add
This commit is contained in:
zeaslity
4
17-重庆林业局/0-基础脚本.sh
Normal file
4
17-重庆林业局/0-基础脚本.sh
Normal file
@@ -0,0 +1,4 @@
|
||||
#!/bin/bash
|
||||
|
||||
|
||||
bash <(curl -sL http://10.250.0.100:9000/octopus/init-script-wdd.sh) --url http://10.250.0.100:9000/octopus --agent-update --offline
|
||||
33
17-重庆林业局/0.0-dependencies.sh
Normal file
33
17-重庆林业局/0.0-dependencies.sh
Normal file
@@ -0,0 +1,33 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# 需要在所有的节点执行
|
||||
|
||||
hostnamectl set-hostname master-node
|
||||
|
||||
sed -i "/search/ a nameserver 223.5.5.5" /etc/resolv.conf
|
||||
|
||||
echo "AllowTcpForwarding yes" >> /etc/ssh/sshd_config
|
||||
systemctl restart sshd
|
||||
|
||||
cat >> /etc/hosts << EOF
|
||||
192.168.0.6 master-node
|
||||
192.168.0.19 worker-1
|
||||
192.168.0.8 worker-2
|
||||
192.168.0.3 worker-3
|
||||
192.168.0.13 storage-1
|
||||
192.168.0.16 ai-1
|
||||
EOF
|
||||
|
||||
|
||||
reverse 42.192.52.227
|
||||
|
||||
34.
|
||||
|
||||
|
||||
root
|
||||
|
||||
10.190.217.227
|
||||
|
||||
3Ycg4ZPsG#Z!
|
||||
|
||||
|
||||
60
17-重庆林业局/00-install-all-demand-softwares.sh
Normal file
60
17-重庆林业局/00-install-all-demand-softwares.sh
Normal file
@@ -0,0 +1,60 @@
|
||||
#!/bin/bash
|
||||
|
||||
|
||||
all_ip_list=(192.168.0.6 192.168.0.19 192.168.0.8 192.168.0.3 192.168.0.13)
|
||||
#all_ip_list=(192.168.0.19 192.168.0.8 192.168.0.3 192.168.0.13)
|
||||
#all_ip_list=(192.168.0.6)
|
||||
|
||||
|
||||
install_docker_manual(){
|
||||
local DOCKER_VERSION="20.10.15"
|
||||
apt-cache madison docker-ce | grep $(echo ${DOCKER_VERSION} | cut -d"." -f1) | awk '{print$3}'
|
||||
local dockerSpecific=$(apt-cache madison docker-ce | grep $(echo ${DOCKER_VERSION} | cut -d"." -f1) | awk '{print$3}' | grep ${DOCKER_VERSION})
|
||||
|
||||
apt-get install -y "docker-ce=${dockerSpecific}" "docker-ce-cli=${dockerSpecific}" "containerd.io" "docker-compose-plugin" "docker-ce-rootless-extras=${dockerSpecific}"
|
||||
}
|
||||
|
||||
install_docker_manual
|
||||
|
||||
install_ssh_key(){
|
||||
echo "yes"
|
||||
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCcQyyavsRj54vwDBQsbVPSAugsqi0DKQG8JhZNs1719D/6iGomyq1U+095RLDiEKmLQNu3lEnIeqIds2YYR4JVgUoPKI/c6/k5NdR7fOFLWIWd4DX3crWcArBRHuKXTZnQoYPcC9I5Y7+LgRFHzAOOSrUswIOZ/zLZ5JaJUBO/imyYUlS9lXLKXf7M6iMpbNQ6EHfLdKJgSmkxQbfjrSAC1EDO9M4sMU109hBVjB7s/+Q/5f9FeVLEMP1ShxNoWk5ljTjuHCCZoP7JAiZf4e1d6SI6acMwv4ohluPSeN0torPRqMNcTqe/Ty4pWBxWDCYrsJX8F33SwmApyCyn2Ykjgd1fQCa63ATZqENpffZRapAHzxQ7jQGCO8gktKQ6wqHsxfaUx/Zey4OCvvzzkAkTgXAfGHugnPvMPawBcOvPZ+ta7aYIlhSJL9UT/8KWMVDypFrnveLyP/Z0+Qa+freKeyo/rRXS++C+0tV4shKKt+HluhWcDDVbYc4bAqk0iioecAbw42x5hvhVZpb7JqbvU2jnc1n8np3g0/rqJbySWFYVVwigbXnI/DFQG+qZgKz17qjJ7hS78xFxy0FY2+NH0QUXwxa/XwFuIUcObW9oCOVhrNXnmn//Lm9b01mcJixMmoiQeodDQ0pG1pyTRqxA5CBgaH/LB5jWgy0hnjJlAQ== root@ecs-web" >> /root/.ssh/authorized_keys
|
||||
}
|
||||
|
||||
install_octopus_agent(){
|
||||
local server
|
||||
for server in "${all_ip_list[@]}";do
|
||||
echo "current servr is ${server}"
|
||||
ssh root@"${server}" "echo yes"
|
||||
# ssh root@"${server}" "rm -rf init-script-wdd.sh && wget http://192.168.0.6:9000/octopus/init-script-wdd.sh -O init-script-wdd.sh && chmod +x init-script-wdd.sh && bash init-script-wdd.sh --url http://192.168.0.6:9000/octopus --agent-install --offline"
|
||||
|
||||
# scp /usr/local/etc/octpus-agent/octopus-agent.conf root@${server}:/usr/local/etc/octpus-agent/octopus-agent.conf
|
||||
# scp /etc/systemd/system/octopus-agent.service root@${server}:/etc/systemd/system/octopus-agent.service
|
||||
|
||||
# ssh root@"${server}" "sed -i s/OFFLINE_HOST_IP/192.168.0.6/g /usr/local/etc/octpus-agent/octopus-agent-standard.yaml"
|
||||
# ssh root@"${server}" "sed -i s/-T10/-T3/g /usr/local/etc/octpus-agent/lib/wdd-lib-env.sh"
|
||||
# ssh root@"${server}" "bash /usr/local/etc/octpus-agent/lib/wdd-lib-env.sh"
|
||||
# ssh root@"${server}" "systemctl daemon-reload && systemctl start octopus-agent && systemctl enable octopus-agent"
|
||||
# ssh root@"${server}" "systemctl restart octopus-agent"
|
||||
|
||||
|
||||
# ssh root@"${server}" "mkdir -p /root/wdd/offline/nfs_common/"
|
||||
# scp -r /root/wdd/offline/nfs_common/ root@${server}:/root/wdd/offline/nfs_common/
|
||||
# ssh root@"${server}" "ls /root/wdd/offline/nfs_common/"
|
||||
# ssh root@"${server}" "dpkg -i /root/wdd/offline/nfs_common/nfs_common/*.deb"
|
||||
|
||||
# ssh root@"${server}" "sed -i \"s/net.ipv4.conf.all.accept_redirects=0/net.ipv4.conf.all.accept_redirects=1/g\" /etc/sysctl.conf"
|
||||
# ssh root@"${server}" "sed -i \"s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g\" /etc/sysctl.conf"
|
||||
# ssh root@"${server}" "sysctl -p"
|
||||
# ssh root@"${server}" "systemctl restart docker"
|
||||
ssh root@"${server}" "docker restart $(docker ps -aq)"
|
||||
|
||||
|
||||
|
||||
done
|
||||
}
|
||||
#install_octopus_agent
|
||||
|
||||
|
||||
|
||||
|
||||
19
17-重庆林业局/10-kubernetes-config.yaml
Normal file
19
17-重庆林业局/10-kubernetes-config.yaml
Normal file
@@ -0,0 +1,19 @@
|
||||
apiVersion: v1
|
||||
kind: Config
|
||||
clusters:
|
||||
- cluster:
|
||||
api-version: v1
|
||||
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN3akNDQWFxZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFTTVJBd0RnWURWUVFERXdkcmRXSmwKTFdOaE1CNFhEVEkwTURJd01UQXpNemt4TTFvWERUTTBNREV5T1RBek16a3hNMW93RWpFUU1BNEdBMVVFQXhNSAphM1ZpWlMxallUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUs3MUpMYzRQME5ICjVLMzNqN2N6K1JROTdpWFlBbnU2QWNhZm1LWk5NOWlBOFpIbkxYZmlvS3hGb0FxUDZlQy9NZ0FKZDN0TUNHSHUKYUo5djFwalJQSlh0R3lrbExieEVrc1Jqb3VERU5BOGVlamQ4d3FkaUxQcWJyK3lsc1BzOUlhY2g1RHd4Q1U1dAoyUkRBcmdiQmQwSEZZNy9KeGFzM25vaWZpa0M0L1JjZTlNZVh0K3hqcVFoWEN3MTRrYXpueXBBUHcwR3h5aGxoCkExYy9PSFhubTlZV2pHN1ZWeTg3emFXZlMyQjRCRkkwNEljb0NsMDNNcHZKM2p6anAvTm4rbzFzQnp0Y1JOZUwKZzI4N1M4R0VkdVFOMjhjRnVhVVdhaE1JRWE3dUZtVHVpSFVDNlNZRkRwN09uY0N5N2YzNkR3Y2xoU3JDNmhKZQpCdzlSbWlZdXlnRUNBd0VBQWFNak1DRXdEZ1lEVlIwUEFRSC9CQVFEQWdLa01BOEdBMVVkRXdFQi93UUZNQU1CCkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQSs0TXFRZlVaeUt4QWlYQkliaW5WNlJtaUxORkFYZi9wOXoKYUhxOUJnNkg4UkNKajJCUDV3Yzdla1NVTUwvZENFRS9UMDNnbmFXdnNUeHFhVTRFRGRMZWhQNndDNlhrRi9SdApNaHB0bHh2dG5DRzJaeTU4eG5wVmVSZGZ1R0VrN2xWeTlqVUY3N00yTjBmdCt3b0l3bHEwcElwNUkxODY4RExMCmh3YWQzL1FvMFhseU9KM1o1ZWVFMWF3RHJNb3AwWHZVYWVHKzR0WkE4Z284N0xHcU1rY2VhQTRYZGVKUFY1dzkKM3V5SUdxSDFDT0RubGszWUZpTTBQbXdyVExBTzQ0dlV2NTBSMEtjdFQyOTNUWWxiM1RxNU5vVXE4NzFzTVpxZgpjR3U2NXVEMW8zK21UYTRWMmkyYm1JMWVTK2tvcjh4RzRIbnlxdDR6OTF2ZkVtSzNJQjg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
||||
server: "https://192.168.0.6:6443"
|
||||
name: "rke-cluster"
|
||||
contexts:
|
||||
- context:
|
||||
cluster: "rke-cluster"
|
||||
user: "kube-admin-rke-cluster"
|
||||
name: "rke-cluster"
|
||||
current-context: "rke-cluster"
|
||||
users:
|
||||
- name: "kube-admin-rke-cluster"
|
||||
user:
|
||||
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2VENDQWRHZ0F3SUJBZ0lJRyt5WUU5b0VVczR3RFFZSktvWklodmNOQVFFTEJRQXdFakVRTUE0R0ExVUUKQXhNSGEzVmlaUzFqWVRBZUZ3MHlOREF5TURFd016TTVNVE5hRncwek5EQXhNamt3TXpRMU1UZGFNQzR4RnpBVgpCZ05WQkFvVERuTjVjM1JsYlRwdFlYTjBaWEp6TVJNd0VRWURWUVFERXdwcmRXSmxMV0ZrYldsdU1JSUJJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTdSdU5uL09hbzFlMFU3K1ZBVWlTOUYxSi9WZEQKNkVUOEtjSUV3c09CNElCZlBnaG96ZkVKMDZKbXgzRXkrOTFlSlg1MDZLUUNmSTJrZmczaEtOMFBURkYxNysvNQpUQTAxOERYd0FQdXU0UllFN1lCYjQrOW5yOVJkT2FoQi9haStSZ3hFK0ZEZ2ZXYXpYWE9lUEszanFBQVBjcEVtCk1rODdpMXJBQ1RoM3N3VGZ0Y1NqblpxN3M2ZVladUJnM3lnSG9VMjhneTZnRklDN1V4cFJCNU96SGZBeWpKL3cKZm1nV1gvZjVnQ0hGYVUraWFBKzVwaWZJWHVtNE1TQkpkM2ljRlc0R0ltdkVxNGtrc2orRFIveFRCYjNkZnpEagpUa1lMK2dJTVVLWFZDVzNpaU9MZlVOL0RzTHFpVWE1MkltUlZBa3ExT3FsdEZDWmhSMFRQM2pneFV3SURBUUFCCm95Y3dKVEFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUhBd0l3RFFZSktvWkkKaHZjTkFRRUxCUUFEZ2dFQkFLUHR6WlVZWXN0cXN5MWRVYk1hVVdNK3dyTzFLbWVmYjFwdGhmUG9jbXltbDYzaAoxZVFhVzh0M1RhTWJPQ3k5dUtCcWJvclkyS0tOYzFIMTY0S0RuUE9jSGlORWxvUk5jbVhDQWU1aVNJOHJvcmJCCkhaWGlFWmNXVlpyTWtNY2NYQktLYngwMDFRMnprQ1pjbVhRWXBTTk9XRW9kYzM3WkRWOTQ4YlZWTkFzTnN2QncKVW90YmNSdlo4dS9TUzRxTHRLN3lPVFJRVjZFRFREQ3JlSlBWNnFBS2V2eHB3SlF1ZUxqTmhnbzNIVm9zUlJEbQpjc0taNnQ5MkYvZ1V0dWk3VkgrTXdVTE9HTHNPb0JjMldpNW4yS1BIVDViNUZvQ2Z5b2ZlYjdBN2tOMGU1cUluCkYvTjhNZ3FqUXFTZ2dJaVZicmMxb1l1REMxTjBWbk1VWEp1MDR5UT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
|
||||
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBN1J1Tm4vT2FvMWUwVTcrVkFVaVM5RjFKL1ZkRDZFVDhLY0lFd3NPQjRJQmZQZ2hvCnpmRUowNkpteDNFeSs5MWVKWDUwNktRQ2ZJMmtmZzNoS04wUFRGRjE3Ky81VEEwMThEWHdBUHV1NFJZRTdZQmIKNCs5bnI5UmRPYWhCL2FpK1JneEUrRkRnZldhelhYT2VQSzNqcUFBUGNwRW1Nazg3aTFyQUNUaDNzd1RmdGNTagpuWnE3czZlWVp1QmczeWdIb1UyOGd5NmdGSUM3VXhwUkI1T3pIZkF5akovd2ZtZ1dYL2Y1Z0NIRmFVK2lhQSs1CnBpZklYdW00TVNCSmQzaWNGVzRHSW12RXE0a2tzaitEUi94VEJiM2RmekRqVGtZTCtnSU1VS1hWQ1czaWlPTGYKVU4vRHNMcWlVYTUySW1SVkFrcTFPcWx0RkNaaFIwVFAzamd4VXdJREFRQUJBb0lCQVFDVjJyQXJ3MzZjZGJYVwpxR0s0S1BJWDEwNEgrN3REZFRZWi9qR2NGb3hqSXo4T3FhbnpYci9qTGVUZmNEL1V4eGZWZ3BMSTViOWNrUGpCCllteEhzMDhUNFBnMDZPb2FrczdnUG5hdGFHUWloaFFmTnR6Y3RsWkYzbVg5SnNadVZ0UEsyYjVOWW5BL1VVVlQKYnRzM1puOVhrcEl3eW1QbHNBWG1FVGtGbXRhc0lOVGdTSDFUbFVESzUzK3J6VTJBVkdRMXJzREt4Y3kwaFBmZQpGcEJwWndmQTRaNmUzUWUzb1Rna2xuV0VVYzI2eFppTjRWZTBVaEpxZUZOSXYzZUdkVUdwTzE4TE8zaEpFT2xyCml1WlU4MnNHUzFVTHloNC9haVkzc1BCZjEza0tGQ0dnY1dTblJCcjBrQ0dPRjdKckVieUZ6ZHdjZ0xreXh3SjYKell2c290L0JBb0dCQU83bmoyWm1mU0RtZmZVcFUwSFp6Y0EwMVpOdGFueDZRVm4rSXNwZWR5aGZxZlJtdWpwNwo0MTdCeE1RMEk2OThRcnRScTFITGlHNFFpVTc3NWhmTEpldmp5SUE3cDkrVnBQN2RLNDRkd0xIMW5SVkNWTkxVClVRYjhJc2hrYmExa3l1VUQ4RkU0ZmtJVjRiV3F2SzdZdXZjeWVMK1grUHF4K0ptRmt5NitVT1JKQW9HQkFQNFQKRTNWYi9FYlJqN21lVlZDVVFzb1g0RG52clg4aWxMNTkxN2UxdjRFdEh2Wkc5QWl6dVBUK0RxZlJmMWlma3gvZwp3ZmhTTjk5dXhVckVuK3pDa1h0NGNlMEFsYVJ1NkxTLzNUeEt5QTFpd3FTOTZsMnpGb2h0MkVzUUN3R2lvSDdECnBrRk5zOHNUV1lxd08zai82ZkdhMmFMbVg3ZkI3VjdzTVFIQU5mQzdBb0dBUmpPeFJjdjBGUWptRm5hUVNwZHcKQ0h6K0RaWm5aakNlcDQwd04vdE9WSVRYOGtPRmtjMzU0RXhjUDdONmtRU1lyMmF1U3hqZC9FbkxyM1FDQnhmaApDdElpaHR3QTFvaW90V1BVZXF4dmhWdkJUdy93MFFzbXpFQ25EKy9DOHVMZFpES21HWmZhTWgwditDdzF5Y05TCkhYV3RXYytVa0VaZjRPMEpkUURqMEZFQ2dZRUF3emw3S1NFK0RsaDEzRVdaL21sOWpIV2VHRVpmQktKWXNxcFYKZDlhU1NMcVg0TnFTSnFHYUM3MnZHeW54ZFBKZ2hRMFpYaW9tdm1zSjg3Snp3K09aRDh0emxvMXRia1MrVUN4ZwozVFFFMWF3K0xZRzBOTDBvSWpwdENQaFJ6TGJlSmFsRjlVVzBVZVVUVjJxa3VBdkVBWjVmZmprUDhVMTBqQXhtCmQ1YnVtNE1DZ1lCTUNVSTdUNVdYK2hJSWlIRDNVb0w4cEpzZFpzT2hyREdBbmZxMFRoRFhsaU5IZGZWVEM2Q08KOHZVSkFVWDNaRkVhZStOT1dOVEdJbDNFQnpUSC9hT0p1Q3BNWUtXTkpFcFR4SnhXeUlmWWR1ZUJlaU8wblozTgpJSm42NFFGMmlLMlozNHBNUFdzT0hDWEN0a29YRE9qeGpvd1lkVzVWOWtlQ1N2YmMyS2ZSNHc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
|
||||
43
17-重庆林业局/11-nginx-proxy.conf
Normal file
43
17-重庆林业局/11-nginx-proxy.conf
Normal file
@@ -0,0 +1,43 @@
|
||||
server {
|
||||
listen 8888;
|
||||
server_name localhost;
|
||||
location / {
|
||||
proxy_pass http://localhost:30500;
|
||||
client_max_body_size 5120m;
|
||||
client_body_buffer_size 5120m;
|
||||
client_body_timeout 6000s;
|
||||
proxy_send_timeout 10000s;
|
||||
proxy_read_timeout 10000s;
|
||||
proxy_connect_timeout 600s;
|
||||
proxy_max_temp_file_size 5120m;
|
||||
proxy_request_buffering on;
|
||||
proxy_buffering off;
|
||||
proxy_buffer_size 4k;
|
||||
proxy_buffers 4 12k;
|
||||
proxy_set_header Host fake-domain.cqga.io;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
location /_AMapService/v4/map/styles {
|
||||
set $args "$args&jscode=cf66cea95bdcdfcf8048456b36f357a1";
|
||||
proxy_pass https://webapi.amap.com/v4/ap/styles;
|
||||
}
|
||||
|
||||
location /_AMapService/ {
|
||||
set $args "$args&jscode=cf66cea95bdcdfcf8048456b36f357a1";
|
||||
proxy_pass https://restapi.amap.com/;
|
||||
}
|
||||
|
||||
location /rtc/v1/ {
|
||||
add_header Access-Control-Allow-Headers X-Requested-With;
|
||||
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
|
||||
proxy_pass http://127.0.0.1:30985/rtc/v1/;
|
||||
}
|
||||
|
||||
location ~ ^/\w*/actuator/ {
|
||||
return 403;
|
||||
}
|
||||
}
|
||||
43
17-重庆林业局/11-nginx.conf
Normal file
43
17-重庆林业局/11-nginx.conf
Normal file
@@ -0,0 +1,43 @@
|
||||
user root;
|
||||
worker_processes auto;
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
events {
|
||||
use epoll;
|
||||
worker_connections 65535;
|
||||
}
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
server_tokens off;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
send_timeout 1200;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout 600;
|
||||
types_hash_max_size 2048;
|
||||
client_max_body_size 2048m;
|
||||
client_body_buffer_size 2048m;
|
||||
|
||||
underscores_in_headers on;
|
||||
|
||||
proxy_send_timeout 600;
|
||||
proxy_read_timeout 600;
|
||||
proxy_connect_timeout 600;
|
||||
proxy_buffer_size 128k;
|
||||
proxy_buffers 8 256k;
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
||||
stream {
|
||||
include /etc/nginx/conf.d/stream/*.conf;
|
||||
}
|
||||
20
17-重庆林业局/11-octopus-reverse.conf
Normal file
20
17-重庆林业局/11-octopus-reverse.conf
Normal file
@@ -0,0 +1,20 @@
|
||||
server {
|
||||
listen 80;
|
||||
proxy_pass 42.192.52.227:80;
|
||||
}
|
||||
server {
|
||||
listen 8034;
|
||||
proxy_pass 42.192.52.227:8033;
|
||||
}
|
||||
server {
|
||||
listen 9000;
|
||||
proxy_pass 42.192.52.227:9000;
|
||||
}
|
||||
server {
|
||||
listen 9001;
|
||||
proxy_pass 42.192.52.227:9001;
|
||||
}
|
||||
server {
|
||||
listen 20672;
|
||||
proxy_pass 42.192.52.227:20672;
|
||||
}
|
||||
187
17-重庆林业局/7-rke-cluster.yml
Normal file
187
17-重庆林业局/7-rke-cluster.yml
Normal file
@@ -0,0 +1,187 @@
|
||||
nodes:
|
||||
- address: 192.168.0.6
|
||||
user: root
|
||||
role:
|
||||
- controlplane
|
||||
- etcd
|
||||
- worker
|
||||
internal_address: 192.168.0.6
|
||||
labels:
|
||||
ingress-deploy: true
|
||||
- address: 192.168.0.19
|
||||
user: root
|
||||
role:
|
||||
- worker
|
||||
internal_address: 192.168.0.19
|
||||
- address: 192.168.0.8
|
||||
user: root
|
||||
role:
|
||||
- worker
|
||||
internal_address: 192.168.0.8
|
||||
- address: 192.168.0.3
|
||||
user: root
|
||||
role:
|
||||
- worker
|
||||
internal_address: 192.168.0.3
|
||||
labels:
|
||||
mysql-deploy: true
|
||||
|
||||
authentication:
|
||||
strategy: x509
|
||||
sans:
|
||||
- "192.168.0.6"
|
||||
- "36.134.28.60"
|
||||
|
||||
private_registries:
|
||||
- url: 192.168.0.6:8033 # 私有镜像库地址
|
||||
user: admin
|
||||
password: "V2ryStr@ngPss"
|
||||
is_default: true
|
||||
|
||||
##############################################################################
|
||||
|
||||
# 默认值为false,如果设置为true,当发现不支持的Docker版本时,RKE不会报错
|
||||
ignore_docker_version: true
|
||||
|
||||
# Set the name of the Kubernetes cluster
|
||||
cluster_name: rke-cluster
|
||||
|
||||
kubernetes_version: v1.20.4-rancher1-1
|
||||
|
||||
ssh_key_path: /root/.ssh/id_ed25519
|
||||
#ssh_key_path: /root/.ssh/id_rsa
|
||||
|
||||
# Enable running cri-dockerd
|
||||
# Up to Kubernetes 1.23, kubelet contained code called dockershim
|
||||
# to support Docker runtime. The replacement is called cri-dockerd
|
||||
# and should be enabled if you want to keep using Docker as your
|
||||
# container runtime
|
||||
# Only available to enable in Kubernetes 1.21 and higher
|
||||
enable_cri_dockerd: true
|
||||
|
||||
services:
|
||||
etcd:
|
||||
backup_config:
|
||||
enabled: false
|
||||
interval_hours: 72
|
||||
retention: 3
|
||||
safe_timestamp: false
|
||||
timeout: 300
|
||||
creation: 12h
|
||||
extra_args:
|
||||
election-timeout: 5000
|
||||
heartbeat-interval: 500
|
||||
gid: 0
|
||||
retention: 72h
|
||||
snapshot: false
|
||||
uid: 0
|
||||
|
||||
kube-api:
|
||||
# IP range for any services created on Kubernetes
|
||||
# This must match the service_cluster_ip_range in kube-controller
|
||||
service_cluster_ip_range: 10.74.0.0/16
|
||||
# Expose a different port range for NodePort services
|
||||
service_node_port_range: 30000-40000
|
||||
always_pull_images: true
|
||||
pod_security_policy: false
|
||||
# Add additional arguments to the kubernetes API server
|
||||
# This WILL OVERRIDE any existing defaults
|
||||
extra_args:
|
||||
# Enable audit log to stdout
|
||||
audit-log-path: "-"
|
||||
# Increase number of delete workers
|
||||
delete-collection-workers: 3
|
||||
# Set the level of log output to warning-level
|
||||
v: 1
|
||||
kube-controller:
|
||||
# CIDR pool used to assign IP addresses to pods in the cluster
|
||||
cluster_cidr: 10.100.0.0/16
|
||||
# IP range for any services created on Kubernetes
|
||||
# This must match the service_cluster_ip_range in kube-api
|
||||
service_cluster_ip_range: 10.74.0.0/16
|
||||
# Add additional arguments to the kubernetes API server
|
||||
# This WILL OVERRIDE any existing defaults
|
||||
extra_args:
|
||||
# Set the level of log output to debug-level
|
||||
v: 1
|
||||
# Enable RotateKubeletServerCertificate feature gate
|
||||
feature-gates: RotateKubeletServerCertificate=true
|
||||
# Enable TLS Certificates management
|
||||
# https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/
|
||||
cluster-signing-cert-file: "/etc/kubernetes/ssl/kube-ca.pem"
|
||||
cluster-signing-key-file: "/etc/kubernetes/ssl/kube-ca-key.pem"
|
||||
kubelet:
|
||||
# Base domain for the cluster
|
||||
cluster_domain: cluster.local
|
||||
# IP address for the DNS service endpoint
|
||||
cluster_dns_server: 10.74.0.10
|
||||
# Fail if swap is on
|
||||
fail_swap_on: false
|
||||
# Set max pods to 250 instead of default 110
|
||||
extra_binds:
|
||||
- "/data/minio-pv:/hostStorage" # 不要修改 为minio的pv添加
|
||||
extra_args:
|
||||
max-pods: 122
|
||||
# Optionally define additional volume binds to a service
|
||||
scheduler:
|
||||
extra_args:
|
||||
# Set the level of log output to warning-level
|
||||
v: 0
|
||||
kubeproxy:
|
||||
extra_args:
|
||||
# Set the level of log output to warning-level
|
||||
v: 1
|
||||
|
||||
authorization:
|
||||
mode: rbac
|
||||
|
||||
addon_job_timeout: 30
|
||||
|
||||
# Specify network plugin-in (canal, calico, flannel, weave, or none)
|
||||
network:
|
||||
mtu: 1440
|
||||
options:
|
||||
flannel_backend_type: vxlan
|
||||
flannel_iface: eth0
|
||||
flannel_autoscaler_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
|
||||
flannel_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
|
||||
plugin: calico
|
||||
|
||||
# Specify DNS provider (coredns or kube-dns)
|
||||
dns:
|
||||
provider: coredns
|
||||
nodelocal: {}
|
||||
# Available as of v1.1.0
|
||||
update_strategy:
|
||||
strategy: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 20%
|
||||
maxSurge: 15%
|
||||
linear_autoscaler_params:
|
||||
cores_per_replica: 0.34
|
||||
nodes_per_replica: 4
|
||||
prevent_single_point_failure: true
|
||||
min: 2
|
||||
max: 3
|
||||
|
||||
# Specify monitoring provider (metrics-server)
|
||||
monitoring:
|
||||
provider: metrics-server
|
||||
# Available as of v1.1.0
|
||||
update_strategy:
|
||||
strategy: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 8
|
||||
|
||||
ingress:
|
||||
provider: nginx
|
||||
default_backend: true
|
||||
http_port: 0
|
||||
https_port: 0
|
||||
extra_envs:
|
||||
- name: TZ
|
||||
value: Asia/Shanghai
|
||||
node_selector:
|
||||
ingress-deploy: true
|
||||
options:
|
||||
use-forwarded-headers: "true"
|
||||
8
17-重庆林业局/9-chrony-shell.sh
Normal file
8
17-重庆林业局/9-chrony-shell.sh
Normal file
@@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
|
||||
docker exec chrony chronyc tracking
|
||||
docker exec chrony chronyc sources
|
||||
docker exec chrony chronyc sourcestats
|
||||
|
||||
|
||||
Reference in New Issue
Block a user