synchronization

kubernetes/blog.yaml

@@ -0,0 +1,78 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: blog-pvc
+  namespace: blog
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: ""
+  resources:
+    requests:
+      storage: 10Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: blog
+  name: blog-deployment
+  labels:
+    app: blog
+spec:
+  progressDeadlineSeconds: 200
+  replicas: 1
+  revisionHistoryLimit: 1
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: blog
+  template:
+    metadata:
+      labels:
+        app: blog
+    spec:
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: blog-pvc
+      containers:
+      - name: blog
+        image: registry.cn-hangzhou.aliyuncs.com/offends/hexo:hexo-async-offends
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 4000
+          protocol: TCP
+        volumeMounts:
+          - name: data
+            mountPath: /hexo/source/_posts
+        readinessProbe:
+          failureThreshold: 3
+          initialDelaySeconds: 5
+          periodSeconds: 3
+          successThreshold: 1
+          tcpSocket:
+            port: 4000
+          timeoutSeconds: 10
+        resources:
+          limits:
+            memory: 512Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: blog
+  name: blog
+spec:
+  selector:
+    app: blog
+  ports:
+  - name: blog
+    protocol: TCP
+    port: 4000
+    targetPort: 4000
+  type: LoadBalancer
+  allocateLoadBalancerNodePorts: false

kubernetes/gateway.yaml

@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: blog
+  name: blog-gateway
+  labels:
+    app: blog-gateway
+spec:
+  progressDeadlineSeconds: 200
+  replicas: 1
+  revisionHistoryLimit: 1
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: blog-gateway
+  template:
+    metadata:
+      labels:
+        app: blog-gateway
+    spec:
+      containers:
+      - name: blog-gateway
+        image: registry.cn-hangzhou.aliyuncs.com/offends/hexo:gateway-kubernetes
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: localhost
+          value: "blog.offends.cn"
+        ports:
+        - containerPort: 80
+          protocol: TCP
+        readinessProbe:
+          failureThreshold: 3
+          initialDelaySeconds: 5
+          periodSeconds: 3
+          successThreshold: 1
+          tcpSocket:
+            port: 80
+          timeoutSeconds: 10
+        resources:
+          limits:
+            memory: 512Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: blog
+  name: blog-gateway
+spec:
+  selector:
+    app: blog-gateway
+  ports:
+  - name: blog-gateway
+    protocol: TCP
+    port: 80
+    targetPort: 80

kubernetes/ingress-nginx.yaml

@@ -0,0 +1,30 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/tls-acme: "true"
+    nginx.ingress.kubernetes.io/permanent-redirect-code: "301"
+    kubernetes.io/ingress.class: "nginx"
+    ingress.kubernetes.io/ssl-redirect: "true" 
+    ingress.kubernetes.io/secure-backends: "true"    
+    ingress.kubernetes.io/force-ssl-redirect: "true"
+  name: blog-ingress
+  namespace: blog
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: blog.offends.cn
+      http:
+        paths:
+          - pathType: Prefix
+            backend:
+              service:
+                name: blog-gateway
+                port:
+                  number: 80
+            path: /
+  # 只有在启用 TLS 时才需要此部分
+  tls:
+    - hosts:
+      - blog.offends.cn
+      secretName: blog-tls

kubernetes/ingress-traefik.yaml

@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: blog-ingress
+  namespace: blog
+  annotations:
+    kubernetes.io/ingress.class: traefik
+spec:
+  rules:
+    - host: blog.offends.cn
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: blog-gateway
+                port:
+                  number: 80
+  tls:
+    - hosts:
+      - blog.offends.cn
+      secretName: blog-tls

kubernetes/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: blog

kubernetes/twikoo.yaml

@@ -0,0 +1,63 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  namespace: blog
+  name: twikoo
+spec:
+  podManagementPolicy: OrderedReady
+  replicas: 1
+  revisionHistoryLimit: 0
+  selector:
+    matchLabels:
+      app: twikoo
+  serviceName: blog-twikoo
+  minReadySeconds: 5
+  template:
+    metadata:
+      labels:
+        app: twikoo
+    spec:
+      terminationGracePeriodSeconds: 5
+      containers:
+      - name: twikoo
+        image: registry.cn-hangzhou.aliyuncs.com/offends/hexo:twikoo
+        env:
+        - name: TWIKOO_THROTTLE
+          value: "1000"
+        # - name: TWIKOO_PORT
+        #   value: "4444"
+        ports:
+        - containerPort: 8080
+          protocol: TCP
+        resources:
+          limits:
+            memory: 128Mi
+        livenessProbe:
+          failureThreshold: 3
+          initialDelaySeconds: 5
+          periodSeconds: 3
+          successThreshold: 1
+          tcpSocket:
+            port: 8080
+          timeoutSeconds: 20
+        volumeMounts:
+          - name: host-path-volume
+            mountPath: /app/data
+      volumes:
+      - name: host-path-volume
+        hostPath:
+          path: /data/blog/twikoo     
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: blog
+  name: blog-twikoo
+spec:
+  selector:
+    app: twikoo
+  ports:
+  - port: 8080
+    targetPort: 8080
+    protocol: TCP
+  type: ClusterIP