zeaslity/CmiiDeploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

大量更新

Browse Source
This commit is contained in:
zeaslity
2026-05-19 14:28:44 +08:00
parent a8f6bda703
commit 9fc3372fa3
5299 changed files with 423176 additions and 426690 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
75-202603-重庆二级平台/1-image/middleware-fly-amd64-260311.txt Normal file
View File

@@ -0,0 +1,13 @@
bitnamilegacy/redis:6.2.14-debian-11-r19
bitnamilegacy/redis:7.4.3-debian-12-r0
bitnamilegacy/mysql:8.1.0-debian-11-r42
bitnamilegacy/os-shell:12-debian-12-r51
bitnamilegacy/rabbitmq:3.13.7-debian-12-r5
ossrs/srs:v5.0.195
emqx/emqx:5.8.8
bitnamilegacy/influxdb:2.7.11-debian-12-r19
minio/minio:RELEASE.2023-06-02T23-17-26Z
kubernetesui/dashboard:v2.7.0
kubernetesui/metrics-scraper:v1.0.9
dyrnq/nfs-subdir-external-provisioner:v4.0.2
nginx:1.28.2

63
75-202603-重庆二级平台/1-批量脚本.sh Normal file
View File

@@ -0,0 +1,63 @@
36.133.115.174
ram账户
zgydtxjtcqyxgs18883257311
cqcmii
2013SHUde#1
root
Dict@2024
IFQ9jIkHy9,
实例名称 规格类型 资源类型 CPU GPU类型 GPU数量 内存G 内网IPv4 公网IP IPv6地址 系统盘大小G 网卡1(IPv4) 网卡1(IPv6) 网卡2(IPv4) 网卡2(IPv6)
kcs-cmii-drone-s-8hfnk 通用网络优化型 VM 12 24 192.168.9.36, 10.191.193.180 200 192.168.9.36 10.191.193.180
kcs-cmii-drone-s-wqqck 通用网络优化型 VM 12 24 192.168.9.98, 10.191.192.104 200 192.168.9.98 10.191.192.104
cmii2-ecs 通用型 VM 8 16 192.168.9.4 200 192.168.9.4 36.133.115.90
mv agent-wdd_linux_arm64 /usr/local/bin/agent-wdd
chmod +x /usr/local/bin/agent-wdd
# 主节点安装ssh-key
/usr/local/bin/agent-wdd base ssh config
/usr/local/bin/agent-wdd base ssh key
DEFAULT_HTTP_BACKEND_IP=$(kubectl -n ingress-nginx get svc default-http-backend -o jsonpath='{.spec.clusterIP}')
192.168.5.41
# 批量执行命令
host_list=(
192.168.5.41
192.168.5.207
192.168.5.141
192.168.5.195
)
for server in "${host_list[@]}";do
echo " ---> current ip is $server - $(hostname)"
ssh root@"$server" "DEFAULT_HTTP_BACKEND_IP='$DEFAULT_HTTP_BACKEND_IP' bash -s" <<'EOF'
echo "DEFAULT_HTTP_BACKEND_IP=$DEFAULT_HTTP_BACKEND_IP"
curl -s "http://${DEFAULT_HTTP_BACKEND_IP}"
echo
EOF
echo ""
done
scp /usr/local/bin/agent-wdd root@${server}:/usr/local/bin/agent-wdd
ssh root@${server} "/usr/local/bin/agent-wdd base ssh config && /usr/local/bin/agent-wdd base ssh key"
ssh root@${server} "echo yes"
scp /root/wdd/docker-arm64-20.10.15.tgz root@${server}:/root/wdd/docker-arm64-20.10.15.tgz
ssh root@${server} "cd /root/wdd/ && tar -zvxf docker-arm64-20.10.15.tgz"
scp /root/wdd/docker-compose-v2.18.0-linux-arm64 root@${server}:/root/wdd/
ssh root@${server} "/usr/local/bin/agent-wdd base docker local"
ssh root@${server} "/usr/local/bin/agent-wdd base dockercompose local"

220
75-202603-重庆二级平台/4-nginx代理/260312-nginx-real-proxy.conf Normal file
View File

@@ -0,0 +1,220 @@
server {
listen 8888;
server_name localhost;
location /lite/ {
rewrite ^/lite/(.*) /$1 break;
proxy_pass http://192.168.9.11:30416;
client_max_body_size 5120m;
client_body_buffer_size 5120m;
client_body_timeout 6000s;
proxy_send_timeout 10000s;
proxy_read_timeout 10000s;
proxy_connect_timeout 600s;
proxy_max_temp_file_size 5120m;
proxy_request_buffering on;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 12k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /center/ws {
proxy_pass http://192.168.9.11:31086/mqtt;
proxy_http_version 1.1;
proxy_set_header Sec-WebSocket-Protocol mqtt;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /converge/ {
rewrite ^/converge/(.*) /$1 break;
proxy_pass http://192.168.9.11:31338/;
client_max_body_size 5120m;
client_body_buffer_size 5120m;
client_body_timeout 6000s;
proxy_send_timeout 10000s;
proxy_read_timeout 10000s;
proxy_connect_timeout 600s;
proxy_max_temp_file_size 5120m;
proxy_request_buffering on;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 12k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /center/storage/ {
proxy_pass http://192.168.9.11:31899/storage/;
}
# location /zlm/flv/ {
#
# proxy_pass http://192.168.9.4:7088/;
# }
# location /zlm/hls/ {
#
# proxy_pass http://192.168.9.4:7088/zlm/hls/;
# }
# location /zlm/webrtc {
#
# proxy_pass http://192.168.9.4:7088/index/api/webrtc;
# }
# location /zlm/whip {
#
# proxy_pass http://192.168.9.4:7088/index/api/whip;
# }
location /pangu/ {
rewrite ^/pangu/(.*) /$1 break;
proxy_pass http://192.168.9.11:30110;
client_max_body_size 5120m;
client_body_buffer_size 5120m;
client_body_timeout 6000s;
proxy_send_timeout 10000s;
proxy_read_timeout 10000s;
proxy_connect_timeout 600s;
proxy_max_temp_file_size 5120m;
proxy_request_buffering on;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 12k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /oms/ {
rewrite ^/oms/(.*) /$1 break;
proxy_pass http://192.168.9.11:30112;
client_max_body_size 5120m;
client_body_buffer_size 5120m;
client_body_timeout 6000s;
proxy_send_timeout 10000s;
proxy_read_timeout 10000s;
proxy_connect_timeout 600s;
proxy_max_temp_file_size 5120m;
proxy_request_buffering on;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 12k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /armypeople {
rewrite ^/armypeople/(.*) /$1 break;
proxy_pass http://192.168.9.11:30111;
client_max_body_size 5120m;
client_body_buffer_size 5120m;
client_body_timeout 6000s;
proxy_send_timeout 10000s;
proxy_read_timeout 10000s;
proxy_connect_timeout 600s;
proxy_max_temp_file_size 5120m;
proxy_request_buffering on;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 12k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /share {
rewrite ^/share/(.*) /$1 break;
#proxy_pass http://192.168.9.2:30158;
proxy_pass http://10.232.3.176:9528;
client_max_body_size 5120m;
client_body_buffer_size 5120m;
client_body_timeout 6000s;
proxy_send_timeout 10000s;
proxy_read_timeout 10000s;
proxy_connect_timeout 600s;
proxy_max_temp_file_size 5120m;
proxy_request_buffering on;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 12k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# 拦截 /api/swagger-resources 开头的请求
# 2026年3月19日-安全
location ^~ /api/swagger-resources {
return 404;
}
location /api/ {
rewrite ^/api/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.9.11:30115;
}
location /oms/api {
rewrite ^/oms/api/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.9.11:30116;
}
location /zlm/ {
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_pass http://192.168.9.5:30500/zlm/;
}
location /live/ {
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_pass http://192.168.9.5:30500/live/;
}
location /index/api/webrtc {
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_pass http://192.168.9.5:30500/index/api/webrtc;
}
location ~ ^/\w*/actuator/ {
return 403;
}
}

83
75-202603-重庆二级平台/cmii-update-chongqing.sh Normal file
View File

@@ -0,0 +1,83 @@
#!/bin/bash
harbor_host=chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn
namespace=cq-fly-260311
app_name=""
new_tag=""
download_from_oss() {
if [ "$1" == "" ]; then
echo "no zip file in error!"
exit 233
fi
echo "start to download => $1"
wget "https://oss.demo.uavcmlc.com/cmlc-installation/tmp/$1"
echo ""
echo ""
}
upload_image_to_harbor(){
if [ "$app_name" == "" ]; then
echo "app name null exit!"
exit 233
fi
if ! docker load < "$1"; then
echo "docker load error !"
fi
docker tag "harbor.cdcyy.com.cn/cmii/$app_name:$new_tag" "$harbor_host/cmii/$app_name:$new_tag"
echo ""
echo ""
echo "upload_image_to_harbor - start to push to => $harbor_host/cmii/$app_name:$new_tag"
docker login -u cqcmii -p 'pL8$kq9@m' $harbor_host
docker push "$harbor_host/cmii/$app_name:$new_tag"
echo ""
echo ""
}
parse_args(){
if [ "$1" == "" ]; then
echo "no zip file in error!"
exit 233
fi
local image_name="$1"
# cmii-uav-surveillance=5.2.0-27031-cqga=2024-03-04=573.tar.gz
app_name=$(echo $image_name | cut -d "=" -f1)
new_tag=$(echo $image_name | cut -d "=" -f2)
}
update_image_tag(){
if [ "$new_tag" == "" ]; then
echo "new tag error!"
exit 233
fi
local image_prefix=$(kubectl -n ${namespace} get deployment "${app_name}" -o=jsonpath='{.spec.template.spec.containers[*].image}' | cut -d":" -f1)
echo "image grep is => ${image_prefix}"
echo "start to update ${namespace} ${app_name} to ${new_tag} !"
echo ""
kubectl -n ${namespace} patch deployment "${app_name}" -p "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"${app_name}\",\"image\": \"${harbor_host}/cmii/$app_name:${new_tag}\"}]}}}}"
echo ""
echo "start to wait for 3 seconds!"
sleep 3
local image_new=$(kubectl -n ${namespace} get deployment "${app_name}" -o=jsonpath='{.spec.template.spec.containers[*].image}')
echo ""
echo "new image are => $image_new"
echo ""
}
main(){
parse_args "$1"
download_from_oss "$1"
upload_image_to_harbor "$1"
update_image_tag
}
main "$@"

285
75-202603-重庆二级平台/k8s-yaml/2.4.helm-emqx.yaml Normal file
View File

@@ -0,0 +1,285 @@
---
apiVersion: v1
kind: Service
metadata:
name: helm-emqx-fly
namespace: cq-fly-260311
labels:
cmii.type: middleware
cmii.app: helm-emqx-fly
cmii.emqx.architecture: standalone
helm.sh/chart: emqx-1.1.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: "3.1.0"
spec:
type: NodePort
selector:
cmii.type: middleware
cmii.app: helm-emqx-fly
cmii.emqx.architecture: standalone
ports:
- port: 1883
name: mqtt
targetPort: 1883
nodePort: 31886
- port: 18083
name: dashboard
targetPort: 18083
nodePort: 31085
- port: 8083
name: mqtt-ws
targetPort: 8083
nodePort: 31086
- port: 8883
name: mqtt-ssl
targetPort: 8883
nodePort: 31887
- port: 8084
name: mqtt-ws-ssl
targetPort: 8084
nodePort: 31084
---
kind: ConfigMap
apiVersion: v1
metadata:
name: helm-emqx-fly-emqx-conf
namespace: cq-fly-260311
data:
emqx.conf: |-
node {
name = "emqx@127.0.0.1"
role = core
cookie = "emqxsecretcookie"
data_dir = "data"
}
# cluster {
# name = emqxcl
# discovery_strategy = manual
# }
dashboard {
listeners {
http.bind = 18083
# https.bind = 18084
https {
ssl_options {
certfile = "${EMQX_ETC_DIR}/certs/cert.pem"
keyfile = "${EMQX_ETC_DIR}/certs/key.pem"
}
}
}
default_password="cmlc"
}
mqtt {
strict_mode = true
max_inflight = 1000
}
# 认证
authentication = [
{
use_jwks = false
algorithm = hmac-based
secret = "emqxsecretemqxsecretemqxsecretemqxsecret"
secret_base64_encoded = false
mechanism = jwt
verify_claims = {"clientid": "${clientid}"}
disconnect_after_expire = false
from = password
},
{
# 初始化内置数据库
backend = built_in_database
mechanism = password_based
# 密码加密sha256
password_hash_algorithm {name = sha256, salt_position = suffix}
user_id_type = username
bootstrap_file = "${EMQX_ETC_DIR}/auth-built-in-db-bootstrap.json"
bootstrap_type = plain
}
]
# 授权
authorization {
cache {
enable = true
excludes = []
max_size = 32
ttl = "1m"
}
deny_action = ignore
no_match = deny
sources = [
{
enable = true
path = "/opt/emqx/etc/acl.conf"
type = file
}
{
type = "built_in_database"
enable = true
}
]
}
log {
console {level = warning}
file {level = warning}
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: helm-emqx-fly-auth-conf
namespace: cq-fly-260311
data:
auth-built-in-db-bootstrap.json: |-
[
{
"user_id": "cmlc",
"password": "odD8#Ve7.B",
"is_superuser": false
},
{
"user_id": "admin",
"password": "odD8#Ve7.B",
"is_superuser": true
}
]
---
kind: ConfigMap
apiVersion: v1
metadata:
name: helm-emqx-fly-acl-conf
namespace: cq-fly-260311
data:
acl.conf: |
{allow, {username, {re, "^dashboard$"}}, subscribe, ["$SYS/#"]}.
{allow, {username, "cmlc"}, all, ["#"]}.
{allow, {ipaddr, "127.0.0.1"}, all, ["$SYS/#", "#"]}.
{deny, all, subscribe, ["$SYS/#", {eq, "#"}, {eq, "+/#"}]}.
{deny, all}.
---
# Source: outside-deploy/charts/all-middleware/charts/emqx/templates/standalone/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: helm-emqx-fly
namespace: cq-fly-260311
labels:
cmii.type: middleware
cmii.app: helm-emqx-fly
cmii.emqx.architecture: standalone
helm.sh/chart: emqx-1.1.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: "3.1.0"
spec:
serviceName: helm-emqx-fly
replicas: 1
selector:
matchLabels:
cmii.type: middleware
cmii.app: helm-emqx-fly
cmii.emqx.architecture: standalone
template:
metadata:
labels:
cmii.type: middleware
cmii.app: helm-emqx-fly
cmii.emqx.architecture: standalone
helm.sh/chart: emqx-1.1.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: "3.1.0"
annotations:
pod.alpha.kubernetes.io/initialized: "true"
spec:
imagePullSecrets:
- name: harborsecret
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: uavcloud.env
operator: In
values:
- "cq-fly-260311"
containers:
- name: helm-emqx-fly
image: "chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/emqx:5.8.8"
securityContext:
privileged: true
resources:
limits:
cpu: "1"
memory: 2Gi
requests:
cpu: 300m
memory: 2Gi
ports:
- containerPort: 1883
name: mqtt
protocol: TCP
- containerPort: 18083
name: dashboard
protocol: TCP
- containerPort: 8083
name: mqtt-ws
protocol: TCP
- containerPort: 8883
name: mqtt-ssl
protocol: TCP
- containerPort: 8084
name: mqtt-ws-ssl
protocol: TCP
env:
- name: EMQX_NODE__NAME
value: emqx@helm-emqx-fly-0.helm-emqx-fly.cq-fly-260311.svc.cluster.local
- name: EMQX_NODE__COOKIE
value: emqxsecretcookie
volumeMounts:
- name: helm-emqx-fly-acl-conf
mountPath: /opt/emqx/etc/acl.conf
subPath: acl.conf
- name: helm-emqx-fly-auth-conf
mountPath: /opt/emqx/etc/auth-built-in-db-bootstrap.json
subPath: auth-built-in-db-bootstrap.json
- name: helm-emqx-fly-emqx-conf
mountPath: /opt/emqx/etc/emqx.conf
subPath: emqx.conf
- name: emqx-data
mountPath: /opt/emqx/log
subPath: default/helm-emqx-fly/log
- name: emqx-data
mountPath: /opt/emqx/data/emqx_erl_pipes
subPath: default/helm-emqx-fly/data
- name: emqx-data
mountPath: /opt/emqx/data/mnesia
subPath: default/helm-emqx-fly/mnesia
- name: emqx-data
mountPath: /opt/emqx/data/configs
subPath: default/helm-emqx-fly/configs
volumes:
- name: emqx-data
persistentVolumeClaim:
claimName: helm-emqx-fly
- name: helm-emqx-fly-acl-conf
configMap:
name: helm-emqx-fly-acl-conf
items:
- key: acl.conf
path: acl.conf
- name: helm-emqx-fly-auth-conf
configMap:
name: helm-emqx-fly-auth-conf
items:
- key: auth-built-in-db-bootstrap.json
path: auth-built-in-db-bootstrap.json
- name: helm-emqx-fly-emqx-conf
configMap:
name: helm-emqx-fly-emqx-conf
items:
- key: emqx.conf
path: emqx.conf

215
75-202603-重庆二级平台/k8s-yaml/fly-center.yaml Normal file
View File

@@ -0,0 +1,215 @@
kind: Deployment
apiVersion: apps/v1
metadata:
name: cmii-fly-center
namespace: cq-fly-260311
labels:
app.kubernetes.io/app-version: 6.0.0
app.kubernetes.io/managed-by: octopus
cmii.app: cmii-fly-center
cmii.type: backend
octopus/control: backend-app-1.0.0
spec:
replicas: 1
selector:
matchLabels:
cmii.app: cmii-fly-center
cmii.type: backend
template:
metadata:
creationTimestamp: null
labels:
cmii.app: cmii-fly-center
cmii.type: backend
spec:
volumes:
- name: application-k8s
configMap:
name: cmii-fly-center-cm
items:
- key: application-k8s.yml
path: application-k8s.yml
defaultMode: 420
- name: nfs-backend-log-volume
persistentVolumeClaim:
claimName: nfs-backend-log-pvc
containers:
- name: cmii-fly-center
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/cmii-fly-center:2.0.0-031102
ports:
- name: pod-port
containerPort: 8080
protocol: TCP
env:
- name: K8S_NAMESPACE
value: cq-fly-260311
- name: APPLICATION_NAME
value: cmii-fly-center
- name: CUST_JAVA_OPTS
value: '-Xms2000m -Xmx4500m -Dlog4j2.formatMsgNoLookups=true'
- name: NACOS_REGISTRY
value: helm-nacos:8848
- name: NACOS_DISCOVERY_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: NACOS_DISCOVERY_PORT
value: '8080'
- name: BIZ_CONFIG_GROUP
value: 5.7.0
- name: SYS_CONFIG_GROUP
value: 5.7.0
- name: IMAGE_VERSION
value: 5.7.0
- name: NACOS_USERNAME
value: developer
- name: NACOS_PASSWORD
value: Deve@9128201
- name: SPRING_PROFILES_ACTIVE
value: k8s,db,cache,message
resources:
limits:
cpu: '4'
memory: 6Gi
requests:
cpu: '4'
memory: 2Gi
volumeMounts:
- name: application-k8s
mountPath: /cmii/config/application-k8s.yml
subPath: application-k8s.yml
- name: nfs-backend-log-volume
mountPath: /cmii/logs
subPath: uavcloud-devflight/cmii-fly-center
livenessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
startupProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 3
periodSeconds: 20
successThreshold: 1
failureThreshold: 5
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: harborsecret
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: uavcloud.env
operator: In
values:
- cq-fly-260311
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
---
kind: Service
apiVersion: v1
metadata:
name: cmii-fly-center
namespace: cq-fly-260311
labels:
app.kubernetes.io/app-version: 6.0.0
app.kubernetes.io/managed-by: octopus
cmii.app: cmii-fly-center
cmii.type: backend
octopus/control: backend-app-1.0.0
spec:
ports:
- name: backend-tcp
protocol: TCP
port: 8080
targetPort: 8080
selector:
cmii.app: cmii-fly-center
cmii.type: backend
type: ClusterIP
---
kind: ConfigMap
apiVersion: v1
metadata:
name: cmii-fly-center-cm
namespace: cq-fly-260311
data:
application-k8s.yml: |
center:
####################下面部分为中间件对应配置,需要确认!!!#######################
############使用k8s部署的中间件可以直接用k8s里面的服务名#################
db:
ip: helm-mysql-fly
port: 3306
username: k8s_admin
password: fP#UaH6qQ3)8
rabbitmq:
ip: helm-rabbitmq-fly
port: 5672
username: admin
password: nYcRN91r._hj
redis:
ip: helm-redis-fly-master
port: 6379
password: Mcache@4522
mqtt:
BASIC:
ip: helm-emqx-fly
port: 1883 # mqtt内部1883端口
username: cmlc
password: odD8#Ve7.B
DRC:
ip: 36.133.115.174 # 设备连接的mqtt的公网IP
port: 31883 # 1883映射的公网端口
username: cmlc
password: odD8#Ve7.B
influxdb:
ip: helm-influxdb-fly #influxdb宿主机的内部ip
port: 8086 #influxdb宿主机的端口
token: YunnHJASAAdj23rasQAWd621erGAS82kaqj
org: cmii
bucket: cmii
minio:
ip: helm-minio-fly # minio服务的宿主机ip
port: 9000
access-key: cmii # minio的访问key
secret-key: B#923fC7mk # minio访问secret
publicEndpoint: http://36.133.115.174:31090
shareEndpoint: http://36.133.115.174:8088/center
hub:
appKey: Zhdjk*72uU^2xz@s

686
75-202603-重庆二级平台/k8s-yaml/k8s-configmap.yaml Normal file
View File

@@ -0,0 +1,686 @@
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-detection
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "detection",
AppClientId: "APP_FDHW2VLVDWPnnOCy"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-jiangsuwenlv
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "jiangsuwenlv",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-qingdao
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "qingdao",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-uasms
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "uasms",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-secenter
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "secenter",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-renyike
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "renyike",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-armypeople
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "armypeople",
AppClientId: "APP_UIegse6Lfou9pO1U"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-traffic
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "traffic",
AppClientId: "APP_Jc8i2wOQ1t73QEJS"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-cmsportal
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "cmsportal",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-visualization
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "visualization",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-uasms
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "uasms",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-pilot2cloud
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "pilot2cloud",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-blockchain
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "blockchain",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-smauth
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "smauth",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-iot
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "iot",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-lite
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "lite",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-multiterminal
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "multiterminal",
AppClientId: "APP_PvdfRRRBPL8xbIwl"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-share
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "share",
AppClientId: "APP_4lVSVI0ZGxTssir8"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-splice
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "splice",
AppClientId: "APP_zE0M3sTRXrCIJS8Y"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-qinghaitourism
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "qinghaitourism",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-hljtt
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "hljtt",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-uas
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "uas",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-dispatchh5
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "dispatchh5",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-uavmsmanager
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "uavmsmanager",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-ai-brain
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "ai-brain",
AppClientId: "APP_rafnuCAmBESIVYMH"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-base
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "base",
AppClientId: "APP_9LY41OaKSqk2btY0"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-uas
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "uas",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-dikongzhixingh5
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "dikongzhixingh5",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-supervisionh5
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "supervisionh5",
AppClientId: "APP_qqSu82THfexI8PLM"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-seniclive
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "seniclive",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-classification
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "classification",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-eventsh5
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "eventsh5",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-mianyangbackend
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "mianyangbackend",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-awareness
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "awareness",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-flight-control
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "flight-control",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-supervision
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "supervision",
AppClientId: "APP_qqSu82THfexI8PLM"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-emergency
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "emergency",
AppClientId: "APP_aGsTAY1uMZrpKdfk"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-oms
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "oms",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-security
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "security",
AppClientId: "APP_JUSEMc7afyWXxvE7"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-securityh5
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "securityh5",
AppClientId: "APP_N3ImO0Ubfu9peRHD"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-logistics
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "logistics",
AppClientId: "APP_PvdfRRRBPL8xbIwl"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-media
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "media",
AppClientId: "APP_4AU8lbifESQO4FD6"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-mws
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "mws",
AppClientId: "APP_uKniXPELlRERBBwK"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-open
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "open",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-threedsimulation
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "threedsimulation",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-hyper
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "hyper",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-scanner
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "scanner",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-smsecret
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "smsecret",
AppClientId: "empty"
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-pangu
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "260304",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "",
AppClientId: "empty"
}

315
75-202603-重庆二级平台/k8s-yaml/k8s-dashboard.yaml Normal file
View File

@@ -0,0 +1,315 @@
---
# ------------------- Dashboard Namespace ------------------- #
apiVersion: v1
kind: Namespace
metadata:
name: kubernetes-dashboard
---
# ------------------- Service Account ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
# ------------------- Dashboard Service (NodePort 39999) ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 39999
selector:
k8s-app: kubernetes-dashboard
---
# ------------------- Dashboard Secrets ------------------- #
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kubernetes-dashboard
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kubernetes-dashboard
type: Opaque
data:
csrf: ""
---
# ------------------- Dashboard Role (FIXED) ------------------- #
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-minimal
namespace: kubernetes-dashboard
rules:
# [修复] 允许创建 Secrets解决 panic 问题
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create"]
# 允许对特定 Secrets 进行操作
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
verbs: ["get", "update", "delete"]
# ConfigMaps 权限
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Metrics 权限
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster", "dashboard-metrics-scraper"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
verbs: ["get"]
---
# ------------------- Dashboard RoleBinding ------------------- #
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-minimal
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard-minimal
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
# ------------------- Dashboard Deployment ------------------- #
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/dashboard:v2.7.0
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --namespace=kubernetes-dashboard
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
---
# ------------------- Metrics Scraper Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
ports:
- port: 8000
targetPort: 8000
selector:
k8s-app: dashboard-metrics-scraper
---
# ------------------- Metrics Scraper Deployment ------------------- #
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: dashboard-metrics-scraper
template:
metadata:
labels:
k8s-app: dashboard-metrics-scraper
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
spec:
containers:
- name: dashboard-metrics-scraper
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/metrics-scraper:v1.0.9
ports:
- containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 30
volumeMounts:
- mountPath: /tmp
name: tmp-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
volumes:
- name: tmp-volume
emptyDir: {}
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
---
# ==================================================================
# 自定义用户配置部分 (ADMIN & READ-ONLY)
# ==================================================================
# ------------------- 1. Admin User (全部权限) ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
---
# ------------------- 2. Read-Only User (只读+看日志) ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
name: read-only-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: dashboard-view-with-logs
rules:
- apiGroups: [""]
resources: ["configmaps", "endpoints", "persistentvolumeclaims", "pods", "replicationcontrollers", "replicationcontrollers/scale", "serviceaccounts", "services", "nodes", "persistentvolumeclaims", "persistentvolumes", "namespaces"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
resources: ["daemonsets", "deployments", "replicasets", "statefulsets"]
verbs: ["get", "list", "watch"]
- apiGroups: ["batch"]
resources: ["cronjobs", "jobs"]
verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses", "networkpolicies"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["events.k8s.io"]
resources: ["events"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: read-only-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dashboard-view-with-logs
subjects:
- kind: ServiceAccount
name: read-only-user
namespace: kubernetes-dashboard

664
75-202603-重庆二级平台/k8s-yaml/k8s-emqx.yaml Normal file
View File

@@ -0,0 +1,664 @@
---
---
# ============== Secret - 密码管理 ==============
apiVersion: v1
kind: Secret
metadata:
name: emqx-credentials
namespace: cq-fly-260311
labels:
cmii.type: middleware
cmii.app: helm-emqxs
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
type: Opaque
stringData:
# Dashboard管理员密码
dashboard-admin-password: "odD8#Ve7.B"
# MQTT用户密码
mqtt-admin-password: "odD8#Ve7.B"
---
# ============== ServiceAccount ==============
apiVersion: v1
kind: ServiceAccount
metadata:
name: helm-emqxs
namespace: cq-fly-260311
---
# ============== Role - RBAC ==============
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: helm-emqxs
namespace: cq-fly-260311
rules:
- apiGroups: [""]
resources:
- endpoints
- pods
verbs:
- get
- watch
- list
---
# ============== RoleBinding ==============
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: helm-emqxs
namespace: cq-fly-260311
subjects:
- kind: ServiceAccount
name: helm-emqxs
namespace: cq-fly-260311
roleRef:
kind: Role
name: helm-emqxs
apiGroup: rbac.authorization.k8s.io
---
# ============== ConfigMap - Bootstrap配置文件 ==============
apiVersion: v1
kind: ConfigMap
metadata:
name: emqx-bootstrap-config
namespace: cq-fly-260311
labels:
cmii.type: middleware
cmii.app: helm-emqxs
data:
# 主配置文件 - 覆盖默认配置
emqx.conf: |
# 节点配置
node {
name = "emqx@${POD_NAME}.helm-emqxs-headless.cq-fly-260311.svc.cluster.local"
cookie = "emqx-cluster-cookie-secret"
data_dir = "/opt/emqx/data"
}
# 集群配置
cluster {
name = emqxcl
# 单节点 建议为 manual 多节点为k8s
discovery_strategy = manual
k8s {
apiserver = "https://kubernetes.default.svc.cluster.local:443"
service_name = "helm-emqxs-headless"
# 这里可以改为 hostname
address_type = dns
namespace = "cq-fly-260311"
suffix = "svc.cluster.local"
}
}
# 日志配置
log {
console {
enable = true
level = info
}
file {
enable = true
level = warning
path = "/opt/emqx/log"
}
}
# Dashboard配置
dashboard {
listeners.http {
bind = "0.0.0.0:18083"
}
default_username = "admin"
default_password = "public"
}
# 监听器配置
listeners.tcp.default {
bind = "0.0.0.0:1883"
max_connections = 1024000
}
listeners.ws.default {
bind = "0.0.0.0:8083"
max_connections = 1024000
websocket.mqtt_path = "/mqtt"
}
listeners.ssl.default {
bind = "0.0.0.0:8883"
max_connections = 512000
}
# 认证配置 - 使用内置数据库
authentication = [
{
mechanism = password_based
backend = built_in_database
user_id_type = username
password_hash_algorithm {
name = sha256
salt_position = suffix
}
# Bootstrap文件路径 - 用于初始化用户
bootstrap_file = "/opt/emqx/data/bootstrap_users.json"
bootstrap_type = plain
}
]
# 授权配置
authorization {
no_match = deny
deny_action = disconnect
sources = [
{
type = built_in_database
enable = true
}
]
}
# MQTT协议配置
mqtt {
max_packet_size = "1MB"
max_clientid_len = 65535
max_topic_levels = 128
max_qos_allowed = 2
max_topic_alias = 65535
retain_available = true
wildcard_subscription = true
shared_subscription = true
}
---
# ============== ConfigMap - Users & ACL (严格 JSON 格式) ==============
apiVersion: v1
kind: ConfigMap
metadata:
name: emqx-bootstrap-users
namespace: cq-fly-260311
data:
bootstrap_users.json: |
[
{ "user_id": "admin", "password": "odD8#Ve7.B", "is_superuser": true },
{ "user_id": "cmlc", "password": "odD8#Ve7.B", "is_superuser": false }
]
# 【修改点】既然有jq这里使用标准的 JSON 数组格式,最不容易出错
bootstrap_acl.json: |
[
{
"username": "admin",
"rules": [
{"action": "all", "permission": "allow", "topic": "#"}
]
},
{
"username": "cmlc",
"rules": [
{"action": "publish", "permission": "allow", "topic": "#"},
{"action": "subscribe", "permission": "allow", "topic": "#"}
]
}
]
---
# ============== ConfigMap - 初始化脚本 (修正版) ==============
apiVersion: v1
kind: ConfigMap
metadata:
name: emqx-init-dashboard
namespace: cq-fly-260311
data:
init-dashboard.sh: |
#!/bin/bash
set -e
DASHBOARD_USER="admin"
DASHBOARD_PASS="${DASHBOARD_ADMIN_PASSWORD}"
EMQX_API="http://localhost:18083/api/v5"
ACL_FILE="/bootstrap/bootstrap_acl.json"
# 辅助函数:打印带时间戳的日志
log() {
echo "[$(date +'%H:%M:%S')] $1"
}
log "======================================"
log "初始化 Dashboard 与 ACL (Debug Version)"
log "======================================"
# ----------------------------------------------------------------
# 1. 等待 EMQX API 就绪
# ----------------------------------------------------------------
log "[1/4] 等待 EMQX API 就绪..."
for i in $(seq 1 60); do
if curl -s -f -m 5 "${EMQX_API}/status" > /dev/null 2>&1; then
log "✓ EMQX API 已就绪"
break
fi
if [ $i -eq 60 ]; then
log "✗ EMQX API 启动超时"
exit 1
fi
sleep 5
done
# ----------------------------------------------------------------
# 2. 修改 Dashboard 密码
# ----------------------------------------------------------------
log "[2/4] 检查/更新 Dashboard 密码..."
# 获取 Token (尝试默认密码)
LOGIN_RESP=$(curl -s -X POST "${EMQX_API}/login" \
-H 'Content-Type: application/json' \
-d "{\"username\":\"${DASHBOARD_USER}\",\"password\":\"public\"}")
TOKEN=$(echo "$LOGIN_RESP" | jq -r '.token // empty')
if [ -n "$TOKEN" ]; then
log " 检测到默认密码,正在更新..."
curl -s -f -X POST "${EMQX_API}/users/${DASHBOARD_USER}/change_pwd" \
-H "Authorization: Bearer ${TOKEN}" \
-H 'Content-Type: application/json' \
-d "{\"old_pwd\":\"public\",\"new_pwd\":\"${DASHBOARD_PASS}\"}"
log " ✓ Dashboard 密码已更新"
else
log " 无法使用默认密码登录,跳过更新(可能已修改)"
fi
# ----------------------------------------------------------------
# 3. 导入 ACL 规则
# ----------------------------------------------------------------
echo "[3/3] 导入ACL规则..."
# 重新登录获取最新 Token
LOGIN_RESP=$(curl -sS -X POST "${EMQX_API}/login" \
-H 'Content-Type: application/json' \
-d "{\"username\":\"${DASHBOARD_USER}\",\"password\":\"${DASHBOARD_PASS}\"}")
TOKEN=$(echo "$LOGIN_RESP" | jq -r '.token // empty')
if [ -z "$TOKEN" ]; then
echo " ✗ 无法获取Token请检查密码设置"
exit 0
fi
if [ -f "$ACL_FILE" ]; then
echo " 正在解析 ACL 文件: $ACL_FILE"
if ! jq -e . "$ACL_FILE" >/dev/null 2>&1; then
echo " ✗ ACL 文件 JSON 格式错误,跳过处理"
exit 0
fi
jq -c '.[]' "$ACL_FILE" | while read -r user_config; do
USERNAME=$(echo "$user_config" | jq -r '.username // empty')
# ✅ PUT/POST 都需要 username + rulesusername 是 required
REQ_BODY=$(echo "$user_config" | jq -c '{username: .username, rules: .rules}')
if [ -z "$USERNAME" ]; then
echo " ✗ ACL 条目缺少 username跳过"
continue
fi
echo " 配置用户 ${USERNAME} 的ACL规则..."
# 1) 优先 PUT覆盖更新
http_code=$(curl -sS -o /tmp/emqx_acl_resp.json -w '%{http_code}' \
-X PUT "${EMQX_API}/authorization/sources/built_in_database/rules/users/${USERNAME}" \
-H "Authorization: Bearer ${TOKEN}" \
-H 'Content-Type: application/json' \
-d "$REQ_BODY")
if [ "$http_code" = "204" ]; then
echo " ✓ PUT 更新成功"
elif [ "$http_code" = "404" ]; then
# 2) 不存在则 POST 创建
http_code2=$(curl -sS -o /tmp/emqx_acl_resp.json -w '%{http_code}' \
-X POST "${EMQX_API}/authorization/sources/built_in_database/rules/users" \
-H "Authorization: Bearer ${TOKEN}" \
-H 'Content-Type: application/json' \
-d "$REQ_BODY")
if [ "$http_code2" = "204" ]; then
echo " ✓ POST 创建成功"
else
echo " ✗ POST 失败 (HTTP ${http_code2})$(cat /tmp/emqx_acl_resp.json 2>/dev/null || true)"
exit 1
fi
else
echo " ✗ PUT 失败 (HTTP ${http_code})$(cat /tmp/emqx_acl_resp.json 2>/dev/null || true)"
exit 1
fi
# 3) 导入后验证(可选但强烈建议保留)
verify_code=$(curl -sS -o /tmp/emqx_acl_verify.json -w '%{http_code}' \
-H "Authorization: Bearer ${TOKEN}" \
"${EMQX_API}/authorization/sources/built_in_database/rules/users/${USERNAME}")
if [ "$verify_code" = "200" ]; then
echo " ✓ 验证成功:$(cat /tmp/emqx_acl_verify.json | jq -c '.')"
else
echo " ✗ 验证失败 (HTTP ${verify_code})$(cat /tmp/emqx_acl_verify.json 2>/dev/null || true)"
exit 1
fi
done
echo " ✓ ACL 规则导入完成"
else
echo " 未找到 ACL 文件"
fi
---
# ============== StatefulSet ==============
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: helm-emqxs
namespace: cq-fly-260311
labels:
cmii.type: middleware
cmii.app: helm-emqxs
cmii.emqx.architecture: cluster
helm.sh/chart: emqx-1.1.0
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
spec:
replicas: 1
serviceName: helm-emqxs-headless
podManagementPolicy: Parallel
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
cmii.type: middleware
cmii.app: helm-emqxs
cmii.emqx.architecture: cluster
template:
metadata:
labels:
cmii.type: middleware
cmii.app: helm-emqxs
cmii.emqx.architecture: cluster
helm.sh/chart: emqx-1.1.0
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: uavcloud.env
operator: In
values:
- cq-fly-260311
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: cmii.app
operator: In
values:
- helm-emqxs
topologyKey: kubernetes.io/hostname
imagePullSecrets:
- name: harborsecret
serviceAccountName: helm-emqxs
securityContext:
fsGroup: 1000
runAsUser: 1000
# InitContainer - 准备bootstrap文件
initContainers:
- name: prepare-bootstrap
# 动态选择 tools 镜像
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/os-shell:12-debian-12-r51
imagePullPolicy: IfNotPresent
# =========================================================
# 权限: 必须以 root 身份运行才能 chown
# =========================================================
securityContext:
runAsUser: 0
command:
- /bin/sh
- -c
- |
echo "准备bootstrap文件..."
# 创建数据目录
mkdir -p /opt/emqx/data
# 复制bootstrap文件到数据目录
# 只在文件不存在时复制,避免覆盖已有数据
if [ ! -f /opt/emqx/data/bootstrap_users.json ]; then
cp /bootstrap-src/bootstrap_users.json /opt/emqx/data/
echo "✓ 已复制用户bootstrap文件"
else
echo " 用户bootstrap文件已存在跳过"
fi
# 设置权限 (现在有root权限可以成功)
chown -R 1000:1000 /opt/emqx/data
echo "✓ Bootstrap准备完成"
volumeMounts:
- name: emqx-data
mountPath: /opt/emqx/data
- name: bootstrap-users
mountPath: /bootstrap-src
containers:
# 主容器 - EMQX
- name: emqx
# 动态选择 emqx 镜像
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/emqx:5.8.8
imagePullPolicy: IfNotPresent
env:
# Pod信息
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: EMQX_DATA_DIR
value: "/opt/emqx/data"
ports:
- name: mqtt
containerPort: 1883
- name: mqttssl
containerPort: 8883
- name: ws
containerPort: 8083
- name: dashboard
containerPort: 18083
- name: ekka
containerPort: 4370
resources:
requests:
cpu: "500m"
memory: "512Mi"
limits:
cpu: "2000m"
memory: "2Gi"
livenessProbe:
httpGet:
path: /status
port: 18083
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /status
port: 18083
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
startupProbe:
httpGet:
path: /status
port: 18083
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 30
volumeMounts:
- name: emqx-data
mountPath: /opt/emqx/data
# 使用 subPath 挂载单个配置文件,避免覆盖目录
- name: bootstrap-config
mountPath: /opt/emqx/etc/emqx.conf
subPath: emqx.conf
# Sidecar - 初始化Dashboard密码和ACL
- name: init-dashboard
# 动态选择 tools 镜像
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/os-shell:12-debian-12-r51
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- |
# 等待主容器启动
echo "等待EMQX启动..."
sleep 20
# 执行初始化
/bin/sh /scripts/init-dashboard.sh
# 保持运行
echo "初始化完成,进入守护模式..."
while true; do sleep 3600; done
env:
- name: DASHBOARD_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: emqx-credentials
key: dashboard-admin-password
resources:
requests:
cpu: "100m"
memory: "64Mi"
limits:
cpu: "200m"
memory: "128Mi"
volumeMounts:
- name: init-script
mountPath: /scripts
- name: bootstrap-users
mountPath: /bootstrap
volumes:
- name: bootstrap-config
configMap:
name: emqx-bootstrap-config
- name: bootstrap-users
configMap:
name: emqx-bootstrap-users
- name: init-script
configMap:
name: emqx-init-dashboard
defaultMode: 0755
- name: emqx-data
persistentVolumeClaim:
claimName: helm-emqxs
---
# ============== Service - Headless ==============
apiVersion: v1
kind: Service
metadata:
name: helm-emqxs-headless
namespace: cq-fly-260311
labels:
cmii.type: middleware
cmii.app: helm-emqxs
cmii.emqx.architecture: cluster
helm.sh/chart: emqx-1.1.0
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
spec:
type: ClusterIP
clusterIP: None
publishNotReadyAddresses: true
selector:
cmii.type: middleware
cmii.app: helm-emqxs
cmii.emqx.architecture: cluster
ports:
- name: mqtt
port: 1883
targetPort: 1883
- name: mqttssl
port: 8883
targetPort: 8883
- name: ws
port: 8083
targetPort: 8083
- name: dashboard
port: 18083
targetPort: 18083
- name: ekka
port: 4370
targetPort: 4370
---
# ============== Service - NodePort ==============
apiVersion: v1
kind: Service
metadata:
name: helm-emqxs
namespace: cq-fly-260311
labels:
cmii.type: middleware
cmii.app: helm-emqxs
cmii.emqx.architecture: cluster
helm.sh/chart: emqx-1.1.0
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
spec:
type: NodePort
selector:
cmii.type: middleware
cmii.app: helm-emqxs
cmii.emqx.architecture: cluster
ports:
- name: mqtt
port: 1883
targetPort: 1883
nodePort: 31883
- name: dashboard
port: 18083
targetPort: 18083
nodePort: 38085
- name: ws
port: 8083
targetPort: 8083
nodePort: 38083
- name: mqttssl
port: 8883
targetPort: 8883

263
75-202603-重庆二级平台/k8s-yaml/k8s-influxdb.yaml Normal file
View File

@@ -0,0 +1,263 @@
---
# Source: influxdb/templates/networkpolicy.yaml
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: helm-influxdb-fly
namespace: cq-fly-260311
labels:
app.kubernetes.io/instance: helm-influxdb-fly
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: influxdb
app.kubernetes.io/version: 2.7.11
helm.sh/chart: influxdb-6.6.11
spec:
podSelector:
matchLabels:
app.kubernetes.io/instance: helm-influxdb-fly
app.kubernetes.io/name: influxdb
app.kubernetes.io/component: influxdb
policyTypes:
- Ingress
- Egress
egress:
- {}
ingress:
# Allow inbound connections
- ports:
- port: 8086
protocol: TCP
- port: 8088
protocol: TCP
---
# Source: influxdb/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: helm-influxdb-fly
namespace: cq-fly-260311
labels:
app.kubernetes.io/instance: helm-influxdb-fly
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: influxdb
app.kubernetes.io/version: 2.7.11
helm.sh/chart: influxdb-6.6.11
app.kubernetes.io/component: influxdb
automountServiceAccountToken: false
---
# Source: influxdb/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: helm-influxdb-fly
namespace: cq-fly-260311
labels:
app.kubernetes.io/instance: helm-influxdb-fly
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: influxdb
app.kubernetes.io/version: 2.7.11
helm.sh/chart: influxdb-6.6.11
type: Opaque
data:
admin-user-password: "WTFjJVJoI2ZIMw=="
admin-user-token: "WXVubkhKQVNBQWRqMjNyYXNRQVdkNjIxZXJHQVM4MmthcWo="
---
# Source: influxdb/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: helm-influxdb-fly
namespace: cq-fly-260311
labels:
app.kubernetes.io/instance: helm-influxdb-fly
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: influxdb
app.kubernetes.io/version: 2.7.11
helm.sh/chart: influxdb-6.6.11
app.kubernetes.io/component: influxdb
spec:
type: ClusterIP
sessionAffinity: None
ports:
- port: 8086
targetPort: http
protocol: TCP
name: http
nodePort: null
- port: 8088
targetPort: rpc
protocol: TCP
name: rpc
nodePort: null
selector:
app.kubernetes.io/instance: helm-influxdb-fly
app.kubernetes.io/name: influxdb
app.kubernetes.io/component: influxdb
---
# Source: influxdb/templates/deployment.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: helm-influxdb-fly
namespace: cq-fly-260311
labels:
app.kubernetes.io/component: influxdb
app.kubernetes.io/instance: helm-influxdb-fly
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: influxdb
app.kubernetes.io/version: 2.7.11
helm.sh/chart: influxdb-6.6.11
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: influxdb
app.kubernetes.io/instance: helm-influxdb-fly
app.kubernetes.io/name: influxdb
template:
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/component: influxdb
app.kubernetes.io/instance: helm-influxdb-fly
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: influxdb
app.kubernetes.io/version: 2.7.11
helm.sh/chart: influxdb-6.6.11
spec:
volumes:
- name: empty-dir
emptyDir: {}
- name: influxdb-credentials
secret:
secretName: helm-influxdb-fly
defaultMode: 420
- name: data
persistentVolumeClaim:
claimName: helm-influxdb-fly
imagePullSecrets:
- name: harborsecret
containers:
- name: influxdb
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/influxdb:2.7.11-debian-12-r19
ports:
- name: http
containerPort: 8086
protocol: TCP
- name: rpc
containerPort: 8088
protocol: TCP
env:
- name: BITNAMI_DEBUG
value: 'true'
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: INFLUXDB_HTTP_AUTH_ENABLED
value: 'true'
- name: INFLUXDB_CREATE_USER_TOKEN
value: 'no'
- name: INFLUXDB_ADMIN_USER
value: cmlc
- name: INFLUXDB_ADMIN_USER_PASSWORD_FILE
value: /opt/bitnami/influxdb/secrets/admin-user-password
- name: INFLUXDB_ADMIN_USER_TOKEN_FILE
value: /opt/bitnami/influxdb/secrets/admin-user-token
- name: INFLUXDB_ADMIN_BUCKET
value: home
- name: INFLUXDB_ADMIN_ORG
value: docs
resources:
limits:
cpu: '4'
ephemeral-storage: 4Gi
memory: 4Gi
requests:
cpu: '2'
ephemeral-storage: 50Mi
memory: 4Gi
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: empty-dir
mountPath: /opt/bitnami/influxdb/etc
subPath: app-conf-dir
- name: influxdb-credentials
mountPath: /opt/bitnami/influxdb/secrets/
- name: data
mountPath: /bitnami/influxdb
livenessProbe:
httpGet:
path: /
port: http
scheme: HTTP
initialDelaySeconds: 180
timeoutSeconds: 30
periodSeconds: 45
successThreshold: 1
failureThreshold: 6
readinessProbe:
exec:
command:
- bash
- '-c'
- |
. /opt/bitnami/scripts/libinfluxdb.sh
influxdb_env
export INFLUX_USERNAME="$INFLUXDB_ADMIN_USER"
export INFLUX_PASSWORD="$INFLUXDB_ADMIN_USER_PASSWORD"
timeout 29s influx ping --host http://$POD_IP:8086
initialDelaySeconds: 120
timeoutSeconds: 30
periodSeconds: 45
successThreshold: 1
failureThreshold: 6
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
securityContext:
capabilities:
drop:
- ALL
privileged: false
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
serviceAccountName: helm-influxdb-fly
serviceAccount: helm-influxdb-fly
securityContext:
fsGroup: 1001
fsGroupChangePolicy: Always
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: uavcloud.env
operator: In
values:
- cq-fly-260311
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600

680
75-202603-重庆二级平台/k8s-yaml/k8s-ingress-13014.yaml Normal file
View File

@@ -0,0 +1,680 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: frontend-applications-ingress
namespace: cq-fly-260311
labels:
type: frontend
octopus.control: all-ingress-config-wdd
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: uas-2.2
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/enable-cors: 'true'
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
rules:
- host: fake-domain.cq-fly-260311.io
http:
paths:
- path: /?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-lite
port:
number: 9528
- path: /uas/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-uas
port:
number: 9528
- path: /lite/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-lite
port:
number: 9528
- path: /uasms/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-platform-uasms
port:
number: 9528
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: backend-applications-ingress
namespace: cq-fly-260311
labels:
type: backend
octopus.control: all-ingress-config-wdd
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: uas-2.2
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/enable-cors: 'true'
spec:
rules:
- host: cmii-admin-data.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-admin-data
port:
number: 8080
- host: cmii-admin-gateway.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-admin-gateway
port:
number: 8080
- host: cmii-admin-user.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-admin-user
port:
number: 8080
- host: cmii-app-release.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-app-release
port:
number: 8080
- host: cmii-open-gateway.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-open-gateway
port:
number: 8080
- host: cmii-sky-converge.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-sky-converge
port:
number: 8080
- host: cmii-suav-supervision.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-suav-supervision
port:
number: 8080
- host: cmii-uas-datahub.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uas-datahub
port:
number: 8080
- host: cmii-uas-gateway.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uas-gateway
port:
number: 8080
- host: cmii-uas-lifecycle.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uas-lifecycle
port:
number: 8080
- host: cmii-uav-advanced5g.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-advanced5g
port:
number: 8080
- host: cmii-uav-airspace.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-airspace
port:
number: 8080
- host: cmii-uav-alarm.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-alarm
port:
number: 8080
- host: cmii-uav-autowaypoint.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-autowaypoint
port:
number: 8080
- host: cmii-uav-brain.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-brain
port:
number: 8080
- host: cmii-uav-bridge.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-bridge
port:
number: 8080
- host: cmii-uav-cloud-live.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-cloud-live
port:
number: 8080
- host: cmii-uav-clusters.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-clusters
port:
number: 8080
- host: cmii-uav-cms.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-cms
port:
number: 8080
- host: cmii-uav-data-post-process.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-data-post-process
port:
number: 8080
- host: cmii-uav-depotautoreturn.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-depotautoreturn
port:
number: 8080
- host: cmii-uav-developer.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-developer
port:
number: 8080
- host: cmii-uav-device.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-device
port:
number: 8080
- host: cmii-uav-emergency.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-emergency
port:
number: 8080
- host: cmii-uav-fwdd.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-fwdd
port:
number: 8080
- host: cmii-uav-gateway.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-gateway
port:
number: 8080
- host: cmii-uav-gis-server.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-gis-server
port:
number: 8080
- host: cmii-uav-grid-datasource.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-grid-datasource
port:
number: 8080
- host: cmii-uav-grid-engine.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-grid-engine
port:
number: 8080
- host: cmii-uav-grid-manage.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-grid-manage
port:
number: 8080
- host: cmii-uav-industrial-portfolio.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-industrial-portfolio
port:
number: 8080
- host: cmii-uav-integration.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-integration
port:
number: 8080
- host: cmii-uav-iot-dispatcher.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-iot-dispatcher
port:
number: 8080
- host: cmii-uav-iot-manager.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-iot-manager
port:
number: 8080
- host: cmii-uav-kpi-monitor.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-kpi-monitor
port:
number: 8080
- host: cmii-uav-logger.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-logger
port:
number: 8080
- host: cmii-uav-material-warehouse.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-material-warehouse
port:
number: 8080
- host: cmii-uav-mission.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-mission
port:
number: 8080
- host: cmii-uav-mqtthandler.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-mqtthandler
port:
number: 8080
- host: cmii-uav-multilink.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-multilink
port:
number: 8080
- host: cmii-uav-notice.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-notice
port:
number: 8080
- host: cmii-uav-oauth.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-oauth
port:
number: 8080
- host: cmii-uav-process.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-process
port:
number: 8080
- host: cmii-uav-sec-awareness.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-sec-awareness
port:
number: 8080
- host: cmii-uav-security-trace.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-security-trace
port:
number: 8080
- host: cmii-uav-sense-adapter.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-sense-adapter
port:
number: 8080
- host: cmii-uav-surveillance.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-surveillance
port:
number: 8080
- host: cmii-uav-sync.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-sync
port:
number: 8080
- host: cmii-uav-tcp-server.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-tcp-server
port:
number: 8080
- host: cmii-uav-threedsimulation.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-threedsimulation
port:
number: 8080
- host: cmii-uav-tower.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-tower
port:
number: 8080
- host: cmii-uav-user.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-user
port:
number: 8080
- host: cmii-uav-watchdog.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-watchdog
port:
number: 8080
- host: cmii-uav-waypoint.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-waypoint
port:
number: 8080
- host: cmii-uavms-pyfusion.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uavms-pyfusion
port:
number: 8080
- host: cmii-uavms-security-center.uavcloud-sc-my-202602.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cmii-uavms-security-center
port:
number: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: all-gateways-ingress
namespace: cq-fly-260311
labels:
type: api-gateway
octopus.control: all-ingress-config-1.1.0
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: uas-2.2
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/enable-cors: 'true'
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/proxy-read-timeout: '3600'
nginx.ingress.kubernetes.io/proxy-send-timeout: '3600'
spec:
rules:
- host: fake-domain.cq-fly-260311.io
http:
paths:
- path: /oms/api/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-admin-gateway
port:
number: 8080
- path: /open/api/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-open-gateway
port:
number: 8080
- path: /api/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uav-gateway
port:
number: 8080
- path: /uas/api/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-uas-gateway
port:
number: 8080
- path: /converge/?(.*)
pathType: ImplementationSpecific
backend:
service:
name: cmii-sky-converge
port:
number: 8080

832
75-202603-重庆二级平台/k8s-yaml/k8s-ingress.yaml Normal file
View File

@@ -0,0 +1,832 @@
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: frontend-applications-ingress
namespace: cq-fly-260311
labels:
type: frontend
octopus.control: all-ingress-config-wdd
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite ^(/ms)$ $1/ redirect;
rewrite ^(/supervisionh5)$ $1/ redirect;
rewrite ^(/pangu)$ $1/ redirect;
rewrite ^(/ai-brain)$ $1/ redirect;
rewrite ^(/armypeople)$ $1/ redirect;
rewrite ^(/awareness)$ $1/ redirect;
rewrite ^(/base)$ $1/ redirect;
rewrite ^(/blockchain)$ $1/ redirect;
rewrite ^(/classification)$ $1/ redirect;
rewrite ^(/cmsportal)$ $1/ redirect;
rewrite ^(/detection)$ $1/ redirect;
rewrite ^(/dikongzhixingh5)$ $1/ redirect;
rewrite ^(/dispatchh5)$ $1/ redirect;
rewrite ^(/emergency)$ $1/ redirect;
rewrite ^(/eventsh5)$ $1/ redirect;
rewrite ^(/flight-control)$ $1/ redirect;
rewrite ^(/hljtt)$ $1/ redirect;
rewrite ^(/hyper)$ $1/ redirect;
rewrite ^(/iot)$ $1/ redirect;
rewrite ^(/jiangsuwenlv)$ $1/ redirect;
rewrite ^(/lite)$ $1/ redirect;
rewrite ^(/logistics)$ $1/ redirect;
rewrite ^(/media)$ $1/ redirect;
rewrite ^(/mianyangbackend)$ $1/ redirect;
rewrite ^(/multiterminal)$ $1/ redirect;
rewrite ^(/mws)$ $1/ redirect;
rewrite ^(/oms)$ $1/ redirect;
rewrite ^(/open)$ $1/ redirect;
rewrite ^(/pilot2cloud)$ $1/ redirect;
rewrite ^(/qingdao)$ $1/ redirect;
rewrite ^(/qinghaitourism)$ $1/ redirect;
rewrite ^(/renyike)$ $1/ redirect;
rewrite ^(/scanner)$ $1/ redirect;
rewrite ^(/security)$ $1/ redirect;
rewrite ^(/securityh5)$ $1/ redirect;
rewrite ^(/seniclive)$ $1/ redirect;
rewrite ^(/share)$ $1/ redirect;
rewrite ^(/smauth)$ $1/ redirect;
rewrite ^(/smsecret)$ $1/ redirect;
rewrite ^(/splice)$ $1/ redirect;
rewrite ^(/threedsimulation)$ $1/ redirect;
rewrite ^(/traffic)$ $1/ redirect;
rewrite ^(/uas)$ $1/ redirect;
rewrite ^(/uas)$ $1/ redirect;
rewrite ^(/uasms)$ $1/ redirect;
rewrite ^(/uasms)$ $1/ redirect;
rewrite ^(/visualization)$ $1/ redirect;
rewrite ^(/uavmsmanager)$ $1/ redirect;
rewrite ^(/secenter)$ $1/ redirect;
spec:
rules:
- host: fake-domain.cq-fly-260311.io
http:
paths:
- path: /260304/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform
servicePort: 9528
- path: /260304/supervision/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-suav-platform-supervision
servicePort: 9528
- path: /ms/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-lite-oms
servicePort: 9528
- path: /260304/pangu/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform
servicePort: 9528
- path: /260304/ai-brain/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-ai-brain
servicePort: 9528
- path: /260304/armypeople/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-armypeople
servicePort: 9528
- path: /260304/awareness/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-awareness
servicePort: 9528
- path: /260304/base/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-base
servicePort: 9528
- path: /260304/blockchain/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-blockchain
servicePort: 9528
- path: /260304/classification/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-classification
servicePort: 9528
- path: /260304/cmsportal/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-cms-portal
servicePort: 9528
- path: /260304/detection/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-detection
servicePort: 9528
- path: /260304/dikongzhixingh5/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-dikongzhixingh5
servicePort: 9528
- path: /260304/dispatchh5/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-dispatchh5
servicePort: 9528
- path: /260304/emergency/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-emergency-rescue
servicePort: 9528
- path: /260304/eventsh5/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-eventsh5
servicePort: 9528
- path: /260304/flight-control/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-flight-control
servicePort: 9528
- path: /260304/hljtt/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-hljtt
servicePort: 9528
- path: /260304/hyper/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-hyperspectral
servicePort: 9528
- path: /260304/iot/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-iot-manager
servicePort: 9528
- path: /260304/jiangsuwenlv/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-jiangsuwenlv
servicePort: 9528
- path: /260304/lite/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-lite
servicePort: 9528
- path: /260304/logistics/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-logistics
servicePort: 9528
- path: /260304/media/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-media
servicePort: 9528
- path: /260304/mianyangbackend/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-mianyangbackend
servicePort: 9528
- path: /260304/multiterminal/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-multiterminal
servicePort: 9528
- path: /260304/mws/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-mws
servicePort: 9528
- path: /260304/oms/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-oms
servicePort: 9528
- path: /260304/open/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-open
servicePort: 9528
- path: /260304/pilot2cloud/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-pilot2-to-cloud
servicePort: 9528
- path: /260304/qingdao/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-qingdao
servicePort: 9528
- path: /260304/qinghaitourism/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-qinghaitourism
servicePort: 9528
- path: /260304/renyike/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-renyike
servicePort: 9528
- path: /260304/scanner/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-scanner
servicePort: 9528
- path: /260304/security/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-security
servicePort: 9528
- path: /260304/securityh5/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-securityh5
servicePort: 9528
- path: /260304/seniclive/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-seniclive
servicePort: 9528
- path: /260304/share/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-share
servicePort: 9528
- path: /260304/smauth/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-smauth
servicePort: 9528
- path: /260304/smsecret/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-smsecret
servicePort: 9528
- path: /260304/splice/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-splice
servicePort: 9528
- path: /260304/threedsimulation/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-threedsimulation
servicePort: 9528
- path: /260304/traffic/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-traffic
servicePort: 9528
- path: /260304/uas/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-uas
servicePort: 9528
- path: /260304/uas/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-uaskny
servicePort: 9528
- path: /260304/uasms/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-uasms
servicePort: 9528
- path: /260304/uasms/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-uasmskny
servicePort: 9528
- path: /260304/visualization/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-platform-visualization
servicePort: 9528
- path: /260304/uavmsmanager/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uavms-platform-manager
servicePort: 9528
- path: /260304/secenter/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uavms-platform-security-center
servicePort: 9528
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: backend-applications-ingress
namespace: cq-fly-260311
labels:
type: backend
octopus.control: all-ingress-config-wdd
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/enable-cors: "true"
spec:
rules:
- host: cmii-admin-data.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-admin-data
servicePort: 8080
- host: cmii-admin-gateway.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-admin-gateway
servicePort: 8080
- host: cmii-admin-user.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-admin-user
servicePort: 8080
- host: cmii-app-release.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-app-release
servicePort: 8080
- host: cmii-open-gateway.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-open-gateway
servicePort: 8080
- host: cmii-sky-converge.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-sky-converge
servicePort: 8080
- host: cmii-suav-supervision.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-suav-supervision
servicePort: 8080
- host: cmii-uas-datahub.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uas-datahub
servicePort: 8080
- host: cmii-uas-gateway.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uas-gateway
servicePort: 8080
- host: cmii-uas-lifecycle.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uas-lifecycle
servicePort: 8080
- host: cmii-uav-advanced5g.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-advanced5g
servicePort: 8080
- host: cmii-uav-airspace.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-airspace
servicePort: 8080
- host: cmii-uav-alarm.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-alarm
servicePort: 8080
- host: cmii-uav-autowaypoint.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-autowaypoint
servicePort: 8080
- host: cmii-uav-brain.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-brain
servicePort: 8080
- host: cmii-uav-bridge.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-bridge
servicePort: 8080
- host: cmii-uav-cloud-live.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-cloud-live
servicePort: 8080
- host: cmii-uav-clusters.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-clusters
servicePort: 8080
- host: cmii-uav-cms.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-cms
servicePort: 8080
- host: cmii-uav-data-post-process.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-data-post-process
servicePort: 8080
- host: cmii-uav-depotautoreturn.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-depotautoreturn
servicePort: 8080
- host: cmii-uav-developer.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-developer
servicePort: 8080
- host: cmii-uav-device.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-device
servicePort: 8080
- host: cmii-uav-emergency.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-emergency
servicePort: 8080
- host: cmii-uav-fwdd.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-fwdd
servicePort: 8080
- host: cmii-uav-gateway.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-gateway
servicePort: 8080
- host: cmii-uav-gis-server.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-gis-server
servicePort: 8080
- host: cmii-uav-grid-datasource.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-grid-datasource
servicePort: 8080
- host: cmii-uav-grid-engine.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-grid-engine
servicePort: 8080
- host: cmii-uav-grid-manage.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-grid-manage
servicePort: 8080
- host: cmii-uav-industrial-portfolio.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-industrial-portfolio
servicePort: 8080
- host: cmii-uav-integration.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-integration
servicePort: 8080
- host: cmii-uav-iot-dispatcher.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-iot-dispatcher
servicePort: 8080
- host: cmii-uav-iot-manager.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-iot-manager
servicePort: 8080
- host: cmii-uav-kpi-monitor.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-kpi-monitor
servicePort: 8080
- host: cmii-uav-logger.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-logger
servicePort: 8080
- host: cmii-uav-material-warehouse.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-material-warehouse
servicePort: 8080
- host: cmii-uav-mission.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-mission
servicePort: 8080
- host: cmii-uav-mqtthandler.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-mqtthandler
servicePort: 8080
- host: cmii-uav-multilink.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-multilink
servicePort: 8080
- host: cmii-uav-notice.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-notice
servicePort: 8080
- host: cmii-uav-oauth.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-oauth
servicePort: 8080
- host: cmii-uav-process.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-process
servicePort: 8080
- host: cmii-uav-sec-awareness.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-sec-awareness
servicePort: 8080
- host: cmii-uav-security-trace.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-security-trace
servicePort: 8080
- host: cmii-uav-sense-adapter.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-sense-adapter
servicePort: 8080
- host: cmii-uav-surveillance.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-surveillance
servicePort: 8080
- host: cmii-uav-sync.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-sync
servicePort: 8080
- host: cmii-uav-tcp-server.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-tcp-server
servicePort: 8080
- host: cmii-uav-threedsimulation.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-threedsimulation
servicePort: 8080
- host: cmii-uav-tower.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-tower
servicePort: 8080
- host: cmii-uav-user.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-user
servicePort: 8080
- host: cmii-uav-watchdog.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-watchdog
servicePort: 8080
- host: cmii-uav-waypoint.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-waypoint
servicePort: 8080
- host: cmii-uavms-pyfusion.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uavms-pyfusion
servicePort: 8080
- host: cmii-uavms-security-center.uavcloud-260304.io
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: cmii-uavms-security-center
servicePort: 8080
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: all-gateways-ingress
namespace: cq-fly-260311
labels:
type: api-gateway
octopus.control: all-ingress-config-1.1.0
app.kubernetes.io/managed-by: octopus-control
app.kubernetes.io/version: "2.0"
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header upgradePrefix $http_upgrade;
proxy_set_header Connection "upgradePrefix";
spec:
rules:
- host: fake-domain.cq-fly-260311.io
http:
paths:
- path: /260304/oms/api/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-admin-gateway
servicePort: 8080
- path: /260304/open/api/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-open-gateway
servicePort: 8080
- path: /260304/api/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uav-gateway
servicePort: 8080
- path: /260304/uas/api/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-uas-gateway
servicePort: 8080
- path: /260304/converge/?(.*)
pathType: ImplementationSpecific
backend:
serviceName: cmii-sky-converge
servicePort: 8080

79
75-202603-重庆二级平台/k8s-yaml/k8s-minio.yaml Normal file
View File

@@ -0,0 +1,79 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
namespace: cq-fly-260311
name: helm-minio-fly
spec:
serviceName: helm-minio-fly
replicas: 1
selector:
matchLabels:
app: helm-minio-fly
template:
metadata:
labels:
app: helm-minio-fly
spec:
imagePullSecrets:
- name: harborsecret
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: uavcloud.env
operator: In
values:
- cq-fly-260311
containers:
- name: minio
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/minio:RELEASE.2023-06-02T23-17-26Z
command: ["/bin/sh", "-c"]
args:
- minio server /data --console-address ":9001"
ports:
- containerPort: 9000
name: api
- containerPort: 9001
name: console
env:
- name: MINIO_ACCESS_KEY
value: "cmii"
- name: MINIO_SECRET_KEY
value: "B#923fC7mk"
volumeMounts:
- name: data
mountPath: /data
resources:
limits:
memory: 1Gi
cpu: "1"
requests:
memory: 200Mi
cpu: 200m
volumes:
- name: data
persistentVolumeClaim:
claimName: helm-minio-fly
# hostPath:
# path: /var/lib/docker/minio-pv/
---
apiVersion: v1
kind: Service
metadata:
name: helm-minio-fly
namespace: cq-fly-260311
spec:
selector:
app: helm-minio-fly
ports:
- name: api
port: 9000
targetPort: 9000
nodePort: 31090
- name: console
port: 9001
targetPort: 9001
nodePort: 31091
type: NodePort

418
75-202603-重庆二级平台/k8s-yaml/k8s-mysql.yaml Normal file
View File

@@ -0,0 +1,418 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: helm-mysql-fly
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: mysql-db
octopus.control: mysql-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
annotations: {}
secrets:
- name: helm-mysql-fly
---
apiVersion: v1
kind: Secret
metadata:
name: helm-mysql-fly
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: mysql-db
octopus.control: mysql-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
type: Opaque
data:
mysql-root-password: "UXpmWFFoZDNiUQ=="
mysql-password: "S0F0cm5PckFKNw=="
---
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-mysql-fly
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: mysql-db
octopus.control: mysql-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/component: primary
data:
my.cnf: |-
[mysqld]
port=3306
basedir=/opt/bitnami/mysql
datadir=/bitnami/mysql/data
pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
socket=/opt/bitnami/mysql/tmp/mysql.sock
log-error=/bitnami/mysql/data/error.log
general_log_file = /bitnami/mysql/data/general.log
slow_query_log_file = /bitnami/mysql/data/slow.log
innodb_data_file_path = ibdata1:512M:autoextend
innodb_buffer_pool_size = 512M
innodb_buffer_pool_instances = 2
innodb_log_file_size = 512M
innodb_log_files_in_group = 4
innodb_log_files_in_group = 4
log-bin = /bitnami/mysql/data/mysql-bin
max_binlog_size=1G
transaction_isolation = REPEATABLE-READ
default_storage_engine = innodb
character-set-server = utf8mb4
collation-server=utf8mb4_bin
binlog_format = ROW
binlog_rows_query_log_events=on
binlog_cache_size=4M
binlog_expire_logs_seconds = 1296000
max_binlog_cache_size=2G
gtid_mode = on
enforce_gtid_consistency = 1
sync_binlog = 1
innodb_flush_log_at_trx_commit = 1
innodb_flush_method = O_DIRECT
log_slave_updates=1
relay_log_recovery = 1
relay-log-purge = 1
default_time_zone = '+08:00'
lower_case_table_names=1
log_bin_trust_function_creators=1
group_concat_max_len=67108864
innodb_io_capacity = 4000
innodb_io_capacity_max = 8000
innodb_flush_sync = 0
innodb_flush_neighbors = 0
innodb_write_io_threads = 8
innodb_read_io_threads = 8
innodb_purge_threads = 4
innodb_page_cleaners = 4
innodb_open_files = 65535
innodb_max_dirty_pages_pct = 50
innodb_lru_scan_depth = 4000
innodb_checksum_algorithm = crc32
innodb_lock_wait_timeout = 10
innodb_rollback_on_timeout = 1
innodb_print_all_deadlocks = 1
innodb_file_per_table = 1
innodb_online_alter_log_max_size = 4G
innodb_stats_on_metadata = 0
innodb_thread_concurrency = 0
innodb_sync_spin_loops = 100
innodb_spin_wait_delay = 30
lock_wait_timeout = 3600
slow_query_log = 1
long_query_time = 10
log_queries_not_using_indexes =1
log_throttle_queries_not_using_indexes = 60
min_examined_row_limit = 100
log_slow_admin_statements = 1
log_slow_slave_statements = 1
default_authentication_plugin=mysql_native_password
skip-name-resolve=1
explicit_defaults_for_timestamp=1
plugin_dir=/opt/bitnami/mysql/plugin
max_allowed_packet=128M
max_connections = 2000
max_connect_errors = 1000000
table_definition_cache=2000
table_open_cache_instances=64
tablespace_definition_cache=1024
thread_cache_size=256
interactive_timeout = 600
wait_timeout = 600
tmpdir=/opt/bitnami/mysql/tmp
max_allowed_packet=32M
bind-address=0.0.0.0
performance_schema = 1
performance_schema_instrument = '%memory%=on'
performance_schema_instrument = '%lock%=on'
innodb_monitor_enable=ALL
[mysql]
no-auto-rehash
[mysqldump]
quick
max_allowed_packet = 32M
[client]
port=3306
socket=/opt/bitnami/mysql/tmp/mysql.sock
default-character-set=UTF8
plugin_dir=/opt/bitnami/mysql/plugin
[manager]
port=3306
socket=/opt/bitnami/mysql/tmp/mysql.sock
pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
---
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-mysql-fly-init-scripts
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: mysql-db
octopus.control: mysql-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/component: primary
data:
create_users_grants_core.sql: |-
create user zyly@'%' identified by 'Cmii@451315';
grant select on *.* to zyly@'%';
create user zyly_qc@'%' identified by 'Uh)E_owCyb16';
grant all on *.* to zyly_qc@'%';
create user k8s_admin@'%' identified by 'fP#UaH6qQ3)8';
grant all on *.* to k8s_admin@'%';
create user audit_dba@'%' identified by 'PjCzqiBmJaTpgkoYXynH';
grant all on *.* to audit_dba@'%';
create user db_backup@'%' identified by 'RU5Pu(4FGdT9';
GRANT SELECT, RELOAD, PROCESS, LOCK TABLES, REPLICATION CLIENT, EVENT on *.* to db_backup@'%';
create user monitor@'%' identified by 'PL3#nGtrWbf-';
grant REPLICATION CLIENT on *.* to monitor@'%';
flush privileges;
---
kind: Service
apiVersion: v1
metadata:
name: cmii-mysql
namespace: cq-fly-260311
labels:
app.kubernetes.io/component: primary
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/name: mysql-db
app.kubernetes.io/release: cq-fly-260311
cmii.app: mysql
cmii.type: middleware
octopus.control: mysql-db-wdd
spec:
ports:
- name: mysql
protocol: TCP
port: 13306
targetPort: mysql
selector:
app.kubernetes.io/component: primary
app.kubernetes.io/name: mysql-db
app.kubernetes.io/release: cq-fly-260311
cmii.app: mysql
cmii.type: middleware
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: helm-mysql-fly-headless
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: mysql-db
octopus.control: mysql-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: mysql
app.kubernetes.io/component: primary
annotations: {}
spec:
type: ClusterIP
clusterIP: None
publishNotReadyAddresses: true
ports:
- name: mysql
port: 3306
targetPort: mysql
selector:
app.kubernetes.io/name: mysql-db
app.kubernetes.io/release: cq-fly-260311
cmii.type: middleware
cmii.app: mysql
app.kubernetes.io/component: primary
---
apiVersion: v1
kind: Service
metadata:
name: helm-mysql-fly
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: mysql-db
octopus.control: mysql-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: mysql
app.kubernetes.io/component: primary
annotations: {}
spec:
type: NodePort
ports:
- name: mysql
port: 3306
protocol: TCP
targetPort: mysql
nodePort: 32306
selector:
app.kubernetes.io/name: mysql-db
app.kubernetes.io/release: cq-fly-260311
cmii.type: middleware
cmii.app: mysql
app.kubernetes.io/component: primary
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: helm-mysql-fly
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: mysql-db
octopus.control: mysql-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: mysql
app.kubernetes.io/component: primary
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: mysql-db
app.kubernetes.io/release: cq-fly-260311
cmii.type: middleware
cmii.app: mysql
app.kubernetes.io/component: primary
serviceName: helm-mysql-fly
updateStrategy:
type: RollingUpdate
template:
metadata:
annotations:
checksum/configuration: 6b60fa0f3a846a6ada8effdc4f823cf8003d42a8c8f630fe8b1b66d3454082dd
labels:
app.kubernetes.io/name: mysql-db
octopus.control: mysql-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: mysql
app.kubernetes.io/component: primary
spec:
imagePullSecrets:
- name: harborsecret
serviceAccountName: helm-mysql-fly
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: uavcloud.env
operator: In
values:
- cq-fly-260311
nodeSelector:
mysql-deploy: "true"
securityContext:
fsGroup: 1001
initContainers:
- name: change-volume-permissions
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/os-shell:12-debian-12-r51
imagePullPolicy: "Always"
command:
- /bin/bash
- -ec
- |
chown -R 1001:1001 /bitnami/mysql
securityContext:
runAsUser: 0
volumeMounts:
- name: mysql-data
mountPath: /bitnami/mysql
containers:
- name: mysql
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/mysql:8.1.0-debian-11-r42
imagePullPolicy: "IfNotPresent"
securityContext:
runAsUser: 1001
env:
- name: BITNAMI_DEBUG
value: "true"
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: helm-mysql-fly
key: mysql-root-password
- name: MYSQL_DATABASE
value: "cmii"
ports:
- name: mysql
containerPort: 3306
livenessProbe:
failureThreshold: 5
initialDelaySeconds: 120
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
exec:
command:
- /bin/bash
- -ec
- |
password_aux="${MYSQL_ROOT_PASSWORD:-}"
if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then
password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE")
fi
mysqladmin status -uroot -p"${password_aux}"
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
exec:
command:
- /bin/bash
- -ec
- |
password_aux="${MYSQL_ROOT_PASSWORD:-}"
if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then
password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE")
fi
mysqladmin status -uroot -p"${password_aux}"
startupProbe:
failureThreshold: 60
initialDelaySeconds: 120
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
exec:
command:
- /bin/bash
- -ec
- |
password_aux="${MYSQL_ROOT_PASSWORD:-}"
if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then
password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE")
fi
mysqladmin status -uroot -p"${password_aux}"
resources:
limits: {}
requests: {}
volumeMounts:
- name: mysql-data
mountPath: /bitnami/mysql
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d
- name: config
mountPath: /opt/bitnami/mysql/conf/my.cnf
subPath: my.cnf
volumes:
- name: config
configMap:
name: helm-mysql-fly
- name: custom-init-scripts
configMap:
name: helm-mysql-fly-init-scripts
- name: mysql-data
hostPath:
path: /var/lib/docker/mysql-pv/cq-fly-260311/

76
75-202603-重庆二级平台/k8s-yaml/k8s-pvc.yaml Normal file
View File

@@ -0,0 +1,76 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-backend-log-pvc
namespace: cq-fly-260311
labels:
cmii.type: middleware-base
cmii.app: nfs-backend-log-pvc
helm.sh/chart: all-persistence-volume-claims-1.1.0
app.kubernetes.io/version: "2.0"
spec:
storageClassName: nfs-prod-distribute
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 100Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: helm-emqxs
namespace: cq-fly-260311
labels:
cmii.type: middleware-base
cmii.app: helm-emqxs
helm.sh/chart: all-persistence-volume-claims-1.1.0
app.kubernetes.io/version: "2.0"
spec:
storageClassName: nfs-prod-distribute
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: helm-mongo
namespace: cq-fly-260311
labels:
cmii.type: middleware-base
cmii.app: helm-mongo
helm.sh/chart: all-persistence-volume-claims-1.1.0
app.kubernetes.io/version: "2.0"
spec:
storageClassName: nfs-prod-distribute
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 30Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: helm-rabbitmq
namespace: cq-fly-260311
labels:
cmii.type: middleware-base
cmii.app: helm-rabbitmq
helm.sh/chart: all-persistence-volume-claims-1.1.0
app.kubernetes.io/version: "2.0"
spec:
storageClassName: nfs-prod-distribute
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 20Gi

328
75-202603-重庆二级平台/k8s-yaml/k8s-rabbitmq.yaml Normal file
View File

@@ -0,0 +1,328 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: helm-rabbitmq-fly
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: helm-rabbitmq-fly
helm.sh/chart: rabbitmq-8.26.1
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: rabbitmq
automountServiceAccountToken: true
secrets:
- name: helm-rabbitmq-fly
---
apiVersion: v1
kind: Secret
metadata:
name: helm-rabbitmq-fly
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: helm-rabbitmq-fly
helm.sh/chart: rabbitmq-8.26.1
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: rabbitmq
type: Opaque
data:
rabbitmq-password: "blljUk45MXIuX2hq"
rabbitmq-erlang-cookie: "emFBRmt1ZU1xMkJieXZvdHRYbWpoWk52UThuVXFzcTU="
---
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-rabbitmq-fly-config
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: helm-rabbitmq-fly
helm.sh/chart: rabbitmq-8.26.1
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: rabbitmq
data:
rabbitmq.conf: |-
## Username and password
##
default_user = admin
default_pass = nYcRN91r._hj
## Clustering
##
cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s
cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
cluster_formation.node_cleanup.interval = 10
cluster_formation.node_cleanup.only_log_warning = true
cluster_partition_handling = autoheal
# queue master locator
queue_master_locator = min-masters
# enable guest user
loopback_users.guest = false
#default_vhost = default-vhost
#disk_free_limit.absolute = 50MB
#load_definitions = /app/load_definition.json
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: helm-rabbitmq-fly-endpoint-reader
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: helm-rabbitmq-fly
helm.sh/chart: rabbitmq-8.26.1
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: rabbitmq
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: helm-rabbitmq-fly-endpoint-reader
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: helm-rabbitmq-fly
helm.sh/chart: rabbitmq-8.26.1
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: rabbitmq
subjects:
- kind: ServiceAccount
name: helm-rabbitmq-fly
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: helm-rabbitmq-fly-endpoint-reader
---
apiVersion: v1
kind: Service
metadata:
name: helm-rabbitmq-fly-headless
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: helm-rabbitmq-fly
helm.sh/chart: rabbitmq-8.26.1
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: rabbitmq
spec:
clusterIP: None
ports:
- name: epmd
port: 4369
targetPort: epmd
- name: amqp
port: 5672
targetPort: amqp
- name: dist
port: 25672
targetPort: dist
- name: dashboard
port: 15672
targetPort: stats
selector:
app.kubernetes.io/name: helm-rabbitmq-fly
app.kubernetes.io/release: cq-fly-260311
publishNotReadyAddresses: true
---
apiVersion: v1
kind: Service
metadata:
name: helm-rabbitmq-fly
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: helm-rabbitmq-fly
helm.sh/chart: rabbitmq-8.26.1
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: rabbitmq
spec:
type: NodePort
ports:
- name: amqp
port: 5672
targetPort: amqp
nodePort: 32672
- name: dashboard
port: 15672
targetPort: dashboard
nodePort: 32675
selector:
app.kubernetes.io/name: helm-rabbitmq-fly
app.kubernetes.io/release: cq-fly-260311
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: helm-rabbitmq-fly
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: helm-rabbitmq-fly
helm.sh/chart: rabbitmq-8.26.1
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: rabbitmq
spec:
serviceName: helm-rabbitmq-fly-headless
podManagementPolicy: OrderedReady
replicas: 1
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: helm-rabbitmq-fly
app.kubernetes.io/release: cq-fly-260311
template:
metadata:
labels:
app.kubernetes.io/name: helm-rabbitmq-fly
helm.sh/chart: rabbitmq-8.26.1
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: rabbitmq
annotations:
checksum/config: d6c2caa9572f64a06d9f7daa34c664a186b4778cd1697ef8e59663152fc628f1
checksum/secret: d764e7b3d999e7324d1afdfec6140092a612f04b6e0306818675815cec2f454f
spec:
imagePullSecrets:
- name: harborsecret
serviceAccountName: helm-rabbitmq-fly
affinity: {}
securityContext:
fsGroup: 5001
runAsUser: 5001
terminationGracePeriodSeconds: 120
initContainers:
- name: volume-permissions
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/os-shell:12-debian-12-r51
imagePullPolicy: "Always"
command:
- /bin/bash
args:
- -ec
- |
mkdir -p "/bitnami/rabbitmq/mnesia"
chown -R "5001:5001" "/bitnami/rabbitmq/mnesia"
securityContext:
runAsUser: 0
resources:
limits: {}
requests: {}
volumeMounts:
- name: data
mountPath: /bitnami/rabbitmq/mnesia
containers:
- name: rabbitmq
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/rabbitmq:3.13.7-debian-12-r5
imagePullPolicy: "Always"
env:
- name: BITNAMI_DEBUG
value: "false"
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: K8S_SERVICE_NAME
value: "helm-rabbitmq-fly-headless"
- name: K8S_ADDRESS_TYPE
value: hostname
- name: RABBITMQ_FORCE_BOOT
value: "no"
- name: RABBITMQ_NODE_NAME
value: "rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local"
- name: K8S_HOSTNAME_SUFFIX
value: ".$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local"
- name: RABBITMQ_MNESIA_DIR
value: "/bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME)"
- name: RABBITMQ_LDAP_ENABLE
value: "no"
- name: RABBITMQ_LOGS
value: "-"
- name: RABBITMQ_ULIMIT_NOFILES
value: "65536"
- name: RABBITMQ_USE_LONGNAME
value: "true"
- name: RABBITMQ_ERL_COOKIE
valueFrom:
secretKeyRef:
name: helm-rabbitmq-fly
key: rabbitmq-erlang-cookie
- name: RABBITMQ_LOAD_DEFINITIONS
value: "no"
- name: RABBITMQ_SECURE_PASSWORD
value: "yes"
- name: RABBITMQ_USERNAME
value: "admin"
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: helm-rabbitmq-fly
key: rabbitmq-password
- name: RABBITMQ_PLUGINS
value: "rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_shovel, rabbitmq_shovel_management, rabbitmq_auth_backend_ldap"
ports:
- name: amqp
containerPort: 5672
- name: dist
containerPort: 25672
- name: dashboard
containerPort: 15672
- name: epmd
containerPort: 4369
livenessProbe:
exec:
command:
- /bin/bash
- -ec
- rabbitmq-diagnostics -q ping
initialDelaySeconds: 120
periodSeconds: 30
timeoutSeconds: 20
successThreshold: 1
failureThreshold: 6
readinessProbe:
exec:
command:
- /bin/bash
- -ec
- rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 20
successThreshold: 1
failureThreshold: 3
lifecycle:
preStop:
exec:
command:
- /bin/bash
- -ec
- |
if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then
/opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d "false"
else
rabbitmqctl stop_app
fi
resources:
limits: {}
requests: {}
volumeMounts:
- name: configuration
mountPath: /bitnami/rabbitmq/conf
- name: data
mountPath: /bitnami/rabbitmq/mnesia
volumes:
- name: configuration
configMap:
name: helm-rabbitmq-fly-config
items:
- key: rabbitmq.conf
path: rabbitmq.conf
- name: data
persistentVolumeClaim:
claimName: helm-rabbitmq-fly

585
75-202603-重庆二级平台/k8s-yaml/k8s-redis-7.4.3-debian-12-r0.yaml Normal file
View File

@@ -0,0 +1,585 @@
---
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: true
metadata:
name: helm-redis-fly
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
---
apiVersion: v1
kind: Secret
metadata:
name: helm-redis-fly
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
type: Opaque
data:
redis-password: "TWNhY2hlQDQ1MjI="
---
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-redis-fly-configuration
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
data:
redis.conf: |-
# User-supplied common configuration:
# Enable AOF https://redis.io/topics/persistence#append-only-file
appendonly yes
# Disable RDB persistence, AOF persistence already enabled.
save ""
# End of common configuration
master.conf: |-
dir /data
# User-supplied master configuration:
rename-command FLUSHDB ""
rename-command FLUSHALL ""
# End of master configuration
replica.conf: |-
dir /data
replica-read-only yes
# User-supplied replica configuration:
rename-command FLUSHDB ""
rename-command FLUSHALL ""
# End of replica configuration
---
# Source: outside-deploy/charts/redis-db/templates/health-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-redis-fly-health
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
data:
ping_readiness_local.sh: |-
#!/bin/bash
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_local.sh: |-
#!/bin/bash
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
ping_readiness_master.sh: |-
#!/bin/bash
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_master.sh: |-
#!/bin/bash
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
ping_readiness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_readiness_local.sh" $1 || exit_status=$?
"$script_dir/ping_readiness_master.sh" $1 || exit_status=$?
exit $exit_status
ping_liveness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
"$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
exit $exit_status
---
# Source: outside-deploy/charts/redis-db/templates/scripts-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-redis-fly-scripts
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
data:
start-master.sh: |
#!/bin/bash
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
ARGS=("--port" "${REDIS_PORT}")
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_PASSWORD}")
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
exec redis-server "${ARGS[@]}"
start-replica.sh: |
#!/bin/bash
get_port() {
hostname="$1"
type="$2"
port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g")
port=${!port_var}
if [ -z "$port" ]; then
case $type in
"SENTINEL")
echo 26379
;;
"REDIS")
echo 6379
;;
esac
else
echo $port
fi
}
get_full_hostname() {
hostname="$1"
echo "${hostname}.${HEADLESS_SERVICE}"
}
REDISPORT=$(get_port "$HOSTNAME" "REDIS")
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
echo "" >> /opt/bitnami/redis/etc/replica.conf
echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf
echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf
ARGS=("--port" "${REDIS_PORT}")
ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
exec redis-server "${ARGS[@]}"
---
# Source: outside-deploy/charts/redis-db/templates/headless-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: helm-redis-fly-headless
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
spec:
type: ClusterIP
clusterIP: None
ports:
- name: tcp-redis
port: 6379
targetPort: redis
selector:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: cq-fly-260311
---
# Source: outside-deploy/charts/redis-db/templates/master/service.yaml
apiVersion: v1
kind: Service
metadata:
name: helm-redis-fly-master
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
ports:
- name: tcp-redis
port: 6379
targetPort: redis
nodePort: null
selector:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: cq-fly-260311
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
---
# Source: outside-deploy/charts/redis-db/templates/replicas/service.yaml
apiVersion: v1
kind: Service
metadata:
name: helm-redis-fly-replicas
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/component: replica
spec:
type: ClusterIP
ports:
- name: tcp-redis
port: 6379
targetPort: redis
nodePort: null
selector:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/component: replica
---
# Source: outside-deploy/charts/redis-db/templates/master/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: helm-redis-fly-master
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: cq-fly-260311
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
serviceName: helm-redis-fly-headless
updateStrategy:
rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
annotations:
checksum/configmap: b64aa5db67e6e63811f3c1095b9fce34d83c86a471fccdda0e48eedb53a179b0
checksum/health: 6e0a6330e5ac63e565ae92af1444527d72d8897f91266f333555b3d323570623
checksum/scripts: b88df93710b7c42a76006e20218f05c6e500e6cc2affd4bb1985832f03166e98
checksum/secret: 43f1b0e20f9cb2de936bd182bc3683b720fc3cf4f4e76cb23c06a52398a50e8d
spec:
affinity: {}
securityContext:
fsGroup: 1001
serviceAccountName: helm-redis-fly
imagePullSecrets:
- name: harborsecret
terminationGracePeriodSeconds: 30
containers:
- name: redis
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/redis:7.4.3-debian-12-r0
imagePullPolicy: "Always"
securityContext:
runAsUser: 1001
command:
- /bin/bash
args:
- -c
- /opt/bitnami/scripts/start-scripts/start-master.sh
env:
- name: BITNAMI_DEBUG
value: "false"
- name: REDIS_REPLICATION_MODE
value: master
- name: ALLOW_EMPTY_PASSWORD
value: "no"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: helm-redis-fly
key: redis-password
- name: REDIS_TLS_ENABLED
value: "no"
- name: REDIS_PORT
value: "6379"
ports:
- name: redis
containerPort: 6379
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 5
# One second longer than command timeout should prevent generation of zombie processes.
timeoutSeconds: 6
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_liveness_local.sh 5
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_readiness_local.sh 1
resources:
limits:
cpu: "2"
memory: 8Gi
requests:
cpu: "2"
memory: 8Gi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
- name: health
mountPath: /health
- name: redis-data
mountPath: /data
subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc/
- name: tmp
mountPath: /tmp
volumes:
- name: start-scripts
configMap:
name: helm-redis-fly-scripts
defaultMode: 0755
- name: health
configMap:
name: helm-redis-fly-health
defaultMode: 0755
- name: config
configMap:
name: helm-redis-fly-configuration
- name: redis-tmp-conf
emptyDir: {}
- name: tmp
emptyDir: {}
- name: redis-data
emptyDir: {}
---
# Source: outside-deploy/charts/redis-db/templates/replicas/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: helm-redis-fly-replicas
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/component: replica
spec:
replicas: 0
selector:
matchLabels:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/component: replica
serviceName: helm-redis-fly-headless
updateStrategy:
rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/component: replica
annotations:
checksum/configmap: b64aa5db67e6e63811f3c1095b9fce34d83c86a471fccdda0e48eedb53a179b0
checksum/health: 6e0a6330e5ac63e565ae92af1444527d72d8897f91266f333555b3d323570623
checksum/scripts: b88df93710b7c42a76006e20218f05c6e500e6cc2affd4bb1985832f03166e98
checksum/secret: 43f1b0e20f9cb2de936bd182bc3683b720fc3cf4f4e76cb23c06a52398a50e8d
spec:
imagePullSecrets:
- name: harborsecret
securityContext:
fsGroup: 1001
serviceAccountName: helm-redis-fly
terminationGracePeriodSeconds: 30
containers:
- name: redis
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/redis:7.4.3-debian-12-r0
imagePullPolicy: "Always"
securityContext:
runAsUser: 1001
command:
- /bin/bash
args:
- -c
- /opt/bitnami/scripts/start-scripts/start-replica.sh
env:
- name: BITNAMI_DEBUG
value: "false"
- name: REDIS_REPLICATION_MODE
value: slave
- name: REDIS_MASTER_HOST
value: helm-redis-fly-master-0.helm-redis-fly-headless.cq-fly-260311.svc.cluster.local
- name: REDIS_MASTER_PORT_NUMBER
value: "6379"
- name: ALLOW_EMPTY_PASSWORD
value: "no"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: helm-redis-fly
key: redis-password
- name: REDIS_MASTER_PASSWORD
valueFrom:
secretKeyRef:
name: helm-redis-fly
key: redis-password
- name: REDIS_TLS_ENABLED
value: "no"
- name: REDIS_PORT
value: "6379"
ports:
- name: redis
containerPort: 6379
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 6
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_liveness_local_and_master.sh 5
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_readiness_local_and_master.sh 1
resources:
limits:
cpu: "2"
memory: 8Gi
requests:
cpu: "2"
memory: 8Gi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
- name: health
mountPath: /health
- name: redis-data
mountPath: /data
subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc
volumes:
- name: start-scripts
configMap:
name: helm-redis-fly-scripts
defaultMode: 0755
- name: health
configMap:
name: helm-redis-fly-health
defaultMode: 0755
- name: config
configMap:
name: helm-redis-fly-configuration
- name: redis-tmp-conf
emptyDir: {}
- name: redis-data
emptyDir: {}

585
75-202603-重庆二级平台/k8s-yaml/k8s-redis.yaml Normal file
View File

@@ -0,0 +1,585 @@
---
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: true
metadata:
name: helm-redis
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
---
apiVersion: v1
kind: Secret
metadata:
name: helm-redis
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
type: Opaque
data:
redis-password: "TWNhY2hlQDQ1MjI="
---
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-redis-configuration
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
data:
redis.conf: |-
# User-supplied common configuration:
# Enable AOF https://redis.io/topics/persistence#append-only-file
appendonly yes
# Disable RDB persistence, AOF persistence already enabled.
save ""
# End of common configuration
master.conf: |-
dir /data
# User-supplied master configuration:
rename-command FLUSHDB ""
rename-command FLUSHALL ""
# End of master configuration
replica.conf: |-
dir /data
slave-read-only yes
# User-supplied replica configuration:
rename-command FLUSHDB ""
rename-command FLUSHALL ""
# End of replica configuration
---
# Source: outside-deploy/charts/redis-db/templates/health-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-redis-health
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
data:
ping_readiness_local.sh: |-
#!/bin/bash
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_local.sh: |-
#!/bin/bash
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
ping_readiness_master.sh: |-
#!/bin/bash
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_master.sh: |-
#!/bin/bash
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
timeout -s 3 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
ping_readiness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_readiness_local.sh" $1 || exit_status=$?
"$script_dir/ping_readiness_master.sh" $1 || exit_status=$?
exit $exit_status
ping_liveness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
"$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
exit $exit_status
---
# Source: outside-deploy/charts/redis-db/templates/scripts-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-redis-scripts
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
data:
start-master.sh: |
#!/bin/bash
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
ARGS=("--port" "${REDIS_PORT}")
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_PASSWORD}")
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
exec redis-server "${ARGS[@]}"
start-replica.sh: |
#!/bin/bash
get_port() {
hostname="$1"
type="$2"
port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g")
port=${!port_var}
if [ -z "$port" ]; then
case $type in
"SENTINEL")
echo 26379
;;
"REDIS")
echo 6379
;;
esac
else
echo $port
fi
}
get_full_hostname() {
hostname="$1"
echo "${hostname}.${HEADLESS_SERVICE}"
}
REDISPORT=$(get_port "$HOSTNAME" "REDIS")
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
echo "" >> /opt/bitnami/redis/etc/replica.conf
echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf
echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf
ARGS=("--port" "${REDIS_PORT}")
ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
exec redis-server "${ARGS[@]}"
---
# Source: outside-deploy/charts/redis-db/templates/headless-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: helm-redis-headless
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
spec:
type: ClusterIP
clusterIP: None
ports:
- name: tcp-redis
port: 6379
targetPort: redis
selector:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: cq-fly-260311
---
# Source: outside-deploy/charts/redis-db/templates/master/service.yaml
apiVersion: v1
kind: Service
metadata:
name: helm-redis-master
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
spec:
type: ClusterIP
ports:
- name: tcp-redis
port: 6379
targetPort: redis
nodePort: null
selector:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: cq-fly-260311
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
---
# Source: outside-deploy/charts/redis-db/templates/replicas/service.yaml
apiVersion: v1
kind: Service
metadata:
name: helm-redis-replicas
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/component: replica
spec:
type: ClusterIP
ports:
- name: tcp-redis
port: 6379
targetPort: redis
nodePort: null
selector:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/component: replica
---
# Source: outside-deploy/charts/redis-db/templates/master/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: helm-redis-master
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: cq-fly-260311
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
serviceName: helm-redis-headless
updateStrategy:
rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
cmii.type: middleware
cmii.app: redis
app.kubernetes.io/component: master
annotations:
checksum/configmap: b64aa5db67e6e63811f3c1095b9fce34d83c86a471fccdda0e48eedb53a179b0
checksum/health: 6e0a6330e5ac63e565ae92af1444527d72d8897f91266f333555b3d323570623
checksum/scripts: b88df93710b7c42a76006e20218f05c6e500e6cc2affd4bb1985832f03166e98
checksum/secret: 43f1b0e20f9cb2de936bd182bc3683b720fc3cf4f4e76cb23c06a52398a50e8d
spec:
affinity: {}
securityContext:
fsGroup: 1001
serviceAccountName: helm-redis
imagePullSecrets:
- name: harborsecret
terminationGracePeriodSeconds: 30
containers:
- name: redis
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/redis:6.2.14-debian-11-r19
imagePullPolicy: "Always"
securityContext:
runAsUser: 1001
command:
- /bin/bash
args:
- -c
- /opt/bitnami/scripts/start-scripts/start-master.sh
env:
- name: BITNAMI_DEBUG
value: "false"
- name: REDIS_REPLICATION_MODE
value: master
- name: ALLOW_EMPTY_PASSWORD
value: "no"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: helm-redis
key: redis-password
- name: REDIS_TLS_ENABLED
value: "no"
- name: REDIS_PORT
value: "6379"
ports:
- name: redis
containerPort: 6379
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 5
# One second longer than command timeout should prevent generation of zombie processes.
timeoutSeconds: 6
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_liveness_local.sh 5
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_readiness_local.sh 1
resources:
limits:
cpu: "2"
memory: 8Gi
requests:
cpu: "2"
memory: 8Gi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
- name: health
mountPath: /health
- name: redis-data
mountPath: /data
subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc/
- name: tmp
mountPath: /tmp
volumes:
- name: start-scripts
configMap:
name: helm-redis-scripts
defaultMode: 0755
- name: health
configMap:
name: helm-redis-health
defaultMode: 0755
- name: config
configMap:
name: helm-redis-configuration
- name: redis-tmp-conf
emptyDir: {}
- name: tmp
emptyDir: {}
- name: redis-data
emptyDir: {}
---
# Source: outside-deploy/charts/redis-db/templates/replicas/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: helm-redis-replicas
namespace: cq-fly-260311
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/component: replica
spec:
replicas: 0
selector:
matchLabels:
app.kubernetes.io/name: redis-db
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/component: replica
serviceName: helm-redis-headless
updateStrategy:
rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: redis-db
octopus.control: redis-db-wdd
app.kubernetes.io/release: cq-fly-260311
app.kubernetes.io/managed-by: octopus
app.kubernetes.io/component: replica
annotations:
checksum/configmap: b64aa5db67e6e63811f3c1095b9fce34d83c86a471fccdda0e48eedb53a179b0
checksum/health: 6e0a6330e5ac63e565ae92af1444527d72d8897f91266f333555b3d323570623
checksum/scripts: b88df93710b7c42a76006e20218f05c6e500e6cc2affd4bb1985832f03166e98
checksum/secret: 43f1b0e20f9cb2de936bd182bc3683b720fc3cf4f4e76cb23c06a52398a50e8d
spec:
imagePullSecrets:
- name: harborsecret
securityContext:
fsGroup: 1001
serviceAccountName: helm-redis
terminationGracePeriodSeconds: 30
containers:
- name: redis
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/redis:6.2.14-debian-11-r1
imagePullPolicy: "Always"
securityContext:
runAsUser: 1001
command:
- /bin/bash
args:
- -c
- /opt/bitnami/scripts/start-scripts/start-replica.sh
env:
- name: BITNAMI_DEBUG
value: "false"
- name: REDIS_REPLICATION_MODE
value: slave
- name: REDIS_MASTER_HOST
value: helm-redis-master-0.helm-redis-headless.cq-fly-260311.svc.cluster.local
- name: REDIS_MASTER_PORT_NUMBER
value: "6379"
- name: ALLOW_EMPTY_PASSWORD
value: "no"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: helm-redis
key: redis-password
- name: REDIS_MASTER_PASSWORD
valueFrom:
secretKeyRef:
name: helm-redis
key: redis-password
- name: REDIS_TLS_ENABLED
value: "no"
- name: REDIS_PORT
value: "6379"
ports:
- name: redis
containerPort: 6379
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 6
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_liveness_local_and_master.sh 5
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_readiness_local_and_master.sh 1
resources:
limits:
cpu: "2"
memory: 8Gi
requests:
cpu: "2"
memory: 8Gi
volumeMounts:
- name: start-scripts
mountPath: /opt/bitnami/scripts/start-scripts
- name: health
mountPath: /health
- name: redis-data
mountPath: /data
subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc
volumes:
- name: start-scripts
configMap:
name: helm-redis-scripts
defaultMode: 0755
- name: health
configMap:
name: helm-redis-health
defaultMode: 0755
- name: config
configMap:
name: helm-redis-configuration
- name: redis-tmp-conf
emptyDir: {}
- name: redis-data
emptyDir: {}

147
75-202603-重庆二级平台/k8s-yaml/lite-oms.yaml Normal file
View File

@@ -0,0 +1,147 @@
kind: Deployment
apiVersion: apps/v1
metadata:
name: cmii-uav-platform-lite-oms
namespace: cq-fly-260311
labels:
app.kubernetes.io/app-version: 6.2.0
cmii.app: cmii-uav-platform-lite-oms
cmii.type: frontend
octopus.lite: frontend-app-wdd
spec:
replicas: 1
selector:
matchLabels:
cmii.app: cmii-uav-platform-lite-oms
cmii.type: frontend
template:
metadata:
labels:
cmii.app: cmii-uav-platform-lite-oms
cmii.type: frontend
spec:
volumes:
- name: nginx-conf
configMap:
name: nginx-cm
items:
- key: nginx.conf
path: nginx.conf
defaultMode: 420
- name: tenant-prefix
configMap:
name: tenant-prefix-lite-oms
items:
- key: ingress-config.js
path: ingress-config.js
defaultMode: 420
- name: tenant-prefix-c
configMap:
name: tenant-prefix-lite
items:
- key: system-config-noicp.js
path: system-config-noicp.js
defaultMode: 420
containers:
- name: cmii-uav-platform-lite-oms
image: >-
chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/cmii-uav-platform-lite-oms:2.1.0-2026040203-noicp
ports:
- name: platform-9528
containerPort: 9528
protocol: TCP
env:
- name: K8S_NAMESPACE
value: cq-fly-260311
- name: APPLICATION_NAME
value: cmii-uav-platform-lite-oms
resources:
limits:
cpu: '1'
memory: 1Gi
requests:
cpu: 50m
memory: 50Mi
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/conf.d/nginx.conf
subPath: nginx.conf
- name: tenant-prefix
mountPath: /home/cmii-platform/dist/ingress-config.js
subPath: ingress-config.js
- name: tenant-prefix-c
mountPath: /home/cmii-platform/dist/system-config-noicp.js
subPath: system-config-noicp.js
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: harborsecret
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
---
kind: Service
apiVersion: v1
metadata:
name: cmii-uav-platform-lite-oms
namespace: cq-fly-260311
labels:
app.kubernetes.io/version: 6.2.0
cmii.app: cmii-uav-platform-lite-oms
cmii.type: frontend
octopus.control: frontend-app-wdd
spec:
ports:
- name: web-svc-port
protocol: TCP
port: 9528
targetPort: 9528
nodePort: 30418
selector:
cmii.app: cmii-uav-platform-lite-oms
cmii.type: frontend
type: NodePort
sessionAffinity: None
externalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
internalTrafficPolicy: Cluster
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-lite-oms
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "",
CloudHOST: "36.133.232.218:8088",
ApplicationShortName: "ms",
AppClientId: "",
Headers: {
ORG_ID: 'pago',
PROJECT_ID: 'prgn'
},
TdtToken: "XXXX"
}
system-config-noicp.js: |-
var __GlobalSystemConfig = {
systemName: "重庆市低空应用公共服务平台",
platformName: "",
ShowICP: false,
ShowAgreement: false
};

171
75-202603-重庆二级平台/k8s-yaml/lite.yaml Normal file
View File

@@ -0,0 +1,171 @@
kind: Deployment
apiVersion: apps/v1
metadata:
name: cmii-uav-platform-lite
namespace: cq-fly-260311
labels:
app.kubernetes.io/app-version: 6.2.0
cmii.app: cmii-uav-platform-lite
cmii.type: frontend
octopus.lite: frontend-app-wdd
annotations:
deployment.kubernetes.io/revision: '8'
spec:
replicas: 1
selector:
matchLabels:
cmii.app: cmii-uav-platform-lite
cmii.type: frontend
template:
metadata:
creationTimestamp: null
labels:
cmii.app: cmii-uav-platform-lite
cmii.type: frontend
spec:
volumes:
- name: nginx-conf
configMap:
name: nginx-cm
items:
- key: nginx.conf
path: nginx.conf
defaultMode: 420
- name: tenant-prefix
configMap:
name: tenant-prefix-lite
items:
- key: ingress-config.js
path: ingress-config.js
defaultMode: 420
- name: tenant-prefix-c
configMap:
name: tenant-prefix-lite
items:
- key: system-config-noicp.js
path: system-config-noicp.js
defaultMode: 420
containers:
- name: cmii-uav-platform-lite
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/cmii-uav-platform-lite:1.5.0-2026031201-noicp
ports:
- name: platform-9528
containerPort: 9528
protocol: TCP
env:
- name: K8S_NAMESPACE
value: cq-fly-260311
- name: APPLICATION_NAME
value: cmii-uav-platform-lite
resources:
limits:
cpu: '1'
memory: 1Gi
requests:
cpu: 50m
memory: 50Mi
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/conf.d/nginx.conf
subPath: nginx.conf
- name: tenant-prefix
mountPath: /home/cmii-platform/dist/ingress-config.js
subPath: ingress-config.js
- name: tenant-prefix-c
mountPath: /home/cmii-platform/dist/system-config-noicp.js
subPath: system-config-noicp.js
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: harborsecret
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
---
kind: Service
apiVersion: v1
metadata:
name: cmii-uav-platform-lite
namespace: cq-fly-260311
labels:
app.kubernetes.io/version: 6.2.0
cmii.app: cmii-uav-platform-lite
cmii.type: frontend
octopus.control: frontend-app-wdd
spec:
ports:
- name: web-svc-port
protocol: TCP
port: 9528
targetPort: 9528
selector:
cmii.app: cmii-uav-platform-lite
cmii.type: frontend
type: ClusterIP
sessionAffinity: None
status:
loadBalancer: {}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-lite
namespace: cq-fly-260311
data:
ingress-config.js: |-
var __GlobalIngressConfig = {
TenantEnvironment: "",
CloudHOST: "36.133.115.174:8088",
ApplicationShortName: "lite",
AppClientId: "",
Headers: {
ORG_ID: 'pago',
PROJECT_ID: 'prgn'
},
TdtToken: "XXXX"
}
system-config-noicp.js: |-
var __GlobalSystemConfig = {
systemName: "重庆市低空应用公共服务平台",
platformName: "",
ShowICP: false,
ShowAgreement: false
};
---
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-cm
namespace: cq-fly-260311
labels:
cmii.type: frontend
data:
nginx.conf: |
server {
listen 9528;
server_name localhost;
gzip on;
location / {
root /home/cmii-platform/dist;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}

247
75-202603-重庆二级平台/k8s-yaml/sky-coverage.yaml Normal file
View File

@@ -0,0 +1,247 @@
kind: Deployment
apiVersion: apps/v1
metadata:
name: cmii-sky-converge
namespace: cq-fly-260311
labels:
app.kubernetes.io/app-version: 6.0.0
app.kubernetes.io/managed-by: octopus
cmii.app: cmii-sky-converge
cmii.type: backend
octopus/control: backend-app-1.0.0
spec:
replicas: 1
selector:
matchLabels:
cmii.app: cmii-sky-converge
cmii.type: backend
template:
metadata:
creationTimestamp: null
labels:
cmii.app: cmii-sky-converge
cmii.type: backend
spec:
volumes:
- name: application-k8s
configMap:
name: cmii-sky-converge-cm
items:
- key: application-k8s.yml
path: application-k8s.yml
- key: simAuth.license
path: simAuth.license
defaultMode: 420
- name: nfs-backend-log-volume
persistentVolumeClaim:
claimName: nfs-backend-log-pvc
containers:
- name: cmii-sky-converge
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/cmii-sky-converge:2.1.0-xa-2026031103
ports:
- name: pod-port
containerPort: 8080
protocol: TCP
env:
- name: K8S_NAMESPACE
value: cq-fly-260311
- name: APPLICATION_NAME
value: cmii-sky-converge
- name: CUST_JAVA_OPTS
value: '-Xms2000m -Xmx4500m -Dlog4j2.formatMsgNoLookups=true'
- name: NACOS_REGISTRY
value: helm-nacos:8848
- name: NACOS_DISCOVERY_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: NACOS_DISCOVERY_PORT
value: '8080'
- name: BIZ_CONFIG_GROUP
value: 5.7.0
- name: SYS_CONFIG_GROUP
value: 5.7.0
- name: IMAGE_VERSION
value: 5.7.0
- name: NACOS_USERNAME
value: developer
- name: NACOS_PASSWORD
value: Deve@9128201
- name: SPRING_PROFILES_ACTIVE
value: k8s,db,cache,message
resources:
limits:
cpu: '4'
memory: 6Gi
requests:
cpu: '4'
memory: 2Gi
volumeMounts:
- name: application-k8s
mountPath: /cmii/config/application-k8s.yml
subPath: application-k8s.yml
- name: application-k8s
mountPath: /cmii/config/simAuth.license
subPath: simAuth.license
- name: nfs-backend-log-volume
mountPath: /cmii/logs
subPath: uavcloud-devflight/cmii-sky-converge
livenessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
startupProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 3
periodSeconds: 20
successThreshold: 1
failureThreshold: 5
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: harborsecret
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: uavcloud.env
operator: In
values:
- cq-fly-260311
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
---
kind: Service
apiVersion: v1
metadata:
name: cmii-sky-converge
namespace: cq-fly-260311
labels:
app.kubernetes.io/app-version: 6.0.0
app.kubernetes.io/managed-by: octopus
cmii.app: cmii-sky-converge
cmii.type: backend
octopus/control: backend-app-1.0.0
spec:
ports:
- name: backend-tcp
protocol: TCP
port: 8080
targetPort: 8080
selector:
cmii.app: cmii-sky-converge
cmii.type: backend
type: ClusterIP
---
kind: ConfigMap
apiVersion: v1
metadata:
name: cmii-sky-converge-cm
namespace: cq-fly-260311
data:
application-k8s.yml: |
converge:
####################下面部分为中间件对应配置,需要确认!!!#######################
############使用k8s部署的中间件可以直接用k8s里面的服务名#################
db:
ip: helm-mysql-fly
port: 3306
username: k8s_admin
password: fP#UaH6qQ3)8
mqtt:
ip: helm-emqx-fly
port: 1883 # mqtt内部1883端口
username: cmlc
password: odD8#Ve7.B
rabbitmq:
ip: helm-rabbitmq-fly
port: 5672
username: admin
password: nYcRN91r._hj
redis:
ip: helm-redis-fly-master
port: 6379
password: Mcache@4522
influxdb:
ip: helm-influxdb-fly #influxdb宿主机的内部ip
port: 8086 #influxdb宿主机的端口如果docker compose文件没有改动则默认不变
token: YunnHJASAAdj23rasQAWd621erGAS82kaqj
org: cmii
bucket: cmii
minio:
ip: helm-minio-fly # minio服务的宿主机ip
port: 9000
access-key: cmii # minio的访问key
secret-key: B#923fC7mk # minio访问secret
#######################下面部分是业务服务需要的配置,需要确认!!!#######################
center:
address: http://cmii-fly-center:8080 # cmii-fly-center服务部署的容器宿主机ip地址和暴露的端口
stream:
endpoint: http://192.168.9.4:8088 #平台地址端口
buckets:
live-srs-hls: ilm-detect
storage:
endpoint: http://36.133.115.174:8088/converge # cmii-sky-converge服务的公网请求地址需要匹配到all-gateways-ingress里面converge服务的根路径
live:
merge:
tmp: /tmp/ffmpeg/
expired: 10
sms:
mas:
enable: false #内网部署改为false
host: http://XXX:XXX/sms/tmpsubmit
ecName: XXX科技有限公司
apId: notice
secretKey: notice@123
sign: ynYl2Vpl7
templateId: e4dc71ddd5c24d25b24daa01e969e24
expire: 3
limit:
minute: 5
hour: 15
day: 30
sim:
# true = 启用, false = 不启用
enable: false
###固定k8s里面挂载路径
licensePath: /cmii/config/simAuth.license
# 测试环境https://ptest.cmccsim.com:9090, 生产环境https://certplat.cmccsim.com
host: https://ptest.cmccsim.com:9090
callbackUrl: http://36.133.115.174:8088/converge
simAuth.license: >
BOOedo/TVLbYLdKyGkFYEAljoncjd2+mKkwARpNkb0Q8D0QaZbOnCjJdMj0kUtHVRJ03CYujyVJZ8Xc1JvBTujSFgBvNwXWJN2E35TZYGUYx4uZW7WZJ9ajp3pi9Q4V9JLA4qdyd/Zaz0/T+mqaXzW0l18jA9VL25fB0tkzQYpySql76V9QAowpuVcklItcNZ8YWwK4lbPjaygBhZVNqdhbJQwqLG7io2X0QV11T5yhbu8SXCag0hoX6s93IBz0k4Aze2TZvpJ25o/NuMptWKviddrVNpVAIwT/L9kLNVkBT8T0xysX6Ku+9aLKUlLrGw4lhAHM5iHp82jduw7L9jc878ZZgOoUALLaw9axnVdnf3XfhZ75/uhx4mZ+JnNS2aNH18mVR53CGT3jxY0y1RA64e2zhMhFr/KNxVGIuZl/iAr1EGI85QWrnYGsLNbilCFlZyDzcH8tK4hDvmMtUe1xCEUF6oO9nwr+YDHGBSM1ifXLJZrvwuDI7Zim+h6pUqctWhtf6eyfyF17iBrzzt6lmSjkQtZ1kRVUxRni68/FPH9YJBKQhJItAk2h1OaUBB1Lt5vfu8OYi5S+onTmesvlIuUk7USBIFbt4kVhUpgGtV+WyddcjH6BJo3NPqCYcObR4KeLmQ/bHmN/xyVT3HMed8VhiVv0U8EuTINJxmXh+nDVmeDEUa4qYtPRGArSsGF2KGbnOOqwkyk1D/o81Zxb8Kklxn3I/CK1EM63HZLY4hGm52oRsNDjbJPFFFUdTqyQw7igHdwJYJbgxqycCAh1f8zioVVziOXwHxV85poIpVG7pP0LWrYttW1e2WdrSI4WUO1X4krfPu+7WxYHj4Cs4aTflYM9F+KVqbw6bVlg5PIPRiIy6eMRqzvl53y9eesd7eqUNgRnM13PmRDJPe6sw5BnaPn1eHBk7Mh+CAsdRnq8V0t9NkRK2aNfJFNo/PPjahDlw9DHMnJW3QGgZNR3LqFKQxDQIpR7xwgsYX5CmZo3gaBHbTx1EozCagco1tGHrRaDlJNjAYKjnus0huujI0dh+w/ybkWoN4jPQiMWx5O/oem62ga5NbHd5wS/A5e9UKfNZef1NYJyiWRYNINXr3lUl0835rb38q6+5tBKZnrJq1GZ8n2IEuw8L1YcbvtuSDBlHYGSDQ6yD5sL/qv73sXjL2jwtu+QllQt6jhFw5VUKIFRhCjuTeLbrzmcOO2TwCVZb89QPW5rGNA5sO99qormwqNkwXzsKXNx6r9B2rQ6WUdP05r1ti0YAShBdfC1CPhpt2yuKIFO3eh8J6fWjHygBX2kYq+zdb4w39d77gBayQX5lIw4MY0Dcqbyw/MvqcnXj47EUmQ+xIxkaL76C4nbN7GuMQs1rpJ4eox9qqyBeKbVGo/7/aqP6vMXl0BsPWLV5Z2jCy0HzgyBMy4mU1Q==

191
75-202603-重庆二级平台/k8s-yaml/uav-ai-core-nacos.yaml Normal file
View File

@@ -0,0 +1,191 @@
spring:
cache:
type: none
mvc:
pathmatch:
matching-strategy: ant_path_matcher
platform:
info:
name: AI原子能力
description: AI原子能力
version: 6.2.0
datasource:
dynamic:
primary: uav_ai_core
datasource:
uav_ai_core:
type: com.zaxxer.hikari.HikariDataSource
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://helm-mysql:3306/uav_ai_core?characterEncoding=UTF-8&useSSL=true&zeroDateTimeBehavior=convertToNull&&allowMultiQueries=true&serverTimezone=GMT%2B8
username: k8s_admin
password: fP#UaH6qQ3)8
redis:
host: helm-redis-master
port: 6379
database: 0
password: Mcache@4522
redisson:
model: SINGLE
single-server-config:
address: helm-redis-master:6379
database: 0
password: Mcache@4522
rabbitmq:
host: helm-rabbitmq
port: 5672
username: admin
password: nYcRN91r._hj
virtual-host: /
server:
compression:
enabled: true
min-response-size: 1024
mime-types: text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json
springdoc:
api-docs:
version: openapi_3_1
group-configs:
- group: common
display-name: 公共能力
paths-to-match:
- /cmii/**
- group: regulator
display-name: 管理端
paths-to-match:
- /regulator/**
- group: all
display-name: 所有的服务能力
paths-to-match:
- /**
override-with-generic-response: true
info:
title: AI原子能力
description: AI原子能力
version: 6.2.0
com:
cmii:
chinamobile:
request:
mapping:
scan:
register-request-mapping: true
group: regulator
logging:
level:
com.cmii.chinamobile: info
minio:
srcId: 1323096648758464519
mqtt:
single:
host: tcp://helm-emqxs:1883
hosts: tcp://helm-emqxs:1883
username: cmlc
password: odD8#Ve7.B
hosts: tcp://helm-emqxs:1883
host: tcp://helm-emqxs:1883
username: cmlc
password: odD8#Ve7.B
qos: 1
connectionTimeout: 10
keepAliveInterval: 20
gzipPayload: false
#消息发布者clientId
publishClientId: ai_core
#消息订阅者clientId
subscribeClientId: ai_core_subscribe
ai:
core:
srcId: 1323096648758464519
ware:
defaultTenant: zjcxy
cityCode: 510100
projCode: demo
printMqttSendMsg: true
printHttpReceiveMsg: true
printMqttReceiveMsg: true
closeLightMqtt: false
cacheWithRedis: false
closePublishStandardMqtt: true
closePublishImageRecord: false
callbackUrl: https://www.demo.uavcmlc.com/uas/api/community/aicore/client/aiware/order/reportAiRecord
tenants:
zjcxy:
# host: https://cxy-stg-soul.vimvp.cn:50920
host: https://soul.gateway.zjcloud.com:50443
path: /uvsg-ai/order/cdfk
ak: 332d17324133bae0
sk: faa05b2072fc4ab881124eef62013066
guochuang:
host: http://api.tools.liandanlu.cn:50000
path: /005
ak: 1b59cfdb4e2d8d0d
sk: e5e5644f41354be8a4acb27e9b1ff37b
yitong:
host: http://183.6.114.147:6007
path:
ak: 1b59cfdb4e2d8d0d
sk: e5e5644f41354be8a4acb27e9b1ff37b
# zyly:
# host: http://192.168.75.14:2334
# path: /uvsg-ai/order/cdfk
# ak: 1b59cfdb4e2d8d0d
# sk: e5e5644f41354be8a4acb27e9b1ff37b
cyy1:
host: http://192.168.36.49:2333
path: /uvsg-ai/order/cdfk
ak: 1b59cfdb4e2d8d0d
sk: e5e5644f41354be8a4acb27e9b1ff37b
cyy2:
host: http://192.168.36.49:2334
path: /uvsg-ai/order/cdfk
ak: 1b59cfdb4e2d8d0d
sk: e5e5644f41354be8a4acb27e9b1ff37b
cyy3:
host: http://192.168.36.49:2335
path: /uvsg-ai/order/cdfk
ak: 1b59cfdb4e2d8d0d
sk: e5e5644f41354be8a4acb27e9b1ff37b
cyy4:
host: http://192.168.36.49:2336
path: /uvsg-ai/order/cdfk
ak: 1b59cfdb4e2d8d0d
sk: e5e5644f41354be8a4acb27e9b1ff37b
qjb:
host: http://uav.qjb1000.com:57893
path: /uvsg-ai/order/cdfk
ak: 1b59cfdb4e2d8d0d
sk: e5e5644f41354be8a4acb27e9b1ff37b
zylybig:
host: http://192.168.35.51:6526
path: /uvsg-ai/order/cdfk
ak: 1b59cfdb4e2d8d0d
sk: e5e5644f41354be8a4acb27e9b1ff37b
# jsj1:
# host: http://183.47.59.221:20197
# path: /uvsg-ai/order/cdfk
# ak: abc
# sk: axxxx
# jsj2:
# host: http://183.47.59.221:20198
# path: /uvsg-ai/order/cdfk
# ak: abc
# sk: axxxx
# jsj3:
# host: http://183.47.59.221:20199
# path: /uvsg-ai/order/cdfk
# ak: abc
# sk: axxxx
# jsj4:
# host: http://183.47.59.221:20194
# path: /uvsg-ai/order/cdfk
# ak: abc
# sk: axxxx
# yanfa2:
# host: http://192.168.75.21:8000
# path: /uvsg-ai/order/cdfk
# ak: 1b59cfdb4e2d8d0d
# sk: e5e5644f41354be8a4acb27e9b1ff37b
#宜通
video:
process:
getUrl: http://192.168.9.4:8088/api/v2/segments/info/batch?type=2

194
75-202603-重庆二级平台/k8s-yaml/uav-ai-core.yaml Normal file
View File

@@ -0,0 +1,194 @@
kind: Deployment
apiVersion: apps/v1
metadata:
name: cmii-uav-ai-core
namespace: cq-fly-260311
labels:
app.kubernetes.io/app-version: 6.2.0
app.kubernetes.io/managed-by: octopus
cmii.app: cmii-uav-ai-core
cmii.type: backend
octopus/control: backend-app-1.0.0
spec:
replicas: 1
selector:
matchLabels:
cmii.app: cmii-uav-ai-core
cmii.type: backend
template:
metadata:
labels:
cmii.app: cmii-uav-ai-core
cmii.type: backend
spec:
volumes:
- name: nfs-backend-log-volume
persistentVolumeClaim:
claimName: nfs-backend-log-pvc
containers:
- name: cmii-uav-ai-core
image: chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/cmii-uav-ai-core:5.7.0-shidian202603
ports:
- name: pod-port
containerPort: 8080
protocol: TCP
env:
- name: K8S_NAMESPACE
value: uavcloud-devflight
- name: APPLICATION_NAME
value: cmii-uav-ai-core
- name: CUST_JAVA_OPTS
value: '-Xms200m -Xmx1500m -Dlog4j2.formatMsgNoLookups=true'
- name: NACOS_REGISTRY
value: helm-nacos.cqejpt.svc.cluster.local:8848
- name: NACOS_DISCOVERY_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: NACOS_DISCOVERY_PORT
value: '8080'
- name: BIZ_CONFIG_GROUP
value: 6.2.0
- name: SYS_CONFIG_GROUP
value: 6.2.0
- name: IMAGE_VERSION
value: 6.2.0
- name: NACOS_USERNAME
value: developer
- name: NACOS_PASSWORD
value: Deve@9128201
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: NODE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: LIMIT_CPU
valueFrom:
resourceFieldRef:
containerName: cmii-uav-ai-core
resource: limits.cpu
divisor: '0'
- name: LIMIT_MEMORY
valueFrom:
resourceFieldRef:
containerName: cmii-uav-ai-core
resource: limits.memory
divisor: '0'
- name: REQUEST_CPU
valueFrom:
resourceFieldRef:
containerName: cmii-uav-ai-core
resource: requests.cpu
divisor: '0'
- name: REQUEST_MEMORY
valueFrom:
resourceFieldRef:
containerName: cmii-uav-ai-core
resource: requests.memory
divisor: '0'
resources:
limits:
cpu: '2'
memory: 3Gi
requests:
cpu: 300m
memory: 512Mi
volumeMounts:
- name: nfs-backend-log-volume
mountPath: /cmii/logs
subPath: uavcloud-devflight/cmii-uav-ai-core
livenessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 20
successThreshold: 1
failureThreshold: 3
startupProbe:
httpGet:
path: /cmii/health
port: pod-port
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 3
periodSeconds: 20
successThreshold: 1
failureThreshold: 5
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: harborsecret
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: uavcloud.env
operator: In
values:
- cq-fly-260311
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
---
kind: Service
apiVersion: v1
metadata:
name: cmii-uav-ai-core
namespace: cq-fly-260311
labels:
app.kubernetes.io/app-version: 6.2.0
app.kubernetes.io/managed-by: octopus
cmii.app: cmii-uav-ai-core
cmii.type: backend
octopus/control: backend-app-1.0.0
spec:
ports:
- name: backend-tcp
protocol: TCP
port: 8080
targetPort: 8080
selector:
cmii.app: cmii-uav-ai-core
cmii.type: backend
type: ClusterIP