gitea_admin/nginx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

debug actions
Some checks failed
Build NGINX on Ubuntu / build-and-push (push) Successful in 58s
Details
Build NGINX on Ubuntu / deploy-to-kubernetes (push) Failing after 6s
Details

Browse Source
This commit is contained in:
huangzhiqiang 2025-06-09 13:29:58 +08:00
parent c812228337
commit 5d36a471a6
2 changed files with 69 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
k8s/deploy.sh
View File

@ -121,14 +121,16 @@ update_deployment_image() {
# 使用 sed 替换镜像标签
local full_image="${HARBOR_REGISTRY}/test/nginx:${image_tag}"
print_info "使用镜像: $full_image"
# 备份原文件
cp "$deployment_file" "${deployment_file}.bak"
# 替换镜像标签 (假设镜像行包含 harbor-registry/test/nginx)
sed -i.tmp "s|${HARBOR_REGISTRY}/test/nginx:[^[:space:]]*|${full_image}|g" "$deployment_file"
# 使用 envsubst 替换环境变量
envsubst < "${deployment_file}.bak" > "$deployment_file.tmp"
mv "$deployment_file.tmp" "$deployment_file"
print_success "镜像标签更新为: $full_image"
print_success "镜像标签和环境变量替换完成,使用镜像: $full_image"
}
# 应用 Kubernetes 配置

116
k8s/nginx-deployment.yaml
View File

@ -35,77 +35,44 @@ metadata:
namespace: default
data:
nginx.conf: |
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /usr/local/nginx/conf/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
sendfile on;
keepalive_timeout 65;
# 基本安全头
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
server {
listen 80;
server_name localhost;
# Gzip 压缩
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html index.htm;
# 健康检查端点
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
# 状态监控端点
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
allow 10.0.0.0/8;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;
}
location / {
try_files $uri $uri/ =404;
}
# 错误页面
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location / {
root /usr/local/nginx/html;
index index.html index.htm;
}
# 健康检查端点
location /health {
return 200 'ok';
add_header Content-Type text/plain;
}
}
}
---
@ -294,6 +261,39 @@ spec:
value: 100
periodSeconds: 15
---
# 6. PodDisruptionBudget - Pod 中断预算
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: nginx-pdb
namespace: default
spec:
minAvailable: 1
selector:
matchLabels:
app: nginx
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
behavior:
scaleDown:
stabilizationWindowSeconds: 300
policies:
- type: Percent
value: 50
periodSeconds: 60
scaleUp:
stabilizationWindowSeconds: 60
policies:
- type: Percent
value: 100
periodSeconds: 15
---
# 6. PodDisruptionBudget - Pod 中断预算
apiVersion: policy/v1