feat: CoreDNS IPv4 上游、03-03 Tomcat 修复、HAProxy 与验证脚本

- Ansible: 部署时自动配置 CoreDNS forward 为 IPv4，避免 ACME 解析失败 - 01-01/01-07: 文档增加 CoreDNS 设置说明 - 03-03: Tomcat webapps.dist 复制、HTTP/HTTPS 双 Ingress、显式 Dashboard IngressRoute - traefik-dashboard-acme: tomcat-acme.yaml、404 排查说明 - HAProxy: 健康检查与 PROXY 配置拆分，18080/18443 部署与验证脚本 Made-with: Cursor
2026-03-22 19:02:46 +08:00
parent de1be1dbe5
commit 8a54cac61f
25 changed files with 924 additions and 113 deletions
--- a/ansible/files/traefik-dashboard-acme/tomcat-acme.yaml
+++ b/ansible/files/traefik-dashboard-acme/tomcat-acme.yaml
@@ -0,0 +1,94 @@
+# docs/03-03 第 5 节：Tomcat + test05.jackadam.top 验证 HTTPS（请按需改域名）
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tomcat-test05
+  namespace: default
+  labels:
+    app: tomcat-test05
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: tomcat-test05
+  template:
+    metadata:
+      labels:
+        app: tomcat-test05
+    spec:
+      containers:
+        - name: tomcat
+          image: tomcat:9.0
+          # 官方镜像默认 webapps 在 webapps.dist；整目录复制到 webapps（与 Docker Compose cp -a webapps.dist/* webapps 等价）
+          command:
+            - sh
+            - -c
+            - |
+              set -e
+              CATALINA_HOME=/usr/local/tomcat
+              mkdir -p "${CATALINA_HOME}/webapps"
+              cp -a "${CATALINA_HOME}/webapps.dist/." "${CATALINA_HOME}/webapps/"
+              exec "${CATALINA_HOME}/bin/catalina.sh" run
+          ports:
+            - containerPort: 8080
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: tomcat-test05
+  namespace: default
+spec:
+  selector:
+    app: tomcat-test05
+  ports:
+    - port: 8080
+      targetPort: 8080
+---
+# HTTPS（websecure）
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: tomcat-test05-acme
+  namespace: default
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls.certresolver: cloudflare
+spec:
+  ingressClassName: traefik
+  tls:
+    - hosts:
+        - test05.jackadam.top
+  rules:
+    - host: test05.jackadam.top
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: tomcat-test05
+                port:
+                  number: 8080
+---
+# HTTP（web，与 03-02 nginx-matrix-tls 一致：拆成两个 Ingress）
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: tomcat-test05-http
+  namespace: default
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: web
+spec:
+  ingressClassName: traefik
+  rules:
+    - host: test05.jackadam.top
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: tomcat-test05
+                port:
+                  number: 8080