对齐文件规范
This commit is contained in:
@@ -1,9 +0,0 @@
|
||||
# 00-01-k3s-基础概念(占位)
|
||||
|
||||
对应文档:[`docs/00-01-k3s-基础概念.md`](../../docs/00-01-k3s-基础概念.md)
|
||||
|
||||
## 说明
|
||||
|
||||
- 本篇为概念性文档,**不提供可部署的 Kubernetes 清单**。
|
||||
- 验证方式:按文档理解与对照集群实际输出即可(无 `kubectl apply -f` 目标)。
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
# 00-04-部署环境说明(占位)
|
||||
|
||||
对应文档:[`docs/00-04-部署环境说明.md`](../../docs/00-04-部署环境说明.md)
|
||||
|
||||
## 说明
|
||||
|
||||
- 本篇为环境说明文档,**不提供可部署的 Kubernetes 清单**。
|
||||
- 验证方式:按文档逐项核对你的实际环境信息(节点、磁盘挂载、版本等)。
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
# 01-01-k3s-控制节点含traefik(占位)
|
||||
|
||||
对应文档:[`docs/01-01-k3s-控制节点含traefik.md`](../../docs/01-01-k3s-控制节点含traefik.md)
|
||||
|
||||
## 说明
|
||||
|
||||
- 本篇主要是 **K3s 安装与集群初始化**,核心部署逻辑在 Ansible playbook 中。
|
||||
- 本目录仅作为 doc_id 对齐占位;不单独维护 K8s manifests。
|
||||
|
||||
## 关联(参考)
|
||||
|
||||
- Ansible:`ansible/playbooks/k3s-init-and-install.yml`
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
# 01-02-k3s-工作节点(占位)
|
||||
|
||||
对应文档:[`docs/01-02-k3s-工作节点.md`](../../docs/01-02-k3s-工作节点.md)
|
||||
|
||||
## 说明
|
||||
|
||||
- 本篇主要是 **工作节点加入 K3s 集群** 与节点侧配置。
|
||||
- 本目录仅作为 doc_id 对齐占位;不单独维护 K8s manifests。
|
||||
|
||||
## 关联(参考)
|
||||
|
||||
- Ansible:`ansible/playbooks/k3s-init-and-install.yml`
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
# 01-03-armv7-standalone-docker(占位)
|
||||
|
||||
对应文档:[`docs/01-03-armv7-standalone-docker.md`](../../docs/01-03-armv7-standalone-docker.md)
|
||||
|
||||
## 说明
|
||||
|
||||
- 本篇为 armv7 设备的 Docker 独立部署说明,**不提供 K3s/Kubernetes 清单**。
|
||||
- 本目录仅用于 doc_id 对齐占位。
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
# 01-04-双控制节点ha(占位)
|
||||
|
||||
对应文档:[`docs/01-04-双控制节点ha.md`](../../docs/01-04-双控制节点ha.md)
|
||||
|
||||
## 说明
|
||||
|
||||
- 本篇为 HA/双控制节点方案说明,部署更多依赖集群架构与外部 LB 配置。
|
||||
- 本目录仅用于 doc_id 对齐占位;不提供独立 K8s manifests。
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
# 01-05-armv7-nfs服务安装(占位)
|
||||
|
||||
对应文档:[`docs/01-05-armv7-nfs服务安装.md`](../../docs/01-05-armv7-nfs服务安装.md)
|
||||
|
||||
## 说明
|
||||
|
||||
- 本篇为 armv7 设备上 NFS 服务安装说明,**不提供 K3s/Kubernetes 清单**。
|
||||
- 本目录仅用于 doc_id 对齐占位。
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
# 01-06-节点初始化-ansible-实践(占位)
|
||||
|
||||
对应文档:[`docs/01-06-节点初始化-ansible-实践.md`](../../docs/01-06-节点初始化-ansible-实践.md)
|
||||
|
||||
## 说明
|
||||
|
||||
- 本篇的“真源”是 Ansible playbooks(初始化、安装、验证)。
|
||||
- 本目录仅用于 doc_id 对齐占位;不单独维护 K8s manifests。
|
||||
|
||||
## 关联(参考)
|
||||
|
||||
- Ansible:`ansible/playbooks/k3s-init-and-install.yml`
|
||||
|
||||
@@ -1,38 +0,0 @@
|
||||
# 01-07 HAProxy 配置
|
||||
|
||||
## 核心目标
|
||||
|
||||
本目录下的 **所有 `*.cfg` 必须可被 HAProxy 正确解析并符合文档意图**。验证分两层:
|
||||
|
||||
| 层次 | 含义 | 如何验证 |
|
||||
|------|------|----------|
|
||||
| **① 语法正确** | `haproxy -c -f <cfg>` 无致命错误 | 见下文「仅校验 cfg」或主验证脚本第 2 步 |
|
||||
| **② 运行与后端** | 在 OpenWrt 上实际监听 18080/18443 时,经第三方主机 curl 可达 K3s/Traefik 后端 | `./scripts/01-07-verify-haproxy.sh`(完整流程,含 curl) |
|
||||
|
||||
仓库内 **frontend 已统一为 `18080` / `18443`**(与 LuCI 的 80/443 分离);backend 仍指向各节点 **80/443**(Traefik 入口)。按环境修改 `192.168.2.61`~`192.168.2.64`。
|
||||
|
||||
## 仅校验本目录 cfg(不跑 curl)
|
||||
|
||||
仅需确认 **① 语法**,在仓库根目录执行:
|
||||
|
||||
```bash
|
||||
./scripts/01-07-verify-haproxy.sh --cfg-only
|
||||
```
|
||||
|
||||
会将本目录全部 `*.cfg` 拷到 OpenWrt 的 `/tmp/haproxy-verify/`,对每台文件执行 `haproxy -c`(与 OpenWrt 上安装的 HAProxy 版本一致)。
|
||||
|
||||
**说明**:`haproxy-https.cfg` 含 `ssl crt /etc/ssl/haproxy.pem`;若路由器上**没有**该 pem,语法检查可能失败,脚本会标为 `[SKIP]`。在 OpenWrt 放置有效 pem 后应能通过 `haproxy -c`。
|
||||
|
||||
## 文件一览
|
||||
|
||||
| 文件 | 说明(对应 `docs/01-07-openwrt-haproxy.md`) |
|
||||
|------|-----------------------------------------------|
|
||||
| `haproxy-no-check.cfg` | §2 最简;§3.1 在其 `server` 行加 `check` |
|
||||
| `haproxy-http.cfg` | §3.2 HTTP 健康检查(明文 80 后端) |
|
||||
| `haproxy-tls.cfg` | §3.3 TLS 握手检查(443 后端,`mode tcp`) |
|
||||
| `haproxy-https.cfg` | §3.4 HTTPS 应用层检查(需 HAProxy 终结 TLS,由 HAProxy 提供证书) |
|
||||
| `haproxy-proxy-http-tls.cfg` | §5 PROXY + HTTP/TLS 检查 |
|
||||
|
||||
## 与 Ansible / OpenWrt
|
||||
|
||||
可与 Ansible 共用(复制到 OpenWrt 或通过 playbook 下发)。一键把 **uhttpd 80/443 + HAProxy 18080/18443** 落到路由器见 `scripts/01-07-deploy-openwrt-haproxy.sh`。
|
||||
@@ -1,12 +0,0 @@
|
||||
# 02-00-nginx-系列说明(占位)
|
||||
|
||||
对应文档:[`docs/02-00-nginx-系列说明.md`](../../docs/02-00-nginx-系列说明.md)
|
||||
|
||||
## 清单复用说明
|
||||
|
||||
本系列(02-01~02-04)的可部署清单统一收敛在:
|
||||
|
||||
- `ansible/files/02-05-nginx-matrix/`
|
||||
|
||||
本目录仅用于 doc_id 对齐占位。
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
# 02-01-nginx-control-ingress(占位)
|
||||
|
||||
对应文档:[`docs/02-01-nginx-control-ingress.md`](../../docs/02-01-nginx-control-ingress.md)
|
||||
|
||||
## 真源清单
|
||||
|
||||
- 复用清单目录:`ansible/files/02-05-nginx-matrix/`
|
||||
- 对应文件:`01-control-ingress.yaml`
|
||||
|
||||
应用示例:
|
||||
|
||||
```bash
|
||||
kubectl apply -f ansible/files/02-05-nginx-matrix/01-control-ingress.yaml
|
||||
```
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
# 02-02-nginx-control-ingressroute(占位)
|
||||
|
||||
对应文档:[`docs/02-02-nginx-control-ingressroute.md`](../../docs/02-02-nginx-control-ingressroute.md)
|
||||
|
||||
## 真源清单
|
||||
|
||||
- 复用清单目录:`ansible/files/02-05-nginx-matrix/`
|
||||
- 对应文件:`02-control-ingressroute.yaml`
|
||||
|
||||
应用示例:
|
||||
|
||||
```bash
|
||||
kubectl apply -f ansible/files/02-05-nginx-matrix/02-control-ingressroute.yaml
|
||||
```
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
# 02-03-nginx-worker-ingress(占位)
|
||||
|
||||
对应文档:[`docs/02-03-nginx-worker-ingress.md`](../../docs/02-03-nginx-worker-ingress.md)
|
||||
|
||||
## 真源清单
|
||||
|
||||
- 复用清单目录:`ansible/files/02-05-nginx-matrix/`
|
||||
- 对应文件:`03-worker-ingress.yaml`
|
||||
|
||||
应用示例:
|
||||
|
||||
```bash
|
||||
kubectl apply -f ansible/files/02-05-nginx-matrix/03-worker-ingress.yaml
|
||||
```
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
# 02-04-nginx-worker-ingressroute(占位)
|
||||
|
||||
对应文档:[`docs/02-04-nginx-worker-ingressroute.md`](../../docs/02-04-nginx-worker-ingressroute.md)
|
||||
|
||||
## 真源清单
|
||||
|
||||
- 复用清单目录:`ansible/files/02-05-nginx-matrix/`
|
||||
- 对应文件:`04-worker-ingressroute.yaml`
|
||||
|
||||
应用示例:
|
||||
|
||||
```bash
|
||||
kubectl apply -f ansible/files/02-05-nginx-matrix/04-worker-ingressroute.yaml
|
||||
```
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
# Nginx 矩阵 manifests
|
||||
|
||||
用于 `ansible/playbooks/nginx-matrix-deploy.yml` 一键部署。
|
||||
|
||||
| 文件 | 场景 | 路径 | 节点 |
|
||||
|------|------|------|------|
|
||||
| 01-control-ingress.yaml | M1 控制+Ingress | /demo-m1 | 无 nodeSelector |
|
||||
| 02-control-ingressroute.yaml | M2 控制+IngressRoute | /demo-m2 | 无 nodeSelector |
|
||||
| 03-worker-ingress.yaml | M3 工作+Ingress | /demo-m3 | nodeSelector=worker(随机) |
|
||||
| 04-worker-ingressroute.yaml | M4 工作+IngressRoute | /demo-m4 | nodeSelector=ylc64 |
|
||||
|
||||
M4 默认指定 ylc64,M3 随机工作节点;按实际修改。
|
||||
|
||||
43
ansible/files/03-05/nginx-hostpath-demo.yaml
Normal file
43
ansible/files/03-05/nginx-hostpath-demo.yaml
Normal file
@@ -0,0 +1,43 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nginx-hostpath-demo
|
||||
namespace: default
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nginx-hostpath-demo
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nginx-hostpath-demo
|
||||
spec:
|
||||
nodeSelector:
|
||||
kubernetes.io/hostname: ylc61
|
||||
containers:
|
||||
- name: nginx
|
||||
image: nginx:1.27-alpine
|
||||
ports:
|
||||
- containerPort: 80
|
||||
volumeMounts:
|
||||
- name: app-data
|
||||
mountPath: /usr/share/nginx/html
|
||||
volumes:
|
||||
- name: app-data
|
||||
hostPath:
|
||||
path: /data/nginx-hostpath-demo
|
||||
type: DirectoryOrCreate
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: nginx-hostpath-demo
|
||||
namespace: default
|
||||
spec:
|
||||
selector:
|
||||
app: nginx-hostpath-demo
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 80
|
||||
type: ClusterIP
|
||||
26
ansible/files/03-06/nfs-direct-demo.yaml
Normal file
26
ansible/files/03-06/nfs-direct-demo.yaml
Normal file
@@ -0,0 +1,26 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nfs-direct-demo
|
||||
namespace: default
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nfs-direct-demo
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nfs-direct-demo
|
||||
spec:
|
||||
containers:
|
||||
- name: app
|
||||
image: nginx:alpine
|
||||
volumeMounts:
|
||||
- name: nfs-data
|
||||
mountPath: /usr/share/nginx/html
|
||||
volumes:
|
||||
- name: nfs-data
|
||||
nfs:
|
||||
server: <NFS_SERVER_IP>
|
||||
path: <NFS_EXPORT_PATH_OR_SUBDIR>
|
||||
12
ansible/files/03-06/nfs-dynamic-pvc-demo.yaml
Normal file
12
ansible/files/03-06/nfs-dynamic-pvc-demo.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nfs-dynamic-pvc-demo
|
||||
namespace: default
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: nfs-client
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
@@ -1,9 +0,0 @@
|
||||
# 03-08-k3s-ha-集群配置与切换(占位)
|
||||
|
||||
对应文档:[`docs/03-08-k3s-ha-集群配置与切换.md`](../../docs/03-08-k3s-ha-集群配置与切换.md)
|
||||
|
||||
## 说明
|
||||
|
||||
- 本篇偏架构/流程与配置项梳理,具体落地会涉及多节点与外部组件(如 LB/DNS/证书)。
|
||||
- 本目录仅用于 doc_id 对齐占位;暂无独立可复用 manifests。
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
# 03-09-k3s-gitops-集群配置管理(占位)
|
||||
|
||||
对应文档:[`docs/03-09-k3s-gitops-集群配置管理.md`](../../docs/03-09-k3s-gitops-集群配置管理.md)
|
||||
|
||||
## 说明
|
||||
|
||||
- 本篇为 GitOps 框架草案(Argo CD / Flux 等),最终 manifests 取决于选型与版本。
|
||||
- 本目录仅用于 doc_id 对齐占位;暂无固定清单。
|
||||
|
||||
@@ -1,43 +0,0 @@
|
||||
# Node.js demo 清单(与 docs/04-01~04-14 对齐)
|
||||
|
||||
**唯一真源**:本目录下 YAML 与 `docs/` 中说明一致;文档内不重复贴全文,避免漂移。
|
||||
|
||||
## 累积规则
|
||||
|
||||
- `04-0N-nodejs-demo.yaml` 表示:从 `04-01` 起顺序做完 **04-01~04-0N** 各篇能力后的 **一份** 可 `kubectl apply -f` 的完整状态(多资源用 `---` 分隔)。
|
||||
- **可直接跳到最后一份** 做实验,不必逐文件 apply;若要理解每步增量,可按编号顺序阅读文档并对照相邻两个 YAML 的差异。
|
||||
- **04-14**(GitOps/CI)无独立清单,见 `docs/04-14-nodejs-GitOps与CI流水线.md` 与 `docs/05-04-k3s-配置gitlab-cicd.md`、`docs/03-09-k3s-gitops-集群配置管理.md`。
|
||||
|
||||
## 文件与文档对照
|
||||
|
||||
| 文件 | 文档 | 备注 |
|
||||
|------|------|------|
|
||||
| `04-01-nodejs-demo.yaml` | `docs/04-01-k3s-nodejs-高级部署.md` | 基线:3000、`/node`、无 host |
|
||||
| `04-02-nodejs-demo.yaml` | `docs/04-02-nodejs-镜像与运行命令.md` | 固定镜像 tag、`imagePullPolicy` |
|
||||
| `04-03-nodejs-demo.yaml` | `docs/04-03-nodejs-环境变量与配置注入.md` | + ConfigMap;Secret 示例见文末 `nodejs-demo-secret.example.yaml` |
|
||||
| `04-04-nodejs-demo.yaml` | `docs/04-04-nodejs-端口与Service.md` | 监听改 **8080**(自 04-04 起探针与后续均用 8080) |
|
||||
| `04-05-nodejs-demo.yaml` | `docs/04-05-nodejs-资源请求与限制.md` | + resources |
|
||||
| `04-06-nodejs-demo.yaml` | `docs/04-06-nodejs-探针与健康检查.md` | + 探针 |
|
||||
| `04-07-nodejs-demo.yaml` | `docs/04-07-nodejs-调度与亲和.md` | + `nodeSelector`(默认 **ylc62**,请改为本机节点名) |
|
||||
| `04-08-nodejs-demo.yaml` | `docs/04-08-nodejs-安全上下文.md` | + 非 root、只读根、`/tmp` emptyDir |
|
||||
| `04-09-nodejs-demo.yaml` | `docs/04-09-nodejs-存储与卷.md` | + PVC `nodejs-demo-data`(默认 **local-path**) |
|
||||
| `04-10-nodejs-demo.yaml` | `docs/04-10-nodejs-Ingress与Traefik.md` | Ingress:`host` + `/api`,curl 需 **Host** |
|
||||
| `04-11-nodejs-demo.yaml` | `docs/04-11-nodejs-副本与滚动发布.md` | replicas=3 + RollingUpdate |
|
||||
| `04-12-nodejs-demo.yaml` | `docs/04-12-nodejs-TLS与证书.md` | **websecure** + TLS;须先创建 `nodejs-demo-tls` Secret |
|
||||
| `04-13-nodejs-demo.yaml` | `docs/04-13-nodejs-HPA.md` | + HPA(需 metrics-server) |
|
||||
|
||||
## 应用方式
|
||||
|
||||
```bash
|
||||
# 仓库根目录
|
||||
kubectl apply -f ansible/files/04-01-nodejs-demo/04-01-nodejs-demo.yaml
|
||||
```
|
||||
|
||||
或使用 Ansible:`ansible/playbooks/nodejs-demo-apply.yml`,变量 `nodejs_demo_manifest` 指定文件名。
|
||||
|
||||
## dry-run
|
||||
|
||||
```bash
|
||||
kubectl apply --dry-run=client -f ansible/files/04-01-nodejs-demo/04-01-nodejs-demo.yaml
|
||||
```
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
# 04-02-nodejs-镜像与运行命令(占位)
|
||||
|
||||
对应文档:[`docs/04-02-nodejs-镜像与运行命令.md`](../../docs/04-02-nodejs-镜像与运行命令.md)
|
||||
|
||||
## 真源清单(复用 04-01 累积目录)
|
||||
|
||||
- 真源目录:`ansible/files/04-01-nodejs-demo/`
|
||||
- 对应累积清单:`04-02-nodejs-demo.yaml`
|
||||
|
||||
```bash
|
||||
kubectl apply -f ansible/files/04-01-nodejs-demo/04-02-nodejs-demo.yaml
|
||||
```
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
# 04-03-nodejs-环境变量与配置注入(占位)
|
||||
|
||||
对应文档:[`docs/04-03-nodejs-环境变量与配置注入.md`](../../docs/04-03-nodejs-环境变量与配置注入.md)
|
||||
|
||||
## 真源清单(复用 04-01 累积目录)
|
||||
|
||||
- 真源目录:`ansible/files/04-01-nodejs-demo/`
|
||||
- 对应累积清单:`04-03-nodejs-demo.yaml`
|
||||
|
||||
```bash
|
||||
kubectl apply -f ansible/files/04-01-nodejs-demo/04-03-nodejs-demo.yaml
|
||||
```
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
# 04-04-nodejs-端口与Service(占位)
|
||||
|
||||
对应文档:[`docs/04-04-nodejs-端口与Service.md`](../../docs/04-04-nodejs-端口与Service.md)
|
||||
|
||||
## 真源清单(复用 04-01 累积目录)
|
||||
|
||||
- 真源目录:`ansible/files/04-01-nodejs-demo/`
|
||||
- 对应累积清单:`04-04-nodejs-demo.yaml`
|
||||
|
||||
```bash
|
||||
kubectl apply -f ansible/files/04-01-nodejs-demo/04-04-nodejs-demo.yaml
|
||||
```
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
# 04-05-nodejs-资源请求与限制(占位)
|
||||
|
||||
对应文档:[`docs/04-05-nodejs-资源请求与限制.md`](../../docs/04-05-nodejs-资源请求与限制.md)
|
||||
|
||||
## 真源清单(复用 04-01 累积目录)
|
||||
|
||||
- 真源目录:`ansible/files/04-01-nodejs-demo/`
|
||||
- 对应累积清单:`04-05-nodejs-demo.yaml`
|
||||
|
||||
```bash
|
||||
kubectl apply -f ansible/files/04-01-nodejs-demo/04-05-nodejs-demo.yaml
|
||||
```
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
# 04-06-nodejs-探针与健康检查(占位)
|
||||
|
||||
对应文档:[`docs/04-06-nodejs-探针与健康检查.md`](../../docs/04-06-nodejs-探针与健康检查.md)
|
||||
|
||||
## 真源清单(复用 04-01 累积目录)
|
||||
|
||||
- 真源目录:`ansible/files/04-01-nodejs-demo/`
|
||||
- 对应累积清单:`04-06-nodejs-demo.yaml`
|
||||
|
||||
```bash
|
||||
kubectl apply -f ansible/files/04-01-nodejs-demo/04-06-nodejs-demo.yaml
|
||||
```
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
# 04-07-nodejs-调度与亲和(占位)
|
||||
|
||||
对应文档:[`docs/04-07-nodejs-调度与亲和.md`](../../docs/04-07-nodejs-调度与亲和.md)
|
||||
|
||||
## 真源清单(复用 04-01 累积目录)
|
||||
|
||||
- 真源目录:`ansible/files/04-01-nodejs-demo/`
|
||||
- 对应累积清单:`04-07-nodejs-demo.yaml`
|
||||
|
||||
```bash
|
||||
kubectl apply -f ansible/files/04-01-nodejs-demo/04-07-nodejs-demo.yaml
|
||||
```
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
# 04-08-nodejs-安全上下文(占位)
|
||||
|
||||
对应文档:[`docs/04-08-nodejs-安全上下文.md`](../../docs/04-08-nodejs-安全上下文.md)
|
||||
|
||||
## 真源清单(复用 04-01 累积目录)
|
||||
|
||||
- 真源目录:`ansible/files/04-01-nodejs-demo/`
|
||||
- 对应累积清单:`04-08-nodejs-demo.yaml`
|
||||
|
||||
```bash
|
||||
kubectl apply -f ansible/files/04-01-nodejs-demo/04-08-nodejs-demo.yaml
|
||||
```
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
# 04-09-nodejs-存储与卷(占位)
|
||||
|
||||
对应文档:[`docs/04-09-nodejs-存储与卷.md`](../../docs/04-09-nodejs-存储与卷.md)
|
||||
|
||||
## 真源清单(复用 04-01 累积目录)
|
||||
|
||||
- 真源目录:`ansible/files/04-01-nodejs-demo/`
|
||||
- 对应累积清单:`04-09-nodejs-demo.yaml`
|
||||
|
||||
```bash
|
||||
kubectl apply -f ansible/files/04-01-nodejs-demo/04-09-nodejs-demo.yaml
|
||||
```
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
# 04-10-nodejs-Ingress与Traefik(占位)
|
||||
|
||||
对应文档:[`docs/04-10-nodejs-Ingress与Traefik.md`](../../docs/04-10-nodejs-Ingress与Traefik.md)
|
||||
|
||||
## 真源清单(复用 04-01 累积目录)
|
||||
|
||||
- 真源目录:`ansible/files/04-01-nodejs-demo/`
|
||||
- 对应累积清单:`04-10-nodejs-demo.yaml`
|
||||
|
||||
```bash
|
||||
kubectl apply -f ansible/files/04-01-nodejs-demo/04-10-nodejs-demo.yaml
|
||||
```
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
# 04-11-nodejs-副本与滚动发布(占位)
|
||||
|
||||
对应文档:[`docs/04-11-nodejs-副本与滚动发布.md`](../../docs/04-11-nodejs-副本与滚动发布.md)
|
||||
|
||||
## 真源清单(复用 04-01 累积目录)
|
||||
|
||||
- 真源目录:`ansible/files/04-01-nodejs-demo/`
|
||||
- 对应累积清单:`04-11-nodejs-demo.yaml`
|
||||
|
||||
```bash
|
||||
kubectl apply -f ansible/files/04-01-nodejs-demo/04-11-nodejs-demo.yaml
|
||||
```
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
# 04-12-nodejs-TLS与证书(占位)
|
||||
|
||||
对应文档:[`docs/04-12-nodejs-TLS与证书.md`](../../docs/04-12-nodejs-TLS与证书.md)
|
||||
|
||||
## 真源清单(复用 04-01 累积目录)
|
||||
|
||||
- 真源目录:`ansible/files/04-01-nodejs-demo/`
|
||||
- 对应累积清单:`04-12-nodejs-demo.yaml`
|
||||
|
||||
```bash
|
||||
kubectl apply -f ansible/files/04-01-nodejs-demo/04-12-nodejs-demo.yaml
|
||||
```
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
# 04-13-nodejs-HPA(占位)
|
||||
|
||||
对应文档:[`docs/04-13-nodejs-HPA.md`](../../docs/04-13-nodejs-HPA.md)
|
||||
|
||||
## 真源清单(复用 04-01 累积目录)
|
||||
|
||||
- 真源目录:`ansible/files/04-01-nodejs-demo/`
|
||||
- 对应累积清单:`04-13-nodejs-demo.yaml`
|
||||
|
||||
```bash
|
||||
kubectl apply -f ansible/files/04-01-nodejs-demo/04-13-nodejs-demo.yaml
|
||||
```
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
# 04-14-nodejs-GitOps与CI流水线(占位)
|
||||
|
||||
对应文档:[`docs/04-14-nodejs-GitOps与CI流水线.md`](../../docs/04-14-nodejs-GitOps与CI流水线.md)
|
||||
|
||||
## 说明
|
||||
|
||||
- 本篇为流程/方法论文档,通常不会提供一份固定可复用的 K8s 清单。
|
||||
- 如需参考示例清单,可从 `ansible/files/04-01-nodejs-demo/` 选择对应阶段的累积 YAML。
|
||||
|
||||
10
ansible/files/05-01/glances-docker-compose.example.yaml
Normal file
10
ansible/files/05-01/glances-docker-compose.example.yaml
Normal file
@@ -0,0 +1,10 @@
|
||||
services:
|
||||
glances:
|
||||
image: nicolargo/glances:latest
|
||||
container_name: glances
|
||||
environment:
|
||||
- TZ=Asia/Shanghai
|
||||
- GLANCES_OPT=-w
|
||||
ports:
|
||||
- "61208:61208"
|
||||
restart: unless-stopped
|
||||
6
ansible/files/05-01/homer-glances-item.example.yaml
Normal file
6
ansible/files/05-01/homer-glances-item.example.yaml
Normal file
@@ -0,0 +1,6 @@
|
||||
# Homer config.yml fragment example
|
||||
- name: "System Metrics"
|
||||
type: "Glances"
|
||||
icon: "fa-solid fa-heart-pulse"
|
||||
url: "https://glances.example.com"
|
||||
stats: [cpu, mem]
|
||||
@@ -1,10 +0,0 @@
|
||||
# GitLab CI 示例(与 docs 对照)
|
||||
|
||||
| 文件 | 文档 |
|
||||
|------|------|
|
||||
| `gitlab-ci-minimal.example.yml` | `docs/05-04-k3s-配置gitlab-cicd.md` |
|
||||
| `gitlab-ci-multi-arch-deploy.example.yml` | `docs/05-04-k3s-配置gitlab-cicd.md` |
|
||||
| `../05-03-gitlab-runner/gitlab-ci-runner-tags.example.yml` | `docs/05-03-k3s-安装gitlab-含runner.md` |
|
||||
|
||||
复制为 `.gitlab-ci.yml` 或 `include` 引用;变量与 Runner 以文档为准。
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
# 05-05-prometheus与grafana(占位)
|
||||
|
||||
对应文档:[`docs/05-05-prometheus与grafana.md`](../../docs/05-05-prometheus与grafana.md)
|
||||
|
||||
## 说明
|
||||
|
||||
- 监控栈通常通过 Helm Chart(如 kube-prometheus-stack)安装,清单会随版本变化。
|
||||
- 本目录仅用于 doc_id 对齐占位;后续若固化 values/Chart 版本,可在此补齐 manifests/values。
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
# 06-01-k3s-networkpolicy-故障排查(占位)
|
||||
|
||||
对应文档:[`docs/06-01-k3s-networkpolicy-故障排查.md`](../../docs/06-01-k3s-networkpolicy-故障排查.md)
|
||||
|
||||
## 说明
|
||||
|
||||
- 本篇为排障手册/命令集合,**不提供固定可部署清单**。
|
||||
- 本目录仅用于 doc_id 对齐占位。
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
# 06-02-运维小结(占位)
|
||||
|
||||
对应文档:[`docs/06-02-运维小结.md`](../../docs/06-02-运维小结.md)
|
||||
|
||||
## 说明
|
||||
|
||||
- 本篇为运维建议/巡检要点总结,通常不对应单一可部署清单。
|
||||
- 本目录仅用于 doc_id 对齐占位。
|
||||
|
||||
@@ -1,12 +0,0 @@
|
||||
# 06-03-k3s-自动备份与恢复-openlist-webdav(对齐 README)
|
||||
|
||||
对应文档:[`docs/06-03-k3s-自动备份与恢复-openlist-webdav.md`](../../docs/06-03-k3s-自动备份与恢复-openlist-webdav.md)
|
||||
|
||||
## 真源清单目录
|
||||
|
||||
本篇可部署清单当前收敛在:
|
||||
|
||||
- `ansible/files/06-03-openlist-webdav/`
|
||||
|
||||
说明:该目录名未镜像 docs 文件名;为满足“doc_id 目录对齐”口径,本目录仅作为桥接与入口。
|
||||
|
||||
@@ -12,14 +12,16 @@ k3s_server_ip: "192.168.2.61"
|
||||
# 安装 k3s 前校验:/storage 为挂载点且与 / 不同设备(实验室 10G+32G 建议 true;「目录式假 /storage」旧环境可 false)
|
||||
k3s_verify_storage_mount: true
|
||||
|
||||
# 可选:由 playbooks/k3s-prepare-storage.yml 对第二块整盘分区、格式化并挂载到 k3s_data_dir(会清空该盘,见 01-06)
|
||||
# 可选:由 playbooks/verify/01-06.yml(-e k3s_do_prepare_storage=true)对第二块整盘分区、格式化并挂载到 k3s_data_dir(会清空该盘,见 01-06)
|
||||
k3s_prepare_storage: false
|
||||
# k3s_data_disk_device: "/dev/vdb"
|
||||
# NVMe 整盘一般为 /dev/nvme0n1,首分区为 /dev/nvme0n1p1,playbook 会按设备名自动加 1 或 p1
|
||||
|
||||
# Longhorn Helm(playbooks/longhorn-install.yml)
|
||||
# Longhorn Helm(playbooks/verify/03-07.yml)
|
||||
longhorn_chart_version: "1.7.2"
|
||||
longhorn_install_node_packages: true
|
||||
# 仅在 Helm 与残留 CRD 严重冲突时设 true;默认 false。装前删光 CRD 可能导致 helm install 报 CRD not found
|
||||
longhorn_force_crd_reset: false
|
||||
# 是否在 longhorn-install 末尾应用本仓库 local-path 实验室 ConfigMap
|
||||
longhorn_apply_local_path_lab: false
|
||||
|
||||
|
||||
@@ -1,38 +0,0 @@
|
||||
---
|
||||
# 部署:docs/00-05 §2 步骤 3——local-path ConfigMap;PVC 演示验收见 scripts/verify.sh run 03-05。
|
||||
# 仅应用本仓库 local-path 实验室 ConfigMap(不安装 Longhorn)。在 k3s_server 上执行。
|
||||
# 与 docs/03-05 中「方法一」一致,真源:ansible/files/03-05-local-path-config/local-path-config-lab.json
|
||||
|
||||
- name: Apply local-path-config lab JSON
|
||||
hosts: k3s_server
|
||||
become: true
|
||||
run_once: true
|
||||
vars:
|
||||
k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml
|
||||
local_path_json_src: "{{ playbook_dir }}/../files/03-05-local-path-config/local-path-config-lab.json"
|
||||
local_path_json_dest: /root/local-path-config-lab.json
|
||||
tasks:
|
||||
- name: Copy local-path lab json
|
||||
ansible.builtin.copy:
|
||||
src: "{{ local_path_json_src }}"
|
||||
dest: "{{ local_path_json_dest }}"
|
||||
mode: "0644"
|
||||
|
||||
- name: Apply local-path-config ConfigMap
|
||||
ansible.builtin.shell: |
|
||||
set -e
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl -n kube-system create configmap local-path-config \
|
||||
--from-file=config.json={{ local_path_json_dest }} \
|
||||
--dry-run=client -o yaml | KUBECONFIG={{ k3s_kubeconfig }} kubectl apply -f -
|
||||
args:
|
||||
executable: /bin/bash
|
||||
changed_when: true
|
||||
|
||||
- name: Restart local-path-provisioner if present
|
||||
ansible.builtin.shell: |
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl -n kube-system rollout restart deploy/local-path-provisioner
|
||||
args:
|
||||
executable: /bin/bash
|
||||
register: lp_restart
|
||||
failed_when: false
|
||||
changed_when: lp_restart.rc == 0
|
||||
@@ -1,270 +0,0 @@
|
||||
---
|
||||
# 部署:docs/00-05 §2 步骤 3「正式安装类」——全集群 K3s + 节点准备(非 verify.sh 单条 teardown)。
|
||||
# 前置:§2 步骤 1 接入(inventory/SSH);步骤 2 可选 scripts/deploy-lab.sh 在 K3S_PREPARE_STORAGE=true 时先跑 k3s-prepare-storage.yml。
|
||||
# 入口:仓库根 ./scripts/deploy-lab.sh k3s,或 ansible-playbook -i ansible/inventory.ini ansible/playbooks/k3s-init-and-install.yml
|
||||
|
||||
- name: Verify /storage is a separate mount (optional)
|
||||
hosts: k3s_nodes
|
||||
become: true
|
||||
tasks:
|
||||
- name: Check / and /storage mount sources
|
||||
when: k3s_verify_storage_mount | default(false) | bool
|
||||
block:
|
||||
- name: Get mount source for /
|
||||
ansible.builtin.command: findmnt -n -o SOURCE /
|
||||
register: mnt_root
|
||||
changed_when: false
|
||||
|
||||
- name: Get mount source for /storage
|
||||
ansible.builtin.command: findmnt -n -o SOURCE /storage
|
||||
register: mnt_storage
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
- name: Assert /storage is mounted on a different device than /
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- mnt_storage.rc == 0
|
||||
- (mnt_root.stdout | trim | length) > 0
|
||||
- (mnt_storage.stdout | trim | length) > 0
|
||||
- (mnt_root.stdout | trim) != (mnt_storage.stdout | trim)
|
||||
fail_msg: >-
|
||||
/storage must be a mount point on a block device different from /.
|
||||
See docs/00-04-部署环境说明.md and docs/01-06-节点初始化-ansible-实践.md
|
||||
|
||||
- name: Init base system
|
||||
hosts: k3s_nodes
|
||||
become: true
|
||||
tasks:
|
||||
# 检查当前节点上 firewalld 的运行状态,供后续条件判断使用
|
||||
- name: Check if firewalld is running
|
||||
ansible.builtin.command: firewall-cmd --state
|
||||
register: firewalld_state
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
# 根据全局 timezone 变量设置系统时区(可选)
|
||||
- name: Set timezone
|
||||
ansible.builtin.command: timedatectl set-timezone {{ timezone }}
|
||||
when: timezone is defined and timezone != ""
|
||||
|
||||
# 安装 k3s 所需的基础工具包(curl、git 等)
|
||||
- name: Install basic packages
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- curl
|
||||
- git
|
||||
state: present
|
||||
|
||||
# 确保 /etc/hosts 中包含所有 k3s 节点的主机名解析(可选)
|
||||
- name: Ensure /etc/hosts has entries for all k3s nodes
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/hosts
|
||||
regexp: '^\S+\s+{{ item }}\s*$'
|
||||
line: "{{ hostvars[item]['ansible_host'] }} {{ item }}"
|
||||
state: present
|
||||
loop: "{{ groups['k3s_nodes'] }}"
|
||||
when:
|
||||
- k3s_manage_hosts | default(true) | bool
|
||||
- hostvars[item]['ansible_host'] is defined
|
||||
|
||||
# k3s 所需端口:8472/udp(flannel VXLAN)全部节点;6443/tcp(API)仅 server
|
||||
# 必须在安装 k3s 前开放,否则 worker 无法连接、flannel 无法建立 overlay
|
||||
# 在所有 k3s 节点上开放 flannel VXLAN 所需的 8472/udp 端口
|
||||
- name: Open flannel VXLAN port (8472/udp) on all k3s nodes
|
||||
ansible.builtin.command: firewall-cmd --permanent --add-port=8472/udp
|
||||
when:
|
||||
- k3s_manage_firewalld | default(true) | bool
|
||||
- firewalld_state.stdout | default('') == 'running'
|
||||
|
||||
# 在 server 节点上开放 k3s API 端口 6443/tcp
|
||||
- name: Open k3s API port (6443/tcp) on server
|
||||
ansible.builtin.command: firewall-cmd --permanent --add-port=6443/tcp
|
||||
when:
|
||||
- k3s_manage_firewalld | default(true) | bool
|
||||
- inventory_hostname in groups['k3s_server']
|
||||
- firewalld_state.stdout | default('') == 'running'
|
||||
|
||||
# 在完成端口放行后重新加载 firewalld 规则
|
||||
- name: Reload firewalld after opening k3s ports
|
||||
ansible.builtin.command: firewall-cmd --reload
|
||||
when:
|
||||
- k3s_manage_firewalld | default(true) | bool
|
||||
- firewalld_state.stdout | default('') == 'running'
|
||||
|
||||
- name: Install k3s server
|
||||
hosts: k3s_server
|
||||
become: true
|
||||
tasks:
|
||||
# 在 server 节点上下载安装并启动 k3s server 进程
|
||||
- name: Download and install k3s server
|
||||
ansible.builtin.shell: |
|
||||
curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="server --data-dir={{ k3s_data_dir }}" sh -
|
||||
args:
|
||||
creates: "{{ k3s_data_dir }}/server"
|
||||
|
||||
- name: Install k3s agent (workers)
|
||||
hosts: k3s_worker
|
||||
become: true
|
||||
serial: 1 # 逐台安装,减轻并行下载对网络的压力
|
||||
tasks:
|
||||
# 从首个 server 节点读取集群 token(仅执行一次)
|
||||
- name: Read k3s token from first server
|
||||
ansible.builtin.slurp:
|
||||
src: "{{ k3s_data_dir }}/server/token"
|
||||
delegate_to: "{{ groups['k3s_server'][0] }}"
|
||||
run_once: true
|
||||
register: k3s_token_from_server
|
||||
|
||||
# 在各 worker 节点上保存解码后的 token 供后续安装使用
|
||||
- name: Set fact for k3s token on workers
|
||||
ansible.builtin.set_fact:
|
||||
k3s_token: "{{ k3s_token_from_server.content | b64decode | trim }}"
|
||||
|
||||
# 在每个 worker 节点上下载安装并启动 k3s agent 进程
|
||||
- name: Install k3s agent
|
||||
ansible.builtin.shell: |
|
||||
curl -sfL https://get.k3s.io | K3S_URL=https://{{ k3s_server_ip }}:6443 K3S_TOKEN={{ k3s_token }} INSTALL_K3S_EXEC="agent --data-dir={{ k3s_data_dir }}" sh -
|
||||
args:
|
||||
creates: "{{ k3s_data_dir }}/agent"
|
||||
async: 600
|
||||
poll: 15
|
||||
|
||||
- name: Configure firewalld baseline for k3s (flannel.1 / cni0 -> trusted)
|
||||
hosts: k3s_nodes
|
||||
become: true
|
||||
tasks:
|
||||
# 为 k3s 配置 firewalld 基线:将 flannel.1 / cni0 加入 trusted 区域
|
||||
- block:
|
||||
# 检查节点上 firewalld 是否可用
|
||||
- name: Check if firewalld is available
|
||||
ansible.builtin.command: firewall-cmd --state
|
||||
register: firewalld_check
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
# 等待 CNI 接口 flannel.1 和 cni0 出现(k3s 启动并创建完成)
|
||||
- name: Wait for CNI interfaces (flannel.1, cni0) to appear
|
||||
ansible.builtin.shell: |
|
||||
for i in $(seq 1 120); do
|
||||
ip link show flannel.1 >/dev/null 2>&1 && ip link show cni0 >/dev/null 2>&1 && exit 0
|
||||
sleep 1
|
||||
done
|
||||
exit 1
|
||||
when: firewalld_check.stdout == 'running'
|
||||
|
||||
# 将 flannel.1 / cni0 接口加入 firewalld trusted 区域(运行时和永久)
|
||||
- name: Add flannel.1 and cni0 to firewalld trusted zone (runtime + permanent)
|
||||
ansible.builtin.shell: |
|
||||
firewall-cmd --zone=trusted --add-interface={{ item }}
|
||||
firewall-cmd --permanent --zone=trusted --add-interface={{ item }}
|
||||
loop:
|
||||
- flannel.1
|
||||
- cni0
|
||||
when: firewalld_check.stdout == 'running'
|
||||
|
||||
# 更新 firewalld 配置使新接口规则立即生效
|
||||
- name: Reload firewalld
|
||||
ansible.builtin.command: firewall-cmd --reload
|
||||
when: firewalld_check.stdout == 'running'
|
||||
when: k3s_manage_firewalld | default(true) | bool
|
||||
|
||||
- name: Configure CoreDNS (IPv4 upstream for ACME)
|
||||
hosts: k3s_server
|
||||
become: true
|
||||
run_once: true
|
||||
vars:
|
||||
k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml
|
||||
tasks:
|
||||
- name: Wait for CoreDNS deployment to be ready
|
||||
ansible.builtin.shell: |
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl rollout status deployment/coredns -n kube-system --timeout=120s
|
||||
when: k3s_manage_coredns | default(true) | bool
|
||||
|
||||
- name: Extract CoreDNS Corefile from ConfigMap
|
||||
ansible.builtin.shell: |
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl get configmap coredns -n kube-system -o jsonpath='{.data.Corefile}' > /tmp/coredns-corefile.txt
|
||||
when: k3s_manage_coredns | default(true) | bool
|
||||
|
||||
- name: Patch Corefile forward to IPv4 (avoid IPv6 upstream in Pod network)
|
||||
ansible.builtin.replace:
|
||||
path: /tmp/coredns-corefile.txt
|
||||
regexp: 'forward \. /etc/resolv\.conf'
|
||||
replace: 'forward . {{ coredns_forward_servers }}'
|
||||
register: coredns_patched
|
||||
when: k3s_manage_coredns | default(true) | bool
|
||||
|
||||
- name: Apply patched CoreDNS ConfigMap and restart
|
||||
ansible.builtin.shell: |
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl create configmap coredns --from-file=Corefile=/tmp/coredns-corefile.txt -n kube-system --dry-run=client -o yaml | KUBECONFIG={{ k3s_kubeconfig }} kubectl apply -f -
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl rollout restart deployment/coredns -n kube-system
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl rollout status deployment/coredns -n kube-system --timeout=60s
|
||||
when:
|
||||
- k3s_manage_coredns | default(true) | bool
|
||||
- coredns_patched is changed
|
||||
|
||||
- name: Remove temp Corefile
|
||||
ansible.builtin.file:
|
||||
path: /tmp/coredns-corefile.txt
|
||||
state: absent
|
||||
when: k3s_manage_coredns | default(true) | bool
|
||||
|
||||
- name: 安装后验证 - traefik / nodes / curl
|
||||
hosts: k3s_server
|
||||
become: true
|
||||
run_once: true
|
||||
vars:
|
||||
k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml
|
||||
tasks:
|
||||
# 安装后为控制节点打 control-plane 标签(02-05 矩阵 M1 需此标签才能调度),节点名与 inventory 短主机名一致(ylc61~ylc64)
|
||||
- name: Label control-plane nodes (k3s 不默认打标,M1 需此标签)
|
||||
ansible.builtin.shell: |
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl label node {{ item }} node-role.kubernetes.io/control-plane= --overwrite
|
||||
loop: "{{ groups['k3s_server'] | default([]) }}"
|
||||
|
||||
# 可选:为工作节点打 worker 标签(02-05 矩阵 M3 需要)
|
||||
- name: 可选 - 为工作节点打 worker 标签(02-05 矩阵 M3 需要)
|
||||
ansible.builtin.shell: |
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl label node {{ item }} node-role.kubernetes.io/worker= --overwrite
|
||||
loop: "{{ groups['k3s_worker'] | default([]) }}"
|
||||
when: k3s_manage_role_labels | default(true) | bool
|
||||
|
||||
# 查看 kube-system 命名空间中与 Traefik / svclb 相关的 Pod 列表
|
||||
- name: kubectl get pods -n kube-system(traefik / svclb)
|
||||
ansible.builtin.shell: KUBECONFIG={{ k3s_kubeconfig }} kubectl get pods -n kube-system -o wide | grep -E 'NAME|traefik|svclb'
|
||||
register: verify_traefik
|
||||
changed_when: false
|
||||
|
||||
# 打印上一步查询到的 Traefik 相关 Pod 信息
|
||||
- name: ">>> Traefik 相关 Pods"
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ item }}"
|
||||
loop: "{{ verify_traefik.stdout_lines }}"
|
||||
|
||||
# 查询当前集群中的节点列表
|
||||
- name: kubectl get nodes
|
||||
ansible.builtin.shell: KUBECONFIG={{ k3s_kubeconfig }} kubectl get nodes
|
||||
register: verify_nodes
|
||||
changed_when: false
|
||||
|
||||
# 打印节点列表结果,方便确认节点状态与角色
|
||||
- name: ">>> kubectl get nodes"
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ item }}"
|
||||
loop: "{{ verify_nodes.stdout_lines }}"
|
||||
|
||||
# 通过 curl 测试每个节点 80 与 443 入口连通性
|
||||
- name: curl 测试各节点 80/443 可达性
|
||||
ansible.builtin.shell: |
|
||||
for ip in {{ groups['k3s_nodes'] | map('extract', hostvars) | map(attribute='ansible_host') | join(' ') }}; do
|
||||
c80=$(curl -sk -o /dev/null -w "%{http_code}" --connect-timeout 2 http://$ip 2>/dev/null) || c80="fail"
|
||||
c443=$(curl -sk -o /dev/null -w "%{http_code}" --connect-timeout 2 https://$ip 2>/dev/null) || c443="fail"
|
||||
echo "$ip: 80=$c80 443=$c443"
|
||||
done
|
||||
register: verify_curl
|
||||
changed_when: false
|
||||
|
||||
- name: ">>> curl 结果"
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ item }}"
|
||||
loop: "{{ verify_curl.stdout_lines }}"
|
||||
@@ -1,108 +0,0 @@
|
||||
---
|
||||
# 部署:docs/00-05 §2 步骤 2~3 可选前置——数据盘 → /storage(非矩阵验收)。
|
||||
# 推荐经 scripts/deploy-lab.sh k3s 在 K3S_PREPARE_STORAGE=true 时自动串行;勿与 verify.sh run-all 混为同一含义。
|
||||
# 可选:在空白数据盘上创建单分区、ext4、fstab 并挂载到 k3s_data_dir(默认 /storage)。
|
||||
# 启用前在 group_vars/all.yml 设置 k3s_prepare_storage: true 与 k3s_data_disk_device(如 /dev/vdb)。
|
||||
# 会清空该磁盘上的数据。若 /storage 已是挂载点则跳过。
|
||||
|
||||
- name: Prepare data disk and mount to k3s_data_dir
|
||||
hosts: k3s_nodes
|
||||
become: true
|
||||
tasks:
|
||||
- name: Skip notice when storage prep disabled
|
||||
ansible.builtin.debug:
|
||||
msg: "k3s_prepare_storage is false — skipping (see group_vars/all.yml)"
|
||||
when: not (k3s_prepare_storage | default(false) | bool)
|
||||
|
||||
- name: Prepare block storage for k3s_data_dir
|
||||
when: k3s_prepare_storage | default(false) | bool
|
||||
block:
|
||||
- name: Require k3s_data_disk_device when k3s_prepare_storage is true
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- k3s_data_disk_device is defined
|
||||
- (k3s_data_disk_device | string | length) > 0
|
||||
fail_msg: "Set k3s_data_disk_device (e.g. /dev/vdb) in group_vars or host_vars"
|
||||
|
||||
- name: Verify k3s_data_disk_device is a block device
|
||||
ansible.builtin.command: test -b {{ k3s_data_disk_device }}
|
||||
changed_when: false
|
||||
|
||||
- name: Check whether k3s_data_dir is already a mountpoint
|
||||
ansible.builtin.command: mountpoint -q {{ k3s_data_dir }}
|
||||
register: mp_k3s
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
- name: Skip when k3s_data_dir already mounted
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ k3s_data_dir }} already mounted — skipping partitioning on {{ inventory_hostname }}"
|
||||
when: mp_k3s.rc == 0
|
||||
|
||||
- name: Install partitioning and filesystem tools
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- parted
|
||||
- e2fsprogs
|
||||
state: present
|
||||
when: mp_k3s.rc != 0
|
||||
|
||||
- name: Compute first partition path (nvme*n* -> p1, else 1)
|
||||
ansible.builtin.set_fact:
|
||||
k3s_data_partition: >-
|
||||
{{ k3s_data_disk_device }}{{ 'p1' if (k3s_data_disk_device | regex_search('nvme[0-9]+n[0-9]+$')) else '1' }}
|
||||
when: mp_k3s.rc != 0
|
||||
|
||||
- name: Create GPT and single ext4 partition
|
||||
ansible.builtin.command: >-
|
||||
parted -s {{ k3s_data_disk_device }} mklabel gpt mkpart primary ext4 0% 100%
|
||||
args:
|
||||
creates: "{{ k3s_data_partition }}"
|
||||
when: mp_k3s.rc != 0
|
||||
|
||||
- name: Wait for partition node in /dev
|
||||
ansible.builtin.wait_for:
|
||||
path: "{{ k3s_data_partition }}"
|
||||
state: present
|
||||
timeout: 60
|
||||
when: mp_k3s.rc != 0
|
||||
|
||||
- name: Detect existing filesystem on partition
|
||||
ansible.builtin.command: blkid -s TYPE -o value {{ k3s_data_partition }}
|
||||
register: fs_type
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
when: mp_k3s.rc != 0
|
||||
|
||||
- name: Create ext4 on partition
|
||||
ansible.builtin.command: mkfs.ext4 -F {{ k3s_data_partition }}
|
||||
when:
|
||||
- mp_k3s.rc != 0
|
||||
- (fs_type.stdout | default('') | trim | length) == 0
|
||||
|
||||
- name: Read UUID of partition
|
||||
ansible.builtin.command: blkid -s UUID -o value {{ k3s_data_partition }}
|
||||
register: blk_uuid
|
||||
changed_when: false
|
||||
when: mp_k3s.rc != 0
|
||||
|
||||
- name: Ensure mount directory exists
|
||||
ansible.builtin.file:
|
||||
path: "{{ k3s_data_dir }}"
|
||||
state: directory
|
||||
mode: "0755"
|
||||
when: mp_k3s.rc != 0
|
||||
|
||||
- name: Add fstab entry for k3s_data_dir
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/fstab
|
||||
regexp: "^UUID={{ blk_uuid.stdout | trim }}\\s"
|
||||
line: "UUID={{ blk_uuid.stdout | trim }} {{ k3s_data_dir }} ext4 defaults,nofail 0 2"
|
||||
create: true
|
||||
mode: "0644"
|
||||
when: mp_k3s.rc != 0
|
||||
|
||||
- name: Mount all from fstab
|
||||
ansible.builtin.command: mount -a
|
||||
changed_when: true
|
||||
when: mp_k3s.rc != 0
|
||||
@@ -1,252 +0,0 @@
|
||||
---
|
||||
# 部署:docs/00-05 §2 步骤 3——Helm 铺栈;验收见 scripts/verify.sh run 03-07。
|
||||
# Helm 安装 Longhorn(与 docs/03-07 一致)。在控制节点执行,依赖 KUBECONFIG=/etc/rancher/k3s/k3s.yaml
|
||||
# 变量:group_vars/all.yml 中 longhorn_chart_version、longhorn_install_node_packages、longhorn_apply_local_path_lab
|
||||
|
||||
- name: Longhorn node packages (iSCSI, NFS client)
|
||||
hosts: k3s_nodes
|
||||
become: true
|
||||
tasks:
|
||||
- name: Install Longhorn OS dependencies
|
||||
when: longhorn_install_node_packages | default(true) | bool
|
||||
block:
|
||||
- name: Install iscsi + nfs (dnf/yum)
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- iscsi-initiator-utils
|
||||
- nfs-utils
|
||||
state: present
|
||||
|
||||
- name: Enable iscsid
|
||||
ansible.builtin.systemd:
|
||||
name: iscsid
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
- name: Ensure Longhorn data subdirectory exists on all nodes
|
||||
ansible.builtin.file:
|
||||
path: "{{ k3s_data_dir }}/longhorn"
|
||||
state: directory
|
||||
mode: "0700"
|
||||
|
||||
- name: Pre-pull Longhorn images on all nodes (optional, avoid DockerHub EOF/ImagePullBackOff)
|
||||
when: longhorn_prepull_images | default(true) | bool
|
||||
ansible.builtin.shell: |
|
||||
set -e
|
||||
CTR="ctr --address /run/k3s/containerd/containerd.sock -n k8s.io"
|
||||
|
||||
imgs=(
|
||||
"docker.io/longhornio/longhorn-manager:v{{ longhorn_chart_version }}"
|
||||
"docker.io/longhornio/longhorn-ui:v{{ longhorn_chart_version }}"
|
||||
"docker.io/longhornio/longhorn-share-manager:v{{ longhorn_chart_version }}"
|
||||
"docker.io/longhornio/longhorn-engine:v{{ longhorn_chart_version }}"
|
||||
"docker.io/longhornio/longhorn-instance-manager:v{{ longhorn_chart_version }}"
|
||||
"docker.io/longhornio/backing-image-manager:v{{ longhorn_chart_version }}"
|
||||
"docker.io/longhornio/support-bundle-kit:v0.0.45"
|
||||
)
|
||||
|
||||
for img in "${imgs[@]}"; do
|
||||
ok=0
|
||||
for i in 1 2 3 4 5; do
|
||||
echo "[pull] $img (try $i/5)"
|
||||
if $CTR images pull "$img"; then
|
||||
ok=1
|
||||
break
|
||||
fi
|
||||
sleep $((i * 3))
|
||||
done
|
||||
if [ "$ok" -ne 1 ]; then
|
||||
echo "[ERR] failed pulling $img after retries"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
args:
|
||||
executable: /bin/bash
|
||||
changed_when: true
|
||||
|
||||
- name: Install Longhorn with Helm on first server
|
||||
hosts: k3s_server
|
||||
become: true
|
||||
run_once: true
|
||||
vars:
|
||||
longhorn_values_src: "{{ playbook_dir }}/../files/03-07-longhorn/values-lab.yaml"
|
||||
longhorn_values_dest: /root/longhorn-values-lab.yaml
|
||||
k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml
|
||||
tasks:
|
||||
- name: Install helm package (Fedora/RHEL family)
|
||||
ansible.builtin.package:
|
||||
name: helm
|
||||
state: present
|
||||
ignore_errors: true
|
||||
register: helm_pkg
|
||||
|
||||
- name: Hint if helm package install failed (install Helm 3 manually if needed)
|
||||
ansible.builtin.debug:
|
||||
msg: "dnf/yum 未装上 helm 时,请见 https://helm.sh/docs/intro/install/"
|
||||
when: helm_pkg.failed | default(false)
|
||||
|
||||
- name: Fail if helm binary still unavailable
|
||||
ansible.builtin.command: which helm
|
||||
register: helm_which
|
||||
changed_when: false
|
||||
failed_when: helm_which.rc != 0
|
||||
|
||||
- name: Copy lab values to server
|
||||
ansible.builtin.copy:
|
||||
src: "{{ longhorn_values_src }}"
|
||||
dest: "{{ longhorn_values_dest }}"
|
||||
mode: "0600"
|
||||
|
||||
- name: Ensure longhorn-system namespace is not stuck Terminating (force finalize if needed)
|
||||
ansible.builtin.shell: |
|
||||
set -e
|
||||
export KUBECONFIG={{ k3s_kubeconfig }}
|
||||
ns="longhorn-system"
|
||||
phase="$(kubectl get ns "$ns" -o jsonpath='{.status.phase}' 2>/dev/null || true)"
|
||||
if [ "$phase" = "Terminating" ]; then
|
||||
echo "[WARN] namespace $ns is Terminating; force finalize to unblock install"
|
||||
kubectl get ns "$ns" -o json > /tmp/ns.json
|
||||
python3 -c "import json; obj=json.load(open('/tmp/ns.json')); obj.setdefault('spec',{}); obj['spec']['finalizers']=[]; json.dump(obj, open('/tmp/ns-finalize.json','w'))"
|
||||
kubectl replace --raw "/api/v1/namespaces/$ns/finalize" -f /tmp/ns-finalize.json >/dev/null
|
||||
fi
|
||||
args:
|
||||
executable: /bin/bash
|
||||
changed_when: true
|
||||
failed_when: false
|
||||
|
||||
- name: Ensure longhorn Helm repo
|
||||
ansible.builtin.shell: |
|
||||
set -e
|
||||
if ! helm repo list 2>/dev/null | grep -q '^longhorn'; then
|
||||
helm repo add longhorn https://charts.longhorn.io
|
||||
fi
|
||||
helm repo update
|
||||
environment:
|
||||
KUBECONFIG: "{{ k3s_kubeconfig }}"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
changed_when: true
|
||||
|
||||
- name: Delete leftover longhorn PriorityClass (cluster-scoped) to avoid Helm ownership conflicts
|
||||
ansible.builtin.shell: |
|
||||
set -e
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl delete priorityclass longhorn-critical --ignore-not-found=true
|
||||
args:
|
||||
executable: /bin/bash
|
||||
changed_when: true
|
||||
failed_when: false
|
||||
|
||||
- name: Delete leftover Longhorn CRDs (cluster-scoped) to avoid Helm ownership conflicts
|
||||
ansible.builtin.shell: |
|
||||
set -e
|
||||
export KUBECONFIG={{ k3s_kubeconfig }}
|
||||
crd_list="$(kubectl get crd -o name 2>/dev/null | grep 'longhorn.io' || true)"
|
||||
if [ -n "$crd_list" ]; then
|
||||
echo "$crd_list" | while read -r crd; do
|
||||
[ -z "$crd" ] && continue
|
||||
timeout 20s kubectl delete "$crd" --ignore-not-found=true || true
|
||||
done
|
||||
fi
|
||||
args:
|
||||
executable: /bin/bash
|
||||
changed_when: true
|
||||
failed_when: false
|
||||
|
||||
- name: Delete leftover Longhorn ClusterRole/ClusterRoleBinding (cluster-scoped)
|
||||
ansible.builtin.shell: |
|
||||
set -e
|
||||
export KUBECONFIG={{ k3s_kubeconfig }}
|
||||
|
||||
role_list="$(kubectl get clusterrole -o name 2>/dev/null | grep 'longhorn' || true)"
|
||||
if [ -n "$role_list" ]; then
|
||||
echo "$role_list" | while read -r role; do
|
||||
[ -z "$role" ] && continue
|
||||
timeout 20s kubectl delete "$role" --ignore-not-found=true || true
|
||||
done
|
||||
fi
|
||||
|
||||
binding_list="$(kubectl get clusterrolebinding -o name 2>/dev/null | grep 'longhorn' || true)"
|
||||
if [ -n "$binding_list" ]; then
|
||||
echo "$binding_list" | while read -r binding; do
|
||||
[ -z "$binding" ] && continue
|
||||
timeout 20s kubectl delete "$binding" --ignore-not-found=true || true
|
||||
done
|
||||
fi
|
||||
args:
|
||||
executable: /bin/bash
|
||||
changed_when: true
|
||||
failed_when: false
|
||||
|
||||
- name: Cleanup leftover Helm release records for Longhorn (default + longhorn-system)
|
||||
ansible.builtin.shell: |
|
||||
set -e
|
||||
export KUBECONFIG={{ k3s_kubeconfig }}
|
||||
|
||||
# 有些失败/中断的安装会把 release secret 留在 default 或 longhorn-system,导致后续:
|
||||
# - "cannot re-use a name that is still in use"
|
||||
# - cluster-scoped 资源的 meta.helm.sh/release-namespace 注解冲突
|
||||
for ns in longhorn-system default; do
|
||||
if helm -n "$ns" list --all 2>/dev/null | grep -q '^longhorn'; then
|
||||
# uninstall 可能卡住(例如 uninstall job / hook),避免阻塞整个自动化流程
|
||||
timeout 120s helm -n "$ns" uninstall longhorn --no-hooks || true
|
||||
fi
|
||||
|
||||
sec_list="$(kubectl -n "$ns" get secret -o name 2>/dev/null | grep '^secret/sh\\.helm\\.release\\.v1\\.longhorn\\.' || true)"
|
||||
if [ -n "$sec_list" ]; then
|
||||
echo "$sec_list" | xargs -n1 kubectl -n "$ns" delete --ignore-not-found=true
|
||||
fi
|
||||
done
|
||||
environment:
|
||||
KUBECONFIG: "{{ k3s_kubeconfig }}"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
changed_when: true
|
||||
failed_when: false
|
||||
|
||||
- name: Helm upgrade/install Longhorn(失败兜底:install --replace)
|
||||
ansible.builtin.shell: |
|
||||
set -e
|
||||
helm upgrade --install longhorn longhorn/longhorn --namespace longhorn-system --create-namespace -f {{ longhorn_values_dest }} --version {{ longhorn_chart_version }} --wait --timeout 15m || helm install --replace longhorn longhorn/longhorn --namespace longhorn-system --create-namespace -f {{ longhorn_values_dest }} --version {{ longhorn_chart_version }} --wait --timeout 15m
|
||||
environment:
|
||||
KUBECONFIG: "{{ k3s_kubeconfig }}"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
register: helm_longhorn
|
||||
changed_when: true
|
||||
|
||||
- name: Apply local-path-config lab defaults (optional)
|
||||
hosts: k3s_server
|
||||
become: true
|
||||
run_once: true
|
||||
vars:
|
||||
k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml
|
||||
local_path_json_src: "{{ playbook_dir }}/../files/03-05-local-path-config/local-path-config-lab.json"
|
||||
local_path_json_dest: /root/local-path-config-lab.json
|
||||
tasks:
|
||||
- name: Apply local-path-config lab defaults (optional)
|
||||
when: longhorn_apply_local_path_lab | default(false) | bool
|
||||
block:
|
||||
- name: Copy local-path lab json
|
||||
ansible.builtin.copy:
|
||||
src: "{{ local_path_json_src }}"
|
||||
dest: "{{ local_path_json_dest }}"
|
||||
mode: "0644"
|
||||
|
||||
- name: Apply local-path-config ConfigMap
|
||||
ansible.builtin.shell: |
|
||||
set -e
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl -n kube-system create configmap local-path-config \
|
||||
--from-file=config.json={{ local_path_json_dest }} \
|
||||
--dry-run=client -o yaml | KUBECONFIG={{ k3s_kubeconfig }} kubectl apply -f -
|
||||
args:
|
||||
executable: /bin/bash
|
||||
changed_when: true
|
||||
|
||||
- name: Restart local-path-provisioner if present
|
||||
ansible.builtin.shell: |
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl -n kube-system rollout restart deploy/local-path-provisioner
|
||||
args:
|
||||
executable: /bin/bash
|
||||
register: lp_restart
|
||||
failed_when: false
|
||||
changed_when: lp_restart.rc == 0
|
||||
@@ -1,168 +0,0 @@
|
||||
---
|
||||
# 部署:docs/00-05 §2 步骤 3——铺栈(无按 doc_id 的断言/teardown)。
|
||||
# 矩阵级验收请用 scripts/verify.sh run 02-01…02-05 或 run-all。
|
||||
# Ansible 一键部署 nginx 矩阵(M1~M4)
|
||||
# 对应文档:docs/02-05-nginx-验证矩阵-一键部署.md(02-01~02-04 分篇已整合)
|
||||
#
|
||||
# 说明:复制 manifests → kubectl apply → 等待 Pod 就绪 → 验证 Pod 节点分布 → curl 16 目标
|
||||
# manifests:ansible/files/02-05-nginx-matrix/,M1 control-plane / M2 ylc61 / M3 worker / M4 ylc64,按实际修改 02/04 hostname
|
||||
#
|
||||
# 执行(在 ansible/ 目录下):
|
||||
# ansible-playbook -i inventory.ini playbooks/nginx-matrix-deploy.yml
|
||||
# 或在仓库根目录:
|
||||
# ansible-playbook -i ansible/inventory.ini ansible/playbooks/nginx-matrix-deploy.yml
|
||||
- name: Deploy nginx matrix (M1~M4)
|
||||
hosts: k3s_server
|
||||
become: true
|
||||
run_once: true
|
||||
vars:
|
||||
k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml
|
||||
# manifests 在 ansible/files/02-05-nginx-matrix/,与 playbook 同项目
|
||||
manifests_path: "{{ playbook_dir }}/../files/02-05-nginx-matrix"
|
||||
tasks:
|
||||
- name: Ensure manifests path exists
|
||||
ansible.builtin.stat:
|
||||
path: "{{ manifests_path }}"
|
||||
register: manifests_stat
|
||||
|
||||
- name: Fail if manifests not found
|
||||
ansible.builtin.fail:
|
||||
msg: "manifests 未找到: {{ manifests_path }},请从仓库根目录或 ansible 同级执行"
|
||||
when: not manifests_stat.stat.exists
|
||||
|
||||
# 部署前确保 control-plane/worker 标签存在(M1/M3 需此才能调度),节点名为短主机名(ylc61~ylc64)
|
||||
- name: Ensure control-plane label on k3s_server nodes (for M1)
|
||||
ansible.builtin.shell: |
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl label node {{ item }} node-role.kubernetes.io/control-plane= --overwrite
|
||||
loop: "{{ groups['k3s_server'] | default([]) }}"
|
||||
|
||||
- name: Ensure worker label on k3s_worker nodes (for M3)
|
||||
ansible.builtin.shell: |
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl label node {{ item }} node-role.kubernetes.io/worker= --overwrite
|
||||
loop: "{{ groups['k3s_worker'] | default([]) }}"
|
||||
|
||||
- name: Copy nginx matrix manifests to server
|
||||
ansible.builtin.copy:
|
||||
src: "{{ manifests_path }}/"
|
||||
dest: /tmp/nginx-matrix/
|
||||
mode: '0644'
|
||||
|
||||
# 先删全部 nginx 矩阵 Deployment 再 apply,避免旧 ReplicaSet 导致任一 Mx 仍显示默认页
|
||||
- name: Delete all nginx matrix deployments before apply
|
||||
ansible.builtin.shell: KUBECONFIG={{ k3s_kubeconfig }} kubectl delete deployment nginx-m1 nginx-m2 nginx-m3 nginx-m4 -n default --ignore-not-found=true
|
||||
register: del_nginx
|
||||
changed_when: "'deleted' in del_nginx.stdout"
|
||||
|
||||
- name: kubectl apply nginx matrix
|
||||
ansible.builtin.shell: KUBECONFIG={{ k3s_kubeconfig }} kubectl apply -f /tmp/nginx-matrix/ -R
|
||||
register: k8s_apply
|
||||
changed_when: "'configured' in k8s_apply.stdout or 'created' in k8s_apply.stdout"
|
||||
|
||||
- name: Restart nginx deployments so pods pick up ConfigMap (M1~M4 标识)
|
||||
ansible.builtin.shell: KUBECONFIG={{ k3s_kubeconfig }} kubectl rollout restart deployment nginx-m1 nginx-m2 nginx-m3 nginx-m4 -n default
|
||||
register: restart_out
|
||||
changed_when: true
|
||||
|
||||
- name: Wait for nginx pods to be ready
|
||||
ansible.builtin.shell: |
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl wait --for=condition=ready pod \
|
||||
-l app=nginx-m1 --timeout=60s
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl wait --for=condition=ready pod \
|
||||
-l app=nginx-m2 --timeout=60s
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl wait --for=condition=ready pod \
|
||||
-l app=nginx-m3 --timeout=120s
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl wait --for=condition=ready pod \
|
||||
-l app=nginx-m4 --timeout=120s
|
||||
register: wait_result
|
||||
changed_when: false
|
||||
|
||||
- name: Verify nginx matrix
|
||||
ansible.builtin.shell: KUBECONFIG={{ k3s_kubeconfig }} kubectl get pod,svc,ing,ingressroute -n default -o wide
|
||||
register: verify
|
||||
changed_when: false
|
||||
|
||||
- name: ">>> nginx matrix 资源"
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ item }}"
|
||||
loop: "{{ verify.stdout_lines }}"
|
||||
|
||||
- name: 验证 Pod 节点分布(M1/M2 应在控制节点,M3/M4 应在工作节点)
|
||||
ansible.builtin.shell: |
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl get pod -n default -o custom-columns='NAME:.metadata.name,APP:.metadata.labels.app,NODE:.spec.nodeName' | grep -E '^(NAME|nginx-m)'
|
||||
register: pod_placement
|
||||
changed_when: false
|
||||
|
||||
- name: ">>> Pod 节点分布"
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ item }}"
|
||||
loop: "{{ pod_placement.stdout_lines }}"
|
||||
|
||||
- name: M1 容器内诊断(排查为何仍为 nginx 欢迎页)
|
||||
ansible.builtin.shell: |
|
||||
echo "========== 1. M1 容器内 /usr/share/nginx/html/ 目录 =========="
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl exec -n default deployment/nginx-m1 -- ls -la /usr/share/nginx/html/ 2>/dev/null || echo "(exec 失败)"
|
||||
echo ""
|
||||
echo "========== 2. M1 容器内 index.html 内容(前 5 行)=========="
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl exec -n default deployment/nginx-m1 -- cat /usr/share/nginx/html/index.html 2>/dev/null | head -5 || echo "(exec 失败)"
|
||||
echo ""
|
||||
echo "========== 3. M1 容器内 /etc/nginx/conf.d/ 目录 =========="
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl exec -n default deployment/nginx-m1 -- ls -la /etc/nginx/conf.d/ 2>/dev/null || echo "(exec 失败)"
|
||||
echo ""
|
||||
echo "========== 4. M1 容器内 default.conf 内容 =========="
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl exec -n default deployment/nginx-m1 -- cat /etc/nginx/conf.d/default.conf 2>/dev/null || echo "(exec 失败)"
|
||||
echo ""
|
||||
echo "========== 5. M1 容器内 nginx 生效配置中的 server 块(前 40 行)=========="
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl exec -n default deployment/nginx-m1 -- nginx -T 2>/dev/null | grep -A 200 "server {" | head -40 || echo "(exec 失败)"
|
||||
register: m1_diag
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
- name: ">>> M1 容器内诊断结果(若 M1 仍为欢迎页,请根据此处输出排查)"
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ item }}"
|
||||
loop: "{{ m1_diag.stdout_lines }}"
|
||||
|
||||
- name: 验证 M1~M4 标识(Pod 内 index.html 含 Mx、响应头 X-Backend)
|
||||
ansible.builtin.shell: |
|
||||
base="{{ groups['k3s_nodes'] | map('extract', hostvars) | map(attribute='ansible_host') | first }}"
|
||||
for id in 1 2 3 4; do
|
||||
echo "=== M$id Pod 内 index.html 前 2 行 ==="
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl exec -n default deployment/nginx-m$id -- cat /usr/share/nginx/html/index.html 2>/dev/null | head -2 || echo "(exec 失败)"
|
||||
echo "=== M$id 响应头 X-Backend ==="
|
||||
curl -sI "http://$base/demo-m$id/" 2>/dev/null | grep -i x-backend || echo "(未看到 X-Backend)"
|
||||
echo ""
|
||||
done
|
||||
register: m_check
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
- name: ">>> M1~M4 验证"
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ item }}"
|
||||
loop: "{{ m_check.stdout_lines }}"
|
||||
|
||||
- name: curl 验证(16 个目标:4 节点 × 4 路径)
|
||||
ansible.builtin.shell: |
|
||||
bases="{{ groups['k3s_nodes'] | map('extract', hostvars) | map(attribute='ansible_host') | join(' ') }}"
|
||||
paths="/demo-m1 /demo-m2 /demo-m3 /demo-m4"
|
||||
count=0
|
||||
ok=0
|
||||
echo "=== 16 个目标 (4 节点 × 4 路径) ==="
|
||||
echo "节点 M1(控制+Ingress) M2(控制+IR) M3(工作+Ingress) M4(工作+IR)"
|
||||
for base in $bases; do
|
||||
m1=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout 2 http://$base/demo-m1 2>/dev/null) || m1="fail"
|
||||
m2=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout 2 http://$base/demo-m2 2>/dev/null) || m2="fail"
|
||||
m3=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout 2 http://$base/demo-m3 2>/dev/null) || m3="fail"
|
||||
m4=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout 2 http://$base/demo-m4 2>/dev/null) || m4="fail"
|
||||
printf "%-12s %-16s %-11s %-16s %s\n" "$base" "$m1" "$m2" "$m3" "$m4"
|
||||
for c in $m1 $m2 $m3 $m4; do count=$((count+1)); [ "$c" = "200" ] && ok=$((ok+1)); done
|
||||
done
|
||||
echo "---"
|
||||
echo "共验证 $count 个目标,$ok 个返回 200"
|
||||
register: curl_result
|
||||
changed_when: false
|
||||
|
||||
- name: ">>> curl 矩阵"
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ item }}"
|
||||
loop: "{{ curl_result.stdout_lines }}"
|
||||
@@ -1,189 +0,0 @@
|
||||
---
|
||||
# 部署:docs/00-05 §2 步骤 3——TLS 铺栈;验收见 scripts/verify.sh run 03-02 等。
|
||||
# Ansible 一键部署 nginx 矩阵 TLS 版(M1~M4,HTTPS)
|
||||
# 对应文档:docs/03-02-k3s-traefik-acme.md
|
||||
#
|
||||
# 说明:复制 TLS + HTTP-only manifests → 自动删除已存在的不含 TLS 的 nginx 矩阵(02-05)→ kubectl apply(含 TLS 与 HTTP-only 共 8 个路由)→ 等待 Pod 就绪 → HTTP-only / HTTPS curl 矩阵验证(test01~test04.jackadam.top)
|
||||
# manifests:ansible/files/03-02-nginx-matrix-tls/,域名为 test01~test04.jackadam.top,M2/M4 hostname 按实际修改;Ingress/IngressRoute 中 TLS 路由仅绑定 websecure,HTTP-only 路由仅绑定 web
|
||||
# 前置:已按 03-02 配置 ACME(Secret + traefik-acme.yaml),且 test01~test04.jackadam.top 已解析到入口 IP
|
||||
#
|
||||
# 执行(在 ansible/ 目录下):
|
||||
# ansible-playbook -i inventory.ini playbooks/nginx-matrix-tls-deploy.yml
|
||||
# 或在仓库根目录:
|
||||
# ansible-playbook -i ansible/inventory.ini ansible/playbooks/nginx-matrix-tls-deploy.yml
|
||||
# 验证时对所有 k3s_nodes 做 HTTPS 请求(所有节点均为入口点,与 02-05 HTTP 矩阵一致)
|
||||
- name: Deploy or cleanup nginx matrix TLS (M1~M4, HTTPS)
|
||||
hosts: k3s_server
|
||||
become: true
|
||||
run_once: true
|
||||
vars:
|
||||
# mode 由 -e mode=cleanup 传入,未传时默认为 deploy(勿在 vars 中写 mode: "{{ mode | default('deploy') }}" 会递归)
|
||||
k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml
|
||||
manifests_path: "{{ playbook_dir }}/../files/03-02-nginx-matrix-tls"
|
||||
tls_domains:
|
||||
- test01.jackadam.top
|
||||
- test02.jackadam.top
|
||||
- test03.jackadam.top
|
||||
- test04.jackadam.top
|
||||
tasks:
|
||||
- name: Deploy nginx matrix TLS (mode=deploy)
|
||||
when: (mode | default('deploy')) == 'deploy'
|
||||
block:
|
||||
- name: Ensure manifests path exists
|
||||
ansible.builtin.stat:
|
||||
path: "{{ manifests_path }}"
|
||||
register: manifests_stat
|
||||
|
||||
- name: Fail if manifests not found
|
||||
ansible.builtin.fail:
|
||||
msg: "manifests 未找到: {{ manifests_path }},请从仓库根目录或 ansible 同级执行"
|
||||
when: not manifests_stat.stat.exists
|
||||
|
||||
# 部署前确保 control-plane/worker 标签存在(M1/M3 需此才能调度),节点名为短主机名(ylc61~ylc64)
|
||||
- name: Ensure control-plane label on k3s_server nodes (for M1)
|
||||
ansible.builtin.shell: |
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl label node {{ item }} node-role.kubernetes.io/control-plane= --overwrite
|
||||
loop: "{{ groups['k3s_server'] | default([]) }}"
|
||||
|
||||
- name: Ensure worker label on k3s_worker nodes (for M3)
|
||||
ansible.builtin.shell: |
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl label node {{ item }} node-role.kubernetes.io/worker= --overwrite
|
||||
loop: "{{ groups['k3s_worker'] | default([]) }}"
|
||||
|
||||
- name: Copy nginx matrix TLS manifests to server
|
||||
ansible.builtin.copy:
|
||||
src: "{{ manifests_path }}/"
|
||||
dest: /tmp/nginx-matrix-tls/
|
||||
mode: '0644'
|
||||
|
||||
# 若存在不含 TLS 的 nginx 矩阵(02-05),先删掉,避免与 TLS 版 Ingress 冲突或残留
|
||||
- name: Delete non-TLS nginx matrix if present (deployments, ingress, ingressroute, middleware, configmaps)
|
||||
ansible.builtin.shell: |
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl delete deployment,svc -n default nginx-m1 nginx-m2 nginx-m3 nginx-m4 --ignore-not-found=true
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl delete ingress -n default nginx-m1 nginx-m3 --ignore-not-found=true
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl delete ingressroute -n default nginx-m2 nginx-m4 --ignore-not-found=true
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl delete middleware -n default stripprefix-m1 stripprefix-m2 stripprefix-m3 stripprefix-m4 --ignore-not-found=true
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl delete configmap -n default nginx-m1-html nginx-m2-html nginx-m3-html nginx-m4-html --ignore-not-found=true
|
||||
register: del_non_tls
|
||||
changed_when: "'deleted' in del_non_tls.stdout"
|
||||
|
||||
- name: kubectl apply nginx matrix TLS + HTTP-only
|
||||
ansible.builtin.shell: KUBECONFIG={{ k3s_kubeconfig }} kubectl apply -f /tmp/nginx-matrix-tls/ -R
|
||||
register: k8s_apply
|
||||
changed_when: "'configured' in k8s_apply.stdout or 'created' in k8s_apply.stdout"
|
||||
|
||||
- name: Restart nginx deployments so pods pick up ConfigMap (M1~M4 标识)
|
||||
ansible.builtin.shell: KUBECONFIG={{ k3s_kubeconfig }} kubectl rollout restart deployment nginx-m1 nginx-m2 nginx-m3 nginx-m4 -n default
|
||||
register: restart_out
|
||||
changed_when: true
|
||||
|
||||
- name: Wait for nginx pods to be ready
|
||||
ansible.builtin.shell: |
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl wait --for=condition=ready pod \
|
||||
-l app=nginx-m1 --timeout=60s
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl wait --for=condition=ready pod \
|
||||
-l app=nginx-m2 --timeout=60s
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl wait --for=condition=ready pod \
|
||||
-l app=nginx-m3 --timeout=120s
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl wait --for=condition=ready pod \
|
||||
-l app=nginx-m4 --timeout=120s
|
||||
register: wait_result
|
||||
changed_when: false
|
||||
|
||||
- name: Verify nginx matrix TLS resources
|
||||
ansible.builtin.shell: KUBECONFIG={{ k3s_kubeconfig }} kubectl get pod,svc,ing,ingressroute -n default -o wide
|
||||
register: verify
|
||||
changed_when: false
|
||||
|
||||
- name: ">>> nginx matrix TLS 资源"
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ item }}"
|
||||
loop: "{{ verify.stdout_lines }}"
|
||||
|
||||
- name: 验证 M1~M4 标识(Pod 内 index.html 含 Mx、响应头 X-Backend,取首个入口节点)
|
||||
ansible.builtin.shell: |
|
||||
first_ip="{{ groups['k3s_nodes'] | map('extract', hostvars) | map(attribute='ansible_host') | first }}"
|
||||
for id in 1 2 3 4; do
|
||||
echo "=== M$id Pod 内 index.html 前 2 行 ==="
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl exec -n default deployment/nginx-m$id -- cat /usr/share/nginx/html/index.html 2>/dev/null | head -2 || echo "(exec 失败)"
|
||||
echo "=== M$id 响应头 X-Backend (入口 $first_ip) ==="
|
||||
curl -sI "https://test0$id.jackadam.top/" --resolve "test0$id.jackadam.top:443:$first_ip" -k 2>/dev/null | grep -i x-backend || echo "(未看到 X-Backend)"
|
||||
echo ""
|
||||
done
|
||||
register: m_check
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
- name: ">>> M1~M4 验证"
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ item }}"
|
||||
loop: "{{ m_check.stdout_lines }}"
|
||||
|
||||
- name: HTTP curl 验证(HTTP-only:16 个目标,所有节点 × 4 域名)
|
||||
ansible.builtin.shell: |
|
||||
bases="{{ groups['k3s_nodes'] | map('extract', hostvars) | map(attribute='ansible_host') | join(' ') }}"
|
||||
count=0
|
||||
ok=0
|
||||
echo "=== 16 个目标 (4 节点 × 4 域名) HTTP ==="
|
||||
echo "节点 M1(test01) M2(test02) M3(test03) M4(test04)"
|
||||
for base in $bases; do
|
||||
m1=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout 5 http://test01.jackadam.top/ --resolve "test01.jackadam.top:80:$base" 2>/dev/null) || m1="fail"
|
||||
m2=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout 5 http://test02.jackadam.top/ --resolve "test02.jackadam.top:80:$base" 2>/dev/null) || m2="fail"
|
||||
m3=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout 5 http://test03.jackadam.top/ --resolve "test03.jackadam.top:80:$base" 2>/dev/null) || m3="fail"
|
||||
m4=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout 5 http://test04.jackadam.top/ --resolve "test04.jackadam.top:80:$base" 2>/dev/null) || m4="fail"
|
||||
printf "%-12s %-14s %-14s %-14s %s\n" "$base" "$m1" "$m2" "$m3" "$m4"
|
||||
for c in $m1 $m2 $m3 $m4; do count=$((count+1)); [ "$c" = "200" ] && ok=$((ok+1)); done
|
||||
done
|
||||
echo "---"
|
||||
echo "共验证 $count 个目标,$ok 个返回 200"
|
||||
register: curl_http_result
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
- name: ">>> HTTP curl 矩阵(HTTP-only)"
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ item }}"
|
||||
loop: "{{ curl_http_result.stdout_lines }}"
|
||||
|
||||
- name: HTTPS curl 验证(16 个目标:所有节点 × 4 域名,所有节点均为入口点)
|
||||
ansible.builtin.shell: |
|
||||
bases="{{ groups['k3s_nodes'] | map('extract', hostvars) | map(attribute='ansible_host') | join(' ') }}"
|
||||
count=0
|
||||
ok=0
|
||||
echo "=== 16 个目标 (4 节点 × 4 域名) HTTPS ==="
|
||||
echo "节点 M1(test01) M2(test02) M3(test03) M4(test04)"
|
||||
for base in $bases; do
|
||||
m1=$(curl -sk -o /dev/null -w "%{http_code}" --connect-timeout 5 https://test01.jackadam.top/ --resolve "test01.jackadam.top:443:$base" 2>/dev/null) || m1="fail"
|
||||
m2=$(curl -sk -o /dev/null -w "%{http_code}" --connect-timeout 5 https://test02.jackadam.top/ --resolve "test02.jackadam.top:443:$base" 2>/dev/null) || m2="fail"
|
||||
m3=$(curl -sk -o /dev/null -w "%{http_code}" --connect-timeout 5 https://test03.jackadam.top/ --resolve "test03.jackadam.top:443:$base" 2>/dev/null) || m3="fail"
|
||||
m4=$(curl -sk -o /dev/null -w "%{http_code}" --connect-timeout 5 https://test04.jackadam.top/ --resolve "test04.jackadam.top:443:$base" 2>/dev/null) || m4="fail"
|
||||
printf "%-12s %-14s %-14s %-14s %s\n" "$base" "$m1" "$m2" "$m3" "$m4"
|
||||
for c in $m1 $m2 $m3 $m4; do count=$((count+1)); [ "$c" = "200" ] && ok=$((ok+1)); done
|
||||
done
|
||||
echo "---"
|
||||
echo "共验证 $count 个目标,$ok 个返回 200"
|
||||
register: curl_result
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
- name: ">>> HTTPS curl 矩阵"
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ item }}"
|
||||
loop: "{{ curl_result.stdout_lines }}"
|
||||
|
||||
- name: Cleanup nginx matrix TLS (mode=cleanup)
|
||||
when: (mode | default('deploy')) == 'cleanup'
|
||||
block:
|
||||
- name: Delete nginx matrix TLS + HTTP-only resources (deployments, ingress, ingressroute, configmaps)
|
||||
ansible.builtin.shell: |
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl delete deployment,svc -n default nginx-m1 nginx-m2 nginx-m3 nginx-m4 --ignore-not-found=true
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl delete ingress -n default nginx-m1 nginx-m3 nginx-m1-http nginx-m3-http --ignore-not-found=true
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl delete ingressroute -n default nginx-m2 nginx-m4 nginx-m2-http nginx-m4-http --ignore-not-found=true
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl delete configmap -n default nginx-m1-html nginx-m2-html nginx-m3-html nginx-m4-html --ignore-not-found=true
|
||||
register: del_tls
|
||||
changed_when: "'deleted' in del_tls.stdout"
|
||||
|
||||
- name: Remove copied nginx matrix TLS manifests directory
|
||||
ansible.builtin.file:
|
||||
path: /tmp/nginx-matrix-tls
|
||||
state: absent
|
||||
@@ -1,48 +0,0 @@
|
||||
---
|
||||
# 部署:docs/00-05 §2 步骤 3——应用单文件 demo;整链验收优先 scripts/verify.sh run 04-01。
|
||||
# 一键应用 Node.js demo 清单(与 docs/04-01~04-13 + ansible/files/04-01-nodejs-demo 对齐)
|
||||
#
|
||||
# 执行(在仓库根目录):
|
||||
# ansible-playbook -i ansible/inventory.ini ansible/playbooks/nodejs-demo-apply.yml \
|
||||
# -e nodejs_demo_manifest=04-01-nodejs-demo.yaml
|
||||
#
|
||||
# 默认清单:04-01-nodejs-demo.yaml
|
||||
- name: Apply nodejs-demo Kubernetes manifests
|
||||
hosts: k3s_server
|
||||
become: true
|
||||
run_once: true
|
||||
vars:
|
||||
k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml
|
||||
nodejs_demo_manifest: "04-01-nodejs-demo.yaml"
|
||||
manifests_dir: "{{ playbook_dir }}/../files/04-01-nodejs-demo"
|
||||
tasks:
|
||||
- name: Ensure manifest file exists
|
||||
ansible.builtin.stat:
|
||||
path: "{{ manifests_dir }}/{{ nodejs_demo_manifest }}"
|
||||
register: nodejs_manifest_stat
|
||||
delegate_to: localhost
|
||||
become: false
|
||||
|
||||
- name: Fail if manifest not found
|
||||
ansible.builtin.fail:
|
||||
msg: "未找到 {{ manifests_dir }}/{{ nodejs_demo_manifest }},请从仓库根检查文件名"
|
||||
when: not nodejs_manifest_stat.stat.exists
|
||||
delegate_to: localhost
|
||||
become: false
|
||||
|
||||
- name: Copy manifest to control plane
|
||||
ansible.builtin.copy:
|
||||
src: "{{ manifests_dir }}/{{ nodejs_demo_manifest }}"
|
||||
dest: "/tmp/{{ nodejs_demo_manifest }}"
|
||||
mode: "0644"
|
||||
|
||||
- name: kubectl apply nodejs-demo manifest
|
||||
ansible.builtin.shell: |
|
||||
set -e
|
||||
KUBECONFIG={{ k3s_kubeconfig }} kubectl apply -f /tmp/{{ nodejs_demo_manifest }}
|
||||
register: nodejs_apply
|
||||
changed_when: "'configured' in nodejs_apply.stdout or 'created' in nodejs_apply.stdout"
|
||||
|
||||
- name: Show kubectl apply output
|
||||
ansible.builtin.debug:
|
||||
var: nodejs_apply.stdout_lines
|
||||
@@ -1,10 +0,0 @@
|
||||
- name: "00-01 noop verify"
|
||||
hosts: localhost
|
||||
gather_facts: false
|
||||
vars:
|
||||
repo_root: "{{ playbook_dir }}/../../.."
|
||||
doc_id: "00-01"
|
||||
doc_filename: "00-01-k3s-基础概念.md"
|
||||
tasks:
|
||||
- ansible.builtin.import_tasks: "{{ playbook_dir }}/_noop-tasks.yml"
|
||||
|
||||
@@ -1,10 +0,0 @@
|
||||
- name: "00-04 noop verify"
|
||||
hosts: localhost
|
||||
gather_facts: false
|
||||
vars:
|
||||
repo_root: "{{ playbook_dir }}/../../.."
|
||||
doc_id: "00-04"
|
||||
doc_filename: "00-04-部署环境说明.md"
|
||||
tasks:
|
||||
- ansible.builtin.import_tasks: "{{ playbook_dir }}/_noop-tasks.yml"
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user