Offends/Kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

synchronization

Browse Source
This commit is contained in:
offends
2025-08-25 17:53:08 +08:00
commit c201eb5ef9
318 changed files with 23092 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
File/Yaml/aliyun-gpu-pod.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
kind: Pod
metadata:
name: gpu-pod
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
env:
- name: NVIDIA_VISIBLE_DEVICES
value: "all"
ports:
- containerPort: 80
# resources:
# limits:
# aliyun.com/gpu-count: 1
# aliyun.com/gpu-mem: 512

45
File/Yaml/aliyun-sync.yaml Normal file
View File

@@ -0,0 +1,45 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
namespace: aliyunpan
name: aliyunpan-sync
spec:
podManagementPolicy: OrderedReady
replicas: 1
revisionHistoryLimit: 5
selector:
matchLabels:
app: aliyunpan-sync
serviceName: aliyunpan-sync
minReadySeconds: 5
template:
metadata:
labels:
app: aliyunpan-sync
spec:
terminationGracePeriodSeconds: 5
containers:
- name: aliyunpan-sync
image: tickstep/aliyunpan-sync:v0.2.9
env:
- name: TZ
value: "Asia/Shanghai"
- name: ALIYUNPAN_PAN_DIR
value: ""
- name: ALIYUNPAN_SYNC_MODE
value: "sync"
- name: ALIYUNPAN_REFRESH_TOKEN
valueFrom:
secretKeyRef:
name: aliyunpan-token
key: ALIYUNPAN_REFRESH_TOKEN
volumeMounts:
- name: host-path-volume
mountPath: /home/app/data
volumes:
- name: host-path-volume
hostPath:
path: /data/aliyunpan/
- name: secret-volume
secret:
secretName: aliyunpan-token

59
File/Yaml/chartmuseum.yaml Normal file
View File

@@ -0,0 +1,59 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: chartmuseum-pvc
namespace: chartmuseum
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
namespace: helm
name: chartmuseum
spec:
replicas: 1
serviceName: chartmuseum
selector:
matchLabels:
app: chartmuseum
template:
metadata:
labels:
app: chartmuseum
spec:
containers:
- name: chartmuseum
image: chartmuseum/chartmuseum:latest
env:
- name: DEBUG
value: "1"
- name: STORAGE
value: local
- name: STORAGE_LOCAL_ROOTDIR
value: /charts
volumeMounts:
- mountPath: /charts
name: data
volumes:
- name: data
persistentVolumeClaim:
claimName: chartmuseum-pvc
---
apiVersion: v1
kind: Service
metadata:
namespace: helm
name: chartmuseum
spec:
selector:
app: chartmuseum
ports:
- port: 8080
targetPort: 8080
protocol: TCP
type: ClusterIP

51
File/Yaml/chatgpt-pandora.yaml Normal file
View File

@@ -0,0 +1,51 @@
apiVersion: v1
kind: Namespace
metadata:
name: chatgpt
labels:
name: chatgpt
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: chatgpt-pandora
namespace: chatgpt
labels:
app: chatgpt-pandora
spec:
selector:
matchLabels:
app: chatgpt-web
replicas: 1
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: chatgpt-web
spec:
containers:
- name: chatgpt-pandora
image: 'pengzhile/pandora:latest'
ports:
- name: chatgpt-80
containerPort: 80
protocol: TCP
env:
- name: PANDORA_SERVER
value: '0.0.0.0:80'
- name: PANDORA_CLOUD
value: cloud
---
apiVersion: v1
kind: Service
metadata:
name: chatgpt-web
namespace: chatgpt
spec:
selector:
app: chatgpt-web
ports:
- protocol: TCP
port: 80
targetPort: 80

18
File/Yaml/cluster-issuer.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# 使用 Let's Encrypt 的生产环境服务器
server: https://acme-v02.api.letsencrypt.org/directory
# 邮件地址用于重要的通讯,例如安全通知和证书到期通知
email: user@example.com
# 用于存储ACME账户的私钥
privateKeySecretRef:
name: letsencrypt-prod
# ACME协议中用于验证域名所有权的挑战机制
solvers:
- http01:
ingress:
class: nginx

25
File/Yaml/docker-compose-frpc.yaml Normal file
View File

@@ -0,0 +1,25 @@
version: '3'
services:
ipsec-vpn-server:
image: hwdsl2/ipsec-vpn-server
container_name: ipsec-vpn-server
restart: always
privileged: true
networks:
- vpn
volumes:
- /opt/vpn/vpn.env:/opt/src/env/vpn.env:ro
- /lib/modules:/lib/modules:ro
frpc:
image: registry.cn-hangzhou.aliyuncs.com/offends/frp:frpc
container_name: frpc
restart: always
networks:
- vpn
volumes:
- /opt/vpn/frpc.ini:/frp/frpc.ini:ro
networks:
vpn:

13
File/Yaml/docker-compose-frps.yaml Normal file
View File

@@ -0,0 +1,13 @@
version: '3'
services:
frps:
image: registry.cn-hangzhou.aliyuncs.com/offends/frp:frps
container_name: frps
restart: always
ports:
- "7000:7000"
- "500:500/udp"
- "4500:4500/udp"
volumes:
- /opt/vpn/frps.ini:/frp/frps.ini:ro

79
File/Yaml/drone-postgres.yaml Normal file
View File

@@ -0,0 +1,79 @@
apiVersion: v1
kind: Secret
metadata:
name: drone-db-secret
namespace: drone
stringData:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: drone
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: drone-db-pvc
namespace: drone
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
namespace: drone
name: drone-db
spec:
selector:
matchLabels:
app: drone-db
serviceName: drone-db
replicas: 1
template:
metadata:
labels:
app: drone-db
spec:
containers:
- name: drone-db
image: postgres:latest
envFrom:
- secretRef:
name: drone-db-secret
ports:
- containerPort: 5432
protocol: TCP
livenessProbe:
exec:
command:
- psql
- -h
- localhost
- -U
- postgres
- -c
- "SELECT 1;"
initialDelaySeconds: 10 #启动后等待10秒开始检测
periodSeconds: 10 #每隔10秒检测一次
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: data
volumes:
- name: data
persistentVolumeClaim:
claimName: drone-db-pvc
---
apiVersion: v1
kind: Service
metadata:
namespace: drone
name: drone-db
spec:
selector:
app: drone-db
ports:
- protocol: TCP
port: 5432
targetPort: 5432

47
File/Yaml/frpc.yaml Normal file
View File

@@ -0,0 +1,47 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: frpc
namespace: vpn
labels:
app: frpc
spec:
replicas: 1
selector:
matchLabels:
app: frpc
template:
metadata:
labels:
app: frpc
spec:
hostNetwork: true
containers:
- name: ipsec
securityContext:
privileged: true
image: hwdsl2/ipsec-vpn-server:latest
imagePullPolicy: Always
volumeMounts:
- mountPath: /opt/src/env/vpn.env
name: ipsec-config
readOnly: true
- mountPath: /lib/modules
name: ipsec-data
readOnly: true
- name: frpc
image: registry.cn-hangzhou.aliyuncs.com/offends/frp:frpc
imagePullPolicy: Always
volumeMounts:
- name: frpc-config
mountPath: /frp/frpc.ini
volumes:
- name: ipsec-config
hostPath:
path: /opt/vpn/vpn.env
- name: frpc-config
hostPath:
path: /opt/vpn/frpc.ini
- name: ipsec-data
hostPath:
path: /lib/modules

29
File/Yaml/frps.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: frps
namespace: vpn
labels:
app: frps
spec:
replicas: 1
selector:
matchLabels:
app: frps
template:
metadata:
labels:
app: frps
spec:
hostNetwork: true
containers:
- name: frpc
image: registry.cn-hangzhou.aliyuncs.com/offends/frp:frps
imagePullPolicy: Always
volumeMounts:
- name: frps-config
mountPath: /frp/frps.ini
volumes:
- name: frps-config
hostPath:
path: /opt/vpn/frps.ini

5
File/Yaml/ingress-nginx-tcp.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-nginx-tcp
namespace: default

5
File/Yaml/ingress-udp-services.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-nginx-udp
namespace: default

31
File/Yaml/openebs-pod.yaml Normal file
View File

@@ -0,0 +1,31 @@
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: local-hostpath-pvc
spec:
storageClassName: openebs-hostpath
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5G
---
apiVersion: v1
kind: Pod
metadata:
name: hello-local-hostpath-pod
spec:
volumes:
- name: local-storage
persistentVolumeClaim:
claimName: local-hostpath-pvc
containers:
- name: hello-container
image: busybox
command:
- sh
- -c
- 'while true; do echo "`date` [`hostname`] Hello from OpenEBS Local PV." >> /mnt/store/greet.txt; sleep $(($RANDOM % 5 + 300)); done'
volumeMounts:
- mountPath: /mnt/store
name: local-storage

18
File/Yaml/production-issuer.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-prod
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: user@example.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-prod
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
ingressClassName: nginx

66
File/Yaml/registry-proxy-ds.yaml Normal file
View File

@@ -0,0 +1,66 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: registry-proxy-pvc
namespace: hub
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: registry-proxy
namespace: hub
labels:
name: registry-proxy
spec:
selector:
matchLabels:
name: registry-proxy
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
name: registry-proxy
spec:
volumes:
# - name: data
# hostPath:
# path: /var/lib/registryproxy
# type: Directory
- name: data
persistentVolumeClaim:
claimName: registry-proxy-pvc
containers:
- name: registry-proxy
image: hub.offends.cn/registry-proxy:latest
imagePullPolicy: IfNotPresent
ports:
- name: registry-port
containerPort: 5000
protocol: TCP
env:
- name: PROXY_REMOTE_URL
value: 'http://registry:5000'
volumeMounts:
- name: data
mountPath: /var/lib/registry
---
apiVersion: v1
kind: Service
metadata:
name: registry-proxy-service
namespace: hub
spec:
selector:
name: registry-proxy
ports:
- protocol: TCP
port: 5000
targetPort: 5000
type: ClusterIP

25
File/Yaml/registry-proxy-ingress.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: registry-proxy-ingress
namespace: hub
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: "" # 指定 ingressClass
rules:
- host: #域名
http:
paths:
- pathType: Prefix
backend:
service:
name: registry-proxy-service
port:
number: 5000
path: /
tls:
- hosts:
- #域名
secretName: registry-proxy-tls

33
File/Yaml/rke-kube-prometheus-stack-values.yaml Normal file
View File

@@ -0,0 +1,33 @@
# 配置 RKE1 Kubernetes 组件监控
kubeControllerManager:
endpoints:
- 192.168.1.10
- 192.168.1.20
- 192.168.1.30
service:
port: 10257
targetPort: 10257
kubeScheduler:
endpoints:
- 192.168.1.10
- 192.168.1.20
- 192.168.1.30
service:
port: 10257
targetPort: 10257
kubeProxy:
endpoints:
- 192.168.1.10
- 192.168.1.20
- 192.168.1.30
service:
port: 10249
targetPort: 10249
kubeEtcd:
endpoints:
- 192.168.1.10
- 192.168.1.20
- 192.168.1.30

66
File/Yaml/shadowsocks-rust-client.yaml Normal file
View File

@@ -0,0 +1,66 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: shadowsocks-rust-client
namespace: shadowsocks
data:
config.json: |
{
"server": "",
"server_port": 8388,
"password": "",
"local_address": "0.0.0.0",
"local_port": 1080,
"timeout": 300,
"method": "aes-256-gcm"
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
name: shadowsocks-rust-client
name: shadowsocks-rust-client
namespace: shadowsocks
spec:
replicas: 1
selector:
matchLabels:
name: shadowsocks-rust-client
template:
metadata:
labels:
name: shadowsocks-rust-client
spec:
containers:
- image: ghcr.io/shadowsocks/sslocal-rust:latest
imagePullPolicy: IfNotPresent
name: shadowsocks-rust-client
ports:
- containerPort: 1080
name: ss-1080
protocol: TCP
volumeMounts:
- mountPath: /etc/shadowsocks-rust
name: config
readOnly: true
volumes:
- configMap:
defaultMode: 420
name: shadowsocks-rust-client
name: config
---
apiVersion: v1
kind: Service
metadata:
name: shadowsocks-rust-client
namespace: shadowsocks
spec:
ports:
- name: ss-1080
port: 1080
protocol: TCP
targetPort: 1080
selector:
name: shadowsocks-rust-client
type: ClusterIP

88
File/Yaml/simplex-smp.yaml Normal file
View File

@@ -0,0 +1,88 @@
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: simplex-smp-config
namespace: simplex
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: simplex-smp-log
namespace: simplex
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: simplex-smp-server
namespace: simplex
labels:
name: simplex-smp
spec:
selector:
matchLabels:
name: simplex-smp
template:
metadata:
labels:
name: simplex-smp
spec:
volumes:
- name: config
persistentVolumeClaim:
claimName: simplex-smp-config
- name: log
persistentVolumeClaim:
claimName: simplex-smp-log
containers:
- name: simplex-smp
image: simplexchat/smp-server:latest
imagePullPolicy: IfNotPresent
ports:
- name: smp-port
containerPort: 5223
protocol: TCP
hostPort: 5223
env:
- name: ADDR
valueFrom:
secretKeyRef:
name: simplex-secret
key: ADDR
- name: PASS
valueFrom:
secretKeyRef:
name: simplex-secret
key: PASS
volumeMounts:
- name: config
mountPath: /etc/opt/simplex
- name: log
mountPath: /var/opt/simplex
---
apiVersion: v1
kind: Service
metadata:
name: simplex-smp
namespace: simplex
spec:
selector:
name: simplex-smp
ports:
- protocol: TCP
port: 5223
targetPort: 5223
type: ClusterIP

101
File/Yaml/simplex-xftp.yaml Normal file
View File

@@ -0,0 +1,101 @@
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: simplex-xftp-config
namespace: simplex
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: simplex-xftp-log
namespace: simplex
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: simplex-xftp-files
namespace: simplex
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: simplex-xftp-server
namespace: simplex
labels:
name: simplex-xftp
spec:
selector:
matchLabels:
name: simplex-xftp
template:
metadata:
labels:
name: simplex-xftp
spec:
volumes:
- name: config
persistentVolumeClaim:
claimName: simplex-xftp-config
- name: log
persistentVolumeClaim:
claimName: simplex-xftp-log
- name: files
persistentVolumeClaim:
claimName: simplex-xftp-files
containers:
- name: simplex-xftp
image: simplexchat/xftp-server:latest
imagePullPolicy: IfNotPresent
ports:
- name: xftp-port
containerPort: 443
protocol: TCP
hostPort: 5233
env:
- name: ADDR
valueFrom:
secretKeyRef:
name: simplex-secret
key: ADDR
- name: QUOTA
value: 50gb
volumeMounts:
- name: config
mountPath: /etc/opt/simplex-xftp
- name: log
mountPath: /var/opt/simplex-xftp
- name: files
mountPath: /srv/xftp
---
apiVersion: v1
kind: Service
metadata:
name: simplex-xftp
namespace: simplex
spec:
selector:
name: simplex-xftp
ports:
- protocol: TCP
port: 443
targetPort: 443
type: ClusterIP

18
File/Yaml/staging-issuer.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-staging
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: user@example.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
ingressClassName: nginx