# ============== RoleBinding ==============
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: helm-emqxs
namespace: xj-aks-uav-260304
subjects:
- kind: ServiceAccount
name: helm-emqxs
namespace: xj-aks-uav-260304
roleRef:
kind: Role
name: helm-emqxs
apiGroup: rbac.authorization.k8s.io
---
# ============== ConfigMap - Bootstrap配置文件 ==============
apiVersion: v1
kind: ConfigMap
metadata:
name: emqx-bootstrap-config
namespace: xj-aks-uav-260304
labels:
cmii.type: middleware
cmii.app: helm-emqxs
data:
# 主配置文件 - 覆盖默认配置
emqx.conf: |
# 节点配置
node {
name = "emqx@${POD_NAME}.helm-emqxs-headless.xj-aks-uav-260304.svc.cluster.local"
cookie = "emqx-cluster-cookie-secret"
data_dir = "/opt/emqx/data"
}
# 集群配置
cluster {
name = emqxcl
# 单节点 建议为 manual 多节点为k8s
discovery_strategy = manual
k8s {
apiserver = "https://kubernetes.default.svc.cluster.local:443"
service_name = "helm-emqxs-headless"
# 这里可以改为 hostname
address_type = dns
namespace = "xj-aks-uav-260304"
suffix = "svc.cluster.local"
}
}
# 日志配置
log {
console {
enable = true
level = info
}
file {
enable = true
level = warning
path = "/opt/emqx/log"
}
}
# Dashboard配置
dashboard {
listeners.http {
bind = "0.0.0.0:18083"
}
default_username = "admin"
default_password = "public"
}
# 监听器配置
listeners.tcp.default {
bind = "0.0.0.0:1883"
max_connections = 1024000
}
listeners.ws.default {
bind = "0.0.0.0:8083"
max_connections = 1024000
websocket.mqtt_path = "/mqtt"
}
listeners.ssl.default {
bind = "0.0.0.0:8883"
max_connections = 512000
}
# 认证配置 - 使用内置数据库
authentication = [
{
mechanism = password_based
backend = built_in_database
user_id_type = username
password_hash_algorithm {
name = sha256
salt_position = suffix
}
# Bootstrap文件路径 - 用于初始化用户
bootstrap_file = "/opt/emqx/data/bootstrap_users.json"
bootstrap_type = plain
}
]
# 授权配置
authorization {
no_match = deny
deny_action = disconnect
sources = [
{
type = built_in_database
enable = true
}
]
}
# MQTT协议配置
mqtt {
max_packet_size = "1MB"
max_clientid_len = 65535
max_topic_levels = 128
max_qos_allowed = 2
max_topic_alias = 65535
retain_available = true
wildcard_subscription = true
shared_subscription = true
}
---
# ============== ConfigMap - Users & ACL (严格 JSON 格式) ==============
apiVersion: v1
kind: ConfigMap
metadata:
name: emqx-bootstrap-users
namespace: xj-aks-uav-260304
data:
bootstrap_users.json: |
[
{ "user_id": "admin", "password": "odD8#Ve7.B", "is_superuser": true },
{ "user_id": "cmlc", "password": "odD8#Ve7.B", "is_superuser": false }
]
# 【修改点】既然有jq这里使用标准的 JSON 数组格式,最不容易出错
bootstrap_acl.json: |
[
{
"username": "admin",
"rules": [
{"action": "all", "permission": "allow", "topic": "#"}
]
},
{
"username": "cmlc",
"rules": [
{"action": "publish", "permission": "allow", "topic": "#"},
{"action": "subscribe", "permission": "allow", "topic": "#"}
]
}
]
---
# ============== ConfigMap - 初始化脚本 (修正版) ==============
apiVersion: v1
kind: ConfigMap
metadata:
name: emqx-init-dashboard
namespace: xj-aks-uav-260304
data:
init-dashboard.sh: |
#!/bin/bash
set -e
DASHBOARD_USER="admin"
DASHBOARD_PASS="${DASHBOARD_ADMIN_PASSWORD}"
EMQX_API="http://localhost:18083/api/v5"
ACL_FILE="/bootstrap/bootstrap_acl.json"
# 辅助函数:打印带时间戳的日志
log() {
echo "[$(date +'%H:%M:%S')] $1"
}
log "======================================"
log "初始化 Dashboard 与 ACL (Debug Version)"
log "======================================"
# ----------------------------------------------------------------
# 1. 等待 EMQX API 就绪
# ----------------------------------------------------------------
log "[1/4] 等待 EMQX API 就绪..."
for i in $(seq 1 60); do
if curl -s -f -m 5 "${EMQX_API}/status" > /dev/null 2>&1; then
log "✓ EMQX API 已就绪"
break
fi
if [ $i -eq 60 ]; then
log "✗ EMQX API 启动超时"
exit 1
fi
sleep 5
done
# ----------------------------------------------------------------
# 2. 修改 Dashboard 密码
# ----------------------------------------------------------------
log "[2/4] 检查/更新 Dashboard 密码..."
# 获取 Token (尝试默认密码)
LOGIN_RESP=$(curl -s -X POST "${EMQX_API}/login" \
-H 'Content-Type: application/json' \
-d "{\"username\":\"${DASHBOARD_USER}\",\"password\":\"public\"}")
TOKEN=$(echo "$LOGIN_RESP" | jq -r '.token // empty')
if [ -n "$TOKEN" ]; then
log " 检测到默认密码,正在更新..."
curl -s -f -X POST "${EMQX_API}/users/${DASHBOARD_USER}/change_pwd" \
-H "Authorization: Bearer ${TOKEN}" \
-H 'Content-Type: application/json' \
-d "{\"old_pwd\":\"public\",\"new_pwd\":\"${DASHBOARD_PASS}\"}"
log " ✓ Dashboard 密码已更新"
else
log " 无法使用默认密码登录,跳过更新(可能已修改)"
fi
# ----------------------------------------------------------------
# 3. 导入 ACL 规则
# ----------------------------------------------------------------
echo "[3/3] 导入ACL规则..."
# 重新登录获取最新 Token
LOGIN_RESP=$(curl -sS -X POST "${EMQX_API}/login" \
-H 'Content-Type: application/json' \
-d "{\"username\":\"${DASHBOARD_USER}\",\"password\":\"${DASHBOARD_PASS}\"}")
TOKEN=$(echo "$LOGIN_RESP" | jq -r '.token // empty')
if [ -z "$TOKEN" ]; then
echo " ✗ 无法获取Token请检查密码设置"
exit 0
fi
if [ -f "$ACL_FILE" ]; then
echo " 正在解析 ACL 文件: $ACL_FILE"
if ! jq -e . "$ACL_FILE" >/dev/null 2>&1; then
echo " ✗ ACL 文件 JSON 格式错误,跳过处理"
exit 0
fi
jq -c '.[]' "$ACL_FILE" | while read -r user_config; do
USERNAME=$(echo "$user_config" | jq -r '.username // empty')
# ✅ PUT/POST 都需要 username + rulesusername 是 required
REQ_BODY=$(echo "$user_config" | jq -c '{username: .username, rules: .rules}')
if [ -z "$USERNAME" ]; then
echo " ✗ ACL 条目缺少 username跳过"
continue
fi
echo " 配置用户 ${USERNAME} 的ACL规则..."
# 1) 优先 PUT覆盖更新
http_code=$(curl -sS -o /tmp/emqx_acl_resp.json -w '%{http_code}' \
-X PUT "${EMQX_API}/authorization/sources/built_in_database/rules/users/${USERNAME}" \
-H "Authorization: Bearer ${TOKEN}" \
-H 'Content-Type: application/json' \
-d "$REQ_BODY")
if [ "$http_code" = "204" ]; then
echo " ✓ PUT 更新成功"
elif [ "$http_code" = "404" ]; then
# 2) 不存在则 POST 创建
http_code2=$(curl -sS -o /tmp/emqx_acl_resp.json -w '%{http_code}' \
-X POST "${EMQX_API}/authorization/sources/built_in_database/rules/users" \
-H "Authorization: Bearer ${TOKEN}" \
-H 'Content-Type: application/json' \
-d "$REQ_BODY")
if [ "$http_code2" = "204" ]; then
echo " ✓ POST 创建成功"
else
echo " ✗ POST 失败 (HTTP ${http_code2})$(cat /tmp/emqx_acl_resp.json 2>/dev/null || true)"
exit 1
fi
else
echo " ✗ PUT 失败 (HTTP ${http_code})$(cat /tmp/emqx_acl_resp.json 2>/dev/null || true)"
exit 1
fi
# 3) 导入后验证(可选但强烈建议保留)
verify_code=$(curl -sS -o /tmp/emqx_acl_verify.json -w '%{http_code}' \
-H "Authorization: Bearer ${TOKEN}" \
"${EMQX_API}/authorization/sources/built_in_database/rules/users/${USERNAME}")
if [ "$verify_code" = "200" ]; then
echo " ✓ 验证成功:$(cat /tmp/emqx_acl_verify.json | jq -c '.')"
else
echo " ✗ 验证失败 (HTTP ${verify_code})$(cat /tmp/emqx_acl_verify.json 2>/dev/null || true)"
exit 1
fi
done
echo " ✓ ACL 规则导入完成"
else
echo " 未找到 ACL 文件"
fi
---
# ============== StatefulSet ==============
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: helm-emqxs
namespace: xj-aks-uav-260304
labels:
cmii.type: middleware
cmii.app: helm-emqxs
cmii.emqx.architecture: cluster
helm.sh/chart: emqx-1.1.0
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
spec:
replicas: 1
serviceName: helm-emqxs-headless
podManagementPolicy: Parallel
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
cmii.type: middleware
cmii.app: helm-emqxs
cmii.emqx.architecture: cluster
template:
metadata:
labels:
cmii.type: middleware
cmii.app: helm-emqxs
cmii.emqx.architecture: cluster
helm.sh/chart: emqx-1.1.0
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: uavcloud.env
operator: In
values:
- yuansong
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: cmii.app
operator: In
values:
- helm-emqxs
topologyKey: kubernetes.io/hostname
imagePullSecrets:
- name: harborsecret
serviceAccountName: helm-emqxs
securityContext:
fsGroup: 1000
runAsUser: 1000
# InitContainer - 准备bootstrap文件
initContainers:
- name: prepare-bootstrap
# 动态选择 tools 镜像
image: 192.168.5.41:8033/cmii/os-shell:12-debian-12-r51
imagePullPolicy: IfNotPresent
# =========================================================
# 权限: 必须以 root 身份运行才能 chown
# =========================================================
securityContext:
runAsUser: 0
command:
- /bin/sh
- -c
- |
echo "准备bootstrap文件..."
# 创建数据目录
mkdir -p /opt/emqx/data
# 复制bootstrap文件到数据目录
# 只在文件不存在时复制,避免覆盖已有数据
if [ ! -f /opt/emqx/data/bootstrap_users.json ]; then
cp /bootstrap-src/bootstrap_users.json /opt/emqx/data/
echo "✓ 已复制用户bootstrap文件"
else
echo " 用户bootstrap文件已存在跳过"
fi
# 设置权限 (现在有root权限可以成功)
chown -R 1000:1000 /opt/emqx/data
echo "✓ Bootstrap准备完成"
volumeMounts:
- name: emqx-data
mountPath: /opt/emqx/data
- name: bootstrap-users
mountPath: /bootstrap-src
containers:
# 主容器 - EMQX
- name: emqx
# 动态选择 emqx 镜像
image: 192.168.5.41:8033/cmii/emqx:5.8.8
imagePullPolicy: IfNotPresent
env:
# Pod信息
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: EMQX_DATA_DIR
value: "/opt/emqx/data"
ports:
- name: mqtt
containerPort: 1883
- name: mqttssl
containerPort: 8883
- name: ws
containerPort: 8083
- name: dashboard
containerPort: 18083
- name: ekka
containerPort: 4370
resources:
requests:
cpu: "500m"
memory: "512Mi"
limits:
cpu: "2000m"
memory: "2Gi"
livenessProbe:
httpGet:
path: /status
port: 18083
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /status
port: 18083
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
startupProbe:
httpGet:
path: /status
port: 18083
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 30
volumeMounts:
- name: emqx-data
mountPath: /opt/emqx/data
# 使用 subPath 挂载单个配置文件,避免覆盖目录
- name: bootstrap-config
mountPath: /opt/emqx/etc/emqx.conf
subPath: emqx.conf
# Sidecar - 初始化Dashboard密码和ACL
- name: init-dashboard
# 动态选择 tools 镜像
image: 192.168.5.41:8033/cmii/os-shell:12-debian-12-r51
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- |
# 等待主容器启动
echo "等待EMQX启动..."
sleep 20
# 执行初始化
/bin/sh /scripts/init-dashboard.sh
# 保持运行
echo "初始化完成,进入守护模式..."
while true; do sleep 3600; done
env:
- name: DASHBOARD_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: emqx-credentials
key: dashboard-admin-password
resources:
requests:
cpu: "100m"
memory: "64Mi"
limits:
cpu: "200m"
memory: "128Mi"
volumeMounts:
- name: init-script
mountPath: /scripts
- name: bootstrap-users
mountPath: /bootstrap
volumes:
- name: bootstrap-config
configMap:
name: emqx-bootstrap-config
- name: bootstrap-users
configMap:
name: emqx-bootstrap-users
- name: init-script
configMap:
name: emqx-init-dashboard
defaultMode: 0755
- name: emqx-data
persistentVolumeClaim:
claimName: helm-emqxs
---
# ============== Service - Headless ==============
apiVersion: v1
kind: Service
metadata:
name: helm-emqxs-headless
namespace: xj-aks-uav-260304
labels:
cmii.type: middleware
cmii.app: helm-emqxs
cmii.emqx.architecture: cluster
helm.sh/chart: emqx-1.1.0
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
spec:
type: ClusterIP
clusterIP: None
publishNotReadyAddresses: true
selector:
cmii.type: middleware
cmii.app: helm-emqxs
cmii.emqx.architecture: cluster
ports:
- name: mqtt
port: 1883
targetPort: 1883
- name: mqttssl
port: 8883
targetPort: 8883
- name: ws
port: 8083
targetPort: 8083
- name: dashboard
port: 18083
targetPort: 18083
- name: ekka
port: 4370
targetPort: 4370
---
# ============== Service - NodePort ==============
apiVersion: v1
kind: Service
metadata:
name: helm-emqxs
namespace: xj-aks-uav-260304
labels:
cmii.type: middleware
cmii.app: helm-emqxs
cmii.emqx.architecture: cluster
helm.sh/chart: emqx-1.1.0
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
spec:
type: NodePort
selector:
cmii.type: middleware
cmii.app: helm-emqxs
cmii.emqx.architecture: cluster
ports:
- name: mqtt
port: 1883
targetPort: 1883
nodePort: 31883
- name: dashboard
port: 18083
targetPort: 18083
nodePort: 38085
- name: ws
port: 8083
targetPort: 8083
nodePort: 38083
- name: mqttssl
port: 8883
targetPort: 8883

114
74-202603-新疆阿克苏地区/k8s-yaml/k8s-frontend.yaml Normal file
View File

@@ -0,0 +1,114 @@
---
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-cm
namespace: xj-aks-uav-260304
labels:
cmii.type: frontend
data:
nginx.conf: |
server {
listen 9528;
server_name localhost;
gzip on;
location / {
root /home/cmii-platform/dist;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cmii-uav-platform-lite
namespace: xj-aks-uav-260304
labels:
cmii.type: frontend
cmii.app: cmii-uav-platform-lite
octopus.control: frontend-app-wdd
app.kubernetes.io/app-version: 2.0
spec:
replicas: 1
strategy:
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
cmii.type: frontend
cmii.app: cmii-uav-platform-lite
template:
metadata:
labels:
cmii.type: frontend
cmii.app: cmii-uav-platform-lite
spec:
imagePullSecrets:
- name: harborsecret
containers:
- name: cmii-uav-platform-lite
image: 192.168.5.41:8033/cmii/cmii-uav-platform-lite:2.0.0-2026012703-noicp
imagePullPolicy: Always
env:
- name: K8S_NAMESPACE
value: xj-aks-uav-260304
- name: APPLICATION_NAME
value: cmii-uav-platform-lite
ports:
- name: platform-9528
containerPort: 9528
protocol: TCP
resources:
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: 50m
memory: 50Mi
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/conf.d/nginx.conf
subPath: nginx.conf
- name: tenant-prefix
subPath: ingress-config.js
mountPath: /home/cmii-platform/dist/ingress-config.js
volumes:
- name: nginx-conf
configMap:
name: nginx-cm
items:
- key: nginx.conf
path: nginx.conf
- name: tenant-prefix
configMap:
name: tenant-prefix-lite
items:
- key: ingress-config.js
path: ingress-config.js
---
apiVersion: v1
kind: Service
metadata:
name: cmii-uav-platform-lite
namespace: xj-aks-uav-260304
labels:
cmii.type: frontend
cmii.app: cmii-uav-platform-lite
octopus.control: frontend-app-wdd
app.kubernetes.io/version: "2.0"
spec:
type: ClusterIP
selector:
cmii.type: frontend
cmii.app: cmii-uav-platform-lite
ports:
- name: web-svc-port
port: 9528
protocol: TCP
targetPort: 9528

280
74-202603-新疆阿克苏地区/k8s-yaml/k8s-influxdb.yaml Normal file
View File

@@ -0,0 +1,280 @@
---
# Source: influxdb/templates/networkpolicy.yaml
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: helm-influxdb
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/instance: helm-influxdb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: influxdb
app.kubernetes.io/version: 2.7.11
helm.sh/chart: influxdb-6.6.11
spec:
podSelector:
matchLabels:
app.kubernetes.io/instance: helm-influxdb
app.kubernetes.io/name: influxdb
app.kubernetes.io/component: influxdb
policyTypes:
- Ingress
- Egress
egress:
- {}
ingress:
# Allow inbound connections
- ports:
- port: 8086
protocol: TCP
- port: 8088
protocol: TCP
---
# Source: influxdb/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: helm-influxdb
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/instance: helm-influxdb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: influxdb
app.kubernetes.io/version: 2.7.11
helm.sh/chart: influxdb-6.6.11
app.kubernetes.io/component: influxdb
automountServiceAccountToken: false
---
# Source: influxdb/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: helm-influxdb
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/instance: helm-influxdb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: influxdb
app.kubernetes.io/version: 2.7.11
helm.sh/chart: influxdb-6.6.11
type: Opaque
data:
admin-user-password: "WTFjJVJoI2ZIMw=="
admin-user-token: "WXVubkhKQVNBQWRqMjNyYXNRQVdkNjIxZXJHQVM4MmthcWo="
---
# Source: influxdb/templates/pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: helm-influxdb
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/instance: helm-influxdb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: influxdb
app.kubernetes.io/version: 2.7.11
helm.sh/chart: influxdb-6.6.11
app.kubernetes.io/component: influxdb
spec:
storageClassName: nfs-prod-distribute
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "8Gi"
---
# Source: influxdb/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: helm-influxdb
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/instance: helm-influxdb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: influxdb
app.kubernetes.io/version: 2.7.11
helm.sh/chart: influxdb-6.6.11
app.kubernetes.io/component: influxdb
spec:
type: ClusterIP
sessionAffinity: None
ports:
- port: 8086
targetPort: http
protocol: TCP
name: http
nodePort: null
- port: 8088
targetPort: rpc
protocol: TCP
name: rpc
nodePort: null
selector:
app.kubernetes.io/instance: helm-influxdb
app.kubernetes.io/name: influxdb
app.kubernetes.io/component: influxdb
---
# Source: influxdb/templates/deployment.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: helm-influxdb
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/component: influxdb
app.kubernetes.io/instance: helm-influxdb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: influxdb
app.kubernetes.io/version: 2.7.11
helm.sh/chart: influxdb-6.6.11
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: influxdb
app.kubernetes.io/instance: helm-influxdb
app.kubernetes.io/name: influxdb
template:
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/component: influxdb
app.kubernetes.io/instance: helm-influxdb
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: influxdb
app.kubernetes.io/version: 2.7.11
helm.sh/chart: influxdb-6.6.11
spec:
volumes:
- name: empty-dir
emptyDir: {}
- name: influxdb-credentials
secret:
secretName: helm-influxdb
defaultMode: 420
- name: data
persistentVolumeClaim:
claimName: helm-influxdb
containers:
- name: influxdb
image: 192.168.5.41:8033/cmii/influxdb:2.7.11-debian-12-r19
ports:
- name: http
containerPort: 8086
protocol: TCP
- name: rpc
containerPort: 8088
protocol: TCP
env:
- name: BITNAMI_DEBUG
value: 'true'
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: INFLUXDB_HTTP_AUTH_ENABLED
value: 'true'
- name: INFLUXDB_CREATE_USER_TOKEN
value: 'no'
- name: INFLUXDB_ADMIN_USER
value: cmlc
- name: INFLUXDB_ADMIN_USER_PASSWORD_FILE
value: /opt/bitnami/influxdb/secrets/admin-user-password
- name: INFLUXDB_ADMIN_USER_TOKEN_FILE
value: /opt/bitnami/influxdb/secrets/admin-user-token
- name: INFLUXDB_ADMIN_BUCKET
value: home
- name: INFLUXDB_ADMIN_ORG
value: docs
resources:
limits:
cpu: '4'
ephemeral-storage: 4Gi
memory: 4Gi
requests:
cpu: '2'
ephemeral-storage: 50Mi
memory: 4Gi
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: empty-dir
mountPath: /opt/bitnami/influxdb/etc
subPath: app-conf-dir
- name: influxdb-credentials
mountPath: /opt/bitnami/influxdb/secrets/
- name: data
mountPath: /bitnami/influxdb
livenessProbe:
httpGet:
path: /
port: http
scheme: HTTP
initialDelaySeconds: 180
timeoutSeconds: 30
periodSeconds: 45
successThreshold: 1
failureThreshold: 6
readinessProbe:
exec:
command:
- bash
- '-c'
- |
. /opt/bitnami/scripts/libinfluxdb.sh
influxdb_env
export INFLUX_USERNAME="$INFLUXDB_ADMIN_USER"
export INFLUX_PASSWORD="$INFLUXDB_ADMIN_USER_PASSWORD"
timeout 29s influx ping --host http://$POD_IP:8086
initialDelaySeconds: 120
timeoutSeconds: 30
periodSeconds: 45
successThreshold: 1
failureThreshold: 6
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
securityContext:
capabilities:
drop:
- ALL
privileged: false
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
serviceAccountName: helm-influxdb
serviceAccount: helm-influxdb
securityContext:
fsGroup: 1001
fsGroupChangePolicy: Always
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: uavcloud.env
operator: In
values:
- yuansong
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600

995
74-202603-新疆阿克苏地区/k8s-yaml/k8s-ingress-13014.yaml Normal file
View File

@@ -0,0 +1,995 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: frontend-applications-ingress
namespace: xj-aks-uav-260304
labels:
type: frontend
octopus.control: all-ingress-config-wdd
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: uas-2.2
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/enable-cors: 'true'
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
rules:
- host: fake-domain.xj-aks-uav-260304.io
http:
paths:
- path: /?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform
port:
number: 9528
- path: /supervision/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-suav-platform-supervision
port:
number: 9528
- path: /supervisionh5/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-suav-platform-supervisionh5
port:
number: 9528
- path: /pangu/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform
port:
number: 9528
- path: /ai-brain/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-ai-brain
port:
number: 9528
- path: /armypeople/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-armypeople
port:
number: 9528
- path: /awareness/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-awareness
port:
number: 9528
- path: /base/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-base
port:
number: 9528
- path: /blockchain/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-blockchain
port:
number: 9528
- path: /classification/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-classification
port:
number: 9528
- path: /cmsportal/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-cms-portal
port:
number: 9528
- path: /detection/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-detection
port:
number: 9528
- path: /dikongzhixingh5/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-dikongzhixingh5
port:
number: 9528
- path: /dispatchh5/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-dispatchh5
port:
number: 9528
- path: /emergency/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-emergency-rescue
port:
number: 9528
- path: /eventsh5/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-eventsh5
port:
number: 9528
- path: /flight-control/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-flight-control
port:
number: 9528
- path: /hljtt/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-hljtt
port:
number: 9528
- path: /hyper/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-hyperspectral
port:
number: 9528
- path: /iot/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-iot-manager
port:
number: 9528
- path: /jiangsuwenlv/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-jiangsuwenlv
port:
number: 9528
- path: /logistics/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-logistics
port:
number: 9528
- path: /media/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-media
port:
number: 9528
- path: /mianyangbackend/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-mianyangbackend
port:
number: 9528
- path: /multiterminal/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-multiterminal
port:
number: 9528
- path: /mws/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-mws
port:
number: 9528
- path: /oms/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-oms
port:
number: 9528
- path: /open/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-open
port:
number: 9528
- path: /pilot2cloud/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-pilot2-to-cloud
port:
number: 9528
- path: /qingdao/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-qingdao
port:
number: 9528
- path: /qinghaitourism/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-qinghaitourism
port:
number: 9528
- path: /renyike/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-renyike
port:
number: 9528
- path: /scanner/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-scanner
port:
number: 9528
- path: /security/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-security
port:
number: 9528
- path: /securityh5/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-securityh5
port:
number: 9528
- path: /seniclive/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-seniclive
port:
number: 9528
- path: /share/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-share
port:
number: 9528
- path: /smauth/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-smauth
port:
number: 9528
- path: /smsecret/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-smsecret
port:
number: 9528
- path: /splice/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-splice
port:
number: 9528
- path: /threedsimulation/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-threedsimulation
port:
number: 9528
- path: /traffic/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-traffic
port:
number: 9528
- path: /uas/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-uas
port:
number: 9528
- path: /uas/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-uaskny
port:
number: 9528
- path: /uasms/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-uasms
port:
number: 9528
- path: /uasms/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-uasmskny
port:
number: 9528
- path: /visualization/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-visualization
port:
number: 9528
- path: /uavmsmanager/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uavms-platform-manager
port:
number: 9528
- path: /secenter/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uavms-platform-security-center
port:
number: 9528
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: backend-applications-ingress
namespace: xj-aks-uav-260304
labels:
type: backend
octopus.control: all-ingress-config-wdd
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: uas-2.2
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/enable-cors: 'true'
spec:
rules:
- host: cmii-admin-data.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-admin-data
port:
number: 8080
- host: cmii-admin-gateway.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-admin-gateway
port:
number: 8080
- host: cmii-admin-user.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-admin-user
port:
number: 8080
- host: cmii-app-release.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-app-release
port:
number: 8080
- host: cmii-open-gateway.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-open-gateway
port:
number: 8080
- host: cmii-sky-converge.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-sky-converge
port:
number: 8080
- host: cmii-suav-supervision.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-suav-supervision
port:
number: 8080
- host: cmii-uas-datahub.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uas-datahub
port:
number: 8080
- host: cmii-uas-gateway.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uas-gateway
port:
number: 8080
- host: cmii-uas-lifecycle.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uas-lifecycle
port:
number: 8080
- host: cmii-uav-advanced5g.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-advanced5g
port:
number: 8080
- host: cmii-uav-airspace.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-airspace
port:
number: 8080
- host: cmii-uav-alarm.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-alarm
port:
number: 8080
- host: cmii-uav-autowaypoint.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-autowaypoint
port:
number: 8080
- host: cmii-uav-brain.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-brain
port:
number: 8080
- host: cmii-uav-bridge.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-bridge
port:
number: 8080
- host: cmii-uav-cloud-live.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-cloud-live
port:
number: 8080
- host: cmii-uav-clusters.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-clusters
port:
number: 8080
- host: cmii-uav-cms.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-cms
port:
number: 8080
- host: cmii-uav-data-post-process.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-data-post-process
port:
number: 8080
- host: cmii-uav-depotautoreturn.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-depotautoreturn
port:
number: 8080
- host: cmii-uav-developer.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-developer
port:
number: 8080
- host: cmii-uav-device.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-device
port:
number: 8080
- host: cmii-uav-emergency.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-emergency
port:
number: 8080
- host: cmii-uav-fwdd.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-fwdd
port:
number: 8080
- host: cmii-uav-gateway.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-gateway
port:
number: 8080
- host: cmii-uav-gis-server.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-gis-server
port:
number: 8080
- host: cmii-uav-grid-datasource.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-grid-datasource
port:
number: 8080
- host: cmii-uav-grid-engine.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-grid-engine
port:
number: 8080
- host: cmii-uav-grid-manage.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-grid-manage
port:
number: 8080
- host: cmii-uav-industrial-portfolio.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-industrial-portfolio
port:
number: 8080
- host: cmii-uav-integration.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-integration
port:
number: 8080
- host: cmii-uav-iot-dispatcher.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-iot-dispatcher
port:
number: 8080
- host: cmii-uav-iot-manager.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-iot-manager
port:
number: 8080
- host: cmii-uav-kpi-monitor.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-kpi-monitor
port:
number: 8080
- host: cmii-uav-logger.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-logger
port:
number: 8080
- host: cmii-uav-material-warehouse.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-material-warehouse
port:
number: 8080
- host: cmii-uav-mission.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-mission
port:
number: 8080
- host: cmii-uav-mqtthandler.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-mqtthandler
port:
number: 8080
- host: cmii-uav-multilink.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-multilink
port:
number: 8080
- host: cmii-uav-notice.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-notice
port:
number: 8080
- host: cmii-uav-oauth.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-oauth
port:
number: 8080
- host: cmii-uav-process.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-process
port:
number: 8080
- host: cmii-uav-sec-awareness.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-sec-awareness
port:
number: 8080
- host: cmii-uav-security-trace.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-security-trace
port:
number: 8080
- host: cmii-uav-sense-adapter.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-sense-adapter
port:
number: 8080
- host: cmii-uav-surveillance.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-surveillance
port:
number: 8080
- host: cmii-uav-sync.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-sync
port:
number: 8080
- host: cmii-uav-tcp-server.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-tcp-server
port:
number: 8080
- host: cmii-uav-threedsimulation.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-threedsimulation
port:
number: 8080
- host: cmii-uav-tower.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-tower
port:
number: 8080
- host: cmii-uav-user.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-user
port:
number: 8080
- host: cmii-uav-watchdog.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-watchdog
port:
number: 8080
- host: cmii-uav-waypoint.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-waypoint
port:
number: 8080
- host: cmii-uavms-pyfusion.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uavms-pyfusion
port:
number: 8080
- host: cmii-uavms-security-center.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uavms-security-center
port:
number: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: all-gateways-ingress
namespace: xj-aks-uav-260304
labels:
type: api-gateway
octopus.control: all-ingress-config-1.1.0
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: uas-2.2
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/enable-cors: 'true'
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/proxy-read-timeout: '3600'
nginx.ingress.kubernetes.io/proxy-send-timeout: '3600'
spec:
rules:
- host: fake-domain.xj-aks-uav-260304.io
http:
paths:
- path: /oms/api/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-admin-gateway
port:
number: 8080
- path: /open/api/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-open-gateway
port:
number: 8080
- path: /api/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-gateway
port:
number: 8080
- path: /uas/api/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uas-gateway
port:
number: 8080
- path: /converge/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-sky-converge
port:
number: 8080

832
74-202603-新疆阿克苏地区/k8s-yaml/k8s-ingress.yaml Normal file
View File

@@ -0,0 +1,832 @@
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: frontend-applications-ingress
namespace: xj-aks-uav-260304
labels:
type: frontend
octopus.control: all-ingress-config-wdd
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite ^(/supervision)$ $1/ redirect;
rewrite ^(/supervisionh5)$ $1/ redirect;
rewrite ^(/pangu)$ $1/ redirect;
rewrite ^(/ai-brain)$ $1/ redirect;
rewrite ^(/armypeople)$ $1/ redirect;
rewrite ^(/awareness)$ $1/ redirect;
rewrite ^(/base)$ $1/ redirect;
rewrite ^(/blockchain)$ $1/ redirect;
rewrite ^(/classification)$ $1/ redirect;
rewrite ^(/cmsportal)$ $1/ redirect;
rewrite ^(/detection)$ $1/ redirect;
rewrite ^(/dikongzhixingh5)$ $1/ redirect;
rewrite ^(/dispatchh5)$ $1/ redirect;
rewrite ^(/emergency)$ $1/ redirect;
rewrite ^(/eventsh5)$ $1/ redirect;
rewrite ^(/flight-control)$ $1/ redirect;
rewrite ^(/hljtt)$ $1/ redirect;
rewrite ^(/hyper)$ $1/ redirect;
rewrite ^(/iot)$ $1/ redirect;
rewrite ^(/jiangsuwenlv)$ $1/ redirect;
rewrite ^(/lite)$ $1/ redirect;
rewrite ^(/logistics)$ $1/ redirect;
rewrite ^(/media)$ $1/ redirect;
rewrite ^(/mianyangbackend)$ $1/ redirect;
rewrite ^(/multiterminal)$ $1/ redirect;
rewrite ^(/mws)$ $1/ redirect;
rewrite ^(/oms)$ $1/ redirect;
rewrite ^(/open)$ $1/ redirect;
rewrite ^(/pilot2cloud)$ $1/ redirect;
rewrite ^(/qingdao)$ $1/ redirect;
rewrite ^(/qinghaitourism)$ $1/ redirect;
rewrite ^(/renyike)$ $1/ redirect;
rewrite ^(/scanner)$ $1/ redirect;
rewrite ^(/security)$ $1/ redirect;
rewrite ^(/securityh5)$ $1/ redirect;
rewrite ^(/seniclive)$ $1/ redirect;
rewrite ^(/share)$ $1/ redirect;
rewrite ^(/smauth)$ $1/ redirect;
rewrite ^(/smsecret)$ $1/ redirect;
rewrite ^(/splice)$ $1/ redirect;
rewrite ^(/threedsimulation)$ $1/ redirect;
rewrite ^(/traffic)$ $1/ redirect;
rewrite ^(/uas)$ $1/ redirect;
rewrite ^(/uas)$ $1/ redirect;
rewrite ^(/uasms)$ $1/ redirect;
rewrite ^(/uasms)$ $1/ redirect;
rewrite ^(/visualization)$ $1/ redirect;
rewrite ^(/uavmsmanager)$ $1/ redirect;
rewrite ^(/secenter)$ $1/ redirect;
spec:
rules:
- host: fake-domain.xj-aks-uav-260304.io
http:
paths:
- path: /260304/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform
servicePort: 9528
- path: /260304/supervision/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-suav-platform-supervision
servicePort: 9528
- path: /260304/supervisionh5/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-suav-platform-supervisionh5
servicePort: 9528
- path: /260304/pangu/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform
servicePort: 9528
- path: /260304/ai-brain/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-ai-brain
servicePort: 9528
- path: /260304/armypeople/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-armypeople
servicePort: 9528
- path: /260304/awareness/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-awareness
servicePort: 9528
- path: /260304/base/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-base
servicePort: 9528
- path: /260304/blockchain/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-blockchain
servicePort: 9528
- path: /260304/classification/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-classification
servicePort: 9528
- path: /260304/cmsportal/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-cms-portal
servicePort: 9528
- path: /260304/detection/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-detection
servicePort: 9528
- path: /260304/dikongzhixingh5/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-dikongzhixingh5
servicePort: 9528
- path: /260304/dispatchh5/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-dispatchh5
servicePort: 9528
- path: /260304/emergency/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-emergency-rescue
servicePort: 9528
- path: /260304/eventsh5/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-eventsh5
servicePort: 9528
- path: /260304/flight-control/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-flight-control
servicePort: 9528
- path: /260304/hljtt/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-hljtt
servicePort: 9528
- path: /260304/hyper/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-hyperspectral
servicePort: 9528
- path: /260304/iot/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-iot-manager
servicePort: 9528
- path: /260304/jiangsuwenlv/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-jiangsuwenlv
servicePort: 9528
- path: /260304/lite/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-lite
servicePort: 9528
- path: /260304/logistics/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-logistics
servicePort: 9528
- path: /260304/media/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-media
servicePort: 9528
- path: /260304/mianyangbackend/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-mianyangbackend
servicePort: 9528
- path: /260304/multiterminal/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-multiterminal
servicePort: 9528
- path: /260304/mws/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-mws
servicePort: 9528
- path: /260304/oms/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-oms
servicePort: 9528
- path: /260304/open/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-open
servicePort: 9528
- path: /260304/pilot2cloud/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-pilot2-to-cloud
servicePort: 9528
- path: /260304/qingdao/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-qingdao
servicePort: 9528
- path: /260304/qinghaitourism/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-qinghaitourism
servicePort: 9528
- path: /260304/renyike/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-renyike
servicePort: 9528
- path: /260304/scanner/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-scanner
servicePort: 9528
- path: /260304/security/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-security
servicePort: 9528
- path: /260304/securityh5/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-securityh5
servicePort: 9528
- path: /260304/seniclive/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-seniclive
servicePort: 9528
- path: /260304/share/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-share
servicePort: 9528
- path: /260304/smauth/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-smauth
servicePort: 9528
- path: /260304/smsecret/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-smsecret
servicePort: 9528
- path: /260304/splice/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-splice
servicePort: 9528
- path: /260304/threedsimulation/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-threedsimulation
servicePort: 9528
- path: /260304/traffic/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-traffic
servicePort: 9528
- path: /260304/uas/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-uas
servicePort: 9528
- path: /260304/uas/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-uaskny
servicePort: 9528
- path: /260304/uasms/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-uasms
servicePort: 9528
- path: /260304/uasms/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-uasmskny
servicePort: 9528
- path: /260304/visualization/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-visualization
servicePort: 9528
- path: /260304/uavmsmanager/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uavms-platform-manager
servicePort: 9528
- path: /260304/secenter/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uavms-platform-security-center
servicePort: 9528
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: backend-applications-ingress
namespace: xj-aks-uav-260304
labels:
type: backend
octopus.control: all-ingress-config-wdd
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/enable-cors: "true"
spec:
rules:
- host: cmii-admin-data.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-admin-data
servicePort: 8080
- host: cmii-admin-gateway.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-admin-gateway
servicePort: 8080
- host: cmii-admin-user.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-admin-user
servicePort: 8080
- host: cmii-app-release.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-app-release
servicePort: 8080
- host: cmii-open-gateway.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-open-gateway
servicePort: 8080
- host: cmii-sky-converge.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-sky-converge
servicePort: 8080
- host: cmii-suav-supervision.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-suav-supervision
servicePort: 8080
- host: cmii-uas-datahub.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uas-datahub
servicePort: 8080
- host: cmii-uas-gateway.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uas-gateway
servicePort: 8080
- host: cmii-uas-lifecycle.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uas-lifecycle
servicePort: 8080
- host: cmii-uav-advanced5g.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-advanced5g
servicePort: 8080
- host: cmii-uav-airspace.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-airspace
servicePort: 8080
- host: cmii-uav-alarm.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-alarm
servicePort: 8080
- host: cmii-uav-autowaypoint.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-autowaypoint
servicePort: 8080
- host: cmii-uav-brain.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-brain
servicePort: 8080
- host: cmii-uav-bridge.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-bridge
servicePort: 8080
- host: cmii-uav-cloud-live.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-cloud-live
servicePort: 8080
- host: cmii-uav-clusters.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-clusters
servicePort: 8080
- host: cmii-uav-cms.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-cms
servicePort: 8080
- host: cmii-uav-data-post-process.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-data-post-process
servicePort: 8080
- host: cmii-uav-depotautoreturn.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-depotautoreturn
servicePort: 8080
- host: cmii-uav-developer.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-developer
servicePort: 8080
- host: cmii-uav-device.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-device
servicePort: 8080
- host: cmii-uav-emergency.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-emergency
servicePort: 8080
- host: cmii-uav-fwdd.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-fwdd
servicePort: 8080
- host: cmii-uav-gateway.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-gateway
servicePort: 8080
- host: cmii-uav-gis-server.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-gis-server
servicePort: 8080
- host: cmii-uav-grid-datasource.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-grid-datasource
servicePort: 8080
- host: cmii-uav-grid-engine.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-grid-engine
servicePort: 8080
- host: cmii-uav-grid-manage.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-grid-manage
servicePort: 8080
- host: cmii-uav-industrial-portfolio.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-industrial-portfolio
servicePort: 8080
- host: cmii-uav-integration.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-integration
servicePort: 8080
- host: cmii-uav-iot-dispatcher.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-iot-dispatcher
servicePort: 8080
- host: cmii-uav-iot-manager.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-iot-manager
servicePort: 8080
- host: cmii-uav-kpi-monitor.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-kpi-monitor
servicePort: 8080
- host: cmii-uav-logger.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-logger
servicePort: 8080
- host: cmii-uav-material-warehouse.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-material-warehouse
servicePort: 8080
- host: cmii-uav-mission.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-mission
servicePort: 8080
- host: cmii-uav-mqtthandler.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-mqtthandler
servicePort: 8080
- host: cmii-uav-multilink.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-multilink
servicePort: 8080
- host: cmii-uav-notice.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-notice
servicePort: 8080
- host: cmii-uav-oauth.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-oauth
servicePort: 8080
- host: cmii-uav-process.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-process
servicePort: 8080
- host: cmii-uav-sec-awareness.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-sec-awareness
servicePort: 8080
- host: cmii-uav-security-trace.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-security-trace
servicePort: 8080
- host: cmii-uav-sense-adapter.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-sense-adapter
servicePort: 8080
- host: cmii-uav-surveillance.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-surveillance
servicePort: 8080
- host: cmii-uav-sync.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-sync
servicePort: 8080
- host: cmii-uav-tcp-server.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-tcp-server
servicePort: 8080
- host: cmii-uav-threedsimulation.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-threedsimulation
servicePort: 8080
- host: cmii-uav-tower.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-tower
servicePort: 8080
- host: cmii-uav-user.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-user
servicePort: 8080
- host: cmii-uav-watchdog.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-watchdog
servicePort: 8080
- host: cmii-uav-waypoint.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-waypoint
servicePort: 8080
- host: cmii-uavms-pyfusion.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uavms-pyfusion
servicePort: 8080
- host: cmii-uavms-security-center.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uavms-security-center
servicePort: 8080
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: all-gateways-ingress
namespace: xj-aks-uav-260304
labels:
type: api-gateway
octopus.control: all-ingress-config-1.1.0
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header upgradePrefix $http_upgrade;
proxy_set_header Connection "upgradePrefix";
spec:
rules:
- host: fake-domain.xj-aks-uav-260304.io
http:
paths:
- path: /260304/oms/api/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-admin-gateway
servicePort: 8080
- path: /260304/open/api/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-open-gateway
servicePort: 8080
- path: /260304/api/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-gateway
servicePort: 8080
- path: /260304/uas/api/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uas-gateway
servicePort: 8080
- path: /260304/converge/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-sky-converge
servicePort: 8080

78
74-202603-新疆阿克苏地区/k8s-yaml/k8s-mongo.yaml Normal file
View File

@@ -0,0 +1,78 @@
---
apiVersion: v1
kind: Service
metadata:
name: helm-mongo
namespace: xj-aks-uav-260304
labels:
cmii.app: helm-mongo
cmii.type: middleware
helm.sh/chart: mongo-1.1.0
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
spec:
type: NodePort
selector:
cmii.app: helm-mongo
cmii.type: middleware
ports:
- port: 27017
name: server-27017
targetPort: 27017
nodePort: 37017
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: helm-mongo
namespace: xj-aks-uav-260304
labels:
cmii.app: helm-mongo
cmii.type: middleware
helm.sh/chart: mongo-1.1.0
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
spec:
serviceName: helm-mongo
replicas: 1
selector:
matchLabels:
cmii.app: helm-mongo
cmii.type: middleware
template:
metadata:
labels:
cmii.app: helm-mongo
cmii.type: middleware
helm.sh/chart: mongo-1.1.0
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
annotations:
pod.alpha.kubernetes.io/initialized: "true"
spec:
imagePullSecrets:
- name: harborsecret
affinity: {}
containers:
- name: helm-mongo
image: 192.168.5.41:8033/cmii/mongo:5.0
resources: {}
ports:
- containerPort: 27017
name: mongo27017
protocol: TCP
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: cmlc
- name: MONGO_INITDB_ROOT_PASSWORD
value: REdPza8#oVlt
volumeMounts:
- name: mongo-data
mountPath: /data/db
readOnly: false
subPath: default/helm-mongo/data/db
volumes:
- name: mongo-data
persistentVolumeClaim:
claimName: helm-mongo
---

410
74-202603-新疆阿克苏地区/k8s-yaml/k8s-mysql.yaml Normal file
View File

@@ -0,0 +1,410 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: helm-mysql
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: mysql-db
octopus.control: mysql-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
annotations: {}
secrets:
- name: helm-mysql
---
apiVersion: v1
kind: Secret
metadata:
name: helm-mysql
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: mysql-db
octopus.control: mysql-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
type: Opaque
data:
mysql-root-password: "UXpmWFFoZDNiUQ=="
mysql-password: "S0F0cm5PckFKNw=="
---
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-mysql
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: mysql-db
octopus.control: mysql-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/component: primary
data:
my.cnf: |-
[mysqld]
port=3306
basedir=/opt/bitnami/mysql
datadir=/bitnami/mysql/data
pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
socket=/opt/bitnami/mysql/tmp/mysql.sock
log-error=/bitnami/mysql/data/error.log
general_log_file = /bitnami/mysql/data/general.log
slow_query_log_file = /bitnami/mysql/data/slow.log
innodb_data_file_path = ibdata1:512M:autoextend
innodb_buffer_pool_size = 512M
innodb_buffer_pool_instances = 2
innodb_log_file_size = 512M
innodb_log_files_in_group = 4
innodb_log_files_in_group = 4
log-bin = /bitnami/mysql/data/mysql-bin
max_binlog_size=1G
transaction_isolation = REPEATABLE-READ
default_storage_engine = innodb
character-set-server = utf8mb4
collation-server=utf8mb4_bin
binlog_format = ROW
binlog_rows_query_log_events=on
binlog_cache_size=4M
binlog_expire_logs_seconds = 1296000
max_binlog_cache_size=2G
gtid_mode = on
enforce_gtid_consistency = 1
sync_binlog = 1
innodb_flush_log_at_trx_commit = 1
innodb_flush_method = O_DIRECT
log_slave_updates=1
relay_log_recovery = 1
relay-log-purge = 1
default_time_zone = '+08:00'
lower_case_table_names=1
log_bin_trust_function_creators=1
group_concat_max_len=67108864
innodb_io_capacity = 4000
innodb_io_capacity_max = 8000
innodb_flush_sync = 0
innodb_flush_neighbors = 0
innodb_write_io_threads = 8
innodb_read_io_threads = 8
innodb_purge_threads = 4
innodb_page_cleaners = 4
innodb_open_files = 65535
innodb_max_dirty_pages_pct = 50
innodb_lru_scan_depth = 4000
innodb_checksum_algorithm = crc32
innodb_lock_wait_timeout = 10
innodb_rollback_on_timeout = 1
innodb_print_all_deadlocks = 1
innodb_file_per_table = 1
innodb_online_alter_log_max_size = 4G
innodb_stats_on_metadata = 0
innodb_thread_concurrency = 0
innodb_sync_spin_loops = 100
innodb_spin_wait_delay = 30
lock_wait_timeout = 3600
slow_query_log = 1
long_query_time = 10
log_queries_not_using_indexes =1
log_throttle_queries_not_using_indexes = 60
min_examined_row_limit = 100
log_slow_admin_statements = 1
log_slow_slave_statements = 1
default_authentication_plugin=mysql_native_password
skip-name-resolve=1
explicit_defaults_for_timestamp=1
plugin_dir=/opt/bitnami/mysql/plugin
max_allowed_packet=128M
max_connections = 2000
max_connect_errors = 1000000
table_definition_cache=2000
table_open_cache_instances=64
tablespace_definition_cache=1024
thread_cache_size=256
interactive_timeout = 600
wait_timeout = 600
tmpdir=/opt/bitnami/mysql/tmp
max_allowed_packet=32M
bind-address=0.0.0.0
performance_schema = 1
performance_schema_instrument = '%memory%=on'
performance_schema_instrument = '%lock%=on'
innodb_monitor_enable=ALL
[mysql]
no-auto-rehash
[mysqldump]
quick
max_allowed_packet = 32M
[client]
port=3306
socket=/opt/bitnami/mysql/tmp/mysql.sock
default-character-set=UTF8
plugin_dir=/opt/bitnami/mysql/plugin
[manager]
port=3306
socket=/opt/bitnami/mysql/tmp/mysql.sock
pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
---
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-mysql-init-scripts
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: mysql-db
octopus.control: mysql-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/component: primary
data:
create_users_grants_core.sql: |-
create user zyly@'%' identified by 'Cmii@451315';
grant select on *.* to zyly@'%';
create user zyly_qc@'%' identified by 'Uh)E_owCyb16';
grant all on *.* to zyly_qc@'%';
create user k8s_admin@'%' identified by 'fP#UaH6qQ3)8';
grant all on *.* to k8s_admin@'%';
create user audit_dba@'%' identified by 'PjCzqiBmJaTpgkoYXynH';
grant all on *.* to audit_dba@'%';
create user db_backup@'%' identified by 'RU5Pu(4FGdT9';
GRANT SELECT, RELOAD, PROCESS, LOCK TABLES, REPLICATION CLIENT, EVENT on *.* to db_backup@'%';
create user monitor@'%' identified by 'PL3#nGtrWbf-';
grant REPLICATION CLIENT on *.* to monitor@'%';
flush privileges;
---
kind: Service
apiVersion: v1
metadata:
name: cmii-mysql
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/component: primary
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/name: mysql-db
app.kubernetes.io/release: xj-aks-uav-260304
cmii.app: mysql
cmii.type: middleware
octopus.control: mysql-db-wdd
spec:
ports:
- name: mysql
protocol: TCP
port: 13306
targetPort: mysql
selector:
app.kubernetes.io/component: primary
app.kubernetes.io/name: mysql-db
app.kubernetes.io/release: xj-aks-uav-260304
cmii.app: mysql
cmii.type: middleware
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: helm-mysql-headless
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: mysql-db
octopus.control: mysql-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: mysql
app.kubernetes.io/component: primary
annotations: {}
spec:
type: ClusterIP
clusterIP: None
publishNotReadyAddresses: true
ports:
- name: mysql
port: 3306
targetPort: mysql
selector:
app.kubernetes.io/name: mysql-db
app.kubernetes.io/release: xj-aks-uav-260304
cmii.type: middleware
cmii.app: mysql
app.kubernetes.io/component: primary
---
apiVersion: v1
kind: Service
metadata:
name: helm-mysql
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: mysql-db
octopus.control: mysql-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: mysql
app.kubernetes.io/component: primary
annotations: {}
spec:
type: NodePort
ports:
- name: mysql
port: 3306
protocol: TCP
targetPort: mysql
nodePort: 33306
selector:
app.kubernetes.io/name: mysql-db
app.kubernetes.io/release: xj-aks-uav-260304
cmii.type: middleware
cmii.app: mysql
app.kubernetes.io/component: primary
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: helm-mysql
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: mysql-db
octopus.control: mysql-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: mysql
app.kubernetes.io/component: primary
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: mysql-db
app.kubernetes.io/release: xj-aks-uav-260304
cmii.type: middleware
cmii.app: mysql
app.kubernetes.io/component: primary
serviceName: helm-mysql
updateStrategy:
type: RollingUpdate
template:
metadata:
annotations:
checksum/configuration: 6b60fa0f3a846a6ada8effdc4f823cf8003d42a8c8f630fe8b1b66d3454082dd
labels:
app.kubernetes.io/name: mysql-db
octopus.control: mysql-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: mysql
app.kubernetes.io/component: primary
spec:
imagePullSecrets:
- name: harborsecret
serviceAccountName: helm-mysql
affinity: {}
nodeSelector:
mysql-deploy: "true"
securityContext:
fsGroup: 1001
initContainers:
- name: change-volume-permissions
image: 192.168.5.41:8033/cmii/os-shell:12-debian-12-r51
imagePullPolicy: "Always"
command:
- /bin/bash
- -ec
- |
chown -R 1001:1001 /bitnami/mysql
securityContext:
runAsUser: 0
volumeMounts:
- name: mysql-data
mountPath: /bitnami/mysql
containers:
- name: mysql
image: 192.168.5.41:8033/cmii/mysql:8.1.0-debian-11-r42
imagePullPolicy: "IfNotPresent"
securityContext:
runAsUser: 1001
env:
- name: BITNAMI_DEBUG
value: "true"
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: helm-mysql
key: mysql-root-password
- name: MYSQL_DATABASE
value: "cmii"
ports:
- name: mysql
containerPort: 3306
livenessProbe:
failureThreshold: 5
initialDelaySeconds: 120
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
exec:
command:
- /bin/bash
- -ec
- |
password_aux="${MYSQL_ROOT_PASSWORD:-}"
if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then
password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE")
fi
mysqladmin status -uroot -p"${password_aux}"
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
exec:
command:
- /bin/bash
- -ec
- |
password_aux="${MYSQL_ROOT_PASSWORD:-}"
if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then
password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE")
fi
mysqladmin status -uroot -p"${password_aux}"
startupProbe:
failureThreshold: 60
initialDelaySeconds: 120
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
exec:
command:
- /bin/bash
- -ec
- |
password_aux="${MYSQL_ROOT_PASSWORD:-}"
if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then
password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE")
fi
mysqladmin status -uroot -p"${password_aux}"
resources:
limits: {}
requests: {}
volumeMounts:
- name: mysql-data
mountPath: /bitnami/mysql
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: config
mountPath: /opt/bitnami/mysql/conf/my.cnf
subPath: my.cnf
volumes:
- name: config
configMap:
name: helm-mysql
- name: custom-init-scripts
configMap:
name: helm-mysql-init-scripts
- name: mysql-data
hostPath:
path: /var/lib/docker/mysql-pv/xj-aks-uav-260304/

130
74-202603-新疆阿克苏地区/k8s-yaml/k8s-nacos.yaml Normal file
View File

@@ -0,0 +1,130 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-nacos-cm
namespace: xj-aks-uav-260304
labels:
cmii.app: helm-nacos
cmii.type: middleware
octopus.control: nacos-wdd
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: "2.0"
data:
mysql.db.name: "cmii_nacos_config"
mysql.db.host: "helm-mysql"
mysql.port: "3306"
mysql.user: "k8s_admin"
mysql.password: "fP#UaH6qQ3)8"
---
apiVersion: v1
kind: Service
metadata:
name: helm-nacos
namespace: xj-aks-uav-260304
labels:
cmii.app: helm-nacos
cmii.type: middleware
octopus.control: nacos-wdd
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: "2.0"
spec:
type: NodePort
selector:
cmii.app: helm-nacos
cmii.type: middleware
ports:
- port: 8848
name: server
targetPort: 8848
nodePort: 38848
- port: 9848
name: server12
targetPort: 9848
- port: 9849
name: server23
targetPort: 9849
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: helm-nacos
namespace: xj-aks-uav-260304
labels:
cmii.app: helm-nacos
cmii.type: middleware
octopus.control: nacos-wdd
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: "2.0"
spec:
serviceName: helm-nacos
replicas: 1
selector:
matchLabels:
cmii.app: helm-nacos
cmii.type: middleware
template:
metadata:
labels:
cmii.app: helm-nacos
cmii.type: middleware
octopus.control: nacos-wdd
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/version: "2.0"
annotations:
pod.alpha.kubernetes.io/initialized: "true"
spec:
imagePullSecrets:
- name: harborsecret
affinity: {}
containers:
- name: nacos-server
image: 192.168.5.41:8033/cmii/nacos-server:v2.1.2
ports:
- containerPort: 8848
name: dashboard
- containerPort: 9848
name: tcp-9848
- containerPort: 9849
name: tcp-9849
env:
- name: NACOS_AUTH_ENABLE
value: "false"
- name: NACOS_REPLICAS
value: "1"
- name: MYSQL_SERVICE_DB_NAME
valueFrom:
configMapKeyRef:
name: helm-nacos-cm
key: mysql.db.name
- name: MYSQL_SERVICE_PORT
valueFrom:
configMapKeyRef:
name: helm-nacos-cm
key: mysql.port
- name: MYSQL_SERVICE_USER
valueFrom:
configMapKeyRef:
name: helm-nacos-cm
key: mysql.user
- name: MYSQL_SERVICE_PASSWORD
valueFrom:
configMapKeyRef:
name: helm-nacos-cm
key: mysql.password
- name: MYSQL_SERVICE_HOST
valueFrom:
configMapKeyRef:
name: helm-nacos-cm
key: mysql.db.host
- name: NACOS_SERVER_PORT
value: "8848"
- name: NACOS_APPLICATION_PORT
value: "8848"
- name: PREFER_HOST_MODE
value: "hostname"
- name: MODE
value: standalone
- name: SPRING_DATASOURCE_PLATFORM
value: mysql
---

38
74-202603-新疆阿克苏地区/k8s-yaml/k8s-nfs-test.yaml Normal file
View File

@@ -0,0 +1,38 @@
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: test-claim
annotations:
volume.beta.kubernetes.io/storage-class: "nfs-prod-distribute" #与nfs-StorageClass.yaml metadata.name保持一致
spec:
accessModes:
- ReadWriteOnce
storageClassName: nfs-prod-distribute
resources:
requests:
storage: 1Mi
---
kind: Pod
apiVersion: v1
metadata:
name: test-pod
spec:
imagePullSecrets:
- name: harborsecret
containers:
- name: test-pod
image: 192.168.5.41:8033/cmii/busybox:latest
command:
- "/bin/sh"
args:
- "-c"
- "touch /mnt/NFS-CREATE-SUCCESS && exit 0 || exit 1" #创建一个SUCCESS文件后退出
volumeMounts:
- name: nfs-pvc
mountPath: "/mnt"
restartPolicy: "Never"
volumes:
- name: nfs-pvc
persistentVolumeClaim:
claimName: test-claim #与PVC名称保持一致

114
74-202603-新疆阿克苏地区/k8s-yaml/k8s-nfs.yaml Normal file
View File

@@ -0,0 +1,114 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: kube-system #根据实际环境设定namespace,下面类同
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: kube-system
roleRef:
kind: ClusterRole
# name: nfs-client-provisioner-runner
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: kube-system
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: kube-system
roleRef:
kind: Role
name: leader-locking-nfs-client-provisioner
apiGroup: rbac.authorization.k8s.io
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-prod-distribute
provisioner: cmlc-nfs-storage #这里的名称要和provisioner配置文件中的环境变量PROVISIONER_NAME保持一致parameters: archiveOnDelete: "false"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nfs-client-provisioner
labels:
app: nfs-client-provisioner
# replace with namespace where provisioner is deployed
namespace: kube-system #与RBAC文件中的namespace保持一致
spec:
replicas: 1
selector:
matchLabels:
app: nfs-client-provisioner
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
imagePullSecrets:
- name: harborsecret
serviceAccountName: nfs-client-provisioner
containers:
- name: nfs-client-provisioner
image: 192.168.5.41:8033/cmii/nfs-subdir-external-provisioner:v4.0.2
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: cmlc-nfs-storage
- name: NFS_SERVER
value: 192.168.5.141
- name: NFS_PATH
value: /var/lib/docker/nfs_data
volumes:
- name: nfs-client-root
nfs:
server: 192.168.5.141
path: /var/lib/docker/nfs_data

76
74-202603-新疆阿克苏地区/k8s-yaml/k8s-pvc.yaml Normal file
View File

@@ -0,0 +1,76 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-backend-log-pvc
namespace: xj-aks-uav-260304
labels:
cmii.type: middleware-base
cmii.app: nfs-backend-log-pvc
helm.sh/chart: all-persistence-volume-claims-1.1.0
app.kubernetes.io/version: "2.0"
spec:
storageClassName: nfs-prod-distribute
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 100Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: helm-emqxs
namespace: xj-aks-uav-260304
labels:
cmii.type: middleware-base
cmii.app: helm-emqxs
helm.sh/chart: all-persistence-volume-claims-1.1.0
app.kubernetes.io/version: "2.0"
spec:
storageClassName: nfs-prod-distribute
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: helm-mongo
namespace: xj-aks-uav-260304
labels:
cmii.type: middleware-base
cmii.app: helm-mongo
helm.sh/chart: all-persistence-volume-claims-1.1.0
app.kubernetes.io/version: "2.0"
spec:
storageClassName: nfs-prod-distribute
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 30Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: helm-rabbitmq
namespace: xj-aks-uav-260304
labels:
cmii.type: middleware-base
cmii.app: helm-rabbitmq
helm.sh/chart: all-persistence-volume-claims-1.1.0
app.kubernetes.io/version: "2.0"
spec:
storageClassName: nfs-prod-distribute
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 20Gi

328
74-202603-新疆阿克苏地区/k8s-yaml/k8s-rabbitmq.yaml Normal file
View File

@@ -0,0 +1,328 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: helm-rabbitmq
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: helm-rabbitmq
helm.sh/chart: rabbitmq-8.26.1
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: rabbitmq
automountServiceAccountToken: true
secrets:
- name: helm-rabbitmq
---
apiVersion: v1
kind: Secret
metadata:
name: helm-rabbitmq
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: helm-rabbitmq
helm.sh/chart: rabbitmq-8.26.1
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: rabbitmq
type: Opaque
data:
rabbitmq-password: "blljUk45MXIuX2hq"
rabbitmq-erlang-cookie: "emFBRmt1ZU1xMkJieXZvdHRYbWpoWk52UThuVXFzcTU="
---
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-rabbitmq-config
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: helm-rabbitmq
helm.sh/chart: rabbitmq-8.26.1
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: rabbitmq
data:
rabbitmq.conf: |-
## Username and password
##
default_user = admin
default_pass = nYcRN91r._hj
## Clustering
##
cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s
cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
cluster_formation.node_cleanup.interval = 10
cluster_formation.node_cleanup.only_log_warning = true
cluster_partition_handling = autoheal
# queue master locator
queue_master_locator = min-masters
# enable guest user
loopback_users.guest = false
#default_vhost = default-vhost
#disk_free_limit.absolute = 50MB
#load_definitions = /app/load_definition.json
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: helm-rabbitmq-endpoint-reader
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: helm-rabbitmq
helm.sh/chart: rabbitmq-8.26.1
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: rabbitmq
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: helm-rabbitmq-endpoint-reader
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: helm-rabbitmq
helm.sh/chart: rabbitmq-8.26.1
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: rabbitmq
subjects:
- kind: ServiceAccount
name: helm-rabbitmq
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: helm-rabbitmq-endpoint-reader
---
apiVersion: v1
kind: Service
metadata:
name: helm-rabbitmq-headless
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: helm-rabbitmq
helm.sh/chart: rabbitmq-8.26.1
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: rabbitmq
spec:
clusterIP: None
ports:
- name: epmd
port: 4369
targetPort: epmd
- name: amqp
port: 5672
targetPort: amqp
- name: dist
port: 25672
targetPort: dist
- name: dashboard
port: 15672
targetPort: stats
selector:
app.kubernetes.io/name: helm-rabbitmq
app.kubernetes.io/release: xj-aks-uav-260304
publishNotReadyAddresses: true
---
apiVersion: v1
kind: Service
metadata:
name: helm-rabbitmq
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: helm-rabbitmq
helm.sh/chart: rabbitmq-8.26.1
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: rabbitmq
spec:
type: NodePort
ports:
- name: amqp
port: 5672
targetPort: amqp
nodePort: 35672
- name: dashboard
port: 15672
targetPort: dashboard
nodePort: 36675
selector:
app.kubernetes.io/name: helm-rabbitmq
app.kubernetes.io/release: xj-aks-uav-260304
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: helm-rabbitmq
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: helm-rabbitmq
helm.sh/chart: rabbitmq-8.26.1
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: rabbitmq
spec:
serviceName: helm-rabbitmq-headless
podManagementPolicy: OrderedReady
replicas: 1
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: helm-rabbitmq
app.kubernetes.io/release: xj-aks-uav-260304
template:
metadata:
labels:
app.kubernetes.io/name: helm-rabbitmq
helm.sh/chart: rabbitmq-8.26.1
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: rabbitmq
annotations:
checksum/config: d6c2caa9572f64a06d9f7daa34c664a186b4778cd1697ef8e59663152fc628f1
checksum/secret: d764e7b3d999e7324d1afdfec6140092a612f04b6e0306818675815cec2f454f
spec:
imagePullSecrets:
- name: harborsecret
serviceAccountName: helm-rabbitmq
affinity: {}
securityContext:
fsGroup: 5001
runAsUser: 5001
terminationGracePeriodSeconds: 120
initContainers:
- name: volume-permissions
image: 192.168.5.41:8033/cmii/os-shell:12-debian-12-r51
imagePullPolicy: "Always"
command:
- /bin/bash
args:
- -ec
- |
mkdir -p "/bitnami/rabbitmq/mnesia"
chown -R "5001:5001" "/bitnami/rabbitmq/mnesia"
securityContext:
runAsUser: 0
resources:
limits: {}
requests: {}
volumeMounts:
- name: data
mountPath: /bitnami/rabbitmq/mnesia
containers:
- name: rabbitmq
image: 192.168.5.41:8033/cmii/rabbitmq:3.13.7-debian-12-r5
imagePullPolicy: "Always"
env:
- name: BITNAMI_DEBUG
value: "false"
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: K8S_SERVICE_NAME
value: "helm-rabbitmq-headless"
- name: K8S_ADDRESS_TYPE
value: hostname
- name: RABBITMQ_FORCE_BOOT
value: "no"
- name: RABBITMQ_NODE_NAME
value: "rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local"
- name: K8S_HOSTNAME_SUFFIX
value: ".$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local"
- name: RABBITMQ_MNESIA_DIR
value: "/bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME)"
- name: RABBITMQ_LDAP_ENABLE
value: "no"
- name: RABBITMQ_LOGS
value: "-"
- name: RABBITMQ_ULIMIT_NOFILES
value: "65536"
- name: RABBITMQ_USE_LONGNAME
value: "true"
- name: RABBITMQ_ERL_COOKIE
valueFrom:
secretKeyRef:
name: helm-rabbitmq
key: rabbitmq-erlang-cookie
- name: RABBITMQ_LOAD_DEFINITIONS
value: "no"
- name: RABBITMQ_SECURE_PASSWORD
value: "yes"
- name: RABBITMQ_USERNAME
value: "admin"
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: helm-rabbitmq
key: rabbitmq-password
- name: RABBITMQ_PLUGINS
value: "rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_shovel, rabbitmq_shovel_management, rabbitmq_auth_backend_ldap"
ports:
- name: amqp
containerPort: 5672
- name: dist
containerPort: 25672
- name: dashboard
containerPort: 15672
- name: epmd
containerPort: 4369
livenessProbe:
exec:
command:
- /bin/bash
- -ec
- rabbitmq-diagnostics -q ping
initialDelaySeconds: 120
periodSeconds: 30
timeoutSeconds: 20
successThreshold: 1
failureThreshold: 6
readinessProbe:
exec:
command:
- /bin/bash
- -ec
- rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 20
successThreshold: 1
failureThreshold: 3
lifecycle:
preStop:
exec:
command:
- /bin/bash
- -ec
- |
if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then
/opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d "false"
else
rabbitmqctl stop_app
fi
resources:
limits: {}
requests: {}
volumeMounts:
- name: configuration
mountPath: /bitnami/rabbitmq/conf
- name: data
mountPath: /bitnami/rabbitmq/mnesia
volumes:
- name: configuration
configMap:
name: helm-rabbitmq-config
items:
- key: rabbitmq.conf
path: rabbitmq.conf
- name: data
persistentVolumeClaim:
claimName: helm-rabbitmq

585
74-202603-新疆阿克苏地区/k8s-yaml/k8s-redis-7.4.3-debian-12-r0.yaml Normal file
View File

@@ -0,0 +1,585 @@
---
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: true
metadata:
name: helm-redis
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
---
apiVersion: v1
kind: Secret
metadata:
name: helm-redis
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
type: Opaque
data:
redis-password: "TWNhY2hlQDQ1MjI="
---
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-redis-configuration
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
data:
redis.conf: |-
# User-supplied common configuration:
# Enable AOF https://redis.io/topics/persistence#append-only-file
appendonly yes
# Disable RDB persistence, AOF persistence already enabled.
save ""
# End of common configuration
master.conf: |-
dir /data
# User-supplied master configuration:
rename-command FLUSHDB ""
rename-command FLUSHALL ""
# End of master configuration
replica.conf: |-
dir /data
replica-read-only yes
# User-supplied replica configuration:
rename-command FLUSHDB ""
rename-command FLUSHALL ""
# End of replica configuration
---
# Source: outside-deploy/charts/redis-db/templates/health-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-redis-health
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
data:
ping_readiness_local.sh: |-
#!/bin/bash
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_local.sh: |-
#!/bin/bash
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
ping_readiness_master.sh: |-
#!/bin/bash
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_master.sh: |-
#!/bin/bash
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
ping_readiness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_readiness_local.sh" $1 || exit_status=$?
"$script_dir/ping_readiness_master.sh" $1 || exit_status=$?
exit $exit_status
ping_liveness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
"$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
exit $exit_status
---
# Source: outside-deploy/charts/redis-db/templates/scripts-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-redis-scripts
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
data:
start-master.sh: |
#!/bin/bash
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
ARGS=("--port" "${REDIS_PORT}")
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_PASSWORD}")
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
exec redis-server "${ARGS[@]}"
start-replica.sh: |
#!/bin/bash
get_port() {
hostname="$1"
type="$2"
port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g")
port=${!port_var}
if [ -z "$port" ]; then
case $type in
"SENTINEL")
echo 26379
;;
"REDIS")
echo 6379
;;
esac
else
echo $port
fi
}
get_full_hostname() {
hostname="$1"
echo "${hostname}.${HEADLESS_SERVICE}"
}
REDISPORT=$(get_port "$HOSTNAME" "REDIS")
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
echo "" >> /opt/bitnami/redis/etc/replica.conf
echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf
echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf
ARGS=("--port" "${REDIS_PORT}")
ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
exec redis-server "${ARGS[@]}"
---
# Source: outside-deploy/charts/redis-db/templates/headless-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: helm-redis-headless
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
spec:
type: ClusterIP
clusterIP: None
ports:
- name: tcp-redis
port: 6379
targetPort: redis
selector:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: xj-aks-uav-260304
---
# Source: outside-deploy/charts/redis-db/templates/master/service.yaml
apiVersion: v1
kind: Service
metadata:
name: helm-redis-master
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
ports:
- name: tcp-redis
port: 6379
targetPort: redis
nodePort: null
selector:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: xj-aks-uav-260304
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
---
# Source: outside-deploy/charts/redis-db/templates/replicas/service.yaml
apiVersion: v1
kind: Service
metadata:
name: helm-redis-replicas
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/component: replica
spec:
type: ClusterIP
ports:
- name: tcp-redis
port: 6379
targetPort: redis
nodePort: null
selector:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/component: replica
---
# Source: outside-deploy/charts/redis-db/templates/master/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: helm-redis-master
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: xj-aks-uav-260304
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
serviceName: helm-redis-headless
updateStrategy:
rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
annotations:
checksum/configmap: b64aa5db67e6e63811f3c1095b9fce34d83c86a471fccdda0e48eedb53a179b0
checksum/health: 6e0a6330e5ac63e565ae92af1444527d72d8897f91266f333555b3d323570623
checksum/scripts: b88df93710b7c42a76006e20218f05c6e500e6cc2affd4bb1985832f03166e98
checksum/secret: 43f1b0e20f9cb2de936bd182bc3683b720fc3cf4f4e76cb23c06a52398a50e8d
spec:
affinity: {}
securityContext:
fsGroup: 1001
serviceAccountName: helm-redis
imagePullSecrets:
- name: harborsecret
terminationGracePeriodSeconds: 30
containers:
- name: redis
image: 192.168.5.41:8033/cmii/redis:7.4.3-debian-12-r0
imagePullPolicy: "Always"
securityContext:
runAsUser: 1001
command:
- /bin/bash
args:
- -c
- /opt/bitnami/scripts/start-scripts/start-master.sh
env:
- name: BITNAMI_DEBUG
value: "false"
- name: REDIS_REPLICATION_MODE
value: master
- name: ALLOW_EMPTY_PASSWORD
value: "no"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: helm-redis
key: redis-password
- name: REDIS_TLS_ENABLED
value: "no"
- name: REDIS_PORT
value: "6379"
ports:
- name: redis
containerPort: 6379
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 5
# One second longer than command timeout should prevent generation of zombie processes.
timeoutSeconds: 6
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_liveness_local.sh 5
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_readiness_local.sh 1
resources:
limits:
cpu: "2"
memory: 8Gi
requests:
cpu: "2"
memory: 8Gi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
- name: health
mountPath: /health
- name: redis-data
mountPath: /data
subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc/
- name: tmp
mountPath: /tmp
volumes:
- name: start-scripts
configMap:
name: helm-redis-scripts
defaultMode: 0755
- name: health
configMap:
name: helm-redis-health
defaultMode: 0755
- name: config
configMap:
name: helm-redis-configuration
- name: redis-tmp-conf
emptyDir: {}
- name: tmp
emptyDir: {}
- name: redis-data
emptyDir: {}
---
# Source: outside-deploy/charts/redis-db/templates/replicas/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: helm-redis-replicas
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/component: replica
spec:
replicas: 0
selector:
matchLabels:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/component: replica
serviceName: helm-redis-headless
updateStrategy:
rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/component: replica
annotations:
checksum/configmap: b64aa5db67e6e63811f3c1095b9fce34d83c86a471fccdda0e48eedb53a179b0
checksum/health: 6e0a6330e5ac63e565ae92af1444527d72d8897f91266f333555b3d323570623
checksum/scripts: b88df93710b7c42a76006e20218f05c6e500e6cc2affd4bb1985832f03166e98
checksum/secret: 43f1b0e20f9cb2de936bd182bc3683b720fc3cf4f4e76cb23c06a52398a50e8d
spec:
imagePullSecrets:
- name: harborsecret
securityContext:
fsGroup: 1001
serviceAccountName: helm-redis
terminationGracePeriodSeconds: 30
containers:
- name: redis
image: 192.168.5.41:8033/cmii/redis:7.4.3-debian-12-r0
imagePullPolicy: "Always"
securityContext:
runAsUser: 1001
command:
- /bin/bash
args:
- -c
- /opt/bitnami/scripts/start-scripts/start-replica.sh
env:
- name: BITNAMI_DEBUG
value: "false"
- name: REDIS_REPLICATION_MODE
value: slave
- name: REDIS_MASTER_HOST
value: helm-redis-master-0.helm-redis-headless.xj-aks-uav-260304.svc.cluster.local
- name: REDIS_MASTER_PORT_NUMBER
value: "6379"
- name: ALLOW_EMPTY_PASSWORD
value: "no"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: helm-redis
key: redis-password
- name: REDIS_MASTER_PASSWORD
valueFrom:
secretKeyRef:
name: helm-redis
key: redis-password
- name: REDIS_TLS_ENABLED
value: "no"
- name: REDIS_PORT
value: "6379"
ports:
- name: redis
containerPort: 6379
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 6
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_liveness_local_and_master.sh 5
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_readiness_local_and_master.sh 1
resources:
limits:
cpu: "2"
memory: 8Gi
requests:
cpu: "2"
memory: 8Gi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
- name: health
mountPath: /health
- name: redis-data
mountPath: /data
subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc
volumes:
- name: start-scripts
configMap:
name: helm-redis-scripts
defaultMode: 0755
- name: health
configMap:
name: helm-redis-health
defaultMode: 0755
- name: config
configMap:
name: helm-redis-configuration
- name: redis-tmp-conf
emptyDir: {}
- name: redis-data
emptyDir: {}

585
74-202603-新疆阿克苏地区/k8s-yaml/k8s-redis.yaml Normal file
View File

@@ -0,0 +1,585 @@
---
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: true
metadata:
name: helm-redis
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
---
apiVersion: v1
kind: Secret
metadata:
name: helm-redis
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
type: Opaque
data:
redis-password: "TWNhY2hlQDQ1MjI="
---
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-redis-configuration
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
data:
redis.conf: |-
# User-supplied common configuration:
# Enable AOF https://redis.io/topics/persistence#append-only-file
appendonly yes
# Disable RDB persistence, AOF persistence already enabled.
save ""
# End of common configuration
master.conf: |-
dir /data
# User-supplied master configuration:
rename-command FLUSHDB ""
rename-command FLUSHALL ""
# End of master configuration
replica.conf: |-
dir /data
slave-read-only yes
# User-supplied replica configuration:
rename-command FLUSHDB ""
rename-command FLUSHALL ""
# End of replica configuration
---
# Source: outside-deploy/charts/redis-db/templates/health-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-redis-health
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
data:
ping_readiness_local.sh: |-
#!/bin/bash
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_local.sh: |-
#!/bin/bash
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
ping_readiness_master.sh: |-
#!/bin/bash
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_master.sh: |-
#!/bin/bash
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
ping_readiness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_readiness_local.sh" $1 || exit_status=$?
"$script_dir/ping_readiness_master.sh" $1 || exit_status=$?
exit $exit_status
ping_liveness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
"$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
exit $exit_status
---
# Source: outside-deploy/charts/redis-db/templates/scripts-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-redis-scripts
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
data:
start-master.sh: |
#!/bin/bash
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
ARGS=("--port" "${REDIS_PORT}")
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_PASSWORD}")
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
exec redis-server "${ARGS[@]}"
start-replica.sh: |
#!/bin/bash
get_port() {
hostname="$1"
type="$2"
port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g")
port=${!port_var}
if [ -z "$port" ]; then
case $type in
"SENTINEL")
echo 26379
;;
"REDIS")
echo 6379
;;
esac
else
echo $port
fi
}
get_full_hostname() {
hostname="$1"
echo "${hostname}.${HEADLESS_SERVICE}"
}
REDISPORT=$(get_port "$HOSTNAME" "REDIS")
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
echo "" >> /opt/bitnami/redis/etc/replica.conf
echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf
echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf
ARGS=("--port" "${REDIS_PORT}")
ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
exec redis-server "${ARGS[@]}"
---
# Source: outside-deploy/charts/redis-db/templates/headless-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: helm-redis-headless
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
spec:
type: ClusterIP
clusterIP: None
ports:
- name: tcp-redis
port: 6379
targetPort: redis
selector:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: xj-aks-uav-260304
---
# Source: outside-deploy/charts/redis-db/templates/master/service.yaml
apiVersion: v1
kind: Service
metadata:
name: helm-redis-master
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
ports:
- name: tcp-redis
port: 6379
targetPort: redis
nodePort: null
selector:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: xj-aks-uav-260304
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
---
# Source: outside-deploy/charts/redis-db/templates/replicas/service.yaml
apiVersion: v1
kind: Service
metadata:
name: helm-redis-replicas
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/component: replica
spec:
type: ClusterIP
ports:
- name: tcp-redis
port: 6379
targetPort: redis
nodePort: null
selector:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/component: replica
---
# Source: outside-deploy/charts/redis-db/templates/master/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: helm-redis-master
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: xj-aks-uav-260304
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
serviceName: helm-redis-headless
updateStrategy:
rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
annotations:
checksum/configmap: b64aa5db67e6e63811f3c1095b9fce34d83c86a471fccdda0e48eedb53a179b0
checksum/health: 6e0a6330e5ac63e565ae92af1444527d72d8897f91266f333555b3d323570623
checksum/scripts: b88df93710b7c42a76006e20218f05c6e500e6cc2affd4bb1985832f03166e98
checksum/secret: 43f1b0e20f9cb2de936bd182bc3683b720fc3cf4f4e76cb23c06a52398a50e8d
spec:
affinity: {}
securityContext:
fsGroup: 1001
serviceAccountName: helm-redis
imagePullSecrets:
- name: harborsecret
terminationGracePeriodSeconds: 30
containers:
- name: redis
image: 192.168.5.41:8033/cmii/redis:6.2.14-debian-11-r19
imagePullPolicy: "Always"
securityContext:
runAsUser: 1001
command:
- /bin/bash
args:
- -c
- /opt/bitnami/scripts/start-scripts/start-master.sh
env:
- name: BITNAMI_DEBUG
value: "false"
- name: REDIS_REPLICATION_MODE
value: master
- name: ALLOW_EMPTY_PASSWORD
value: "no"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: helm-redis
key: redis-password
- name: REDIS_TLS_ENABLED
value: "no"
- name: REDIS_PORT
value: "6379"
ports:
- name: redis
containerPort: 6379
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 5
# One second longer than command timeout should prevent generation of zombie processes.
timeoutSeconds: 6
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_liveness_local.sh 5
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_readiness_local.sh 1
resources:
limits:
cpu: "2"
memory: 8Gi
requests:
cpu: "2"
memory: 8Gi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
- name: health
mountPath: /health
- name: redis-data
mountPath: /data
subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc/
- name: tmp
mountPath: /tmp
volumes:
- name: start-scripts
configMap:
name: helm-redis-scripts
defaultMode: 0755
- name: health
configMap:
name: helm-redis-health
defaultMode: 0755
- name: config
configMap:
name: helm-redis-configuration
- name: redis-tmp-conf
emptyDir: {}
- name: tmp
emptyDir: {}
- name: redis-data
emptyDir: {}
---
# Source: outside-deploy/charts/redis-db/templates/replicas/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: helm-redis-replicas
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/component: replica
spec:
replicas: 0
selector:
matchLabels:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/component: replica
serviceName: helm-redis-headless
updateStrategy:
rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: xj-aks-uav-260304
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/component: replica
annotations:
checksum/configmap: b64aa5db67e6e63811f3c1095b9fce34d83c86a471fccdda0e48eedb53a179b0
checksum/health: 6e0a6330e5ac63e565ae92af1444527d72d8897f91266f333555b3d323570623
checksum/scripts: b88df93710b7c42a76006e20218f05c6e500e6cc2affd4bb1985832f03166e98
checksum/secret: 43f1b0e20f9cb2de936bd182bc3683b720fc3cf4f4e76cb23c06a52398a50e8d
spec:
imagePullSecrets:
- name: harborsecret
securityContext:
fsGroup: 1001
serviceAccountName: helm-redis
terminationGracePeriodSeconds: 30
containers:
- name: redis
image: 192.168.5.41:8033/cmii/redis:6.2.14-debian-11-r1
imagePullPolicy: "Always"
securityContext:
runAsUser: 1001
command:
- /bin/bash
args:
- -c
- /opt/bitnami/scripts/start-scripts/start-replica.sh
env:
- name: BITNAMI_DEBUG
value: "false"
- name: REDIS_REPLICATION_MODE
value: slave
- name: REDIS_MASTER_HOST
value: helm-redis-master-0.helm-redis-headless.xj-aks-uav-260304.svc.cluster.local
- name: REDIS_MASTER_PORT_NUMBER
value: "6379"
- name: ALLOW_EMPTY_PASSWORD
value: "no"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: helm-redis
key: redis-password
- name: REDIS_MASTER_PASSWORD
valueFrom:
secretKeyRef:
name: helm-redis
key: redis-password
- name: REDIS_TLS_ENABLED
value: "no"
- name: REDIS_PORT
value: "6379"
ports:
- name: redis
containerPort: 6379
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 6
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_liveness_local_and_master.sh 5
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_readiness_local_and_master.sh 1
resources:
limits:
cpu: "2"
memory: 8Gi
requests:
cpu: "2"
memory: 8Gi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
- name: health
mountPath: /health
- name: redis-data
mountPath: /data
subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc
volumes:
- name: start-scripts
configMap:
name: helm-redis-scripts
defaultMode: 0755
- name: health
configMap:
name: helm-redis-health
defaultMode: 0755
- name: config
configMap:
name: helm-redis-configuration
- name: redis-tmp-conf
emptyDir: {}
- name: redis-data
emptyDir: {}

496
74-202603-新疆阿克苏地区/k8s-yaml/k8s-srs.yaml Normal file
View File

@@ -0,0 +1,496 @@
---
kind: ConfigMap
apiVersion: v1
metadata:
name: helm-live-srs-cm
namespace: xj-aks-uav-260304
labels:
cmii.app: live-srs
cmii.type: live
octopus.control: wdd
app.kubernetes.io/managed-by: octopus
helm.sh/chart: cmlc-live-srs-rtc-2.0.0
data:
srs.rtc.conf: |-
listen 31935;
max_connections 4096;
srs_log_tank console;
srs_log_level info;
srs_log_file /home/srs.log;
daemon off;
http_api {
enabled on;
listen 1985;
crossdomain on;
}
stats {
network 0;
}
http_server {
enabled on;
listen 8080;
dir /home/hls;
}
srt_server {
enabled on;
listen 30556;
maxbw 1000000000;
connect_timeout 4000;
peerlatency 600;
recvlatency 600;
}
rtc_server {
enabled on;
listen 30090;
candidate $CANDIDATE;
}
vhost __defaultVhost__ {
http_hooks {
enabled on;
on_publish http://helm-live-op-svc-v2:8080/hooks/on_push;
}
http_remux {
enabled on;
}
rtc {
enabled on;
rtmp_to_rtc on;
rtc_to_rtmp on;
keep_bframe off;
}
tcp_nodelay on;
min_latency on;
play {
gop_cache off;
mw_latency 100;
mw_msgs 10;
}
publish {
firstpkt_timeout 8000;
normal_timeout 4000;
mr on;
}
dvr {
enabled off;
dvr_path /home/dvr/[app]/[stream]/[2006][01]/[timestamp].mp4;
dvr_plan session;
}
hls {
enabled on;
hls_path /home/hls;
hls_fragment 10;
hls_window 60;
hls_m3u8_file [app]/[stream].m3u8;
hls_ts_file [app]/[stream]/[2006][01][02]/[timestamp]-[duration].ts;
hls_cleanup on;
hls_entry_prefix http://120.205.80.23:8088;
}
}
---
kind: Service
apiVersion: v1
metadata:
name: helm-live-srs-svc-exporter
namespace: xj-aks-uav-260304
labels:
octopus.control: wdd
app.kubernetes.io/managed-by: octopus
spec:
ports:
- name: rtmp
protocol: TCP
port: 31935
targetPort: 31935
nodePort: 31935
- name: rtc
protocol: UDP
port: 30090
targetPort: 30090
nodePort: 30090
- name: rtc-tcp
protocol: TCP
port: 30090
targetPort: 30090
nodePort: 30090
- name: srt
protocol: UDP
port: 30556
targetPort: 30556
nodePort: 30556
- name: api
protocol: TCP
port: 1985
targetPort: 1985
nodePort: 30080
selector:
srs-role: rtc
type: NodePort
sessionAffinity: None
externalTrafficPolicy: Cluster
---
kind: Service
apiVersion: v1
metadata:
name: helm-live-srs-svc
namespace: xj-aks-uav-260304
labels:
octopus.control: wdd
app.kubernetes.io/managed-by: octopus
spec:
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
- name: api
protocol: TCP
port: 1985
targetPort: 1985
selector:
srs-role: rtc
type: ClusterIP
sessionAffinity: None
---
kind: Service
apiVersion: v1
metadata:
name: helm-live-srsrtc-svc
namespace: xj-aks-uav-260304
labels:
octopus.control: wdd
app.kubernetes.io/managed-by: octopus
spec:
ports:
- name: rtmp
protocol: TCP
port: 31935
targetPort: 31935
selector:
srs-role: rtc
type: ClusterIP
sessionAffinity: None
---
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: helm-live-srs-rtc
namespace: xj-aks-uav-260304
labels:
octopus.control: wdd
app.kubernetes.io/managed-by: octopus
cmii.app: live-srs
cmii.type: live
helm.sh/chart: cmlc-live-srs-rtc-2.0.0
srs-role: rtc
spec:
replicas: 1
selector:
matchLabels:
srs-role: rtc
template:
metadata:
labels:
srs-role: rtc
spec:
volumes:
- name: srs-conf-file
configMap:
name: helm-live-srs-cm
items:
- key: srs.rtc.conf
path: docker.conf
defaultMode: 420
- name: srs-vol
emptyDir:
sizeLimit: 8Gi
containers:
- name: srs-rtc
image: 192.168.5.41:8033/cmii/srs:v5.0.195
ports:
- name: srs-rtmp
containerPort: 31935
protocol: TCP
- name: srs-api
containerPort: 1985
protocol: TCP
- name: srs-flv
containerPort: 8080
protocol: TCP
- name: srs-webrtc
containerPort: 30090
protocol: UDP
- name: srs-webrtc-tcp
containerPort: 30090
protocol: TCP
- name: srs-srt
containerPort: 30556
protocol: UDP
env:
- name: CANDIDATE
value: 120.205.80.23
resources:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 100m
memory: 256Mi
volumeMounts:
- name: srs-conf-file
mountPath: /usr/local/srs/conf/docker.conf
subPath: docker.conf
- name: srs-vol
mountPath: /home/dvr
subPath: xj-aks-uav-260304/helm-live/dvr
- name: srs-vol
mountPath: /home/hls
subPath: xj-aks-uav-260304/helm-live/hls
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
- name: oss-adaptor
image: 192.168.5.41:8033/cmii/cmii-srs-oss-adaptor:2023-SA-skip-CHL
env:
- name: OSS_ENDPOINT
value: 'http://helm-minio:9000'
- name: OSS_AK
value: cmii
- name: OSS_SK
value: 'B#923fC7mk'
- name: OSS_BUCKET
value: live-cluster-hls
- name: SRS_OP
value: 'http://helm-live-op-svc-v2:8080'
- name: MYSQL_ENDPOINT
value: 'helm-mysql:3306'
- name: MYSQL_USERNAME
value: k8s_admin
- name: MYSQL_PASSWORD
value: fP#UaH6qQ3)8
- name: MYSQL_DATABASE
value: cmii_live_srs_op
- name: MYSQL_TABLE
value: live_segment
- name: LOG_LEVEL
value: info
- name: OSS_META
value: 'yes'
resources:
limits:
cpu: 2000m
memory: 4Gi
requests:
cpu: 100m
memory: 256Mi
volumeMounts:
- name: srs-vol
mountPath: /cmii/share/hls
subPath: xj-aks-uav-260304/helm-live/hls
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: harborsecret
affinity: {}
schedulerName: default-scheduler
serviceName: helm-live-srsrtc-svc
podManagementPolicy: OrderedReady
updateStrategy:
type: RollingUpdate
rollingUpdate:
partition: 0
revisionHistoryLimit: 10
---
# live-srs部分
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: helm-live-op-v2
namespace: xj-aks-uav-260304
labels:
octopus.control: wdd
app.kubernetes.io/managed-by: octopus
cmii.app: live-engine
cmii.type: live
helm.sh/chart: cmlc-live-live-op-2.0.0
live-role: op-v2
spec:
replicas: 1
selector:
matchLabels:
live-role: op-v2
template:
metadata:
labels:
live-role: op-v2
spec:
volumes:
- name: srs-conf-file
configMap:
name: helm-live-op-cm-v2
items:
- key: live.op.conf
path: bootstrap.yaml
defaultMode: 420
containers:
- name: helm-live-op-v2
image: 192.168.5.41:8033/cmii/cmii-live-operator:5.2.0
ports:
- name: operator
containerPort: 8080
protocol: TCP
resources:
limits:
cpu: 4800m
memory: 4Gi
requests:
cpu: 100m
memory: 256Mi
volumeMounts:
- name: srs-conf-file
mountPath: /cmii/bootstrap.yaml
subPath: bootstrap.yaml
livenessProbe:
httpGet:
path: /cmii/health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /cmii/health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: harborsecret
affinity: {}
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
---
kind: Service
apiVersion: v1
metadata:
name: helm-live-op-svc-v2
namespace: xj-aks-uav-260304
labels:
octopus.control: wdd
app.kubernetes.io/managed-by: octopus
spec:
ports:
- protocol: TCP
port: 8080
targetPort: 8080
nodePort: 30333
selector:
live-role: op-v2
type: NodePort
sessionAffinity: None
---
kind: Service
apiVersion: v1
metadata:
name: helm-live-op-svc
namespace: xj-aks-uav-260304
labels:
octopus.control: wdd
app.kubernetes.io/managed-by: octopus
spec:
ports:
- protocol: TCP
port: 8080
targetPort: 8080
selector:
live-role: op
type: ClusterIP
sessionAffinity: None
---
kind: ConfigMap
apiVersion: v1
metadata:
name: helm-live-op-cm-v2
namespace: xj-aks-uav-260304
labels:
octopus.control: wdd
app.kubernetes.io/managed-by: octopus
cmii.app: live-engine
cmii.type: live
data:
live.op.conf: |-
server:
port: 8080
spring:
main:
allow-bean-definition-overriding: true
allow-circular-references: true
application:
name: cmii-live-operator
platform:
info:
name: cmii-live-operator
description: cmii-live-operator
version: 2.0
scanPackage: com.cmii.live.op
cloud:
nacos:
config:
username: nacos
password: KingKong@95461234
server-addr: helm-nacos:8848
extension-configs:
- data-id: cmii-live-operator.yml
group: 2.0
refresh: true
shared-configs:
- data-id: cmii-backend-system.yml
group: 2.0
refresh: true
discovery:
enabled: false
live:
engine:
type: srs
endpoint: 'http://helm-live-srs-svc:1985'
proto:
rtmp: 'rtmp://120.205.80.23:31935'
rtsp: 'rtsp://120.205.80.23:30554'
srt: 'srt://120.205.80.23:30556'
flv: 'http://120.205.80.23:30500'
hls: 'http://120.205.80.23:30500'
rtc: 'webrtc://120.205.80.23:30080'
replay: 'https://120.205.80.23:30333'
minio:
endpoint: http://helm-minio:9000
access-key: cmii
secret-key: B#923fC7mk
bucket: live-cluster-hls

154
74-202603-新疆阿克苏地区/k8s-yaml/lite.yaml Normal file
View File

@@ -0,0 +1,154 @@
kind: Deployment
apiVersion: apps/v1
metadata:
name: cmii-uav-platform-lite
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/app-version: 6.2.0
cmii.app: cmii-uav-platform-lite
cmii.type: frontend
octopus.lite: frontend-app-wdd
annotations:
deployment.kubernetes.io/revision: '8'
spec:
replicas: 1
selector:
matchLabels:
cmii.app: cmii-uav-platform-lite
cmii.type: frontend
template:
metadata:
creationTimestamp: null
labels:
cmii.app: cmii-uav-platform-lite
cmii.type: frontend
spec:
volumes:
- name: nginx-conf
configMap:
name: nginx-cm
items:
- key: nginx.conf
path: nginx.conf
defaultMode: 420
- name: tenant-prefix
configMap:
name: tenant-prefix-lite
items:
- key: ingress-config.js
path: ingress-config.js
defaultMode: 420
containers:
- name: cmii-uav-platform-lite
image: 192.168.5.41:8033/cmii/cmii-uav-platform-lite:2.0.0-2026030502-noicp-arm
ports:
- name: platform-9528
containerPort: 9528
protocol: TCP
env:
- name: K8S_NAMESPACE
value: xj-aks-uav-260304
- name: APPLICATION_NAME
value: cmii-uav-platform-lite
resources:
limits:
cpu: '1'
memory: 1Gi
requests:
cpu: 50m
memory: 50Mi
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/conf.d/nginx.conf
subPath: nginx.conf
- name: tenant-prefix
mountPath: /home/cmii-platform/dist/ingress-config.js
subPath: ingress-config.js
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: harborsecret
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
---
kind: Service
apiVersion: v1
metadata:
name: cmii-uav-platform-lite
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/version: 6.2.0
cmii.app: cmii-uav-platform-lite
cmii.type: frontend
octopus.control: frontend-app-wdd
spec:
ports:
- name: web-svc-port
protocol: TCP
port: 9528
targetPort: 9528
selector:
cmii.app: cmii-uav-platform-lite
cmii.type: frontend
type: ClusterIP
sessionAffinity: None
status:
loadBalancer: {}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-lite
namespace: xj-aks-uav-260304
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "",
CloudHOST: "120.205.80.23:8088",
ApplicationShortName: "lite",
AppClientId: "",
Headers: {
ORG_ID: 'pago',
PROJECT_ID: 'prgn'
},
TdtToken: "XXXX"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-cm
namespace: xj-aks-uav-260304
labels:
cmii.type: frontend
data:
nginx.conf: |
server {
listen 9528;
server_name localhost;
gzip on;
location / {
root /home/cmii-platform/dist;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}

247
74-202603-新疆阿克苏地区/k8s-yaml/sky-coverage.yaml Normal file
View File

@@ -0,0 +1,247 @@
kind: Deployment
apiVersion: apps/v1
metadata:
name: cmii-sky-converge
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/app-version: 6.0.0
app.kubernetes.io/managed-by: octopus
cmii.app: cmii-sky-converge
cmii.type: backend
octopus/control: backend-app-1.0.0
spec:
replicas: 1
selector:
matchLabels:
cmii.app: cmii-sky-converge
cmii.type: backend
template:
metadata:
creationTimestamp: null
labels:
cmii.app: cmii-sky-converge
cmii.type: backend
spec:
volumes:
- name: application-k8s
configMap:
name: cmii-sky-converge-cm
items:
- key: application-k8s.yml
path: application-k8s.yml
- key: simAuth.license
path: simAuth.license
defaultMode: 420
- name: nfs-backend-log-volume
persistentVolumeClaim:
claimName: nfs-backend-log-pvc
containers:
- name: cmii-sky-converge
image: 192.168.5.41:8033/cmii/cmii-sky-converge:1.4.0-xa-0303-arm
ports:
- name: pod-port
containerPort: 8080
protocol: TCP
env:
- name: K8S_NAMESPACE
value: xj-aks-uav-260304
- name: APPLICATION_NAME
value: cmii-sky-converge
- name: CUST_JAVA_OPTS
value: '-Xms2000m -Xmx4500m -Dlog4j2.formatMsgNoLookups=true'
- name: NACOS_REGISTRY
value: helm-nacos:8848
- name: NACOS_DISCOVERY_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: NACOS_DISCOVERY_PORT
value: '8080'
- name: BIZ_CONFIG_GROUP
value: 5.7.0
- name: SYS_CONFIG_GROUP
value: 5.7.0
- name: IMAGE_VERSION
value: 5.7.0
- name: NACOS_USERNAME
value: developer
- name: NACOS_PASSWORD
value: Deve@9128201
- name: SPRING_PROFILES_ACTIVE
value: k8s,db,cache,message
resources:
limits:
cpu: '4'
memory: 6Gi
requests:
cpu: '4'
memory: 2Gi
volumeMounts:
- name: application-k8s
mountPath: /cmii/config/application-k8s.yml
subPath: application-k8s.yml
- name: application-k8s
mountPath: /cmii/config/simAuth.license
subPath: simAuth.license
- name: nfs-backend-log-volume
mountPath: /cmii/logs
subPath: uavcloud-devflight/cmii-sky-converge
livenessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
startupProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 3
periodSeconds: 20
successThreshold: 1
failureThreshold: 5
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: harborsecret
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: uavcloud.env
operator: In
values:
- yuansong
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
---
kind: Service
apiVersion: v1
metadata:
name: cmii-sky-converge
namespace: xj-aks-uav-260304
labels:
app.kubernetes.io/app-version: 6.0.0
app.kubernetes.io/managed-by: octopus
cmii.app: cmii-sky-converge
cmii.type: backend
octopus/control: backend-app-1.0.0
spec:
ports:
- name: backend-tcp
protocol: TCP
port: 8080
targetPort: 8080
selector:
cmii.app: cmii-sky-converge
cmii.type: backend
type: ClusterIP
---
kind: ConfigMap
apiVersion: v1
metadata:
name: cmii-sky-converge-cm
namespace: xj-aks-uav-260304
data:
application-k8s.yml: |
converge:
####################下面部分为中间件对应配置,需要确认!!!#######################
############使用k8s部署的中间件可以直接用k8s里面的服务名#################
db:
ip: helm-mysql
port: 3306
username: k8s_admin
password: fP#UaH6qQ3)8
mqtt:
ip: helm-emqxs
port: 1883 # mqtt内部1883端口
username: cmlc
password: odD8#Ve7.B
rabbitmq:
ip: helm-rabbitmq
port: 5672
username: admin
password: nYcRN91r._hj
redis:
ip: helm-redis-master
port: 6379
password: Mcache@4522
influxdb:
ip: helm-influxdb #influxdb宿主机的内部ip
port: 8086 #influxdb宿主机的端口如果docker compose文件没有改动则默认不变
token: YunnHJASAAdj23rasQAWd621erGAS82kaqj
org: cmii
bucket: cmii
minio:
ip: helm-minio # minio服务的宿主机ip
port: 9000
access-key: cmii # minio的访问key
secret-key: B#923fC7mk # minio访问secret
#######################下面部分是业务服务需要的配置,需要确认!!!#######################
center:
address: http://cmii-fly-center:8080 # cmii-fly-center服务部署的容器宿主机ip地址和暴露的端口
stream:
endpoint: http://192.168.5.141:8088 #平台地址端口
buckets:
live-srs-hls: ilm-detect
storage:
endpoint: http://120.205.80.23:8088/converge # cmii-sky-converge服务的公网请求地址需要匹配到all-gateways-ingress里面converge服务的根路径
live:
merge:
tmp: /tmp/ffmpeg/
expired: 10
sms:
mas:
enable: false #内网部署改为false
host: http://XXX:XXX/sms/tmpsubmit
ecName: XXX科技有限公司
apId: notice
secretKey: notice@123
sign: ynYl2Vpl7
templateId: e4dc71ddd5c24d25b24daa01e969e24
expire: 3
limit:
minute: 5
hour: 15
day: 30
sim:
# true = 启用, false = 不启用
enable: false
###固定k8s里面挂载路径
licensePath: /cmii/config/simAuth.license
# 测试环境https://ptest.cmccsim.com:9090, 生产环境https://certplat.cmccsim.com
host: https://ptest.cmccsim.com:9090
callbackUrl: http://120.205.80.23:8088/converge
simAuth.license: >
BOOedo/TVLbYLdKyGkFYEAljoncjd2+mKkwARpNkb0Q8D0QaZbOnCjJdMj0kUtHVRJ03CYujyVJZ8Xc1JvBTujSFgBvNwXWJN2E35TZYGUYx4uZW7WZJ9ajp3pi9Q4V9JLA4qdyd/Zaz0/T+mqaXzW0l18jA9VL25fB0tkzQYpySql76V9QAowpuVcklItcNZ8YWwK4lbPjaygBhZVNqdhbJQwqLG7io2X0QV11T5yhbu8SXCag0hoX6s93IBz0k4Aze2TZvpJ25o/NuMptWKviddrVNpVAIwT/L9kLNVkBT8T0xysX6Ku+9aLKUlLrGw4lhAHM5iHp82jduw7L9jc878ZZgOoUALLaw9axnVdnf3XfhZ75/uhx4mZ+JnNS2aNH18mVR53CGT3jxY0y1RA64e2zhMhFr/KNxVGIuZl/iAr1EGI85QWrnYGsLNbilCFlZyDzcH8tK4hDvmMtUe1xCEUF6oO9nwr+YDHGBSM1ifXLJZrvwuDI7Zim+h6pUqctWhtf6eyfyF17iBrzzt6lmSjkQtZ1kRVUxRni68/FPH9YJBKQhJItAk2h1OaUBB1Lt5vfu8OYi5S+onTmesvlIuUk7USBIFbt4kVhUpgGtV+WyddcjH6BJo3NPqCYcObR4KeLmQ/bHmN/xyVT3HMed8VhiVv0U8EuTINJxmXh+nDVmeDEUa4qYtPRGArSsGF2KGbnOOqwkyk1D/o81Zxb8Kklxn3I/CK1EM63HZLY4hGm52oRsNDjbJPFFFUdTqyQw7igHdwJYJbgxqycCAh1f8zioVVziOXwHxV85poIpVG7pP0LWrYttW1e2WdrSI4WUO1X4krfPu+7WxYHj4Cs4aTflYM9F+KVqbw6bVlg5PIPRiIy6eMRqzvl53y9eesd7eqUNgRnM13PmRDJPe6sw5BnaPn1eHBk7Mh+CAsdRnq8V0t9NkRK2aNfJFNo/PPjahDlw9DHMnJW3QGgZNR3LqFKQxDQIpR7xwgsYX5CmZo3gaBHbTx1EozCagco1tGHrRaDlJNjAYKjnus0huujI0dh+w/ybkWoN4jPQiMWx5O/oem62ga5NbHd5wS/A5e9UKfNZef1NYJyiWRYNINXr3lUl0835rb38q6+5tBKZnrJq1GZ8n2IEuw8L1YcbvtuSDBlHYGSDQ6yD5sL/qv73sXjL2jwtu+QllQt6jhFw5VUKIFRhCjuTeLbrzmcOO2TwCVZb89QPW5rGNA5sO99qormwqNkwXzsKXNx6r9B2rQ6WUdP05r1ti0YAShBdfC1CPhpt2yuKIFO3eh8J6fWjHygBX2kYq+zdb4w39d77gBayQX5lIw4MY0Dcqbyw/MvqcnXj47EUmQ+xIxkaL76C4nbN7GuMQs1rpJ4eox9qqyBeKbVGo/7/aqP6vMXl0BsPWLV5Z2jCy0HzgyBMy4mU1Q==

242
74-202603-新疆阿克苏地区/rke-13014-cluster.yml Normal file
View File

@@ -0,0 +1,242 @@
nodes:
- address: 192.168.5.41
user: root
role:
- controlplane
- etcd
- worker
internal_address: 192.168.5.41
hostname_override: "0-master-192.168.5.41"
labels:
ingress-deploy: true
- address: 192.168.5.207
user: root
role:
- worker
internal_address: 192.168.5.207
hostname_override: "1-worker-192.168.5.207"
labels:
ingress-deploy: true
uavcloud.env: yuansong
- address: 192.168.5.141
user: root
role:
- worker
internal_address: 192.168.5.141
hostname_override: "3-storage-192.168.5.141"
labels:
minio-deploy: true
- address: 192.168.5.195
user: root
role:
- worker
internal_address: 192.168.5.195
hostname_override: "2-mysql-192.168.5.207"
labels:
mysql-deploy: true
authentication:
strategy: x509
sans:
- "192.168.5.41"
private_registries:
- url: 192.168.5.41:8033 # 私有镜像库地址
user: admin
password: "V2ryStr@ngPss"
is_default: true
##############################################################################
# 默认值为false如果设置为true当发现不支持的Docker版本时RKE不会报错
ignore_docker_version: true
# Set the name of the Kubernetes cluster
cluster_name: rke-cluster
kubernetes_version: v1.30.14-rancher1-1
ssh_key_path: /root/.ssh/id_ed25519
# Enable running cri-dockerd
# Up to Kubernetes 1.23, kubelet contained code called dockershim
# to support Docker runtime. The replacement is called cri-dockerd
# and should be enabled if you want to keep using Docker as your
# container runtime
# Only available to enable in Kubernetes 1.21 and higher
enable_cri_dockerd: true
services:
etcd:
backup_config:
enabled: false
interval_hours: 72
retention: 3
safe_timestamp: false
timeout: 300
creation: 12h
extra_args:
election-timeout: 5000
heartbeat-interval: 500
cipher-suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
gid: 0
retention: 72h
snapshot: false
uid: 0
kube-api:
# IP range for any services created on Kubernetes
# This must match the service_cluster_ip_range in kube-controller
service_cluster_ip_range: 10.74.0.0/16
# Expose a different port range for NodePort services
service_node_port_range: 30000-40000
always_pull_images: false
pod_security_policy: false
# Add additional arguments to the kubernetes API server
# This WILL OVERRIDE any existing defaults
extra_args:
# Enable audit log to stdout
audit-log-path: "-"
# Increase number of delete workers
delete-collection-workers: 3
# Set the level of log output to warning-level
v: 1
kube-controller:
# CIDR pool used to assign IP addresses to pods in the cluster
cluster_cidr: 10.96.0.0/16
# IP range for any services created on Kubernetes
# This must match the service_cluster_ip_range in kube-api
service_cluster_ip_range: 10.74.0.0/16
# Add additional arguments to the kubernetes API server
# This WILL OVERRIDE any existing defaults
extra_args:
# Set the level of log output to debug-level
v: 1
# Enable RotateKubeletServerCertificate feature gate
feature-gates: RotateKubeletServerCertificate=true
# Enable TLS Certificates management
# https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/
cluster-signing-cert-file: "/etc/kubernetes/ssl/kube-ca.pem"
cluster-signing-key-file: "/etc/kubernetes/ssl/kube-ca-key.pem"
kubelet:
# Base domain for the cluster
cluster_domain: cluster.local
# IP address for the DNS service endpoint
cluster_dns_server: 10.74.0.10
# Fail if swap is on
fail_swap_on: false
# Set max pods to 250 instead of default 110
extra_binds:
- "/data/minio-pv:/hostStorage" # 不要修改 为minio的pv添加
extra_args:
max-pods: 122
# Optionally define additional volume binds to a service
scheduler:
extra_args:
# Set the level of log output to warning-level
v: 0
tls-cipher-suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
kubeproxy:
extra_args:
# Set the level of log output to warning-level
v: 1
authorization:
mode: rbac
addon_job_timeout: 30
# Specify network plugin-in (canal, calico, flannel, weave, or none)
network:
mtu: 1440
options:
flannel_backend_type: vxlan
plugin: calico
tolerations:
- key: "node.kubernetes.io/unreachable"
operator: "Exists"
effect: "NoExecute"
tolerationseconds: 300
- key: "node.kubernetes.io/not-ready"
operator: "Exists"
effect: "NoExecute"
tolerationseconds: 300
# Specify DNS provider (coredns or kube-dns)
dns:
provider: coredns
nodelocal: {}
# Available as of v1.1.0
update_strategy:
strategy: RollingUpdate
rollingUpdate:
maxUnavailable: 20%
maxSurge: 15%
linear_autoscaler_params:
cores_per_replica: 0.34
nodes_per_replica: 4
prevent_single_point_failure: true
min: 2
max: 3
tolerations:
- key: "node.kubernetes.io/unreachable"
operator: "Exists"
effect: "NoExecute"
tolerationseconds: 300
- key: "node.kubernetes.io/not-ready"
operator: "Exists"
effect: "NoExecute"
tolerationseconds: 300
# Specify monitoring provider (metrics-server)
monitoring:
provider: metrics-server
# Available as of v1.1.0
update_strategy:
strategy: RollingUpdate
rollingUpdate:
maxUnavailable: 8
ingress:
provider: nginx
default_backend: true
http_port: 30500
https_port: 31500
extra_envs:
- name: TZ
value: Asia/Shanghai
node_selector:
ingress-deploy: true
options:
use-forwarded-headers: "true"
access-log-path: /var/log/nginx/access.log
client-body-timeout: '6000'
compute-full-forwarded-for: 'true'
enable-underscores-in-headers: 'true'
log-format-escape-json: 'true'
log-format-upstream: >-
{ "msec": "$msec", "connection": "$connection", "connection_requests":
"$connection_requests", "pid": "$pid", "request_id": "$request_id",
"request_length": "$request_length", "remote_addr": "$remote_addr",
"remote_user": "$remote_user", "remote_port": "$remote_port",
"http_x_forwarded_for": "$http_x_forwarded_for", "time_local":
"$time_local", "time_iso8601": "$time_iso8601", "request": "$request",
"request_uri": "$request_uri", "args": "$args", "status": "$status",
"body_bytes_sent": "$body_bytes_sent", "bytes_sent": "$bytes_sent",
"http_referer": "$http_referer", "http_user_agent": "$http_user_agent",
"http_host": "$http_host", "server_name": "$server_name", "request_time":
"$request_time", "upstream": "$upstream_addr", "upstream_connect_time":
"$upstream_connect_time", "upstream_header_time": "$upstream_header_time",
"upstream_response_time": "$upstream_response_time",
"upstream_response_length": "$upstream_response_length",
"upstream_cache_status": "$upstream_cache_status", "ssl_protocol":
"$ssl_protocol", "ssl_cipher": "$ssl_cipher", "scheme": "$scheme",
"request_method": "$request_method", "server_protocol": "$server_protocol",
"pipe": "$pipe", "gzip_ratio": "$gzip_ratio", "http_cf_ray": "$http_cf_ray",
"geoip_country_code": "$geoip_country_code" }
proxy-body-size: 5120m
proxy-read-timeout: '6000'
proxy-send-timeout: '6000'

33
80-202603-山东潍坊滨海GA/app-images-szga-5.6.0.txt Normal file
View File

@@ -0,0 +1,33 @@
harbor.cdcyy.com.cn/cmii/cmii-admin-data:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-admin-gateway:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-admin-user:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-open-gateway:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-suav-supervision:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-airspace:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-alarm:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-cloud-live:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-data-post-process:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-developer:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-device:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-emergency:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-gateway:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-gis-server:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-industrial-portfolio:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-integration:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-logger:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-material-warehouse:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-mission:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-mqtthandler:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-notice:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-oauth:5.6.0-ccga-0811-arm1
harbor.cdcyy.com.cn/cmii/cmii-uav-platform:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-platform-media:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-platform-mws:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-platform-oms:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-platform-open:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-platform-pilot2-to-cloud:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-platform-share:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-process:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-surveillance:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-user:5.6.0-ccga-0811-arm
harbor.cdcyy.com.cn/cmii/cmii-uav-waypoint:5.6.0-ccga-0811-arm

290
80-202603-山东潍坊滨海GA/barch.txt Normal file
View File

@@ -0,0 +1,290 @@
Pod: cleanlog-1774483200-8w9sr
harbor.cdcyy.com.cn/rancher/busybox:latest
Pod: cmii-admin-data-56b5976f4c-4q59n
harbor.cdcyy.com.cn/cmii/cmii-admin-data:5.6.0-szga-110601
GIT_BRANCH=customize/master-5.6.0-szga
GIT_COMMIT=5e0c5258db884bd81c0e1546bda74efe48bd7d78
Pod: cmii-admin-data-56b5976f4c-b62bs
harbor.cdcyy.com.cn/cmii/cmii-admin-data:5.6.0-szga-110601
GIT_BRANCH=customize/master-5.6.0-szga
GIT_COMMIT=5e0c5258db884bd81c0e1546bda74efe48bd7d78
Pod: cmii-admin-gateway-7c87d685c5-47wz2
harbor.cdcyy.com.cn/cmii/cmii-admin-gateway:master-5.6.0-szns-0409
GIT_BRANCH=master-5.6.0-szns
GIT_COMMIT=9166f3d6f6c328b97184f8f3e717b6ce36f89387
Pod: cmii-admin-gateway-7c87d685c5-ln7rv
harbor.cdcyy.com.cn/cmii/cmii-admin-gateway:master-5.6.0-szns-0409
GIT_BRANCH=master-5.6.0-szns
GIT_COMMIT=9166f3d6f6c328b97184f8f3e717b6ce36f89387
Pod: cmii-admin-user-6cbdd797d4-ltkp6
harbor.cdcyy.com.cn/cmii/cmii-admin-user:5.6.0-szns-0409
GIT_BRANCH=master-5.6.0-szns
GIT_COMMIT=7a0d1b6c69a39e17f189a9fcb8e79220c3e07eed
Pod: cmii-admin-user-6cbdd797d4-wz4nc
harbor.cdcyy.com.cn/cmii/cmii-admin-user:5.6.0-szns-0409
GIT_BRANCH=master-5.6.0-szns
GIT_COMMIT=7a0d1b6c69a39e17f189a9fcb8e79220c3e07eed
Pod: cmii-open-gateway-54c44b5bc6-9ndz8
harbor.cdcyy.com.cn/cmii/cmii-open-gateway:5.6.0-szns-0409
GIT_BRANCH=master-5.6.0-szns
GIT_COMMIT=d1b37362f4ac7bdc0e01cbbdc233870437424da6
Pod: cmii-uav-airspace-d59df7459-6xtfd
harbor.cdcyy.com.cn/cmii/cmii-uav-airspace:5.7.0-szga-110701
GIT_BRANCH=master
GIT_COMMIT=c0f6264e849a670c5f6fe385f48c85492ac7ab06
Pod: cmii-uav-alarm-764dd8dd84-x8qjc
harbor.cdcyy.com.cn/cmii/cmii-uav-alarm:5.7.0-szga-101401
GIT_BRANCH=master
GIT_COMMIT=8b12871d862ab06684432452fdfc3bf2ba00cccb
Pod: cmii-uav-cloud-live-59d76b4bbf-jb7wj
harbor.cdcyy.com.cn/cmii/cmii-uav-cloud-live:6.2.0-szga-20260121
GIT_BRANCH=hotfix/szga
GIT_COMMIT=4e24cdaf626e0efc2d08000324f84aa4ca90a1b3
Pod: cmii-uav-cloud-live-59d76b4bbf-sgk5x
harbor.cdcyy.com.cn/cmii/cmii-uav-cloud-live:6.2.0-szga-20260121
GIT_BRANCH=hotfix/szga
GIT_COMMIT=4e24cdaf626e0efc2d08000324f84aa4ca90a1b3
Pod: cmii-uav-data-post-process-54d6dcb58f-575j6
harbor.cdcyy.com.cn/cmii/cmii-uav-data-post-process:5.6.0-szns-0409
GIT_BRANCH=master-5.6.0-szns
GIT_COMMIT=b74e3e318b298954c178f4770a9c5d58dda723a4
Pod: cmii-uav-data-post-process-54d6dcb58f-z852t
harbor.cdcyy.com.cn/cmii/cmii-uav-data-post-process:5.6.0-szns-0409
GIT_BRANCH=master-5.6.0-szns
GIT_COMMIT=b74e3e318b298954c178f4770a9c5d58dda723a4
Pod: cmii-uav-developer-68cd7b8c94-s7bnj
harbor.cdcyy.com.cn/cmii/cmii-uav-developer:5.7.0-szga-062001
GIT_BRANCH=hotfix/master-27300
GIT_COMMIT=cc67d88f798556bff859ad95cb3bef83030bd650
Pod: cmii-uav-developer-68cd7b8c94-xq6pt
harbor.cdcyy.com.cn/cmii/cmii-uav-developer:5.7.0-szga-062001
GIT_BRANCH=hotfix/master-27300
GIT_COMMIT=cc67d88f798556bff859ad95cb3bef83030bd650
Pod: cmii-uav-device-7f446f48ff-f5pdd
harbor.cdcyy.com.cn/cmii/cmii-uav-device:5.7.0-szga-031702
GIT_BRANCH=hotfix/szga-6.1.0
GIT_COMMIT=d7f8619fd6d9b2de2e20f9549d64670bcc6b28da
Pod: cmii-uav-device-7f446f48ff-kf2bm
harbor.cdcyy.com.cn/cmii/cmii-uav-device:5.7.0-szga-031702
GIT_BRANCH=hotfix/szga-6.1.0
GIT_COMMIT=d7f8619fd6d9b2de2e20f9549d64670bcc6b28da
Pod: cmii-uav-emergency-67bbcf54f4-hmhsc
harbor.cdcyy.com.cn/cmii/cmii-uav-emergency:5.6.0-szns-0409
GIT_BRANCH=master-5.6.0-szns
GIT_COMMIT=04fea01485b17dc8dc3fb64edc4f38d60be522dc
Pod: cmii-uav-gateway-8b9bb958-klz7p
harbor.cdcyy.com.cn/cmii/cmii-uav-gateway:5.6.0-szns-0409
GIT_BRANCH=master-5.6.0-szns
GIT_COMMIT=7725f546b0f5602bb6ac993b406cf8343a81cbad
Pod: cmii-uav-gateway-8b9bb958-v99k2
harbor.cdcyy.com.cn/cmii/cmii-uav-gateway:5.6.0-szns-0409
GIT_BRANCH=master-5.6.0-szns
GIT_COMMIT=7725f546b0f5602bb6ac993b406cf8343a81cbad
Pod: cmii-uav-gis-server-8557c6f469-79bcm
harbor.cdcyy.com.cn/cmii/cmii-uav-gis-server:6.1.0
GIT_BRANCH=master
GIT_COMMIT=ca0da9c4490e4fc654aa4737785711f465391ff0
Pod: cmii-uav-gis-server-8557c6f469-ctwh5
harbor.cdcyy.com.cn/cmii/cmii-uav-gis-server:6.1.0
GIT_BRANCH=master
GIT_COMMIT=ca0da9c4490e4fc654aa4737785711f465391ff0
Pod: cmii-uav-industrial-portfolio-7966d84d79-kjbh2
harbor.cdcyy.com.cn/cmii/cmii-uav-industrial-portfolio:5.7.0-szga-031602
GIT_BRANCH=hotfix/master-5.4.0-27300-0617
GIT_COMMIT=5493edbb39a97234399b66f717669abd07ff2a03
Pod: cmii-uav-industrial-portfolio-7966d84d79-ms8dn
harbor.cdcyy.com.cn/cmii/cmii-uav-industrial-portfolio:5.7.0-szga-031602
GIT_BRANCH=hotfix/master-5.4.0-27300-0617
GIT_COMMIT=5493edbb39a97234399b66f717669abd07ff2a03
Pod: cmii-uav-integration-679f46cc-8xl88
harbor.cdcyy.com.cn/cmii/cmii-uav-integration:6.3.0-szga-092901
GIT_BRANCH=feature/szga-6.3.0-merge-36027
GIT_COMMIT=7b5e4d0dedf262295962decf4c67bd2374ddecdf
Pod: cmii-uav-integration-679f46cc-lwclr
harbor.cdcyy.com.cn/cmii/cmii-uav-integration:6.3.0-szga-092901
GIT_BRANCH=feature/szga-6.3.0-merge-36027
GIT_COMMIT=7b5e4d0dedf262295962decf4c67bd2374ddecdf
Pod: cmii-uav-logger-5b65c864bb-mwpm9
harbor.cdcyy.com.cn/cmii/cmii-uav-logger:5.7.0-szga-0922
GIT_BRANCH=feature/UAVCLOUD-36872
GIT_COMMIT=b376a537e1dcad4236e9463dcb4ce5db3eb567d0
Pod: cmii-uav-logger-5b65c864bb-xspsf
harbor.cdcyy.com.cn/cmii/cmii-uav-logger:5.7.0-szga-0922
GIT_BRANCH=feature/UAVCLOUD-36872
GIT_COMMIT=b376a537e1dcad4236e9463dcb4ce5db3eb567d0
Pod: cmii-uav-material-warehouse-6fd57487d7-kjqj5
harbor.cdcyy.com.cn/cmii/cmii-uav-material-warehouse:5.6.0-szns-0409
GIT_BRANCH=hotfix/UAVCLOUD-32124
GIT_COMMIT=9f90d5227beab2c1e850613d8ab55d089f5c5ca3
Pod: cmii-uav-material-warehouse-6fd57487d7-t9hst
harbor.cdcyy.com.cn/cmii/cmii-uav-material-warehouse:5.6.0-szns-0409
GIT_BRANCH=hotfix/UAVCLOUD-32124
GIT_COMMIT=9f90d5227beab2c1e850613d8ab55d089f5c5ca3
Pod: cmii-uav-mission-76b5f89875-hb6b9
harbor.cdcyy.com.cn/cmii/cmii-uav-mission:5.7.0-szga-032001
GIT_BRANCH=feature/szga-6.3.0
GIT_COMMIT=86b92dbfa0870d12abddd01f9fbaa493b0ece2a4
Pod: cmii-uav-mission-76b5f89875-s4l9d
harbor.cdcyy.com.cn/cmii/cmii-uav-mission:5.7.0-szga-032001
GIT_BRANCH=feature/szga-6.3.0
GIT_COMMIT=86b92dbfa0870d12abddd01f9fbaa493b0ece2a4
Pod: cmii-uav-mqtthandler-bbfc6b457-gp7lj
harbor.cdcyy.com.cn/cmii/cmii-uav-mqtthandler:6.3.0-szga-020401
GIT_BRANCH=feature/szga-6.3.0
GIT_COMMIT=b5927672f0eb1e536ce8b07cd1213eef617d0160
Pod: cmii-uav-mqtthandler-bbfc6b457-wm85z
harbor.cdcyy.com.cn/cmii/cmii-uav-mqtthandler:6.3.0-szga-020401
GIT_BRANCH=feature/szga-6.3.0
GIT_COMMIT=b5927672f0eb1e536ce8b07cd1213eef617d0160
Pod: cmii-uav-notice-d5dd897f8-5f7dx
harbor.cdcyy.com.cn/cmii/cmii-uav-notice:6.2.0-szga-20250618
GIT_BRANCH=feature/UAVCLOUD-36872
GIT_COMMIT=15b7d8ebb26101094dd13cf8fd1e108e717cffe3
Pod: cmii-uav-notice-d5dd897f8-d25zl
harbor.cdcyy.com.cn/cmii/cmii-uav-notice:6.2.0-szga-20250618
GIT_BRANCH=feature/UAVCLOUD-36872
GIT_COMMIT=15b7d8ebb26101094dd13cf8fd1e108e717cffe3
## harbor.cdcyy.com.cn/cmii/cmii-uav-oauth:6.2.0-szga-26033002-arm
Pod: cmii-uav-oauth-d5c898b84-bxdml
harbor.cdcyy.com.cn/cmii/cmii-uav-oauth:szga-2025061701
GIT_BRANCH=feature/UAVCLOUD-36872
GIT_COMMIT=52e9851fd0b5115b82f5e2e9c58da8818ef5e7b6
Pod: cmii-uav-oauth-d5c898b84-s8t4x
harbor.cdcyy.com.cn/cmii/cmii-uav-oauth:szga-2025061701
GIT_BRANCH=feature/UAVCLOUD-36872
GIT_COMMIT=52e9851fd0b5115b82f5e2e9c58da8818ef5e7b6
Pod: cmii-uav-platform-86765f6b5-fkd6t
harbor.cdcyy.com.cn/cmii/cmii-uav-platform:5.7.0-32124second-2026032301
GIT_BRANCH=customize/UAVCLOUD-32124-second
GIT_COMMIT=8b83cf06f9e465f279e0b35e5059c11c74b09367
Pod: cmii-uav-platform-media-76c6d6c5f-n9sq2
harbor.cdcyy.com.cn/cmii/cmii-uav-platform-media:5.6.0-szns-0409
GIT_BRANCH=feature/UAVCLOUD-31994
GIT_COMMIT=abe85c11aea1ba9c2cc4ade68dcd09dce1a67c1c
Pod: cmii-uav-platform-mws-58ddc6f484-tfdsk
harbor.cdcyy.com.cn/cmii/cmii-uav-platform-mws:5.7.0
GIT_BRANCH=master
GIT_COMMIT=3e1ed660a7b7a294f09cccf8dc0a9f6dfb8ac2dc
Pod: cmii-uav-platform-oms-547d8569f9-wxfd9
harbor.cdcyy.com.cn/cmii/cmii-uav-platform-oms:5.7.0-32124-070901
GIT_BRANCH=customize/UAVCLOUD-32124-security
GIT_COMMIT=2ffe870d0e89dd930313bd535a7ec8a54fee3ddf
Pod: cmii-uav-platform-open-6d7d5d6cd5-6wllg
harbor.cdcyy.com.cn/cmii/cmii-uav-platform-open:5.6.0-szns-0409
GIT_BRANCH=master-5.6.0-szns
GIT_COMMIT=654f13095bd614fb823aba4534410fba8ace36bf
Pod: cmii-uav-platform-pilot2-to-cloud-7d8b9bb684-9r2kn
harbor.cdcyy.com.cn/cmii/cmii-uav-platform-pilot2-to-cloud:1.0.0-2025103001-szga
GIT_BRANCH=customize/UAVCLOUD-32124-szga
GIT_COMMIT=f38f3dcde89be2c95da090f13147e8e3741ccf44
Pod: cmii-uav-platform-share-84cf6c6794-ksbf9
harbor.cdcyy.com.cn/cmii/cmii-uav-platform-share:5.6.0-szns-0409
GIT_BRANCH=customize-SZ/UAVCLOUD-29780-SZGA
GIT_COMMIT=2478575f60a121ee0b11b5c803031b7acde9f835
Pod: cmii-uav-process-78c747d658-7nbgs
harbor.cdcyy.com.cn/cmii/cmii-uav-process:5.6.0-szns-0409
GIT_BRANCH=master-5.6.0-szns
GIT_COMMIT=5b6559f9b691e4856bcdef14365d24fac7b72ef5
Pod: cmii-uav-process-78c747d658-k8qwg
harbor.cdcyy.com.cn/cmii/cmii-uav-process:5.6.0-szns-0409
GIT_BRANCH=master-5.6.0-szns
GIT_COMMIT=5b6559f9b691e4856bcdef14365d24fac7b72ef5
Pod: cmii-uav-surveillance-56f89d5c5f-9mfgz
harbor.cdcyy.com.cn/cmii/cmii-uav-surveillance:6.3.0-0323
GIT_BRANCH=feature/szga-6.3.0
GIT_COMMIT=de92c9cad6c8f48eea11df996bfa6b766beb0644
Pod: cmii-uav-surveillance-56f89d5c5f-x5fsd
harbor.cdcyy.com.cn/cmii/cmii-uav-surveillance:6.3.0-0323
GIT_BRANCH=feature/szga-6.3.0
GIT_COMMIT=de92c9cad6c8f48eea11df996bfa6b766beb0644
Pod: cmii-uav-tsmpf-68ffd49cbb-9q2vk
harbor.cdcyy.com.cn/cmii/ts2mp4_docker_image:v2.0.1
Pod: cmii-uav-user-648d5577bf-cs2fj
harbor.cdcyy.com.cn/cmii/cmii-uav-user:5.7.0-szga-20251223
GIT_BRANCH=feature/szga-5.7.1
GIT_COMMIT=c550fd4baee29917932337a84c2ca07873089ecd
Pod: cmii-uav-user-648d5577bf-mlnkr
harbor.cdcyy.com.cn/cmii/cmii-uav-user:5.7.0-szga-20251223
GIT_BRANCH=feature/szga-5.7.1
GIT_COMMIT=c550fd4baee29917932337a84c2ca07873089ecd
Pod: cmii-uav-waypoint-7f5dcbd7-bgjfw
harbor.cdcyy.com.cn/cmii/cmii-uav-waypoint:5.7.0-szga-032001
GIT_BRANCH=feature/szga-6.3.0
GIT_COMMIT=ada607c4511fa21c885e76850608a1eed1b71ce4
Pod: cmii-uav-waypoint-7f5dcbd7-xh6dc
harbor.cdcyy.com.cn/cmii/cmii-uav-waypoint:5.7.0-szga-032001
GIT_BRANCH=feature/szga-6.3.0
GIT_COMMIT=ada607c4511fa21c885e76850608a1eed1b71ce4
Pod: helm-emqx-0
harbor.cdcyy.com.cn/cmii/emqx:5.5.1
Pod: helm-mongo-new-0
harbor.cdcyy.com.cn/cmii/mongo:5.0
Pod: helm-nacos-0
harbor.cdcyy.com.cn/cmii/nacos-server:v2.1.2-slim
Pod: helm-rabbitmqs-0
harbor.cdcyy.com.cn/cmii/rabbitmq:3.11.26-debian-11-r2
Pod: nfs-client-provisioner-66d59fd46b-zhsqf
harbor.cdcyy.com.cn/cmii/nfs-subdir-external-provisioner:v4.0.2
Pod: nfs-client-provisioner-new-746969ff65-cwczw
harbor.cdcyy.com.cn/cmii/nfs-subdir-external-provisioner:v4.0.2

BIN
80-202603-山东潍坊滨海GA/nacos.zip Normal file
View File

Binary file not shown.

BIN
80-202603-山东潍坊滨海GA/nginx-config-szga20260330.tar Normal file
View File

Binary file not shown.

68
80-202603-山东潍坊滨海GA/nginx-config-szga20260330/conf.d/minio.9100.conf Normal file
View File

@@ -0,0 +1,68 @@
upstream minio_s3 {
least_conn;
server 44.35.57.53:9000;
server 44.35.57.53:9100;
server 44.35.57.54:9000;
server 44.35.57.54:9100;
}
upstream minio_console {
least_conn;
server 44.35.57.53:9090;
server 44.35.57.53:9190;
server 44.35.57.54:9090;
server 44.35.57.54:9190;
}
server {
listen 9100;
listen [::]:9100;
server_name _;
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://minio_s3;
}
}
server {
listen 9190;
listen [::]:9190;
server_name _;
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
chunked_transfer_encoding off;
proxy_pass http://minio_console/;
}
}

31
80-202603-山东潍坊滨海GA/nginx-config-szga20260330/conf.d/nginx-offline-map.conf Normal file
View File

@@ -0,0 +1,31 @@
server {
listen 8889;
server_name szga.cmlc.io;
#允许跨域请求的域,*代表所有
add_header 'Access-Control-Allow-Origin' *;
#允许带上cookie请求
add_header 'Access-Control-Allow-Credentials' 'true';
#允许请求的方法,比如 GET/POST/PUT/DELETE
add_header 'Access-Control-Allow-Methods' *;
#允许请求的header
add_header 'Access-Control-Allow-Headers' *;
location /electronic {
root /root/offline_map/;
autoindex on;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET,POST';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
}
location /satellite {
root /data/map/;
autoindex on;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET,POST';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
}
# http://20.4.13.81:8889/electronic/{z}/{x}/{y}.png
# http://20.4.13.81:8889/satellite/{z}/{x}/{y}.png
}

86
80-202603-山东潍坊滨海GA/nginx-config-szga20260330/conf.d/real-public-nginx.conf Normal file
View File

@@ -0,0 +1,86 @@
upstream cc_server {
ip_hash;
server 44.35.57.22:30500;
server 44.35.57.23:30500;
server 44.35.57.24:30500;
server 44.35.57.107:30500;
server 44.35.57.34:30500;
}
server {
listen 8088;
server_name szga.cmlc.io;
location / {
proxy_pass http://cc_server;
client_max_body_size 5120m;
client_body_buffer_size 5120m;
client_body_timeout 6000s;
proxy_send_timeout 10000s;
proxy_read_timeout 10000s;
proxy_connect_timeout 600s;
proxy_max_temp_file_size 5120m;
proxy_request_buffering on;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 12k;
proxy_set_header Host szga.fakedomain.io;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /pilot2cloud/ {
proxy_pass http://44.35.57.22:39885/;
add_header Cache-Control "no-cache";
client_max_body_size 5120m;
client_body_buffer_size 5120m;
client_body_timeout 6000s;
proxy_send_timeout 10000s;
proxy_read_timeout 10000s;
proxy_connect_timeout 600s;
proxy_max_temp_file_size 5120m;
proxy_request_buffering on;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 12k;
proxy_set_header Host szga.fakedomain.io;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# location /rtc/v1/ {
# add_header Access-Control-Allow-Headers X-Requested-With;
# add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
# proxy_pass http://127.0.0.1:30985/rtc/v1/;
#}
location /index/api/webrtc {
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_pass http://44.35.57.25:8084/index/api/webrtc;
}
location /index/api/whip {
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_pass http://44.35.57.25:8084/index/api/whip;
}
location /zlm/flv/ {
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_pass http://44.35.57.25:8084/;
}
location /zlm/ {
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_pass http://44.35.57.25:8084/zlm/;
}
location ~ ^/.*/(actuator|swagger-resources|api-docs|env|ping|health)(/|$) {
return 403;
}
}

38
80-202603-山东潍坊滨海GA/nginx-config-szga20260330/conf.d/stream/rtmp.31935.conf Normal file
View File

@@ -0,0 +1,38 @@
server {
listen 31935;
proxy_pass 44.35.57.25:31935;
}
server {
listen 554;
proxy_pass 44.35.57.25:554;
}
server {
listen 30556 udp;
proxy_pass 44.35.57.25:30556;
}
server {
listen 30090 udp;
proxy_pass 44.35.57.25:30090;
}
server {
listen 30090;
proxy_pass 44.35.57.25:30090;
}
server {
listen 31883;
proxy_pass 44.35.57.107:31883;
}
server {
listen 38083;
proxy_pass 44.35.57.107:38083;
}
#server {
# listen 39090;
# proxy_pass 44.35.57.34:39090;
#}
#server {
# listen 39010;
# proxy_pass 44.35.57.34:39010;
#}

30
80-202603-山东潍坊滨海GA/nginx-config-szga20260330/conf.d/web-rtc-30080.conf Normal file
View File

@@ -0,0 +1,30 @@
server {
listen 30080;
location / {
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_pass http://127.0.0.1:31080;
}
location /rtc/v1/ {
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_pass http://127.0.0.1:30985/rtc/v1/;
}
location /index/api/webrtc {
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_pass http://172.28.3.225:8084/index/api/webrtc;
}
location /live/ {
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_pass http://172.28.3.225:8084/live/;
}
location /zlm/ {
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_pass http://172.28.3.225:8084/zlm/;
}
}

BIN
80-202603-山东潍坊滨海GA/云主机-华东-无锡-2026-03-26_11-21-13.xlsx Normal file
View File

Binary file not shown.

24
998-常用脚本/a-部署脚本/b-代理办法/APT代理方式.sh Normal file
View File

@@ -0,0 +1,24 @@
# master节点
sudo apt update
sudo apt install -y apt-cacher-ng
systemctl status apt-cacher-ng
# worker节点
sudo tee /etc/apt/apt.conf.d/01proxy <<EOF
Acquire::http::Proxy "http://10.22.57.8:3142";
Acquire::https::Proxy "http://10.22.57.8:3142";
EOF
ssh root@${server} "printf '%s\n' \
'Acquire::http::Proxy \"http://10.22.57.8:3142\";' \
'Acquire::https::Proxy \"http://10.22.57.8:3142\";' \
| tee /etc/apt/apt.conf.d/01proxy >/dev/null"

47
998-常用脚本/a-部署脚本/b-代理办法/YUM代理方式.sh Normal file
View File

@@ -0,0 +1,47 @@
# master节点
# 安装 squid
yum install -y squid
# 备份默认配置
cp /etc/squid/squid.conf /etc/squid/squid.conf.bak
# 编辑 /etc/squid/squid.conf
# 定义内网网段 关键!
acl localnet src 192.168.5.0/24
# 允许内网访问
http_access allow localnet
http_access allow localhost
# 监听端口
http_port 3128
# 其余保持默认,拒绝所有其他
http_access deny all
systemctl enable squid --now
# worker节点
## 编辑 /etc/yum.conf
[main]
# ... 其他配置 ...
proxy=http://192.168.5.41:3128
# 在客户端节点执行
yum makecache
yum install -y wget
# 直接执行
sed -n '/^proxy=/ {p;q}; $ {a proxy=http://192.168.5.41:3128' -e 'p}' /etc/yum.conf
# 批量执行
ssh root@${server} "grep -q '^proxy=' /etc/yum.conf && grep '^proxy=' /etc/yum.conf || echo 'proxy=http://192.168.5.41:3128' >> /etc/yum.conf"

90
998-常用脚本/a-部署脚本/b-高级磁盘-disk.sh Normal file
View File

@@ -0,0 +1,90 @@
#!/bin/bash
set -e
# =========================================================
# 用户配置部分
# =========================================================
DISK="/dev/nvme0n1" # 要操作的物理磁盘(例如 /dev/sdb 或 /dev/nvme0n1
MOUNT_PATH="/var/lib/docker" # 挂载点路径(目录会自动创建)
FS_TYPE="ext4" # 文件系统类型支持ext4/xfs默认ext4
# =========================================================
# 核心逻辑(建议非必要不修改)
# =========================================================
function check_prerequisites() {
# 必须root权限运行检查
[[ $EUID -ne 0 ]] && echo -e "\033[31m错误必须使用root权限运行此脚本\033[0m" && exit 1
# 磁盘存在性检查
[[ ! -b "$DISK" ]] && echo -e "\033[31m错误磁盘 $DISK 不存在\033[0m" && exit 1
# 文件系统类型校验
if [[ "$FS_TYPE" != "ext4" && "$FS_TYPE" != "xfs" ]]; then
echo -e "\033[31m错误不支持的磁盘格式 $FS_TYPE,仅支持 ext4/xfs\033[0m"
exit 1
fi
}
function prepare_disk() {
local partition
# 核心修复:兼容 NVMe 和传统 SCSI/SATA 磁盘的分区命名规则
# 如果物理磁盘名称以数字结尾 (如 nvme0n1),分区名加 'p' (nvme0n1p1)
# 如果以字母结尾 (如 sdb),分区名直接加数字 (sdb1)
if [[ "$DISK" =~ [0-9]$ ]]; then
partition="${DISK}p1"
else
partition="${DISK}1"
fi
echo -e "\033[34m正在初始化磁盘分区...\033[0m"
parted "$DISK" --script mklabel gpt
parted "$DISK" --script mkpart primary 0% 100%
parted "$DISK" --script set 1 lvm on
# 通知系统内核重新读取分区表
partprobe "$DISK"
# 增加极短暂延时确保NVMe设备分区节点已在 /dev/ 下成功生成
sleep 2
echo -e "\033[34m正在创建LVM结构 ($partition)...\033[0m"
pvcreate "$partition"
vgcreate datavg "$partition"
lvcreate -y -l 100%FREE -n lvdata datavg
}
function format_and_mount() {
echo -e "\033[34m格式化逻辑卷...\033[0m"
if [[ "$FS_TYPE" == "ext4" ]]; then
mkfs.ext4 -F "/dev/datavg/lvdata"
else
mkfs.xfs -f "/dev/datavg/lvdata"
fi
echo -e "\033[34m设置挂载配置...\033[0m"
mkdir -p "$MOUNT_PATH"
UUID=$(blkid -s UUID -o value "/dev/datavg/lvdata")
# 备份 fstab 防呆,方便回滚
cp /etc/fstab /etc/fstab.bak_$(date +%Y%m%d%H%M%S)
echo "UUID=$UUID $MOUNT_PATH $FS_TYPE defaults 0 0" | tee -a /etc/fstab >/dev/null
mount -a
}
function verify_result() {
echo -e "\n\033[1;36m最终验证结果\033[0m"
lsblk -f "$DISK"
echo -e "\n磁盘空间使用情况"
df -TH "$MOUNT_PATH"
}
# =========================================================
# 主执行流程
# =========================================================
check_prerequisites
prepare_disk
format_and_mount
verify_result
echo -e "\n\033[32m操作执行完毕请仔细核查上述输出信息\033[0m"

1453
998-常用脚本/a-部署脚本/c-联网-docker安装-centos-失败.sh Normal file
View File

File diff suppressed because it is too large Load Diff

582
998-常用脚本/a-部署脚本/c-联网-docker安装-ubuntu.sh Normal file
View File

@@ -0,0 +1,582 @@
#!/usr/bin/env bash
# ==============================================================================
# Metadata
# ==============================================================================
# ubuntu 22.04 版本对应关系
# docker-ce=5:24.0.9-1~ubuntu.22.04~jammy
# docker-ce-cli=5:24.0.9-1~ubuntu.22.04~jammy
# docker-ce-rootless-extras=5:24.0.9-1~ubuntu.22.04~jammy
# docker-compose-plugin=2.24.5-1~ubuntu.22.04~jammy
# 官方为 1.7.13
# containerd=1.7.24-0ubuntu1~22.04.2
# docker-buildx-plugin=0.11.2-1~ubuntu.22.04~jammy
# ==============================================================================
set -euo pipefail
# ==============================================================================
# Global Constants
# ==============================================================================
readonly SCRIPT_NAME="$(basename "$0")"
readonly SCRIPT_VERSION="2.0.0"
# Default mirror for Docker repo (you asked: only focus on docker source)
readonly DEFAULT_DOCKER_APT_MIRROR="https://mirrors.aliyun.com/docker-ce/linux/ubuntu"
# Default keyring location (recommended by modern Ubuntu)
readonly DEFAULT_KEYRING_PATH="/etc/apt/keyrings/docker.gpg"
# Exit codes
readonly EC_OK=0
readonly EC_GENERAL=1
readonly EC_UNSUPPORTED_OS=10
readonly EC_DEPENDENCY=11
readonly EC_OFFLINE_NO_KEY=20
readonly EC_APT_FAILURE=30
# ==============================================================================
# Configurable Variables (Environment Overrides)
# ==============================================================================
# You may export these before running:
# DOCKER_VERSION="20.10" # or "20.10.15" (optional)
# DOCKER_APT_MIRROR="https://..."
# DOCKER_KEYRING_PATH="/root/wdd/docker.gpg"
# LOCAL_DOCKER_GPG="/path/to/docker.gpg" (optional)
# LOG_LEVEL="DEBUG|INFO|WARN|ERROR"
DOCKER_VERSION="${DOCKER_VERSION:-24.0.9}"
DOCKER_APT_MIRROR="${DOCKER_APT_MIRROR:-$DEFAULT_DOCKER_APT_MIRROR}"
DOCKER_KEYRING_PATH="${DOCKER_KEYRING_PATH:-$DEFAULT_KEYRING_PATH}"
LOCAL_DOCKER_GPG="${LOCAL_DOCKER_GPG:-/root/wdd/docker.gpg}"
LOG_LEVEL="${LOG_LEVEL:-INFO}"
# ==============================================================================
# Function Call Graph (ASCII)
# ==============================================================================
# main
# |
# +--> init_traps
# |
# +--> check_platform
# |
# +--> ensure_prerequisites
# |
# +--> detect_public_network
# | |
# | +--> can_fetch_url_head
# |
# +--> ensure_docker_gpg_key
# | |
# | +--> install_key_from_online
# | | |
# | | +--> require_cmd (curl, gpg)
# | |
# | +--> install_key_from_local
# |
# +--> configure_docker_repo
# |
# +--> install_docker_packages
# | |
# | +--> resolve_docker_version
# |
# +--> pin_docker_packages
# |
# +--> enable_docker_service
# ==============================================================================
# ==============================================================================
# Logging
# ==============================================================================
### Map log level string to numeric value.
### @param level_str string Level string (DEBUG/INFO/WARN/ERROR)
### @return 0 Always returns 0; outputs numeric level to stdout
### @require none
log_level_to_num() {
case "${1:-INFO}" in
DEBUG) echo 10 ;;
INFO) echo 20 ;;
WARN) echo 30 ;;
ERROR) echo 40 ;;
*) echo 20 ;;
esac
}
### Unified logger with level gating.
### @param level string Log level
### @param message string Message
### @return 0 Always returns 0
### @require date
log() {
local level="${1:?level required}"
shift
local message="${*:-}"
local now
now="$(date '+%F %T')"
local current_level_num wanted_level_num
current_level_num="$(log_level_to_num "$LOG_LEVEL")"
wanted_level_num="$(log_level_to_num "$level")"
if [ "$wanted_level_num" -lt "$current_level_num" ]; then
return 0
fi
# > Keep format stable for parsing by log collectors
printf '%s [%s] %s: %s\n' "$now" "$level" "$SCRIPT_NAME" "$message" >&2
}
# ==============================================================================
# Error Handling & Traps
# ==============================================================================
### Trap handler for unexpected errors.
### @param exit_code int Exit code from failing command
### @return 0 Always returns 0
### @require none
on_error() {
local exit_code="${1:-$EC_GENERAL}"
log ERROR "Unhandled error occurred (exit_code=${exit_code})."
exit "$exit_code"
}
### Trap handler for script exit.
### @param exit_code int Exit code
### @return 0 Always returns 0
### @require none
on_exit() {
local exit_code="${1:-$EC_OK}"
if [ "$exit_code" -eq 0 ]; then
log INFO "Done."
else
log WARN "Exited with code ${exit_code}."
fi
return 0
}
### Initialize traps (ERR/INT/TERM/EXIT).
### @return 0 Success
### @require none
init_traps() {
trap 'on_error $?' ERR
trap 'log WARN "Interrupted (SIGINT)"; exit 130' INT
trap 'log WARN "Terminated (SIGTERM)"; exit 143' TERM
trap 'on_exit $?' EXIT
}
# ==============================================================================
# Privilege Helpers
# ==============================================================================
### Run a command as root (uses sudo if not root).
### @param cmd string Command to run
### @return 0 Success; non-zero on failure
### @require sudo (if not root)
run_root() {
if [ "$(id -u)" -eq 0 ]; then
# shellcheck disable=SC2068
"$@"
else
# shellcheck disable=SC2068
sudo "$@"
fi
}
# ==============================================================================
# Dependency Checks
# ==============================================================================
### Ensure a command exists in PATH.
### @param cmd_name string Command name
### @return 0 If exists; 1 otherwise
### @require none
require_cmd() {
local cmd_name="${1:?cmd required}"
if ! command -v "$cmd_name" >/dev/null 2>&1; then
log ERROR "Missing dependency: ${cmd_name}"
return 1
fi
return 0
}
# ==============================================================================
# Platform Check
# ==============================================================================
### Check OS is Ubuntu and supported versions.
### @return 0 Supported; exits otherwise
### @require lsb_release, awk
check_platform() {
require_cmd lsb_release || exit "$EC_DEPENDENCY"
local distro version
distro="$(lsb_release -is 2>/dev/null || true)"
version="$(lsb_release -rs 2>/dev/null || true)"
if [ "$distro" != "Ubuntu" ]; then
log ERROR "Unsupported OS: ${distro}. This script supports Ubuntu only."
exit "$EC_UNSUPPORTED_OS"
fi
case "$version" in
18.04|20.04|22.04|24.04) ;;
*)
log ERROR "Unsupported Ubuntu version: ${version}. Supported: 18.04/20.04/22.04/24.04"
exit "$EC_UNSUPPORTED_OS"
;;
esac
log INFO "Platform OK: ${distro} ${version}"
}
# ==============================================================================
# APT Prerequisites
# ==============================================================================
### Install required packages for repository/key management and Docker installation.
### @return 0 Success; exits on apt failures
### @require apt-get
ensure_prerequisites() {
require_cmd apt-get || exit "$EC_DEPENDENCY"
log INFO "Installing prerequisites (does NOT modify APT sources or proxy)..."
# > apt update must work via your existing proxy+mirror scripts
if ! run_root apt-get update; then
log ERROR "apt-get update failed. Check APT proxy / mirror configuration."
exit "$EC_APT_FAILURE"
fi
# > Keep dependencies minimal; curl/gpg used only for online key fetch.
if ! run_root apt-get install -y ca-certificates gnupg lsb-release; then
log ERROR "Failed to install prerequisites."
exit "$EC_APT_FAILURE"
fi
log INFO "Prerequisites installed."
}
# ==============================================================================
# Public Network Reachability
# ==============================================================================
### Check whether we can fetch HTTP headers from a URL (lightweight reachability).
### @param test_url string URL to test
### @return 0 Reachable; 1 otherwise
### @require curl (optional; if missing returns 1)
can_fetch_url_head() {
local test_url="${1:?url required}"
if ! command -v curl >/dev/null 2>&1; then
log WARN "curl not found; cannot test public network reachability via HTTP."
return 1
fi
# > Use short timeout to avoid hanging in restricted networks
curl -fsSI --max-time 3 "$test_url" >/dev/null 2>&1
}
### Detect whether public network access is available for Docker key fetch.
### @return 0 Online; 1 Offline/Uncertain
### @require none
detect_public_network() {
local test_url="${DOCKER_APT_MIRROR%/}/gpg"
log INFO "Detecting public network reachability: HEAD ${test_url}"
if can_fetch_url_head "$test_url"; then
log INFO "Public network reachable for Docker mirror."
return 0
fi
log WARN "Public network NOT reachable (or curl missing). Will try local GPG key."
return 1
}
# ==============================================================================
# Docker GPG Key Management
# ==============================================================================
### Install Docker GPG key from online source (mirror).
### @param gpg_url string GPG URL
### @param keyring_path string Keyring output path
### @return 0 Success; non-zero on failure
### @require curl, gpg, install, mkdir, chmod
install_key_from_online() {
local gpg_url="${1:?gpg_url required}"
local keyring_path="${2:?keyring_path required}"
require_cmd curl || return 1
require_cmd gpg || return 1
# > Write to temp then atomically install to avoid partial files
local tmp_dir tmp_gpg
tmp_dir="$(mktemp -d)"
tmp_gpg="${tmp_dir}/docker.gpg"
log INFO "Fetching Docker GPG key online: ${gpg_url}"
curl -fsSL --max-time 10 "$gpg_url" | gpg --dearmor -o "$tmp_gpg"
run_root mkdir -p "$(dirname "$keyring_path")"
run_root install -m 0644 "$tmp_gpg" "$keyring_path"
run_root chmod a+r "$keyring_path" || true
rm -rf "$tmp_dir"
log INFO "Docker GPG key installed: ${keyring_path}"
return 0
}
### Install Docker GPG key from local file (offline-friendly).
### @param local_gpg_path string Local GPG file path
### @param keyring_path string Keyring output path
### @return 0 Success; 1 if local key missing; non-zero on other failures
### @require install, mkdir, chmod
install_key_from_local() {
local local_gpg_path="${1:?local_gpg_path required}"
local keyring_path="${2:?keyring_path required}"
if [ ! -f "$local_gpg_path" ]; then
log WARN "Local Docker GPG key not found: ${local_gpg_path}"
return 1
fi
run_root mkdir -p "$(dirname "$keyring_path")"
run_root install -m 0644 "$local_gpg_path" "$keyring_path"
run_root chmod a+r "$keyring_path" || true
log INFO "Docker GPG key installed from local: ${local_gpg_path} -> ${keyring_path}"
return 0
}
### Ensure Docker GPG key exists, using online if reachable; otherwise local-only.
### Offline policy: if local key missing -> DO NOT proceed (exit).
### @param is_online int 0 online; 1 offline
### @return 0 Success; exits with EC_OFFLINE_NO_KEY when offline and no local key
### @require none
ensure_docker_gpg_key() {
local is_online="${1:?is_online required}"
# > If keyring already exists, reuse it (idempotent)
if [ -f "$DOCKER_KEYRING_PATH" ]; then
log INFO "Docker keyring already exists: ${DOCKER_KEYRING_PATH}"
run_root chmod a+r "$DOCKER_KEYRING_PATH" || true
return 0
fi
# > Determine local key candidate paths (priority order)
local script_dir local_candidate
script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
if [ -n "$LOCAL_DOCKER_GPG" ]; then
local_candidate="$LOCAL_DOCKER_GPG"
elif [ -f "${script_dir}/docker.gpg" ]; then
local_candidate="${script_dir}/docker.gpg"
else
local_candidate=""
fi
local gpg_url
gpg_url="${DOCKER_APT_MIRROR%/}/gpg"
if [ "$is_online" -eq 0 ]; then
# Online: try online key fetch first; if fails, fallback to local if present.
log DEBUG "Online mode: attempt online key install, fallback to local."
if install_key_from_online "$gpg_url" "$DOCKER_KEYRING_PATH"; then
return 0
fi
if [ -n "$local_candidate" ] && install_key_from_local "$local_candidate" "$DOCKER_KEYRING_PATH"; then
return 0
fi
log ERROR "Failed to install Docker GPG key (online fetch failed and no usable local key)."
exit "$EC_DEPENDENCY"
fi
# Offline: strictly local only; if missing -> do not proceed
log INFO "Offline mode: install Docker GPG key from local only."
if [ -n "$local_candidate" ] && install_key_from_local "$local_candidate" "$DOCKER_KEYRING_PATH"; then
return 0
fi
log ERROR "Offline and local Docker GPG key is missing. Will NOT proceed (per policy)."
exit "$EC_OFFLINE_NO_KEY"
}
# ==============================================================================
# Docker Repo Configuration
# ==============================================================================
### Configure Docker APT repository list file.
### @return 0 Success; exits on apt update failures
### @require dpkg, lsb_release, tee, apt-get
configure_docker_repo() {
require_cmd dpkg || exit "$EC_DEPENDENCY"
require_cmd lsb_release || exit "$EC_DEPENDENCY"
require_cmd tee || exit "$EC_DEPENDENCY"
local codename arch list_file
codename="$(lsb_release -cs)"
arch="$(dpkg --print-architecture)"
list_file="/etc/apt/sources.list.d/docker.list"
log INFO "Configuring Docker APT repo: ${DOCKER_APT_MIRROR} (${codename}, ${arch})"
# > Only touch docker repo; do not touch system sources.list
run_root tee "$list_file" >/dev/null <<EOF
deb [arch=${arch} signed-by=${DOCKER_KEYRING_PATH}] ${DOCKER_APT_MIRROR} ${codename} stable
EOF
if ! run_root apt-get update; then
log ERROR "apt-get update failed after configuring Docker repo."
exit "$EC_APT_FAILURE"
fi
log INFO "Docker APT repo configured: ${list_file}"
}
# ==============================================================================
# Docker Installation
# ==============================================================================
### Resolve Docker package version string from APT cache.
### @param docker_version string Desired version ("20.10" or "20.10.15")
### @return 0 Success and echoes full apt version string; exits if not found
### @require apt-cache, awk, grep, sort, head
resolve_docker_version() {
local docker_version="${1:?docker_version required}"
require_cmd apt-cache || exit "$EC_DEPENDENCY"
require_cmd awk || exit "$EC_DEPENDENCY"
require_cmd grep || exit "$EC_DEPENDENCY"
require_cmd sort || exit "$EC_DEPENDENCY"
require_cmd head || exit "$EC_DEPENDENCY"
local resolved=""
# > apt-cache madison output includes epoch, keep it for apt-get install
if [[ "$docker_version" =~ ^[0-9]+\.[0-9]+$ ]]; then
# Pick newest patch/build for that major.minor
resolved="$(
apt-cache madison docker-ce \
| awk -F'|' '{gsub(/ /,"",$2); print $2}' \
| grep -E "^[0-9]+:${docker_version}([.-]|\~)" \
| sort -rV \
| head -1 || true
)"
elif [[ "$docker_version" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
resolved="$(
apt-cache madison docker-ce \
| awk -F'|' '{gsub(/ /,"",$2); print $2}' \
| grep -E "^[0-9]+:${docker_version}.*" \
| head -1 || true
)"
else
log ERROR "Invalid DOCKER_VERSION format: ${docker_version} (expect 20.10 or 20.10.15)"
exit "$EC_GENERAL"
fi
if [ -z "$resolved" ]; then
log ERROR "Cannot find Docker version '${docker_version}' from APT. Check repo/mirror and apt proxy."
exit "$EC_APT_FAILURE"
fi
echo "$resolved"
return 0
}
### Install Docker packages via APT.
### @return 0 Success; exits on failure
### @require apt-get, systemctl
install_docker_packages() {
require_cmd apt-get || exit "$EC_DEPENDENCY"
local full_version
full_version="$(resolve_docker_version "$DOCKER_VERSION")"
log INFO "Installing Docker packages: docker-ce=${full_version}"
# > Compose: use docker-compose-plugin (no curl downloading binaries)
if ! run_root apt-get install -y \
"docker-ce=${full_version}" \
"docker-ce-cli=${full_version}" \
"docker-ce-rootless-extras=${full_version}" \
containerd.io \
docker-buildx-plugin \
docker-compose-plugin; then
log ERROR "Docker installation failed."
exit "$EC_APT_FAILURE"
fi
# > Optional: provide docker-compose legacy command compatibility
if ! command -v docker-compose >/dev/null 2>&1; then
if [ -x /usr/libexec/docker/cli-plugins/docker-compose ]; then
run_root ln -sf /usr/libexec/docker/cli-plugins/docker-compose /usr/local/bin/docker-compose || true
fi
fi
log INFO "Docker packages installed."
}
### Pin Docker packages to avoid unintended upgrades.
### @return 0 Success; non-zero on failures (non-fatal)
### @require apt-mark
pin_docker_packages() {
if ! command -v apt-mark >/dev/null 2>&1; then
log WARN "apt-mark not found; skip pinning."
return 0
fi
log INFO "Holding Docker packages (prevent auto-upgrade)..."
run_root apt-mark hold \
docker-ce docker-ce-cli docker-ce-rootless-extras containerd.io \
docker-buildx-plugin docker-compose-plugin >/dev/null 2>&1 || true
return 0
}
### Enable and start Docker service, then verify versions.
### @return 0 Success; exits on failure to enable docker
### @require systemctl, docker
enable_docker_service() {
require_cmd systemctl || exit "$EC_DEPENDENCY"
log INFO "Enabling and starting docker service..."
run_root systemctl enable --now docker
# > Verification should not hard-fail the whole script
if command -v docker >/dev/null 2>&1; then
docker --version || true
docker compose version || true
fi
if command -v docker-compose >/dev/null 2>&1; then
docker-compose --version || true
fi
log INFO "Docker service enabled."
}
# ==============================================================================
# Main
# ==============================================================================
### Main entrypoint.
### @return 0 Success; non-zero on failure
### @require none
main() {
init_traps
log INFO "Starting Docker installer (v${SCRIPT_VERSION})..."
check_platform
ensure_prerequisites
local is_online=1
if detect_public_network; then
is_online=0
fi
ensure_docker_gpg_key "$is_online"
configure_docker_repo
install_docker_packages
pin_docker_packages
enable_docker_service
log INFO "All tasks completed successfully."
exit "$EC_OK"
}
main "$@"

23
998-常用脚本/a-部署脚本/e-安装nfs-server.sh Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/bash
nfs_data_path="/var/lib/docker/nfs_data"
#nfs_data_path="/data/nfs_data"
deploy_nfs_server(){
mkdir -p $nfs_data_path
chmod 777 $nfs_data_path
echo "${nfs_data_path} *(rw,no_root_squash,no_all_squash,sync)" >> /etc/exports
systemctl restart rpcbind
systemctl restart nfs-server
systemctl enable rpcbind
systemctl enable nfs-server
}
deploy_nfs_server
# docker login -u admin -p V2ryStr@ngPss 10.100.2.121:8033

9
998-常用脚本/b-镜像同步/35-71/image-clean.sh Normal file
View File

@@ -0,0 +1,9 @@
#!/bin/bash
rm -rf *.tar.gz
rm -rf 2023*.txt
for item in $(mc ls demo/cmlc-installation/tmp/ | awk '{print$6}')
do
mc rm demo/cmlc-installation/tmp/"${item}"
done

438
998-常用脚本/b-镜像同步/35-71/image-sync.sh Normal file
View File

@@ -0,0 +1,438 @@
#!/bin/bash
# 约定内容
NeedUploadFolder=99
IsUpload=99
UploadImageName=""
ImageListName=""
ImageTarName=""
ImageName=""
ImageTag=""
InnerIPv4CIDR=""
InnerIPv6CIDR=""
InnerIPv4=""
InnerIPv6=""
CmiiImagePrefix="harbor.cdcyy.com.cn/cmii/"
OSS_URL="https://oss.demo.uavcmlc.com/cmlc-installation/tmp/"
Custom_Client_Harbor="REPLACE:8033"
app_name=""
new_tag=""
harbor_host=""
namespace="xmyd"
#######################################
# description
# Globals:
# ImageName
# ImageTag
# ImageTarName
# RANDOM
# UploadImageName
# Arguments:
# None
#######################################
get_image_tar_name() {
# harbor.cdcyy.com.cn/cmii/cmii-uav-oauth:4.1.6
ImageName=$(echo $UploadImageName | cut -d ":" -f1 | cut -d"/" -f3)
ImageTag=$(echo $UploadImageName | cut -d ":" -f2)
local currentDate=$(date +'%Y-%m-%d')
local random_number=$((RANDOM % 900 + 100))
ImageTarName="$ImageName=$ImageTag=$currentDate=$random_number.tar.gz"
}
#######################################
# description
# Globals:
# ImageName
# ImageTag
# ImageTarName
# UploadImageName
# Arguments:
# None
#######################################
get_image_name_from_tar() {
if [[ $ImageTarName == cmlc* ]]; then
# 兼容octopus-agent的模式
# cmlc=cmii=cmii-uav-busybox=0326.tar.gz
# rancher=rancher=cmii-uav-busybox=0326.tar.gz
# 使用${variable%.pattern}进行后缀删除
ImageName=$(echo $image_name | cut -d "=" -f3)
local tagWithSuffix=$(echo $image_name | cut -d "=" -f4)
ImageTag="${tagWithSuffix%.tar.gz}"
UploadImageName="$ImageName:$ImageTag"
return
fi
# cmii-uav-oauth_4.1.6-0918_20230918_123.tar.gz
ImageName=$(echo $ImageTarName | cut -d "=" -f1)
ImageTag=$(echo $ImageTarName | cut -d"=" -f2)
UploadImageName="$ImageName:$ImageTag"
}
# 获取服务器的公网IP地址
get_Internal_IP_CIDR() {
local interface_prefix=("[[:space:]]eth[0-9]{1,2}" "[[:space:]]ens[0-9]{1,3}" "[[:space:]]eno[0-9]{1,3}" "[[:space:]]enp[0-9]{1,2}")
local real_interface="eth90"
for interface in "${interface_prefix[@]}"; do
echo $(ip link show) | grep -oE ${interface} | head -1
if [[ $? -eq 0 ]]; then
real_interface=$(echo $(ip link show) | grep -oE ${interface} | head -1 | cut -d" " -f2)
echo "当前主机的真实内网网卡为 => [$real_interface]"
break
fi
done
# 提取IPv4地址CIDR格式
local ipv4_regex="inet[[:space:]](25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/[0-9]{1,2}"
# 提取IPv6地址CIDR格式
local ipv6_regex="inet6[[:space:]]([0-9a-fA-F]{0,4}(:[0-9a-fA-F]{0,4}){1,7})\/[0-9]{1,3}"
# 查找IPv4地址
local inner_ipv4=$(echo $(ip addr show $real_interface) | grep -oE $ipv4_regex | cut -d" " -f2)
InnerIPv4CIDR=$inner_ipv4
echo "Interface: $real_interface, IPv4 Address: $inner_ipv4"
# 查找IPv6地址
local inner_ipv6=$(echo $(ip addr show $real_interface) | grep -oE $ipv6_regex | cut -d" " -f2)
InnerIPv6CIDR=$inner_ipv6
echo "Interface: $real_interface, IPv4 Address: $inner_ipv6"
}
#######################################
# description
# Globals:
# InnerIPv4
# InnerIPv4CIDR
# InnerIPv6
# InnerIPv6CIDR
# Arguments:
# None
#######################################
get_Internal_IP() {
get_Internal_IP_CIDR
InnerIPv4=$(echo $InnerIPv4CIDR | cut -d "/" -f1)
InnerIPv6=$(echo $InnerIPv6CIDR | cut -d "/" -f1)
echo "服务器的内网IPv4地址为 $InnerIPv4"
echo "服务器的内网IPv6地址为 $InnerIPv6"
}
parse_args(){
if [ "$1" == "" ]; then
echo "no zip file in error!"
exit 233
fi
local image_name="$1"
if [[ $image_name == cmlc* ]]; then
# 兼容octopus-agent的模式
# cmlc=cmii=cmii-uav-busybox=0326.tar.gz
# rancher=rancher=cmii-uav-busybox=0326.tar.gz
app_name=$(echo $image_name | cut -d "=" -f3)
local tagWithSuffix=$(echo $image_name | cut -d "=" -f4)
new_tag="${tagWithSuffix%.tar.gz}"
return
fi
# 本脚本的模式
# cmii-uav-surveillance=5.2.0-27031-cqga=2024-03-04=573.tar.gz
# cmii-uav-mqtthandler=5.4.0-031201=2024-03-12=138.tar.gz
app_name=$(echo $image_name | cut -d "=" -f1)
new_tag=$(echo $image_name | cut -d "=" -f2)
}
update_image_tag(){
if [ "$new_tag" == "" ]; then
echo "new tag error!"
exit 233
fi
echo ""
echo "[update_image_tag] - start to update => ${harbor_host}/cmii/$app_name:${new_tag}"
echo ""
local image_prefix=$(kubectl -n ${namespace} get deployment "${app_name}" -o=jsonpath='{.spec.template.spec.containers[*].image}' | cut -d":" -f1)
echo "image grep is => ${image_prefix}"
echo "start to update ${namespace} ${app_name} to ${new_tag} !"
echo ""
kubectl -n ${namespace} patch deployment "${app_name}" -p "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"${app_name}\",\"image\": \"${harbor_host}/cmii/$app_name:${new_tag}\"}]}}}}"
echo ""
echo "start to wait for 3 seconds!"
sleep 3
local image_new=$(kubectl -n ${namespace} get deployment "${app_name}" -o=jsonpath='{.spec.template.spec.containers[*].image}')
echo ""
echo "new image are => $image_new"
echo ""
}
#######################################
# description
# Globals:
# _m_opts
# Arguments:
# None
#######################################
_math() {
_m_opts="$@"
printf "%s" "$((_m_opts))"
}
# 前文内容
while [[ $# -gt 0 ]]; do
case "$1" in
-fu | --fileupload)
NeedUploadFolder=1
ImageListName=${2}
shift # past argument
;;
-fd | --filedownload)
NeedUploadFolder=2
ImageListName=${2}
shift # past argument
;;
-u | --upload)
IsUpload=1
UploadImageName="${2}"
shift # past argument
;;
-d | --download)
IsUpload=2
ImageTarName="${2}"
shift # past argument
;;
-h | --harbor)
Custom_Client_Harbor="${2}"
shift # past argument
;;
*)
# unknown option
;;
esac
shift # past argument or value
done
#######################################
# description
# Globals:
# ImageTarName
# UploadImageName
# Arguments:
# None
#######################################
Download_Compress_UploadOss() {
# upload
echo "【上传】 - 需要处理的镜像名称为 => $UploadImageName"
echo ""
echo "【上传】 - 开始下载镜像!"
echo ""
if docker pull "${UploadImageName}" >/dev/null 2>&1; then
echo "下载-镜像下载成功! => $UploadImageName"
else
if docker inspect "${UploadImageName}" >/dev/null 2>&1; then
echo "下载-镜像已经存在 => $UploadImageName"
else
echo ""
echo "下载-镜像下载 失败! => $UploadImageName"
echo "下载-镜像下载 失败! => $UploadImageName"
echo ""
return 233
fi
fi
echo ""
get_image_tar_name
echo "【上传】 - 将要把镜像压缩为 => $ImageTarName"
docker save $UploadImageName | gzip --stdout >${ImageTarName}
echo "【上传】 - 压缩成功 $(ls | grep ${ImageTarName})"
echo""
echo "【上传】 - 开始上传至OSS中!"
mc cp ./${ImageTarName} demo/cmlc-installation/tmp/
echo "【上传】 - 上传OSS成功 => $(mc ls demo/cmlc-installation/tmp/ | grep ${ImageTarName})"
echo""
}
#######################################
# description
# Globals:
# CmiiImagePrefix
# ImageTarName
# InnerIPv4
# OSS_URL
# UploadImageName
# custom_prefix
# Arguments:
# None
# Returns:
# <unknown> ...
#######################################
Download_Load_Tag_UploadHarbor_Update() {
# 更加方便
# Check if the variable starts with "harbor"
# if [[ $ImageTarName != harbor* ]]; then
# ImageTarName="$CmiiImagePrefix$ImageTarName"
# fi
echo "【下载】 - 需要处理的压缩包名称为 => $ImageTarName"
echo "【下载】 - 开始下载 ↓"
wget "$OSS_URL$ImageTarName"
if [[ $? -ne 0 ]]; then
echo "【下载】- 下载镜像失败!退出!"
return
fi
echo ""
echo "【下载】 - 开始解压压缩包 "
docker load <"${ImageTarName}"
echo ""
get_Internal_IP
echo "【下载】 - 开始上传镜像到本地的镜像仓库中 => $InnerIPv4:8033 "
custom_prefix="$InnerIPv4:8033/cmii/"
echo ""
get_image_name_from_tar
echo "【下载】 - 解析得到的 私有镜像地址为 => $custom_prefix$UploadImageName"
docker tag "$CmiiImagePrefix${UploadImageName}" "$custom_prefix$UploadImageName"
echo "【下载】 - 开始上传镜像到私有仓库 ↓"
docker login -u admin -p V2ryStr@ngPss "$InnerIPv4:8033"
echo ""
echo "【下载】 - 开始推送到私有仓库! "
docker push "$custom_prefix$UploadImageName"
echo ""
echo ""
echo ""
echo "【更新】-开始更新镜像名称!"
harbor_host="$InnerIPv4:8033"
parse_args $ImageTarName
update_image_tag
}
if [[ $NeedUploadFolder == 1 ]]; then
# 上传的是一个目录
echo "【上传】 - 上传的文件目录为 => ${ImageListName}"
currentDate=$(date +'%Y-%m-%d')
random_number=$((RANDOM % 900 + 100))
tar_image_txt_file="$currentDate-$random_number.txt"
echo "【上传】 - 复制文件目录为临时文件 => $tar_image_txt_file"
touch $tar_image_txt_file
echo ""
echo ""
while IFS= read -r i; do
[ -z "${i}" ] && continue
UploadImageName=${i}
Download_Compress_UploadOss || return ?
# 写入压缩文件名称
echo "$ImageTarName" >>"$tar_image_txt_file"
echo "-------------------------------------------------"
done <"${ImageListName}"
echo ""
echo "【上传】 - 上传压缩文件名称列表至OSS中 "
mc cp ./"$tar_image_txt_file" demo/cmlc-installation/tmp/
echo "【上传】 - 上传OSS成功 => $(mc ls demo/cmlc-installation/tmp/ | grep "${tar_image_txt_file}")"
echo ""
echo "【上传】 - 请在目标Master主机执行如下命令 ↓↓↓↓↓↓"
echo ""
echo ""
echo "source <(curl -sL https://b2.107421.xyz/image-sync.sh) -fd "$OSS_URL$tar_image_txt_file""
echo ""
echo ""
elif [[ $NeedUploadFolder == 2 ]]; then
# file download
echo "【下载】- 需要下载的压缩列表文件为 => $ImageListName"
wget ${ImageListName}
tar_image_txt_file=$(echo ${ImageListName} | cut -d"/" -f6)
image_count=0
while IFS= read -r i; do
[ -z "${i}" ] && continue
ImageTarName=${i}
Download_Load_Tag_UploadHarbor_Update
image_count="$(_math "$image_count" + 1)"
echo "-------------------------------------------------"
done <"${tar_image_txt_file}"
echo ""
echo "【下载】 - 请等待流程结束 ↓"
_sleep_c="500"
for (( i=1; i<$image_count; i++ )) ; do
_sleep_c="$(_math "$_sleep_c" + 500)"
done
echo "【下载】 - 共有 【 $image_count 】个镜像, 等待上传结束 => $_sleep_c"
while [ "$_sleep_c" -ge "0" ]; do
printf "\r \r"
printf -- "%b" "$_sleep_c"
_sleep_c="$(_math "$_sleep_c" - 1)"
sleep 1
done
printf "\r"
fi
if [[ $IsUpload == 1 ]]; then
# upload a image
Download_Compress_UploadOss || return ?
echo "【上传】 - 请在目标Master主机执行如下命令 ↓↓↓↓↓↓"
echo ""
echo ""
echo "source <(curl -sL https://b2.107421.xyz/image-sync.sh) -d $ImageTarName"
echo ""
echo ""
Client_Harbor_Address="$Custom_Client_Harbor/cmii/$ImageName:$ImageTag"
echo "【上传】 - 手动命令执行如下, 目标镜像全程地址为 => $Client_Harbor_Address"
echo ""
echo "wget $OSS_URL$ImageTarName && docker load < $ImageTarName && docker tag ${UploadImageName} $Client_Harbor_Address && docker push $Client_Harbor_Address"
echo ""
echo ""
elif [[ $IsUpload == 2 ]];then
# download a image
Download_Load_Tag_UploadHarbor_Update
echo "【下载】 - 请等待流程结束 ↓"
_sleep_c="500"
while [ "$_sleep_c" -ge "0" ]; do
printf "\r \r"
printf -- "%b" "$_sleep_c"
_sleep_c="$(_math "$_sleep_c" - 1)"
sleep 1
done
printf "\r"
fi

22
998-常用脚本/b-镜像同步/fly-arm64-260302/kubernetes-1.30.14-arm.txt Normal file
View File

@@ -0,0 +1,22 @@
rancher/mirrored-coreos-etcd:v3.5.12
rancher/rke-tools:v0.1.114
rancher/mirrored-k8s-dns-kube-dns:1.23.0
rancher/mirrored-k8s-dns-dnsmasq-nanny:1.23.0
rancher/mirrored-k8s-dns-sidecar:1.23.0
rancher/mirrored-cluster-proportional-autoscaler:v1.9.0
rancher/mirrored-coredns-coredns:1.11.1
rancher/mirrored-cluster-proportional-autoscaler:v1.9.0
rancher/mirrored-k8s-dns-node-cache:1.23.0
rancher/hyperkube:v1.30.14-rancher1
rancher/mirrored-flannel-flannel:v0.25.1
rancher/flannel-cni:v1.4.1-rancher1
rancher/mirrored-calico-node:v3.28.1
rancher/calico-cni:v3.28.1-rancher1
rancher/mirrored-calico-kube-controllers:v3.28.1
rancher/mirrored-calico-ctl:v3.28.1
rancher/mirrored-calico-pod2daemon-flexvol:v3.28.1
rancher/mirrored-pause:3.7
rancher/nginx-ingress-controller:nginx-1.11.5-rancher1
rancher/mirrored-nginx-ingress-controller-defaultbackend:1.5-rancher2
rancher/mirrored-ingress-nginx-kube-webhook-certgen:v1.5.2
rancher/mirrored-metrics-server:v0.7.1

13
998-常用脚本/b-镜像同步/fly-arm64-260302/middleware-fly-arm64-260302.txt Normal file
View File

@@ -0,0 +1,13 @@
bitnamilegacy/redis:6.2.14-debian-11-r19
bitnamilegacy/redis:7.4.3-debian-12-r0
bitnamilegacy/mysql:8.1.0-debian-11-r42
bitnamilegacy/os-shell:12-debian-12-r51
bitnamilegacy/rabbitmq:3.13.7-debian-12-r5
ossrs/srs:v5.0.195
emqx/emqx:5.8.8
bitnamilegacy/influxdb:2.7.11-debian-12-r19
minio/minio:RELEASE.2023-06-02T23-17-26Z
kubernetesui/dashboard:v2.7.0
kubernetesui/metrics-scraper:v1.0.9
dyrnq/nfs-subdir-external-provisioner:v4.0.2
nginx:1.28.2

29
998-常用脚本/b-镜像同步/fly-arm64-260302/镜像包备份脚本.md Normal file
View File

@@ -0,0 +1,29 @@
我现在需要有一个镜像下载的脚本,有如下的要求
1. 通过参数传递docker镜像的文件 txt
1. docker镜像名文件约定为每行代表一个镜像的全名称
2. 脚本需要依次读取txt文件中的镜像名
3. 脚本具备三大类的功能
1. 下载镜像
2. 压缩镜像
3. 重新打包镜像,上传镜像
4. 下载镜像
1. 可以指定下载的CPU架构下载成功之后 需要inpsect提示镜像的架构
2. 可以附加下载的镜像加速前缀,如果附带 下载成功之后需要重新Tag为txt中的镜像名
3. 需要总结提示,下载失败的镜像
5. 压缩镜像
1. 需要首先判定每个镜像是否全部存在
1. 如果全部存在,则继续执行下一步
2. 如果存在不全,则退出脚本给出提示,显示所有缺失的镜像
3. 同样需要检测镜像的CPU架构是否正确
4. 可以通过--force强行跳过检查
2. 可以指定将每个镜像单独压缩为tar.gz文件
3. 可以指定将所有镜像打包为一个tar.gz文件
4. 默认为统一压缩
5. 压缩镜像需要使用多线程压缩充分利用CPU的性能
6. 重新打包镜像,上传镜像
1. 指定目标Harbor的地址
2. Harbor地址为 IP:PORT
3. Harbor的用户名和密码
4. Harbor的用户名 密码 PORT都有默认值可以写入脚本中

167
998-常用脚本/b-镜像同步/wdd-operator配合的dltu脚本/ImageSyncDLTU.sh Normal file
View File

@@ -0,0 +1,167 @@
#!/bin/bash
all_image_list_txt="all-cmii-image-list.txt" # 需要修改版本
gzip_image_list_txt="all-gzip-image-list.txt" # 一般不需要修改
oss_prefix_url="https://oss.demo.uavcmlc.com/cmlc-installation"
local_gzip_path="/var/lib/docker/wdd/octopus_image/"
DockerRegisterDomain="harbor.wdd.io:8033" # 需要根据实际修改
HarborAdminPass=Superboge.123 # 需要跟第一脚本中的密码保持一致
print_green() {
echo -e "\033[32m${1}\033[0m"
echo ""
}
print_red() {
echo -e "\033[31m${1}\033[0m"
echo ""
}
Download_Load_Tag_Upload() {
print_green "[DLTU] - start !"
while [[ $# -gt 0 ]]; do
case "$1" in
rke)
# print_green "download rke "
local_gzip_path="$local_gzip_path/rke"
mkdir -p ${local_gzip_path}
oss_prefix_url="$oss_prefix_url/rke13014/"
dltu
shift # past argument
;;
middle)
local_gzip_path="$local_gzip_path/middle_supervisor"
mkdir -p $local_gzip_path
oss_prefix_url="$oss_prefix_url/middle/"
dltu
shift # past argument
;;
cmii)
local_gzip_path="$local_gzip_path/cmii_uas_23"
mkdir -p $local_gzip_path
oss_prefix_url="$oss_prefix_url/uavms-2.0/"
dltu
shift # past argument
;;
*)
# unknown option
print_red "bad arguments"
;;
esac
done
}
dltu() {
print_green "download all image name list and gzip file list!"
cd $local_gzip_path || exit
rm $all_image_list_txt
rm $gzip_image_list_txt
wget "$oss_prefix_url$all_image_list_txt"
wget "$oss_prefix_url$gzip_image_list_txt"
docker login -u admin -p ${HarborAdminPass} ${DockerRegisterDomain}
echo ""
while IFS= read -r i; do
[ -z "${i}" ] && continue
echo "download gzip file =>: $oss_prefix_url${i}"
if wget "$oss_prefix_url${i}" >/dev/null 2>&1; then
echo "Gzip file download success : ${i}"
image_full_name=$(docker load -i ${i} | head -n1 |awk -F': ' '{print $2}')
app_name=$(echo "$image_full_name" | sed 's|.*/||g')
echo "extract short name is $app_name"
if echo $image_full_name | grep -q "rancher"
then
print_green "tag image to => $DockerRegisterDomain/rancher/$app_name"
docker tag ${image_full_name} $DockerRegisterDomain/rancher/$app_name
docker push $DockerRegisterDomain/rancher/$app_name
else
print_green "tag image to => $DockerRegisterDomain/cmii/$app_name"
docker tag ${image_full_name} $DockerRegisterDomain/cmii/$app_name
docker push $DockerRegisterDomain/cmii/$app_name
fi
else
print_red "Gzip file download FAILED : ${i}"
fi
echo "-------------------------------------------------"
done <"${gzip_image_list_txt}"
shift
}
Load_Tag_Upload(){
print_green "[LTU] - start to load image from offline !"
while [[ $# -gt 0 ]]; do
case "$1" in
rke)
# print_green "download rke "
local_gzip_path="$local_gzip_path/rke13014"
mkdir -p ${local_gzip_path}
oss_prefix_url="$oss_prefix_url/rke/"
ltu
shift # past argument
;;
middle)
local_gzip_path="$local_gzip_path/middle_supervisor"
mkdir -p $local_gzip_path
oss_prefix_url="$oss_prefix_url/middle/"
ltu
shift # past argument
;;
cmii)
local_gzip_path="$local_gzip_path/cmii_uas_23"
mkdir -p $local_gzip_path
oss_prefix_url="$oss_prefix_url/cmii/"
ltu
shift # past argument
;;
*)
# unknown option
print_red "bad arguments"
;;
esac
done
}
ltu(){
all_file_list=$(find $local_gzip_path -type f -name "*.tar.gz")
for file in $all_file_list; do
echo "offline gzip file is => : $file"
image_full_name=$(docker load -i ${file} | head -n1 |awk -F': ' '{print $2}')
docker login -u admin -p ${HarborAdminPass} ${DockerRegisterDomain}
app_name=$(echo "$image_full_name" | sed 's|.*/||g')
echo "extract short name is $app_name"
if echo $image_full_name | grep -q "rancher"
then
print_green "tag image to => $DockerRegisterDomain/rancher/$app_name"
docker tag ${image_full_name} $DockerRegisterDomain/rancher/$app_name
docker push $DockerRegisterDomain/rancher/$app_name
else
print_green "tag image to => $DockerRegisterDomain/cmii/$app_name"
docker tag ${image_full_name} $DockerRegisterDomain/cmii/$app_name
docker push $DockerRegisterDomain/cmii/$app_name
fi
done
}
test(){
app_name=$(echo "nginx:latest" | sed 's|.*/||g')
echo "extract short name is $app_name"
}
# test
#Download_Load_Tag_Upload "rke"
Load_Tag_Upload "rke"

15
998-常用脚本/b-镜像同步/wdd-operator配合的dltu脚本/imageSyncDLTU.ps1 Normal file
View File

@@ -0,0 +1,15 @@
# https://dl.min.io/client/mc/release/windows-amd64/mc.exe
& "C:\Users\wddsh\Downloads\mc.exe" alias set uav-demo https://oss.demo.uavcmlc.com cmii B#923fC7mk
& "C:\Users\wddsh\Downloads\mc.exe" ls uav-demo/cmlc-installation/cmii_uas_23_tmp/ | ForEach-Object {
$item=($_.Split()[-1])
Write-Host "start to download $item "
& "C:\Users\wddsh\Downloads\mc.exe" get uav-demo/cmlc-installation/cmii_uas_23_tmp/$item "D:\CmiiDeployOffline\cmii_uas_23\"
Write-Host ""
}

134
998-常用脚本/b-镜像同步/windows镜像下载/windows从MINIO下载文件.ps1 Normal file
View File

@@ -0,0 +1,134 @@
<#
.SYNOPSIS
MinIO 免 Alias 批量下载脚本 (强力兼容特殊字符版)。
.DESCRIPTION
1. 采用临时配置目录 (--config-dir),彻底解决密码中 #、@、$ 等符号导致的 URL 解析错误。
2. 自动清理:脚本结束或异常退出时,会自动销毁临时生成的凭证文件。
3. 路径追踪:支持递归下载、进度显示及失败文件自动清理。
#>
# =====================================================================
# 1. 解决中文编码问题
# =====================================================================
[Console]::OutputEncoding = [System.Text.Encoding]::UTF8
[Console]::InputEncoding = [System.Text.Encoding]::UTF8
$OutputEncoding = [System.Text.Encoding]::UTF8
# =====================================================================
# 2. 变量配置区 (请按实际情况修改)
# =====================================================================
# MinIO 客户端 (mc.exe) 的全路径
$McExePath = "C:\Users\zzy\Desktop\cmii\mc.exe"
# 远端服务器信息
$MinioEndpoint = "https://oss.demo.uavcmlc.com"
$MinioUsername = "cmii"
# 注意:密码务必使用单引号 '' 包裹,防止 PowerShell 误解析其中的特殊符号
$MinioPassword = 'B#923fC7mk'
# 远端桶及目录 (需以 / 结尾)
$TargetBucketPath = "cmlc-installation/rke13014/"
# 本地保存全路径 (需以 \ 结尾)
$LocalSavePath = "C:\Users\zzy\Desktop\cmii\rke13014\"
# =====================================================================
# 3. 初始化临时环境 (避开环境变量 URL 解析 Bug)
# =====================================================================
Clear-Host
Write-Host "正在初始化安全传输环境..." -ForegroundColor Cyan
# 在系统临时目录下创建一个独立的 mc 配置文件夹
$TempConfigDir = Join-Path -Path $env:TEMP -ChildPath ("mc_tmp_" + [Guid]::NewGuid().ToString().Substring(0,8))
if (-not (Test-Path $TempConfigDir)) { New-Item -ItemType Directory -Path $TempConfigDir | Out-Null }
# 定义一个内部使用的临时 Alias 名称
$TmpAlias = "InternalTmp"
# =====================================================================
# 4. 建立连接 (使用 --config-dir 隔离配置)
# =====================================================================
Write-Host "正在建立与远端服务器的验证连接..." -ForegroundColor DarkGray
# 使用 alias set 命令,这种方式对密码中的 # 号等字符支持最稳健
& $McExePath --config-dir $TempConfigDir alias set $TmpAlias $MinioEndpoint $MinioUsername $MinioPassword --insecure | Out-Null
if ($LASTEXITCODE -ne 0) {
Write-Error "验证失败!请检查账密(特别是特殊字符)或网络地址。"
Remove-Item -Path $TempConfigDir -Recurse -Force -ErrorAction SilentlyContinue
exit
}
# 拼接 mc 识别路径
$RemoteDir = "$TmpAlias/$TargetBucketPath"
# 检查本地目录
if (-not (Test-Path $LocalSavePath)) {
New-Item -ItemType Directory -Path $LocalSavePath -Force | Out-Null
}
# =====================================================================
# 5. 安全获取文件列表
# =====================================================================
Write-Host "正在扫描远端文件..." -ForegroundColor Cyan
$jsonOutput = & $McExePath --config-dir $TempConfigDir ls --recursive --json --insecure $RemoteDir 2>&1
$fileList = @()
foreach ($line in $jsonOutput) {
if ([string]::IsNullOrWhiteSpace($line) -or $line -match "mc: ") { continue }
try {
$obj = $line | ConvertFrom-Json -ErrorAction Stop
if ($obj.type -eq "file") { $fileList += $obj }
} catch {
# 忽略非 JSON 的提示信息
}
}
$totalFiles = $fileList.Count
if ($totalFiles -eq 0) {
Write-Host "未发现可下载文件,请检查桶路径是否正确: $TargetBucketPath" -ForegroundColor Yellow
Remove-Item -Path $TempConfigDir -Recurse -Force -ErrorAction SilentlyContinue
exit
}
# =====================================================================
# 6. 循环下载与断点清理
# =====================================================================
Write-Host "共扫描到 $totalFiles 个文件,开始下载任务..." -ForegroundColor Green
$currentIndex = 0
foreach ($file in $fileList) {
$currentIndex++
$relPath = $file.key
$remoteFile = "$RemoteDir$relPath"
# 路径转换
$winRelPath = $relPath -replace '/', '\'
$localFile = Join-Path -Path $LocalSavePath -ChildPath $winRelPath
# 创建子目录
$parentDir = Split-Path $localFile -Parent
if (-not (Test-Path $parentDir)) { New-Item -ItemType Directory -Path $parentDir -Force | Out-Null }
Write-Host "[$currentIndex/$totalFiles] 正在下载: $relPath" -ForegroundColor Yellow
# 执行下载
& $McExePath --config-dir $TempConfigDir cp --insecure $remoteFile $localFile
if ($LASTEXITCODE -ne 0) {
Write-Host " [失败] 下载被中断。" -ForegroundColor Red
if (Test-Path $localFile) {
Write-Host " [清理] 删除不完整的临时文件: $localFile" -ForegroundColor DarkYellow
Remove-Item $localFile -Force
}
} else {
Write-Host " [完成]" -ForegroundColor Green
}
}
# =====================================================================
# 7. 彻底清理临时凭证
# =====================================================================
Write-Host "`n任务结束,正在销毁临时安全凭证..." -ForegroundColor Cyan
Remove-Item -Path $TempConfigDir -Recurse -Force -ErrorAction SilentlyContinue
Write-Host "脚本执行完毕。" -ForegroundColor White

16
998-常用脚本/b-镜像同步/windows镜像下载/镜像下载prompt.md Normal file
View File

@@ -0,0 +1,16 @@
你是一名优秀的windows powershell专家你非常善于使用powershell和minio client的工具
## 注意事项
1. powershell的执行权限
2. 中文编码问题
3. 脚本中需要使用全路径,避免环境变量的问题
4. ps脚本使用变量区的方式写入固定的变量不使用参数传递
## 实现的功能
1. 从特定的minio的远端地址+目录下载其中的每一个内容
2. 支持进度追踪,如果下载失败,需要删除下载中断的文件
3. minio客户端需要指定全路径
# 仅对当前用户放开执行权限(推荐,较安全)
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

23
998-常用脚本/b-镜像同步/临时-old/下载镜像.sh Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/bash
gzip_image_list_txt="all-gzip-image-list.txt" # 一般不需要修改
oss_prefix_url="https://oss.demo.uavcmlc.com/cmlc-installation"
local_gzip_path="/root/octopus-image"
local_gzip_path="$local_gzip_path/6.1.1"
mkdir -p $local_gzip_path
oss_prefix_url="$oss_prefix_url/6.1.1/"
cd $local_gzip_path || exit
wget "$oss_prefix_url$gzip_image_list_txt"
echo ""
while IFS= read -r i; do
[ -z "${i}" ] && continue
echo "download gzip file =>: $oss_prefix_url${i}"
if wget "$oss_prefix_url${i}" >/dev/null 2>&1; then
echo "download ok !"
echo ""
fi
done <"${gzip_image_list_txt}"

25
998-常用脚本/b-镜像同步/临时-old/清除镜像.sh Normal file
View File

@@ -0,0 +1,25 @@
#!/bin/bash
image_name_prefix_list=(harbor.cdcyy.com.cn)
for (( i=1; i<=100; i++ ))
do
echo $i
for image_name_prefix in "${image_name_prefix_list[@]}"
do
content=$(docker image ls | grep "${image_name_prefix}" | head -n1)
if [ ! "$content" == "" ]; then
echo "$content"
echo "$(echo $content | awk '{print$1}'):$(echo $content | awk '{print$2}')"
if [ "$(echo $content | awk '{print$2}')" == "<none*" ]; then
continue
fi
docker image rm "$(echo $content | awk '{print$1}'):$(echo $content | awk '{print$2}')"
fi
done
done
echo "y
" | docker image prune

68
998-常用脚本/b-镜像同步/临时-old/离线更新tag脚本.sh Normal file
View File

@@ -0,0 +1,68 @@
#!/bin/bash
harbor_host=172.31.2.7:8033/admin
namespace=szgz
app_name=""
new_tag=""
upload_image_to_harbor(){
if [ "$app_name" == "" ]; then
echo "app name null exit!"
exit 233
fi
if ! docker load < "$1"; then
echo "docker load error !"
fi
docker tag "harbor.cdcyy.com.cn/cmii/$app_name:$new_tag" "$harbor_host/cmii/$app_name:$new_tag"
echo ""
echo ""
echo "upload_image_to_harbor - start to push to => $harbor_host/cmii/$app_name:$new_tag"
docker login -u admin -p V2ryStr@ngPss $harbor_host
docker push "$harbor_host/cmii/$app_name:$new_tag"
echo ""
echo ""
}
parse_args(){
if [ "$1" == "" ]; then
echo "no zip file in error!"
exit 233
fi
local image_name="$1"
# cmii-uav-surveillance=5.2.0-27031-cqga=2024-03-04=573.tar.gz
app_name=$(echo $image_name | cut -d "=" -f1)
new_tag=$(echo $image_name | cut -d "=" -f2)
}
update_image_tag(){
if [ "$new_tag" == "" ]; then
echo "new tag error!"
exit 233
fi
local image_prefix=$(kubectl -n ${namespace} get deployment "${app_name}" -o=jsonpath='{.spec.template.spec.containers[*].image}' | cut -d":" -f1)
echo "image grep is => ${image_prefix}"
echo "start to update ${namespace} ${app_name} to ${new_tag} !"
echo ""
kubectl -n ${namespace} patch deployment "${app_name}" -p "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"${app_name}\",\"image\": \"${harbor_host}/cmii/$app_name:${new_tag}\"}]}}}}"
echo ""
echo "start to wait for 3 seconds!"
sleep 3
local image_new=$(kubectl -n ${namespace} get deployment "${app_name}" -o=jsonpath='{.spec.template.spec.containers[*].image}')
echo ""
echo "new image are => $image_new"
echo ""
}
main(){
parse_args "$1"
upload_image_to_harbor "$1"
update_image_tag
}
main "$@"

154
998-常用脚本/b-镜像同步/传统rke的下载/2-imageDownSync-ARM64.sh Normal file
View File

@@ -0,0 +1,154 @@
#!/usr/bin/env bash
### 需要修改以下的内容 ###
#### 需要修改以下的内容 ###
#### 需要修改以下的内容 ###
cmlc_app_image_list="szga-0711.txt" # 需要修改版本
rancher_image_list="kubernetes-images-1.30.14.txt" # 一般不需要修改
middleware_image_list="middleware-images.txt" # 一般不需要修改
DockerRegisterDomain="192.168.5.41:8033" # 需要根据实际修改
# DockerRegisterDomain="172.31.2.7:8033/admin" # 需要根据实际修改
HarborAdminPass=V2ryStr@ngPss # 需要跟第一脚本中的密码保持一致
#### 需要修改以上的内容 ###
#### 需要修改以上的内容 ###
#### 需要修改以上的内容 ###
downloadAllNeededImages() {
while [[ $# > 0 ]]; do
pulled=""
while IFS= read -r i; do
[ -z "${i}" ] && continue
echo "开始下载:${i}"
if /usr/bin/docker pull --platform linux/arm64 "${i}" >/dev/null 2>&1; then
echo "Image pull success: ${i}"
# 增加检查,镜像 的架构
/usr/bin/docker image inspect ${i} | grep Architecture
pulled="${pulled} ${i}"
else
if /usr/bin/docker inspect "${i}" >/dev/null 2>&1; then
pulled="${pulled} ${i}"
else
echo "Image pull failed: ${i}"
fi
fi
echo "-------------------------------------------------"
done <"${1}"
shift
done
}
downloadAllNeededImagesAndCompress() {
while [[ $# > 0 ]]; do
pulled=""
while IFS= read -r i; do
[ -z "${i}" ] && continue
echo "开始下载:${i}"
if /usr/bin/docker pull --platform linux/arm64 "${i}" >/dev/null 2>&1; then
echo "Image pull success: ${i}"
# 增加检查,镜像 的架构
/usr/bin/docker image inspect ${i} | grep Architecture
pulled="${pulled} ${i}"
else
if /usr/bin/docker inspect "${i}" >/dev/null 2>&1; then
pulled="${pulled} ${i}"
else
echo "Image pull failed: ${i}"
fi
fi
echo "-------------------------------------------------"
done <"${1}"
compressPacName="$(echo ${1} | cut -d"." -f1).tar.gz"
echo "Creating ${compressPacName} with $(echo ${pulled} | wc -w | tr -d '[:space:]') images"
/usr/bin/docker save $(echo ${pulled}) | gzip --stdout > ${compressPacName}
shift
done
echo "已经完成打包工作!"
}
pushRKEImageToHarbor(){
linux_images=()
while IFS= read -r i; do
[ -z "${i}" ] && continue
linux_images+=("${i}");
done < "${rancher_image_list}"
/usr/bin/docker login -u admin -p ${HarborAdminPass} ${DockerRegisterDomain}
for i in "${linux_images[@]}"; do
[ -z "${i}" ] && continue
case $i in
*/*)
image_name="${DockerRegisterDomain}/${i}"
;;
*)
image_name="${DockerRegisterDomain}/rancher/${i}"
;;
esac
echo "开始镜像至私有仓库推送:${image_name}"
/usr/bin/docker tag "${i}" "${image_name}"
/usr/bin/docker push "${image_name}"
echo "-------------------------------------------------"
done
}
pushCMLCAPPImageToHarbor(){
app_images=()
while IFS= read -r i; do
[ -z "${i}" ] && continue
app_images+=("${i}");
done < "${cmlc_app_image_list}"
/usr/bin/docker login -u admin -p ${HarborAdminPass} ${DockerRegisterDomain}
for app in "${app_images[@]}"; do
[ -z "${app}" ] && continue
image_name="${DockerRegisterDomain}/$(echo ${app} | cut -d"/" -f2-8)"
echo "开始镜像至私有仓库推送:${image_name}"
/usr/bin/docker tag "${app}" "${image_name}"
/usr/bin/docker push "${image_name}"
echo "-------------------------------------------------"
done
}
pushMiddlewareImageToHarbor(){
middleware_image=()
while IFS= read -r i; do
[ -z "${i}" ] && continue
middleware_image+=("${i}");
done < "${middleware_image_list}"
/usr/bin/docker login -u admin -p ${HarborAdminPass} ${DockerRegisterDomain}
for app in "${middleware_image[@]}"; do
[ -z "${app}" ] && continue
case ${app} in
*/*/*)
image_name="${DockerRegisterDomain}/cmii/$(echo "${app}" | cut -d"/" -f3-8)"
;;
*/*)
image_name="${DockerRegisterDomain}/cmii/$(echo "${app}" | cut -d"/" -f2-8)"
;;
esac
echo "开始镜像至私有仓库推送:${image_name}"
/usr/bin/docker tag "${app}" "${image_name}"
/usr/bin/docker push "${image_name}"
echo "-------------------------------------------------"
done
}
downloadAllNeededImagesAndCompress "${middleware_image_list}"
#downloadAllNeededImages "${rancher_image_list}"
#pushRKEImageToHarbor
#pushCMLCAPPImageToHarbor
# pushMiddlewareImageToHarbor

154
998-常用脚本/b-镜像同步/传统rke的下载/2-imageDownSync.sh Normal file
View File

@@ -0,0 +1,154 @@
#!/usr/bin/env bash
### 需要修改以下的内容 ###
#### 需要修改以下的内容 ###
#### 需要修改以下的内容 ###
cmlc_app_image_list="szga-0711.txt" # 需要修改版本
rancher_image_list="kubernetes-images-2.5.7-1.20.4.txt" # 一般不需要修改
middleware_image_list="middleware-images.txt" # 一般不需要修改
#DockerRegisterDomain="20.47.129.116:8033" # 需要根据实际修改
DockerRegisterDomain="172.10.125.92:8033" # 需要根据实际修改
HarborAdminPass=V2ryStr@ngPss # 需要跟第一脚本中的密码保持一致
#### 需要修改以上的内容 ###
#### 需要修改以上的内容 ###
#### 需要修改以上的内容 ###
downloadAllNeededImages() {
while [[ $# > 0 ]]; do
pulled=""
while IFS= read -r i; do
[ -z "${i}" ] && continue
echo "开始下载:${i}"
if docker pull "${i}" >/dev/null 2>&1; then
echo "Image pull success: ${i}"
# 增加检查,镜像 的架构
docker image inspect ${i} | grep Architecture
pulled="${pulled} ${i}"
else
if docker inspect "${i}" >/dev/null 2>&1; then
pulled="${pulled} ${i}"
else
echo "Image pull failed: ${i}"
fi
fi
echo "-------------------------------------------------"
done <"${1}"
shift
done
}
downloadAllNeededImagesAndCompress() {
while [[ $# > 0 ]]; do
pulled=""
while IFS= read -r i; do
[ -z "${i}" ] && continue
echo "开始下载:${i}"
if docker pull "${i}" >/dev/null 2>&1; then
echo "Image pull success: ${i}"
# 增加检查,镜像 的架构
docker image inspect ${i} | grep Architecture
pulled="${pulled} ${i}"
else
if docker inspect "${i}" >/dev/null 2>&1; then
pulled="${pulled} ${i}"
else
echo "Image pull failed: ${i}"
fi
fi
echo "-------------------------------------------------"
done <"${1}"
compressPacName="$(echo ${1} | cut -d"." -f1).tar.gz"
echo "Creating ${compressPacName} with $(echo ${pulled} | wc -w | tr -d '[:space:]') images"
docker save $(echo ${pulled}) | gzip --stdout > ${compressPacName}
shift
done
echo "已经完成打包工作!"
}
pushRKEImageToHarbor(){
linux_images=()
while IFS= read -r i; do
[ -z "${i}" ] && continue
linux_images+=("${i}");
done < "${rancher_image_list}"
docker login -u admin -p ${HarborAdminPass} ${DockerRegisterDomain}
for i in "${linux_images[@]}"; do
[ -z "${i}" ] && continue
case $i in
*/*)
image_name="${DockerRegisterDomain}/${i}"
;;
*)
image_name="${DockerRegisterDomain}/rancher/${i}"
;;
esac
echo "开始镜像至私有仓库推送:${image_name}"
docker tag "${i}" "${image_name}"
docker push "${image_name}"
echo "-------------------------------------------------"
done
}
pushCMLCAPPImageToHarbor(){
app_images=()
while IFS= read -r i; do
[ -z "${i}" ] && continue
app_images+=("${i}");
done < "${cmlc_app_image_list}"
docker login -u admin -p ${HarborAdminPass} ${DockerRegisterDomain}
for app in "${app_images[@]}"; do
[ -z "${app}" ] && continue
image_name="${DockerRegisterDomain}/$(echo ${app} | cut -d"/" -f2-8)"
echo "开始镜像至私有仓库推送:${image_name}"
docker tag "${app}" "${image_name}"
docker push "${image_name}"
echo "-------------------------------------------------"
done
}
pushMiddlewareImageToHarbor(){
middleware_image=()
while IFS= read -r i; do
[ -z "${i}" ] && continue
middleware_image+=("${i}");
done < "${middleware_image_list}"
docker login -u admin -p ${HarborAdminPass} ${DockerRegisterDomain}
for app in "${middleware_image[@]}"; do
[ -z "${app}" ] && continue
case ${app} in
*/*/*)
image_name="${DockerRegisterDomain}/cmii/$(echo "${app}" | cut -d"/" -f3-8)"
;;
*/*)
image_name="${DockerRegisterDomain}/cmii/$(echo "${app}" | cut -d"/" -f2-8)"
;;
esac
echo "开始镜像至私有仓库推送:${image_name}"
docker tag "${app}" "${image_name}"
docker push "${image_name}"
echo "-------------------------------------------------"
done
}
downloadAllNeededImagesAndCompress "${middleware_image_list}"
#downloadAllNeededImages "${rancher_image_list}"
#pushRKEImageToHarbor
#pushCMLCAPPImageToHarbor
#pushMiddlewareImageToHarbor

69
998-常用脚本/b-镜像同步/传统rke的下载/imageSyncDownload.ps1 Normal file
View File

@@ -0,0 +1,69 @@
function DownloadFileInChunks {
param (
[string]$url,
[string]$destinationFile,
[int]$chunkSizeGB = 1
)
# 将 GB 转换为字节
$chunkSize = $chunkSizeGB * 1024 * 1024 * 1024
# 获取文件的总大小
$response = Invoke-WebRequest -Uri $url -Method Head
$totalSize = [long]$response.Headers["Content-Length"]
# 计算分段数量
$chunks = [math]::Ceiling($totalSize / $chunkSize)
# 下载每一段
for ($i = 0; $i -lt $chunks; $i++) {
$start = $i * $chunkSize
$end = [math]::Min($start + $chunkSize - 1, $totalSize - 1)
$headers = @{
"Range" = "bytes=$start-$end"
}
$chunkResponse = Invoke-WebRequest -Uri $url -Headers $headers -Method Get
$chunkData = $chunkResponse.Content
# 以追加模式写入文件
[System.IO.File]::WriteAllBytes($destinationFile, $chunkData)
}
Write-Host "dowonload ok"
}
# 指定文件路径
$filePath = "D:\CmiiDeployOffline\ZheJiangErJiPingTai\all-gzip-image-list.txt"
# 指定下载的目标目录
$destinationFolder = "D:\CmiiDeployOffline\ZheJiangErJiPingTai"
$oss_prefix_url="https://oss.demo.uavcmlc.com/cmlc-installation/6.1.1/"
# 创建目标目录(如果不存在)
#if (-not (Test-Path $destinationFolder)) {
# New-Item -ItemType Directory -Path $destinationFolder
#}
#Write-Host "[DLTU] - 开始下载镜像压缩文件"
Write-Host ""
# 读取文件并下载每一行的 URL
Get-Content $filePath | ForEach-Object {
$url = $_
Write-Host "start to download $oss_prefix_url$url"
$fileName = Join-Path $destinationFolder $url
Write-Host $fileName
DownloadFileInChunks -url $oss_prefix_url$url -destinationFile $fileName -chunkSizeGB 0.1
# Invoke-WebRequest -Uri $oss_prefix_url$url -OutFile $fileName
Write-Host ""
}

66
998-常用脚本/b-镜像同步/压缩包名称统一/压缩包规范化.md Normal file
View File

@@ -0,0 +1,66 @@
golang版本的代码如下
func ImageFullNameToScriptGzipName(imageName string) (scriptGzipName string) {
// harbor.cdcyy.cn/cmii/cmii-uav-platform:6.2.0-gz-121101-arm ==> cmii-uav-user=6.2.0-gz-121101-arm=2025-12-11=968.tar.gz
// nginx:latest ==> nginx=latest=2025-12-11=968.tar.gz
// bitnami/minio:2022.5.4 ==> minio=2022.5.4=2025-12-11=968.tar.gz
// simonrupf/chronyd:0.4.3 ==> chronyd=0.4.3=2025-12-11=968.tar.gz
// ossrs/srs:v5.0.1 ==> srs=v5.0.1=2025-12-11=968.tar.gz
// rancher/fleet:v0.3.4 ==> fleet=v0.3.4=2025-12-11=968.tar.gz
// 提取镜像名(去除仓库路径)
var shortName string
if strings.Contains(imageName, "/") {
parts := strings.Split(imageName, "/")
shortName = parts[len(parts)-1] // 获取最后一个部分
} else {
shortName = imageName
}
// 分离镜像名和标签
var name, tag string
if strings.Contains(shortName, ":") {
parts := strings.Split(shortName, ":")
name = parts[0]
tag = parts[1]
} else {
name = shortName
tag = "latest"
}
// 获取当前日期 (YYYY-MM-DD)
currentDate := time.Now().Format("2006-01-02")
// 生成 100-999 的随机数
randomNum := 100 + rand.Intn(900) // rand.Intn(900) 生成 0-899加100得到 100-999
// 组合成最终格式: name=tag=date=random.tar.gz
scriptGzipName = fmt.Sprintf("%s=%s=%s=%d", name, tag, currentDate, randomNum)
return scriptGzipName
}
linux脚本下面的旧的函数如下
get_image_tar_name() {
# harbor.cdcyy.com.cn/cmii/cmii-uav-oauth:4.1.6
ImageName=$(echo $UploadImageName | cut -d ":" -f1 | cut -d"/" -f3)
ImageTag=$(echo $UploadImageName | cut -d ":" -f2)
local currentDate=$(date +'%Y-%m-%d')
local random_number=$((RANDOM % 900 + 100))
ImageTarName="$ImageName=$ImageTag=$currentDate=$random_number.tar.gz"
}
请修改上面的内容golang和shell脚本都需要更新效果应该是统一的
最终镜像的格式应该为
1. harbor.cdcyy.com.cn/cmii/cmii-uav-oauth:4.1.6 => cmii=cmii-uav-oauth=4.1.6=<实际镜像的arch>=YYYY-MM-DD=XXX.tar.gz
2. nginx:latest ==> docker=nginx=latest=<实际镜像的arch>=2025-12-11=968.tar.gz
3. bitnami/minio:2022.5.4 ==> bitnami=minio=2022.5.4=<实际镜像的arch>=2025-12-11=968.tar.gz
4. simonrupf/chronyd:0.4.3 ==> simonrupf=chronyd=0.4.3=<实际镜像的arch>=2025-12-11=968.tar.gz
5. rancher/fleet:v0.3.4 ==> rancher=fleet=<实际镜像的arch>==v0.3.4=2025-12-11=968.tar.gz
<实际镜像的arch>需要查看镜像的详细信息docker inspect命令类似获取

1290
998-常用脚本/b-镜像同步/高级-镜像脚本-260302.sh Normal file
View File

File diff suppressed because it is too large Load Diff

767
998-常用脚本/f-nginx暴露/install-nginx-cn.sh Normal file
View File

@@ -0,0 +1,767 @@
#!/bin/bash
###############################################################################
# NGINX Installation Script for China Mainland with Mirror Acceleration
###############################################################################
# @author Advanced Bash Shell Engineer
# @version 1.0.0
# @license MIT
# @created 2026-01-19
# @desc Production-grade NGINX installation script with China mirror support
# Supports Ubuntu 18.04/20.04/22.04/24.04 with version pinning
###############################################################################
###############################################################################
# GLOBAL CONSTANTS
###############################################################################
readonly SCRIPT_NAME="$(basename "${BASH_SOURCE[0]}")"
readonly SCRIPT_VERSION="1.0.0"
readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# Color codes for output
readonly COLOR_RED="\033[0;31m"
readonly COLOR_GREEN="\033[0;32m"
readonly COLOR_YELLOW="\033[1;33m"
readonly COLOR_BLUE="\033[0;34m"
readonly COLOR_RESET="\033[0m"
# Log levels
readonly LOG_LEVEL_DEBUG=0
readonly LOG_LEVEL_INFO=1
readonly LOG_LEVEL_WARN=2
readonly LOG_LEVEL_ERROR=3
# Default configuration
readonly DEFAULT_NGINX_VERSION="stable"
readonly DEFAULT_MIRROR="ustc"
readonly SUPPORTED_UBUNTU_VERSIONS=("18.04" "20.04" "22.04" "24.04")
# Mirror configurations (China mainland accelerated sources)
declare -A MIRROR_URLS=(
["aliyun"]="http://mirrors.aliyun.com/nginx"
["tsinghua"]="https://mirrors.tuna.tsinghua.edu.cn/nginx"
["ustc"]="https://mirrors.ustc.edu.cn/nginx/ubuntu"
["official"]="http://nginx.org"
)
declare -A MIRROR_KEY_URLS=(
["aliyun"]="http://mirrors.aliyun.com/nginx/keys/nginx_signing.key"
["tsinghua"]="https://mirrors.tuna.tsinghua.edu.cn/nginx/keys/nginx_signing.key"
["ustc"]="https://mirrors.ustc.edu.cn/nginx/keys/nginx_signing.key"
["official"]="https://nginx.org/keys/nginx_signing.key"
)
# Global variables
CURRENT_LOG_LEVEL="${LOG_LEVEL_INFO}"
NGINX_VERSION="${DEFAULT_NGINX_VERSION}"
MIRROR_SOURCE="${DEFAULT_MIRROR}"
FORCE_REINSTALL=false
DRY_RUN=false
###############################################################################
# ERROR HANDLING & TRAPS
###############################################################################
set -euo pipefail
IFS=$'\n\t'
###
### Cleanup function for graceful exit
### @param none
### @return void
### @require none
###
cleanup() {
local exit_code=$?
if [[ ${exit_code} -ne 0 ]]; then
log_error "脚本退出,错误码: ${exit_code}"
fi
# > Perform cleanup operations if needed
return "${exit_code}"
}
trap cleanup EXIT
trap 'log_error "用户中断脚本执行"; exit 130' INT TERM
###############################################################################
# LOGGING FUNCTIONS
###############################################################################
###
### Core logging function with level-based filtering
### @param log_level integer Log level (0-3)
### @param message string Message to log
### @param color string Color code for output
### @return void
### @require none
###
_log() {
local log_level=$1
local message=$2
local color=$3
local level_name=$4
if [[ ${log_level} -ge ${CURRENT_LOG_LEVEL} ]]; then
local timestamp
timestamp="$(date '+%Y-%m-%d %H:%M:%S')"
echo -e "${color}[${timestamp}] [${level_name}] ${message}${COLOR_RESET}" >&2
fi
}
###
### Debug level logging
### @param message string Debug message
### @return void
### @require none
###
log_debug() {
_log "${LOG_LEVEL_DEBUG}" "$1" "${COLOR_BLUE}" "调试"
}
###
### Info level logging
### @param message string Info message
### @return void
### @require none
###
log_info() {
_log "${LOG_LEVEL_INFO}" "$1" "${COLOR_GREEN}" "信息"
}
###
### Warning level logging
### @param message string Warning message
### @return void
### @require none
###
log_warn() {
_log "${LOG_LEVEL_WARN}" "$1" "${COLOR_YELLOW}" "警告"
}
###
### Error level logging
### @param message string Error message
### @return void
### @require none
###
log_error() {
_log "${LOG_LEVEL_ERROR}" "$1" "${COLOR_RED}" "错误"
}
###############################################################################
# VALIDATION FUNCTIONS
###############################################################################
###
### Check if script is running with root privileges
### @param none
### @return 0 if root, 1 otherwise
### @require none
###
check_root_privileges() {
if [[ ${EUID} -ne 0 ]]; then
log_error "此脚本必须以 root 身份运行,或使用 sudo 执行"
return 1
fi
log_debug "已确认具备 root 权限"
return 0
}
###
### Validate Ubuntu version compatibility
### @param none
### @return 0 if supported, 1 otherwise
### @require lsb_release command
###
validate_ubuntu_version() {
local ubuntu_version
# > Check if lsb_release exists
if ! command -v lsb_release &> /dev/null; then
log_error "未找到 lsb_release 命令,无法识别 Ubuntu 版本。"
return 1
fi
ubuntu_version="$(lsb_release -rs)"
log_debug "检测到 Ubuntu 版本: ${ubuntu_version}"
# > Validate against supported versions
local supported=false
for version in "${SUPPORTED_UBUNTU_VERSIONS[@]}"; do
if [[ "${ubuntu_version}" == "${version}" ]]; then
supported=true
break
fi
done
if [[ "${supported}" == false ]]; then
log_error "Ubuntu ${ubuntu_version} 不受支持。支持的版本: ${SUPPORTED_UBUNTU_VERSIONS[*]}"
return 1
fi
log_info "Ubuntu ${ubuntu_version} 受支持"
return 0
}
###
### Validate mirror source selection
### @param mirror_name string 镜像源 name
### @return 0 if valid, 1 otherwise
### @require none
###
validate_mirror_source() {
local mirror_name=$1
if [[ ! -v MIRROR_URLS["${mirror_name}"] ]]; then
log_error "无效的镜像源: ${mirror_name}"
log_info "可用镜像源: ${!MIRROR_URLS[*]}"
return 1
fi
log_debug "镜像源 '${mirror_name}' 有效"
return 0
}
###
### Check network connectivity to mirror
### @param mirror_url string URL to test
### @return 0 if reachable, 1 otherwise
### @require curl
###
check_mirror_connectivity() {
local mirror_url=$1
local timeout=10
log_debug "正在测试镜像连通性: ${mirror_url}"
if curl -sSf --connect-timeout "${timeout}" --max-time "${timeout}" \
"${mirror_url}" -o /dev/null 2>/dev/null; then
log_debug "镜像 ${mirror_url} 可访问"
return 0
else
log_warn "镜像 ${mirror_url} 不可访问"
return 1
fi
}
###############################################################################
# SYSTEM PREPARATION FUNCTIONS
###############################################################################
###
### Install required system dependencies
### @param none
### @return 0 on success, 1 on failure
### @require apt-get
###
install_dependencies() {
log_info "正在安装系统依赖..."
local dependencies=(
"curl"
"gnupg2"
"ca-certificates"
"lsb-release"
"ubuntu-keyring"
"apt-transport-https"
)
if [[ "${DRY_RUN}" == true ]]; then
log_info "[演练模式] 将会安装: ${dependencies[*]}"
return 0
fi
# > Update package index first
if ! apt-get update -qq; then
log_error "更新软件包索引失败"
return 1
fi
# > Install dependencies
if ! apt-get install -y -qq "${dependencies[@]}"; then
log_error "安装依赖失败"
return 1
fi
log_info "依赖安装完成"
return 0
}
###
### Remove existing NGINX installation if present
### @param none
### @return 0 on success or if not installed
### @require apt-get, dpkg
###
remove_existing_nginx() {
log_info "正在检查是否已安装 NGINX..."
if ! dpkg -l | grep -q "^ii.*nginx"; then
log_info "未发现已安装的 NGINX"
return 0
fi
if [[ "${FORCE_REINSTALL}" == false ]]; then
log_warn "NGINX 已安装。如需重装请使用 --force。"
return 1
fi
log_info "正在卸载已安装的 NGINX..."
if [[ "${DRY_RUN}" == true ]]; then
log_info "[演练模式] 将会卸载已安装的 NGINX"
return 0
fi
# > Stop NGINX service if running
if systemctl is-active --quiet nginx 2>/dev/null; then
systemctl stop nginx || true
fi
# > Remove NGINX packages
if ! apt-get remove --purge -y nginx nginx-common nginx-full 2>/dev/null; then
log_warn "部分 NGINX 软件包可能未能完全卸载(可忽略)"
fi
# > Clean up configuration files
apt-get autoremove -y -qq || true
log_info "已卸载现有 NGINX"
return 0
}
###############################################################################
# NGINX INSTALLATION FUNCTIONS
###############################################################################
###
### Import NGINX GPG signing key
### @param mirror_name string 镜像源 name
### @return 0 on success, 1 on failure
### @require curl, gpg
###
import_nginx_gpg_key() {
local mirror_name=$1
local key_url="${MIRROR_KEY_URLS[${mirror_name}]}"
local keyring_path="/usr/share/keyrings/nginx-archive-keyring.gpg"
log_info "正在导入 NGINX GPG 签名密钥(来源:${mirror_name}..."
if [[ "${DRY_RUN}" == true ]]; then
log_info "[演练模式] 将会从以下地址导入 GPG 密钥: ${key_url}"
return 0
fi
# > Remove old keyring if exists
[[ -f "${keyring_path}" ]] && rm -f "${keyring_path}"
# > Download and import GPG key
if ! curl -fsSL "${key_url}" | gpg --dearmor -o "${keyring_path}" 2>/dev/null; then
log_error "导入 GPG 密钥失败: ${key_url}"
return 1
fi
# > Verify the key was imported correctly
if ! gpg --dry-run --quiet --no-keyring --import --import-options import-show \
"${keyring_path}" &>/dev/null; then
log_error "GPG 密钥校验失败"
return 1
fi
# > Set proper permissions
chmod 644 "${keyring_path}"
log_info "GPG 密钥导入并校验成功"
return 0
}
###
### Configure NGINX APT repository
### @param mirror_name string 镜像源 name
### @return 0 on success, 1 on failure
### @require lsb_release
###
configure_nginx_repository() {
local mirror_name=$1
local mirror_url="${MIRROR_URLS[${mirror_name}]}"
local codename
codename="$(lsb_release -cs)"
local repo_file="/etc/apt/sources.list.d/nginx.list"
local keyring_path="/usr/share/keyrings/nginx-archive-keyring.gpg"
# > 不同镜像源目录结构可能不同:
# > - 官方/部分镜像:.../packages/ubuntu
# > - USTC.../ubuntu
local repo_base
case "${mirror_name}" in
ustc)
repo_base="${mirror_url}"
;;
*)
repo_base="${mirror_url}/packages/ubuntu"
;;
esac
log_info "正在配置 NGINX 软件源Ubuntu ${codename}..."
if [[ "${DRY_RUN}" == true ]]; then
log_info "[演练模式] 将会配置软件源deb [signed-by=${keyring_path}] ${repo_base} ${codename} nginx"
return 0
fi
# > Create repository configuration
local repo_config="deb [signed-by=${keyring_path}] ${repo_base} ${codename} nginx"
echo "${repo_config}" | tee "${repo_file}" > /dev/null
log_debug "已生成软件源配置文件:${repo_file}"
log_debug "软件源地址:${repo_base} ${codename}"
log_info "NGINX 软件源配置完成"
return 0
}
###
### Configure APT pinning preferences for NGINX
### @param none
### @return 0 on success
### @require none
###
configure_apt_pinning() {
local pref_file="/etc/apt/preferences.d/99nginx"
log_info "正在配置 APT Pin 优先级..."
if [[ "${DRY_RUN}" == true ]]; then
log_info "[演练模式] 将会配置 APT Pin 优先级"
return 0
fi
# > Create pinning configuration for priority
cat > "${pref_file}" <<EOF
Package: *
Pin: origin nginx.org
Pin: release o=nginx
Pin-Priority: 900
EOF
log_debug "APT Pin 配置写入:${pref_file}"
log_info "APT Pin 优先级配置完成"
return 0
}
###
### Install NGINX package
### @param version string NGINX version to install (stable/mainline/specific)
### @return 0 on success, 1 on failure
### @require apt-get
###
install_nginx_package() {
local version=$1
local package_spec="nginx"
log_info "正在安装 NGINX ${version}..."
# > Update package index with new repository
if [[ "${DRY_RUN}" == false ]]; then
if ! apt-get update -qq; then
log_error "更新软件包索引失败"
return 1
fi
fi
# > Handle version specification
if [[ "${version}" != "stable" && "${version}" != "mainline" ]]; then
# > Specific version requested
package_spec="nginx=${version}"
log_debug "安装指定版本:${package_spec}"
else
log_debug "从软件源安装:${version}"
fi
if [[ "${DRY_RUN}" == true ]]; then
log_info "[演练模式] 将会安装软件包:${package_spec}"
return 0
fi
# > Install NGINX
if ! DEBIAN_FRONTEND=noninteractive apt-get install -y -qq "${package_spec}"; then
log_error "安装 NGINX 失败"
return 1
fi
log_info "NGINX 安装完成"
return 0
}
###
### Verify NGINX installation
### @param none
### @return 0 on success, 1 on failure
### @require nginx
###
verify_nginx_installation() {
log_info "正在验证 NGINX 安装结果..."
# > Check if nginx binary exists
if ! command -v nginx &> /dev/null; then
log_error "未在 PATH 中找到 nginx 可执行文件"
return 1
fi
# > Get and display version
local nginx_version_output
nginx_version_output="$(nginx -v 2>&1)"
log_info "已安装: ${nginx_version_output}"
# > Test configuration
if ! nginx -t &>/dev/null; then
log_error "NGINX 配置文件校验失败"
return 1
fi
log_info "NGINX 安装验证通过"
return 0
}
###
### Enable and start NGINX service
### @param none
### @return 0 on success, 1 on failure
### @require systemctl
###
enable_nginx_service() {
log_info "正在设置 NGINX 开机自启并启动服务..."
if [[ "${DRY_RUN}" == true ]]; then
log_info "[演练模式] 将会启用并启动 NGINX 服务"
return 0
fi
# > Enable service to start on boot
if ! systemctl enable nginx &>/dev/null; then
log_error "设置 NGINX 开机自启失败"
return 1
fi
# > Start the service
if ! systemctl start nginx; then
log_error "启动 NGINX 服务失败"
return 1
fi
# > Verify service is running
if ! systemctl is-active --quiet nginx; then
log_error "NGINX 服务未处于运行状态"
return 1
fi
log_info "NGINX 服务已启用并启动"
return 0
}
###############################################################################
# MAIN ORCHESTRATION
###############################################################################
###
### Display usage information
### @param none
### @return void
### @require none
###
show_usage() {
cat <<EOF
Usage: ${SCRIPT_NAME} [选项]
NGINX 安装脚本(面向中国大陆镜像加速) v${SCRIPT_VERSION}
选项:
-v, --version VERSION 指定要安装的 NGINX 版本
stable/mainline/1.24.0/...
默认:${DEFAULT_NGINX_VERSION}
-m, --mirror MIRROR 选择镜像源
aliyun/tsinghua/ustc/official
默认:${DEFAULT_MIRROR}
-f, --force 若已安装则强制重装
-d, --dry-run 演练模式:仅展示将执行的操作,不真正执行
--debug 开启调试日志
-h, --help 显示帮助信息
示例:
# 使用默认镜像USTC安装稳定版
sudo ${SCRIPT_NAME}
# 使用清华镜像安装指定版本
sudo ${SCRIPT_NAME} --version 1.24.0 --mirror tsinghua
# 强制重装并开启调试
sudo ${SCRIPT_NAME} --force --debug
# 演练模式预览
sudo ${SCRIPT_NAME} --dry-run
支持的 Ubuntu 版本:
${SUPPORTED_UBUNTU_VERSIONS[*]}
可用镜像源:
${!MIRROR_URLS[*]}
EOF
}
###
### Parse command line arguments
### @param args array Command line arguments
### @return 0 on success, 1 on invalid arguments
### @require none
###
parse_arguments() {
while [[ $# -gt 0 ]]; do
case $1 in
-v|--version)
NGINX_VERSION="$2"
shift 2
;;
-m|--mirror)
MIRROR_SOURCE="$2"
shift 2
;;
-f|--force)
FORCE_REINSTALL=true
shift
;;
-d|--dry-run)
DRY_RUN=true
shift
;;
--debug)
CURRENT_LOG_LEVEL="${LOG_LEVEL_DEBUG}"
shift
;;
-h|--help)
show_usage
exit 0
;;
*)
log_error "未知参数: $1"
show_usage
exit 1
;;
esac
done
return 0
}
###
### Main installation workflow
### @param none
### @return 0 on success, 1 on failure
### @require all functions above
###
main() {
log_info "========================================="
log_info "NGINX 安装脚本 v${SCRIPT_VERSION}"
log_info "========================================="
# > Step 1: Pre-flight checks
log_info "步骤 1/8执行预检查..."
check_root_privileges || return 1
validate_ubuntu_version || return 1
validate_mirror_source "${MIRROR_SOURCE}" || return 1
# > Step 2: Check mirror connectivity
log_info "步骤 2/8检查镜像连通性..."
if ! check_mirror_connectivity "${MIRROR_URLS[${MIRROR_SOURCE}]}"; then
log_warn "主镜像不可用,尝试回退方案..."
# > Fallback to official if mirror fails
if [[ "${MIRROR_SOURCE}" != "official" ]]; then
MIRROR_SOURCE="official"
log_info "已回退到官方源"
fi
fi
# > Step 3: Install dependencies
log_info "步骤 3/8安装依赖..."
install_dependencies || return 1
# > Step 4: Handle existing installation
log_info "步骤 4/8检查已安装版本..."
remove_existing_nginx || return 1
# > Step 5: Import GPG key
log_info "步骤 5/8导入 NGINX GPG 密钥..."
import_nginx_gpg_key "${MIRROR_SOURCE}" || return 1
# > Step 6: Configure repository
log_info "步骤 6/8配置 NGINX 软件源..."
configure_nginx_repository "${MIRROR_SOURCE}" || return 1
configure_apt_pinning || return 1
# > Step 7: Install NGINX
log_info "步骤 7/8安装 NGINX..."
install_nginx_package "${NGINX_VERSION}" || return 1
verify_nginx_installation || return 1
# > Step 8: Enable service
log_info "步骤 8/8启用 NGINX 服务..."
enable_nginx_service || return 1
log_info "========================================="
log_info "✓ NGINX 安装完成!"
log_info "========================================="
if [[ "${DRY_RUN}" == false ]]; then
log_info "服务状态: $(systemctl is-active nginx)"
log_info "NGINX 版本: $(nginx -v 2>&1 | cut -d'/' -f2)"
log_info ""
log_info "常用命令:"
log_info " 启动: sudo systemctl start nginx"
log_info " 停止: sudo systemctl stop nginx"
log_info " 重启: sudo systemctl restart nginx"
log_info " 状态: sudo systemctl status nginx"
log_info " 校验配置: sudo nginx -t"
fi
return 0
}
###############################################################################
# SCRIPT ENTRY POINT
###############################################################################
# ASCII Flow Diagram - Function Call Hierarchy
# ┌─────────────────────────────────────────────────────────────┐
# │ MAIN() │
# └──────────────────┬──────────────────────────────────────────┘
# │
# ┌─────────────┼─────────────┬──────────────┬─────────────┐
# │ │ │ │ │
# ▼ ▼ ▼ ▼ ▼
# ┌─────────┐ ┌──────────┐ ┌─────────┐ ┌────────────┐ ┌─────────┐
# │Pre-flight│ │Install │ │Import │ │Configure │ │Install │
# │Checks │ │Deps │ │GPG Key │ │Repository │ │NGINX │
# └─────────┘ └──────────┘ └─────────┘ └────────────┘ └─────────┘
# │ │ │ │ │
# ├─check_root_privileges │ │ │
# ├─validate_ubuntu_version │ │ │
# └─validate_mirror_source │ │ │
# │ │ │ │
# └─install_dependencies │ │
# │ │ │
# └─import_nginx_gpg_key │
# │ │
# ├─configure_nginx_repository
# └─configure_apt_pinning
# │
# ├─install_nginx_package
# └─verify_nginx_installation
# Parse command line arguments
parse_arguments "$@"
# Execute main workflow
main
exit $?

26
998-常用脚本/f-nginx暴露/在线安装nginx-centos.sh Normal file
View File

@@ -0,0 +1,26 @@
#!/bin/bash
sudo yum install -y yum-utils
cat >/etc/yum.repos.d/nginx.repo<<EOF
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/8/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/8/x86_64/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
yum-config-manager --enable nginx-mainline
yum install -y nginx

19
998-常用脚本/f-nginx暴露/在线安装nginx-国外.sh Normal file
View File

@@ -0,0 +1,19 @@
#!/bin/bash
sudo apt install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
| sudo tee /etc/apt/preferences.d/99nginx
sudo apt update
sudo apt install -y nginx

32
998-常用脚本/f-nginx暴露/真实nginx-offline-map.conf Normal file
View File

@@ -0,0 +1,32 @@
server {
listen 8889;
server_name localhost;
#允许跨域请求的域,*代表所有
add_header 'Access-Control-Allow-Origin' *;
#允许带上cookie请求
add_header 'Access-Control-Allow-Credentials' 'true';
#允许请求的方法,比如 GET/POST/PUT/DELETE
add_header 'Access-Control-Allow-Methods' *;
#允许请求的header
add_header 'Access-Control-Allow-Headers' *;
location /electronic {]
root /root/offline_map/;
autoindex on;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET,POST';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
}
location /satellite {
root /root/offline_map/;
autoindex on;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET,POST';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
}
# http://192.168.6.6:8889/electronic/{z}/{x}/{y}.png
# http://192.168.6.6:8889/satellite/{z}/{x}/{y}.png
# /root/offline_map/satellite /root/offline_map/electronic
}

92
998-常用脚本/f-nginx暴露/真实nginx-reverse-proxy.conf Normal file
View File

@@ -0,0 +1,92 @@
upstream proxy_server {
ip_hash;
server 192.168.1.128:30500;
server 192.168.1.22:30500;
server 192.168.1.221:30500;
server 192.168.1.82:30500;
server 192.168.1.238:30500;
}
server {
listen 8088;
server_name localhost;
location / {
proxy_pass http://proxy_server;
client_max_body_size 5120m;
client_body_buffer_size 5120m;
client_body_timeout 6000s;
proxy_send_timeout 10000s;
proxy_read_timeout 10000s;
proxy_connect_timeout 600s;
proxy_max_temp_file_size 5120m;
proxy_request_buffering on;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 12k;
proxy_set_header Host fake-domain.sd-wf-ga-fly-260327.io;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /_AMapService/v4/map/styles {
set $args "$args&jscode=cf66cea95bdcdfcf8048456b36f357a1";
proxy_pass https://webapi.amap.com/v4/ap/styles;
}
location /_AMapService/ {
set $args "$args&jscode=cf66cea95bdcdfcf8048456b36f357a1";
proxy_pass https://restapi.amap.com/;
}
location /center/ws {
proxy_pass http://192.168.5.41:38083/mqtt;
proxy_http_version 1.1;
proxy_set_header Sec-WebSocket-Protocol mqtt;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /center/storage/ {
proxy_pass http://192.168.5.41:38899/storage/;
}
location /rtc/v1/ {
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_pass http://127.0.0.1:30985/rtc/v1/;
}
location /zlm/flv/ {
proxy_pass http://192.168.5.141:7088/;
}
location /zlm/hls/ {
proxy_pass http://192.168.5.141:7088/zlm/hls/;
}
location /zlm/webrtc {
proxy_pass http://192.168.5.141:7088/index/api/webrtc;
}
location /zlm/whip {
proxy_pass http://192.168.5.141:7088/index/api/whip;
}
location ~ ^/\w*/actuator/ {
return 403;
}
}

44
998-常用脚本/f-nginx暴露/真实的nginx配置.conf Normal file
View File

@@ -0,0 +1,44 @@
user root;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
use epoll;
worker_connections 65535;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server_tokens off;
sendfile on;
send_timeout 1200;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 600;
types_hash_max_size 2048;
client_max_body_size 2048m;
client_body_buffer_size 2048m;
underscores_in_headers on;
proxy_send_timeout 600;
proxy_read_timeout 600;
proxy_connect_timeout 600;
proxy_buffer_size 128k;
proxy_buffers 8 256k;
include /etc/nginx/conf.d/*.conf;
}
stream {
include /etc/nginx/conf.d/stream/*.conf;
}

17
998-常用脚本/f-nginx暴露/纯离线部署nginx-docker-compose.yaml Normal file
View File

@@ -0,0 +1,17 @@
version: '3'
services:
cmii-nginx:
image: docker.io/library/nginx:1.28.2
volumes:
- /etc/nginx/conf.d:/etc/nginx/conf.d
- /etc/nginx/nginx.conf:/etc/nginx/nginx.conf
ports:
- "8088:8088"
- "31935:3193"
- "30090:30090"
restart: always
# mkdir -p /etc/nginx/conf.d
# touch /etc/nginx/nginx.conf

45
998-常用脚本/f-nginx暴露/设置ingress-nginx.sh Normal file
View File

@@ -0,0 +1,45 @@
#!/bin/bash
modify_ingress_nginx_host_network(){
echo "start to modify hostnetwork to false !"
kubectl patch daemonset nginx-ingress-controller -n ingress-nginx --patch '{"spec":{"template":{"spec":{"hostNetwork": false}}}}'
echo ""
kubectl get daemonset -n ingress-nginx nginx-ingress-controller -o jsonpath='{.spec.template.spec.hostNetwork}'
}
build_for_ingress_nginx_node_port(){
echo "start to write ingress nginx node port service !"
mkdir -p /root/wdd/install/
cat >>/root/wdd/install/k8s-ingress-nginx.yaml<<EOF
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx-service
namespace: ingress-nginx
spec:
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
nodePort: 30500
- name: https
protocol: TCP
port: 443
targetPort: 443
nodePort: 31500
selector:
app: ingress-nginx
type: NodePort
sessionAffinity: None
EOF
echo ""
kubectl apply -f /root/wdd/install/k8s-ingress-nginx.yaml
}
modify_ingress_nginx_host_network
build_for_ingress_nginx_node_port

83
998-常用脚本/更新脚本/cmii-update母脚本.sh Normal file
View File

@@ -0,0 +1,83 @@
#!/bin/bash
harbor_host=192.168.2.168:8033
namespace=cq-ws-260319
app_name=""
new_tag=""
download_from_oss() {
if [ "$1" == "" ]; then
echo "no zip file in error!"
exit 233
fi
echo "start to download => $1"
wget "https://oss.demo.uavcmlc.com/cmlc-installation/tmp/$1"
echo ""
echo ""
}
upload_image_to_harbor(){
if [ "$app_name" == "" ]; then
echo "app name null exit!"
exit 233
fi
if ! docker load < "$1"; then
echo "docker load error !"
fi
docker tag "harbor.cdcyy.com.cn/cmii/$app_name:$new_tag" "$harbor_host/cmii/$app_name:$new_tag"
echo ""
echo ""
echo "upload_image_to_harbor - start to push to => $harbor_host/cmii/$app_name:$new_tag"
docker login -u admin -p V2ryStr@ngPss $harbor_host
docker push "$harbor_host/cmii/$app_name:$new_tag"
echo ""
echo ""
}
parse_args(){
if [ "$1" == "" ]; then
echo "no zip file in error!"
exit 233
fi
local image_name="$1"
# cmii-uav-surveillance=5.2.0-27031-cqga=2024-03-04=573.tar.gz
app_name=$(echo $image_name | cut -d "=" -f1)
new_tag=$(echo $image_name | cut -d "=" -f2)
}
update_image_tag(){
if [ "$new_tag" == "" ]; then
echo "new tag error!"
exit 233
fi
local image_prefix=$(kubectl -n ${namespace} get deployment "${app_name}" -o=jsonpath='{.spec.template.spec.containers[*].image}' | cut -d":" -f1)
echo "image grep is => ${image_prefix}"
echo "start to update ${namespace} ${app_name} to ${new_tag} !"
echo ""
kubectl -n ${namespace} patch deployment "${app_name}" -p "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"${app_name}\",\"image\": \"${harbor_host}/cmii/$app_name:${new_tag}\"}]}}}}"
echo ""
echo "start to wait for 3 seconds!"
sleep 3
local image_new=$(kubectl -n ${namespace} get deployment "${app_name}" -o=jsonpath='{.spec.template.spec.containers[*].image}')
echo ""
echo "new image are => $image_new"
echo ""
}
main(){
parse_args "$1"
download_from_oss "$1"
upload_image_to_harbor "$1"
update_image_tag
}
main "$@"

12963
999-数据库脚本/archive/5.4.0/0.all_tables_demo_5.4.0.sql Normal file
View File

File diff suppressed because it is too large Load Diff

4
999-数据库脚本/archive/5.4.0/hotfix增量脚本.sh Normal file
View File

@@ -0,0 +1,4 @@
ALTER TABLE `uav_user`.`sys_user`
ADD COLUMN `account_md5` varchar(255) NULL COMMENT '用户账号MD5' AFTER `account`,
ADD COLUMN `telephone_md5` varchar(255) NULL COMMENT '用户手机号MD5' AFTER `telephone`,
ADD COLUMN `email_md5` varchar(255) NULL COMMENT '用户邮箱MD5' AFTER `email`;

12985
999-数据库脚本/archive/5.5.0/0.all_tables_demo_5.5.0.sql Normal file
View File

File diff suppressed because it is too large Load Diff

148
999-数据库脚本/archive/5.5.0/1.admin_data.sql Normal file
View File

File diff suppressed because one or more lines are too long

68
999-数据库脚本/archive/5.5.0/10.uav_notice.sql Normal file
View File

File diff suppressed because one or more lines are too long

38
999-数据库脚本/archive/5.5.0/11.uav_oauth.sql Normal file
View File

File diff suppressed because one or more lines are too long

38
999-数据库脚本/archive/5.5.0/12.uav_process.sql Normal file
View File

@@ -0,0 +1,38 @@
use uav_process;
-- MySQL dump 10.13 Distrib 8.0.33, for Linux (x86_64)
--
-- Host: localhost Database: uav_process
-- ------------------------------------------------------
-- Server version 8.0.33
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!50503 SET NAMES utf8mb4 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
--
-- Dumping data for table `uav_proc_cfg`
--
LOCK TABLES `uav_proc_cfg` WRITE;
/*!40000 ALTER TABLE `uav_proc_cfg` DISABLE KEYS */;
INSERT INTO `uav_proc_cfg` VALUES (61,'kongyu','空域申请','空域申请','空域申請','airspace application ',NULL,NULL,'空域申请','lb://cmii-uav-airspace/zydAirspace/updateStat.do',1,0,10,'front',NULL,NULL,'2020-09-15 10:04:02','2020-09-15 10:04:01'),(62,'zuoye','作业申请','作业申请','作業申請','job application',NULL,NULL,'作业申请','lb://cmii-uav-mission/api/uav/mission/mission_info/approval_state',1,0,11,'front',NULL,NULL,'2020-10-29 02:53:02','2020-10-29 02:53:02');
/*!40000 ALTER TABLE `uav_proc_cfg` ENABLE KEYS */;
UNLOCK TABLES;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2024-03-06 10:32:55

108
999-数据库脚本/archive/5.5.0/13.uav_user.sql Normal file
View File

File diff suppressed because one or more lines are too long

16
999-数据库脚本/archive/5.5.0/14.uav_process_flowable_data.sql Normal file
View File

@@ -0,0 +1,16 @@
create database if not exists `uav_process`;
USE `uav_process`;
insert into `act_app_databasechangelog`(`ID`,`AUTHOR`,`FILENAME`,`DATEEXECUTED`,`ORDEREXECUTED`,`EXECTYPE`,`MD5SUM`,`DESCRIPTION`,`COMMENTS`,`TAG`,`LIQUIBASE`,`CONTEXTS`,`LABELS`,`DEPLOYMENT_ID`) values ('1','flowable','org/flowable/app/db/liquibase/flowable-app-db-changelog.xml','2020-10-14 17:06:26',1,'EXECUTED','8:496fc778bdf2ab13f2e1926d0e63e0a2','createTable tableName=ACT_APP_DEPLOYMENT; createTable tableName=ACT_APP_DEPLOYMENT_RESOURCE; addForeignKeyConstraint baseTableName=ACT_APP_DEPLOYMENT_RESOURCE, constraintName=ACT_FK_APP_RSRC_DPL, referencedTableName=ACT_APP_DEPLOYMENT; createIndex...','',NULL,'3.8.9',NULL,NULL,'2666386460'),('2','flowable','org/flowable/app/db/liquibase/flowable-app-db-changelog.xml','2020-10-14 17:06:26',2,'EXECUTED','8:ccea9ebfb6c1f8367ca4dd473fcbb7db','modifyDataType columnName=DEPLOY_TIME_, tableName=ACT_APP_DEPLOYMENT','',NULL,'3.8.9',NULL,NULL,'2666386460'),('3','flowable','org/flowable/app/db/liquibase/flowable-app-db-changelog.xml','2020-10-14 17:06:26',3,'EXECUTED','8:f1f8aff320aade831944ebad24355f3d','createIndex indexName=ACT_IDX_APP_DEF_UNIQ, tableName=ACT_APP_APPDEF','',NULL,'3.8.9',NULL,NULL,'2666386460');
insert into `act_app_databasechangeloglock`(`ID`,`LOCKED`,`LOCKGRANTED`,`LOCKEDBY`) values (1,'\0',NULL,NULL);
insert into `act_cmmn_databasechangelog`(`ID`,`AUTHOR`,`FILENAME`,`DATEEXECUTED`,`ORDEREXECUTED`,`EXECTYPE`,`MD5SUM`,`DESCRIPTION`,`COMMENTS`,`TAG`,`LIQUIBASE`,`CONTEXTS`,`LABELS`,`DEPLOYMENT_ID`) values ('1','flowable','org/flowable/cmmn/db/liquibase/flowable-cmmn-db-changelog.xml','2020-10-14 17:06:22',1,'EXECUTED','8:8b4b922d90b05ff27483abefc9597aa6','createTable tableName=ACT_CMMN_DEPLOYMENT; createTable tableName=ACT_CMMN_DEPLOYMENT_RESOURCE; addForeignKeyConstraint baseTableName=ACT_CMMN_DEPLOYMENT_RESOURCE, constraintName=ACT_FK_CMMN_RSRC_DPL, referencedTableName=ACT_CMMN_DEPLOYMENT; create...','',NULL,'3.8.9',NULL,NULL,'2666381668'),('2','flowable','org/flowable/cmmn/db/liquibase/flowable-cmmn-db-changelog.xml','2020-10-14 17:06:22',2,'EXECUTED','8:65e39b3d385706bb261cbeffe7533cbe','addColumn tableName=ACT_CMMN_CASEDEF; addColumn tableName=ACT_CMMN_DEPLOYMENT_RESOURCE; addColumn tableName=ACT_CMMN_RU_CASE_INST; addColumn tableName=ACT_CMMN_RU_PLAN_ITEM_INST','',NULL,'3.8.9',NULL,NULL,'2666381668'),('3','flowable','org/flowable/cmmn/db/liquibase/flowable-cmmn-db-changelog.xml','2020-10-14 17:06:23',3,'EXECUTED','8:c01f6e802b49436b4489040da3012359','addColumn tableName=ACT_CMMN_RU_PLAN_ITEM_INST; addColumn tableName=ACT_CMMN_RU_CASE_INST; createIndex indexName=ACT_IDX_PLAN_ITEM_STAGE_INST, tableName=ACT_CMMN_RU_PLAN_ITEM_INST; addColumn tableName=ACT_CMMN_RU_PLAN_ITEM_INST; addColumn tableNam...','',NULL,'3.8.9',NULL,NULL,'2666381668'),('4','flowable','org/flowable/cmmn/db/liquibase/flowable-cmmn-db-changelog.xml','2020-10-14 17:06:23',4,'EXECUTED','8:e40d29cb79345b7fb5afd38a7f0ba8fc','createTable tableName=ACT_CMMN_HI_PLAN_ITEM_INST; addColumn tableName=ACT_CMMN_RU_MIL_INST; addColumn tableName=ACT_CMMN_HI_MIL_INST','',NULL,'3.8.9',NULL,NULL,'2666381668'),('5','flowable','org/flowable/cmmn/db/liquibase/flowable-cmmn-db-changelog.xml','2020-10-14 17:06:24',5,'EXECUTED','8:70349de472f87368dcdec971a10311a0','modifyDataType columnName=DEPLOY_TIME_, tableName=ACT_CMMN_DEPLOYMENT; modifyDataType columnName=START_TIME_, tableName=ACT_CMMN_RU_CASE_INST; modifyDataType columnName=START_TIME_, tableName=ACT_CMMN_RU_PLAN_ITEM_INST; modifyDataType columnName=T...','',NULL,'3.8.9',NULL,NULL,'2666381668'),('6','flowable','org/flowable/cmmn/db/liquibase/flowable-cmmn-db-changelog.xml','2020-10-14 17:06:24',6,'EXECUTED','8:10e82e26a7fee94c32a92099c059c18c','createIndex indexName=ACT_IDX_CASE_DEF_UNIQ, tableName=ACT_CMMN_CASEDEF','',NULL,'3.8.9',NULL,NULL,'2666381668'),('7','flowable','org/flowable/cmmn/db/liquibase/flowable-cmmn-db-changelog.xml','2020-10-14 17:06:24',7,'EXECUTED','8:530bc81a1e30618ccf4a2da1f7c6c043','renameColumn newColumnName=CREATE_TIME_, oldColumnName=START_TIME_, tableName=ACT_CMMN_RU_PLAN_ITEM_INST; renameColumn newColumnName=CREATE_TIME_, oldColumnName=CREATED_TIME_, tableName=ACT_CMMN_HI_PLAN_ITEM_INST; addColumn tableName=ACT_CMMN_RU_P...','',NULL,'3.8.9',NULL,NULL,'2666381668'),('8','flowable','org/flowable/cmmn/db/liquibase/flowable-cmmn-db-changelog.xml','2020-10-14 17:06:24',8,'EXECUTED','8:e8c2eb1ce28bc301efe07e0e29757781','addColumn tableName=ACT_CMMN_HI_PLAN_ITEM_INST','',NULL,'3.8.9',NULL,NULL,'2666381668'),('9','flowable','org/flowable/cmmn/db/liquibase/flowable-cmmn-db-changelog.xml','2020-10-14 17:06:25',9,'EXECUTED','8:4cb4782b9bdec5ced2a64c525aa7b3a0','addColumn tableName=ACT_CMMN_RU_PLAN_ITEM_INST; addColumn tableName=ACT_CMMN_HI_PLAN_ITEM_INST','',NULL,'3.8.9',NULL,NULL,'2666381668'),('10','flowable','org/flowable/cmmn/db/liquibase/flowable-cmmn-db-changelog.xml','2020-10-14 17:06:25',10,'EXECUTED','8:341c16be247f5d17badc9809da8691f9','addColumn tableName=ACT_CMMN_RU_CASE_INST; addColumn tableName=ACT_CMMN_RU_CASE_INST; createIndex indexName=ACT_IDX_CASE_INST_REF_ID_, tableName=ACT_CMMN_RU_CASE_INST; addColumn tableName=ACT_CMMN_HI_CASE_INST; addColumn tableName=ACT_CMMN_HI_CASE...','',NULL,'3.8.9',NULL,NULL,'2666381668'),('11','flowable','org/flowable/cmmn/db/liquibase/flowable-cmmn-db-changelog.xml','2020-10-14 17:06:25',11,'EXECUTED','8:d7c4da9276bcfffbfb0ebfb25e3f7b05','addColumn tableName=ACT_CMMN_RU_PLAN_ITEM_INST; addColumn tableName=ACT_CMMN_HI_PLAN_ITEM_INST','',NULL,'3.8.9',NULL,NULL,'2666381668');
insert into `act_cmmn_databasechangeloglock`(`ID`,`LOCKED`,`LOCKGRANTED`,`LOCKEDBY`) values (1,'\0',NULL,NULL);
insert into `act_co_databasechangelog`(`ID`,`AUTHOR`,`FILENAME`,`DATEEXECUTED`,`ORDEREXECUTED`,`EXECTYPE`,`MD5SUM`,`DESCRIPTION`,`COMMENTS`,`TAG`,`LIQUIBASE`,`CONTEXTS`,`LABELS`,`DEPLOYMENT_ID`) values ('1','activiti','org/flowable/content/db/liquibase/flowable-content-db-changelog.xml','2020-10-14 17:06:20',1,'EXECUTED','8:7644d7165cfe799200a2abdd3419e8b6','createTable tableName=ACT_CO_CONTENT_ITEM; createIndex indexName=idx_contitem_taskid, tableName=ACT_CO_CONTENT_ITEM; createIndex indexName=idx_contitem_procid, tableName=ACT_CO_CONTENT_ITEM','',NULL,'3.8.9',NULL,NULL,'2666380282'),('2','flowable','org/flowable/content/db/liquibase/flowable-content-db-changelog.xml','2020-10-14 17:06:20',2,'EXECUTED','8:fe7b11ac7dbbf9c43006b23bbab60bab','addColumn tableName=ACT_CO_CONTENT_ITEM; createIndex indexName=idx_contitem_scope, tableName=ACT_CO_CONTENT_ITEM','',NULL,'3.8.9',NULL,NULL,'2666380282');
insert into `act_co_databasechangeloglock`(`ID`,`LOCKED`,`LOCKGRANTED`,`LOCKEDBY`) values (1,'\0',NULL,NULL);
insert into `act_dmn_databasechangelog`(`ID`,`AUTHOR`,`FILENAME`,`DATEEXECUTED`,`ORDEREXECUTED`,`EXECTYPE`,`MD5SUM`,`DESCRIPTION`,`COMMENTS`,`TAG`,`LIQUIBASE`,`CONTEXTS`,`LABELS`,`DEPLOYMENT_ID`) values ('1','activiti','org/flowable/dmn/db/liquibase/flowable-dmn-db-changelog.xml','2020-10-14 17:06:17',1,'EXECUTED','8:c8701f1c71018b55029f450b2e9a10a1','createTable tableName=ACT_DMN_DEPLOYMENT; createTable tableName=ACT_DMN_DEPLOYMENT_RESOURCE; createTable tableName=ACT_DMN_DECISION_TABLE','',NULL,'3.8.9',NULL,NULL,'2666377159'),('2','flowable','org/flowable/dmn/db/liquibase/flowable-dmn-db-changelog.xml','2020-10-14 17:06:17',2,'EXECUTED','8:47f94b27feb7df8a30d4e338c7bd5fb8','createTable tableName=ACT_DMN_HI_DECISION_EXECUTION','',NULL,'3.8.9',NULL,NULL,'2666377159'),('3','flowable','org/flowable/dmn/db/liquibase/flowable-dmn-db-changelog.xml','2020-10-14 17:06:17',3,'EXECUTED','8:ac17eae89fbdccb6e08daf3c7797b579','addColumn tableName=ACT_DMN_HI_DECISION_EXECUTION','',NULL,'3.8.9',NULL,NULL,'2666377159'),('4','flowable','org/flowable/dmn/db/liquibase/flowable-dmn-db-changelog.xml','2020-10-14 17:06:17',4,'EXECUTED','8:f73aabc4529e7292c2942073d1cff6f9','dropColumn columnName=PARENT_DEPLOYMENT_ID_, tableName=ACT_DMN_DECISION_TABLE','',NULL,'3.8.9',NULL,NULL,'2666377159'),('5','flowable','org/flowable/dmn/db/liquibase/flowable-dmn-db-changelog.xml','2020-10-14 17:06:17',5,'EXECUTED','8:3e03528582dd4eeb4eb41f9b9539140d','modifyDataType columnName=DEPLOY_TIME_, tableName=ACT_DMN_DEPLOYMENT; modifyDataType columnName=START_TIME_, tableName=ACT_DMN_HI_DECISION_EXECUTION; modifyDataType columnName=END_TIME_, tableName=ACT_DMN_HI_DECISION_EXECUTION','',NULL,'3.8.9',NULL,NULL,'2666377159'),('6','flowable','org/flowable/dmn/db/liquibase/flowable-dmn-db-changelog.xml','2020-10-14 17:06:17',6,'EXECUTED','8:646c6a061e0b6e8a62e69844ff96abb0','createIndex indexName=ACT_IDX_DEC_TBL_UNIQ, tableName=ACT_DMN_DECISION_TABLE','',NULL,'3.8.9',NULL,NULL,'2666377159');
insert into `act_dmn_databasechangeloglock`(`ID`,`LOCKED`,`LOCKGRANTED`,`LOCKEDBY`) values (1,'\0',NULL,NULL);
insert into `act_fo_databasechangelog`(`ID`,`AUTHOR`,`FILENAME`,`DATEEXECUTED`,`ORDEREXECUTED`,`EXECTYPE`,`MD5SUM`,`DESCRIPTION`,`COMMENTS`,`TAG`,`LIQUIBASE`,`CONTEXTS`,`LABELS`,`DEPLOYMENT_ID`) values ('1','activiti','org/flowable/form/db/liquibase/flowable-form-db-changelog.xml','2020-10-14 17:06:18',1,'EXECUTED','8:033ebf9380889aed7c453927ecc3250d','createTable tableName=ACT_FO_FORM_DEPLOYMENT; createTable tableName=ACT_FO_FORM_RESOURCE; createTable tableName=ACT_FO_FORM_DEFINITION; createTable tableName=ACT_FO_FORM_INSTANCE','',NULL,'3.8.9',NULL,NULL,'2666378551'),('2','flowable','org/flowable/form/db/liquibase/flowable-form-db-changelog.xml','2020-10-14 17:06:18',2,'EXECUTED','8:986365ceb40445ce3b27a8e6b40f159b','addColumn tableName=ACT_FO_FORM_INSTANCE','',NULL,'3.8.9',NULL,NULL,'2666378551'),('3','flowable','org/flowable/form/db/liquibase/flowable-form-db-changelog.xml','2020-10-14 17:06:19',3,'EXECUTED','8:abf482518ceb09830ef674e52c06bf15','dropColumn columnName=PARENT_DEPLOYMENT_ID_, tableName=ACT_FO_FORM_DEFINITION','',NULL,'3.8.9',NULL,NULL,'2666378551'),('4','flowable','org/flowable/form/db/liquibase/flowable-form-db-changelog.xml','2020-10-14 17:06:19',4,'EXECUTED','8:2087829f22a4b2298dbf530681c74854','modifyDataType columnName=DEPLOY_TIME_, tableName=ACT_FO_FORM_DEPLOYMENT; modifyDataType columnName=SUBMITTED_DATE_, tableName=ACT_FO_FORM_INSTANCE','',NULL,'3.8.9',NULL,NULL,'2666378551'),('5','flowable','org/flowable/form/db/liquibase/flowable-form-db-changelog.xml','2020-10-14 17:06:19',5,'EXECUTED','8:b4be732b89e5ca028bdd520c6ad4d446','createIndex indexName=ACT_IDX_FORM_DEF_UNIQ, tableName=ACT_FO_FORM_DEFINITION','',NULL,'3.8.9',NULL,NULL,'2666378551');
insert into `act_fo_databasechangeloglock`(`ID`,`LOCKED`,`LOCKGRANTED`,`LOCKEDBY`) values (1,'\0',NULL,NULL);
insert into `act_ge_property`(`NAME_`,`VALUE_`,`REV_`) values ('batch.schema.version','6.5.0.6',1),('cfg.execution-related-entities-count','true',1),('cfg.task-related-entities-count','true',1),('common.schema.version','6.5.0.6',1),('entitylink.schema.version','6.5.0.6',1),('eventsubscription.schema.version','6.5.0.6',1),('identitylink.schema.version','6.5.0.6',1),('job.schema.version','6.5.0.6',1),('next.dbid','1',1),('schema.history','create(6.5.0.6)',1),('schema.version','6.5.0.6',1),('task.schema.version','6.5.0.6',1),('variable.schema.version','6.5.0.6',1);
insert into `act_id_property`(`NAME_`,`VALUE_`,`REV_`) values ('schema.version','6.5.0.6',1);
insert into `flw_ev_databasechangelog`(`ID`,`AUTHOR`,`FILENAME`,`DATEEXECUTED`,`ORDEREXECUTED`,`EXECTYPE`,`MD5SUM`,`DESCRIPTION`,`COMMENTS`,`TAG`,`LIQUIBASE`,`CONTEXTS`,`LABELS`,`DEPLOYMENT_ID`) values ('1','flowable','org/flowable/eventregistry/db/liquibase/flowable-eventregistry-db-changelog.xml','2020-10-14 17:06:15',1,'EXECUTED','8:1b0c48c9cf7945be799d868a2626d687','createTable tableName=FLW_EVENT_DEPLOYMENT; createTable tableName=FLW_EVENT_RESOURCE; createTable tableName=FLW_EVENT_DEFINITION; createIndex indexName=ACT_IDX_EVENT_DEF_UNIQ, tableName=FLW_EVENT_DEFINITION; createTable tableName=FLW_CHANNEL_DEFIN...','',NULL,'3.8.9',NULL,NULL,'2666375603');
insert into `flw_ev_databasechangeloglock`(`ID`,`LOCKED`,`LOCKGRANTED`,`LOCKEDBY`) values (1,'\0',NULL,NULL);

9
999-数据库脚本/archive/5.5.0/15.user_base_data.sql Normal file
View File

@@ -0,0 +1,9 @@
insert into admin_user.`sys_user`(`id`,`is_system_admin`,`is_company_admin`,`name`,`account`,`job_no`,`telephone`,`email`,`salt`,`password`,`avatar`,`org_id`,`company_id`,`is_del`,`is_frozen`,`create_at`,`update_at`,`create_by`,`update_by`) values
(1,1,'\0','管理员','admin',NULL,'15108281409','136533479@qq.com','ho7r','6c98365cbab7d8bc1d9fe75e3d22b1b5','uav/img/1594951885747_微信图片_20200702105139.png',NULL,NULL,'\0','\0','2020-04-30 09:39:06','2021-05-27 19:54:24',NULL,NULL);
update admin_user.sys_user set password = MD5(CONCAT(MD5('cvi!LRtUWd'),salt)), avatar = null where id = 1;
INSERT INTO `uav_user`.`sys_user`(`id`, `is_system_admin`, `is_company_admin`, `name`, `account`, `telephone`, `email`, `avatar`, `org_id`, `company_id`, `is_del`, `is_frozen`, `create_at`, `update_at`, `create_by`) VALUES (1, b'1', b'0', '凌云超管', 'admin', '18008002781', 'liuchunrong@cmii.chinamobile.com', 'personnelInfo/image/timg (2).jpg', NULL, NULL, b'0', b'0', '2020-04-30 09:39:06', '2021-07-15 11:03:58', NULL);
INSERT INTO `uav_user`.`sys_account`( `user_id`, `user_account`, `password`, `salt`, `type`, `company_id`, `is_del`, `create_at`) VALUES (1, 'admin', '2a9cf2bb7038ea20aaec370048cd1d8d', 'ufjd', 0, NULL, b'0', '2020-05-15 17:05:08');
INSERT INTO `uav_user`.`sys_account`( `user_id`, `user_account`, `password`, `salt`, `type`, `company_id`, `is_del`, `create_at`) VALUES ( 1, '18008002781', '2c89975fb95e043eeb705457be262070', 'Jtyx', 1, NULL, b'0', '2020-05-21 22:00:45');

Some files were not shown because too many files have changed in this diff Show More