admin/stock2_argocd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'main' of git.db34.com:admin/stock2_argocd

Browse Source
This commit is contained in:
owen 2025-04-21 14:04:19 +08:00
commit b3d1bd3ba8
11 changed files with 63 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
/.idea

9
base/basic-auth/http-basic-auth.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: basic-auth
type: Opaque
data:
auth: dXNlcjokYXByMSRPU0JHSXpFbCRFemNTTGk1QkJWVGFBQlhMODlNaXkvCg==
# This is a base64 encoded string of the format "user:$apr1$OSBGIzEl$EzcSLi5BBVTaABXL89Miy/".
# password: FVhxOBuqXK800gdmIq

2
base/basic-auth/kustomization.yaml Normal file
View File

@ -0,0 +1,2 @@
resources:
- http-basic-auth.yaml

8
base/tls/ca-secret.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: ca-secret
namespace: ingress-nginx
type: Opaque
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlEQVRDQ0FlbWdBd0lCQWdJSUdEYVl2WlhzaVFBd0RRWUpLb1pJaHZjTkFRRUxCUUF3TVRFUU1BNEdBMVVFDQpBeE1IVkdWdVkyNWxkREVMTUFrR0ExVUVCaE1DUTA0eEVEQU9CZ05WQkFvVEIxUmxibU51WlhRd0hoY05NalV3DQpOREUxTWpBME5EQTFXaGNOTWpZd05ERTFNakEwTkRBMVdqQXhNUkF3RGdZRFZRUURFd2RVWlc1amJtVjBNUXN3DQpDUVlEVlFRR0V3SkRUakVRTUE0R0ExVUVDaE1IVkdWdVkyNWxkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU5tUmlEV2F0WUFtWDJ2RnQzQXNPa3VWMVlhdmlaOXd3MEVkbjNjdlRXODRORm1vDQpic3FzUHRFUTJzaFpHT25nWUhuWWs1aUg2MU5Yc1U4eDl0ZExMSmJwS0J5clVqWmpEWVBoUWN2c1hNUmJSN1JwDQpybVlhMW40WmZjU3ViVVNhM0Uzdk9sZk1ZcWVuMXJhNTRHOEpGcFZRQ1ozbjQ2KzQxWEQ0V0lWTlBOdHR6ajRPDQpsUDdKanJhcmc1R01lblhWQjdLR3ZyUU9od2xod0lFb1RFZkc1Uk4vNGV5YWdLLzlpUzd2aEhVWjNPNVhsR1FIDQpnZG9mNVFTK3drcCtBREY4bnBhQlpYS1ZYMVhRVzFwVHpId1ZPbFRBaHpMN0pMMUJ5SjN4dy85TElqbDlFWnZCDQp6dzZHcG5rbXFSaGc3SWwrcnBrM0N6SmpGK3NSbE0zZExPcmtiZjBDQXdFQUFhTWRNQnN3REFZRFZSMFRCQVV3DQpBd0VCL3pBTEJnTlZIUThFQkFNQ0FvUXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBTGFMaXZOTm93R1pVSWtKDQpNbEh1Zk9ac1RyYW5OL3FxTmNUY252V0Mrd1IvSE1EaGc2ellYcmZDY3VWdUtRUU5STE1NaUVYa3M1c2dZMVNnDQpVc3VmS25ZSGNJRmdYaHU0cnRjTzFkVVZSMTNjRE5VVkxPRUp5OE5PK0Fac0VYRUxtQTRXbjZGL1NpbEVYOGl1DQpsNmhWeDRyS2FtSk5mMlI5dFhrT3Q2OHVqVDdIcVpWYkJmcVFjVEpxQnZpMG45bUM3SXlZVStDVmhkU2RPTGV4DQpodkMzRWplY0Q4RFNFQ1V0MlNoeitQbjhiM3o3NkhNMHM1UEdPZjlnM2NhTWJESTBudUJOMHpFV3VpOUpteE1DDQp0aXVHMlZXMGFrZ0JkUDE0N1FZMVFKZXN4Vm4yZ05qNWtiTmsxWlpwc1JvV1gzYzdRaVdRUmwwZVE2cnFxdkJlDQovRThmOUNrPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ0K

4
base/tls/kustomization.yaml
View File

@ -1,2 +1,4 @@
resources: resources:
- kx33-net-cert.yaml - kx33-cert.yaml
- ca-secret.yaml
- tls-secret.yaml

8
base/tls/kx33-cert.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: v1
stringData:
qcloud_cert_id: NVLniB9q
qcloud_ca_cert_id: NVLg94ze
kind: Secret
metadata:
name: kx33-cert
type: Opaque

7
base/tls/kx33-net-cert.yaml
View File

@ -1,7 +0,0 @@
apiVersion: v1
stringData:
qcloud_cert_id: ESqefc6J
kind: Secret
metadata:
name: kx33-net-cert
type: Opaque

9
base/tls/tls-secret.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: tls-secret
namespace: ingress-nginx
type: kubernetes.io/tls
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlES1RDQ0FoR2dBd0lCQWdJSUdEYVkwYVM3RWdBd0RRWUpLb1pJaHZjTkFRRUxCUUF3TVRFUU1BNEdBMVVFDQpBeE1IVkdWdVkyNWxkREVMTUFrR0ExVUVCaE1DUTA0eEVEQU9CZ05WQkFvVEIxUmxibU51WlhRd0hoY05NalV3DQpOREUxTWpBME5UTXhXaGNOTWpZd05ERTFNakEwTlRNeFdqQXlNUkV3RHdZRFZRUURFd2dxTG5GeExtTnZiVEVMDQpNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQW9UQjFSbGJtTnVaWFF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBDQpBNElCRHdBd2dnRUtBb0lCQVFEU3lYSzRlMHlHejdHS1dUcTlwMDYvOWVBeVpzUXF4bmhXYTZZcmZlUGNkSTB6DQpDTjZ1RVFBbGk4djlrQ1NINFU1M21BOFJMRm1GL0s0dlRrcE5tQTJJbXdMcHRmR2luTFlHYWhwRDBwUW15aUJjDQptcWJzRURhOGNsajh5NEUzcXA2NU1ydGFxaGhteTdsMmdDMzFCcjYydHZDSlF4b2hMOXZDK1doc2ZwOE1FVS9VDQpmK2hpRXMxU2ROUzZUTG1hc1cvSGFPeVhvYWhZaFFldDhVZXE4bUFSZFF2UmdHdjJWTjgyODgxck55MDRxZG1VDQpQTEdITXBrZzk0elQzZFAyT1RZUHkwcGM5c0JoNnpGT0NDUVpVcXorREk4QUVBOUVUMGQ3bGMrU2drTDA2TjFrDQoyakVmNEV3VWYvMHg5ZHhoQ0c1bzZKWVVIdTJ6Qzk3QzNxRCtQaHZaQWdNQkFBR2pSREJDTUFrR0ExVWRFd1FDDQpNQUF3Q3dZRFZSMFBCQVFEQWdXZ01CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNQk1HQTFVZEVRUU1NQXFDDQpDQ291Y1hFdVkyOXRNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFXQUxwT0I3bzJ2d01FUHVtdFhDQVJDUnY2DQpCN3hGeTJIeXR1eTZvK0VYSXRLZmZVQ1BaVjBnR3FySTJEUnYrU0pmMWNxUUFaK2ZlUDl6cXJES3dGQURmNm5BDQpnalo5Nkc0ZnBBcnZPZGZpQVQxeHU3WHBweWM1TFNEbXB3d0dEUFppTFc2NXBLaTk4TmZnaFlnOVIxVHpXVlMxDQpKWVVNQVBUeWZDYjJMSFg0Zi9EdmVGQ0Y5QjZQN3MyN2htelh4OHhCRlFiR0RpVHNzOFRtcUQybXBjWVY5S3lrDQpCNjBxdFgzcUltSXhxSk95K1JycEF1NHhmK1NTQXRYUHl0TkRvNWZSajFNc2RuN3FEcjFSYzI0eGlHQlQ4V1lSDQpGSmN2cXFkRUo5ZjhHdTNpamNpWHNGaUJzQkRuQ0EvTXo3REtRU0tLdFhHVFpsN0lWOGNqeHV0Mjc0SWMNCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCg==
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQ0KTUlJRW93SUJBQUtDQVFFQTBzbHl1SHRNaHMreGlsazZ2YWRPdi9YZ01tYkVLc1o0Vm11bUszM2ozSFNOTXdqZQ0KcmhFQUpZdkwvWkFraCtGT2Q1Z1BFU3haaGZ5dUwwNUtUWmdOaUpzQzZiWHhvcHkyQm1vYVE5S1VKc29nWEpxbQ0KN0JBMnZISlkvTXVCTjZxZXVUSzdXcW9ZWnN1NWRvQXQ5UWErdHJid2lVTWFJUy9id3Zsb2JINmZEQkZQMUgvbw0KWWhMTlVuVFV1a3k1bXJGdngyanNsNkdvV0lVSHJmRkhxdkpnRVhVTDBZQnI5bFRmTnZQTmF6Y3RPS25abER5eA0KaHpLWklQZU0wOTNUOWprMkQ4dEtYUGJBWWVzeFRnZ2tHVktzL2d5UEFCQVBSRTlIZTVYUGtvSkM5T2pkWk5veA0KSCtCTUZILzlNZlhjWVFodWFPaVdGQjd0c3d2ZXd0NmcvajRiMlFJREFRQUJBb0lCQUF1cUplVHJUV1hsa2JJRA0KcVUrdUMwVVlpM211ams2aHIyZDA1N1R0TnJYUUxTTVJRUHJDcW1zRjcvWmNaeFN1STVtTk90Q3JGbG5ZeGE0Mw0KZnR0Q1RBWGdhd3BaVzBqT1FhSjRyc2hvMUZXdXYzeEZ3bkZYRDdGRWtLNXhoaVBxK3ZWTmdDRzVXemdCRTgyaA0KdEdKQTduZmpRQ0VzNUN5UDN0VDNneVRLeHBlbC9YTmtXUjFBQmg2UkV0WlVUTmh0U2RTaDNwZ0pLMUkwN2Nscg0KNzNtMW80b2RydldOSFNUWUM1bFA3Vk5hL0VpczE1dno2ZGJsNXYyWFEvSnpwTHZWZFVKRWRteHhONWVSNmpGSw0KTlBzbWNJUGZLOFUvN3dyRGNwNjE1bVUzVmIwNUFmNjJyWkhySkZKdHBIMG1iOXFSYzRKMy93RytYaWEvNXhPVA0KOXdnc3BlTUNnWUVBNmtsVFJraStEN3pTV1RUNzQyb3R5VUNjaUlsdXdWZWxJdGNxWHc0MjM3ZDYvMGplV3BhQQ0KOU5MaWJNKzd2UXFWVmRJekJ4V2hjd1ZmdEllMzczRWVFMno0MWhJOXNidnVXNFdUbGNESnc0Mk9SSWNJYmZnQQ0KZXRzR0xXY251R1B3dlVoYTdKZnlIdHl6Ym9UU3AwV3hGZncrSTY0c3JENHlNRmdrWmNxTDUxTUNnWUVBNWxLUw0KMzlRTlByZWgzNlRMdUhMTlJUbE5tSzlUcWphTjNUN25vUTdaSFYzSzFpYzl2ZTEzbUhZRnk1YjJWaGN6ZEhWOQ0KQWhNLzJTRUpxUHdjaWQwMmNpdjlHVlRVbDNVWUFoL3dnZSsrOWsyMFNiS3ZZaVRacmhCRWkzZW1aTzF3eW1NZg0KZ1FsMlk1R3N1SFI4SEpmVTNBdzNSUnlGWCtRTmVpUUJDY0R1cHFNQ2dZQVRtUEtZVEhscGc1ZnMwbHZIbUJnZw0KWDRFNGdwWjdJY08wZUY4WStHMXFwVVJxbWtQUFBBdXBid0oxcTZLK20yWUdlY0MrOVBZK1V0TEFuU0dycThDaQ0KUzFrOVB1VmVPcVFqajdiYXJmZXluZUtxcE1qMXVlc0FXOVhXY215R0pnWDdMMVE3dWpJTWx0V0RoeVMvelRxVQ0KNWpha2NXdFhOUlNwcXBYUTFmS0I5UUtCZ1FDcVZkOHhrYzNKMkZ6cTNTR2M0NnBUeTdGTGZqN04zMUxEa1VZVQ0Kb3JxSE1WcFZUdWdta255a1VJU3dzSkMxMHFySE1peWxZRDhVQVk3M1hweHNpU0UvQnJGRURxeTY1bW8vQ0FnQw0KMEovVjRGbTVOMkRsb0lNc2EvT0ZnWk9aaU5DbG5QRXJxU2ZaTTE4ZGUyaGViUnVMTWEyZWV4MVljWHhXSEZKNA0KT0N0SEtRS0JnRnpBbzBoazFMRVlDMVN6cmpmZjBXZHVESEZuQnoyczJROWRFRzMrZmpVRlhsQVh0NlBBQUxDSg0KY2hKMmdGWTNRY1dBR015alBXK3doQU1HY2RPMWF1MlM0SFpLQTZwbkVYZ0VXbjFRQ3FuR0pwT2ZPd2dDcXI3RQ0KQmdZZG1Telo3MEhvZ3RlVUkrSzAvMUdXRE95eVplbHBHeEFnU3hVTmRKU3p6VDh0bTlCTQ0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0NCg==

25
gp2504/ingress.yaml
View File

@ -6,10 +6,25 @@ metadata:
kubernetes.io/ingress.class: "nginx" kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/proxy-body-size: "10m" nginx.ingress.kubernetes.io/proxy-body-size: "10m"
nginx.ingress.kubernetes.io/use-forwarded-headers: "true" nginx.ingress.kubernetes.io/use-forwarded-headers: "true"
nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/auth-tls-secret: "gp2504/ca-secret"
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
nginx.ingress.kubernetes.io/auth-tls-verify-depth: "2"
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# nginx.ingress.kubernetes.io/auth-type: "basic"
# nginx.ingress.kubernetes.io/auth-secret: "basic-auth"
# nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
spec: spec:
tls:
- hosts:
- api-g2504.qq.com
- h5-g2504.qq.com
- admin-g2504.qq.com
- agent-g2504.qq.com
secretName: tls-secret
rules: rules:
- host: api.g2504.qq.com - host: api-g2504.qq.com
http: http:
paths: paths:
- path: / - path: /
@ -26,7 +41,7 @@ spec:
name: external-service name: external-service
port: port:
number: 80 number: 80
- host: h5.g2504.qq.com - host: h5-g2504.qq.com
http: http:
paths: paths:
- path: / - path: /
@ -50,7 +65,7 @@ spec:
name: external-service name: external-service
port: port:
number: 80 number: 80
- host: admin.g2504.qq.com - host: admin-g2504.qq.com
http: http:
paths: paths:
- path: / - path: /
@ -81,7 +96,7 @@ spec:
name: external-service name: external-service
port: port:
number: 80 number: 80
- host: agent.g2504.qq.com - host: agent-g2504.qq.com
http: http:
paths: paths:
- path: / - path: /

2
gp2504/kustomization.yaml
View File

@ -10,6 +10,8 @@ resources:
- ../base/projects/stock2 - ../base/projects/stock2
- ../base/redis - ../base/redis
- ../base/redis-nodeport - ../base/redis-nodeport
- ../base/tls
- ../base/basic-auth
- ingress.yaml - ingress.yaml
configMapGenerator: configMapGenerator:

1
test.bat Normal file
View File

@ -0,0 +1 @@
kubectl apply --dry-run=client -k gp2504