diff --git a/internal/cmd/make.go b/internal/cmd/make.go index ced47bd..1f5ba23 100644 --- a/internal/cmd/make.go +++ b/internal/cmd/make.go @@ -58,6 +58,7 @@ func makeCmd() *cobra.Command { makecmd.Redis(), makecmd.ES(), makecmd.EMQX(), + makecmd.Minio(), makecmd.Yosguard(), makecmd.LessDNS(), makecmd.HSNet(), diff --git a/internal/cmd/make.longhorn.go b/internal/cmd/make.longhorn.go deleted file mode 100644 index 1d619dd..0000000 --- a/internal/cmd/make.longhorn.go +++ /dev/null @@ -1 +0,0 @@ -package cmd diff --git a/internal/cmd/make.mysql.go b/internal/cmd/make.mysql.go deleted file mode 100644 index 1d619dd..0000000 --- a/internal/cmd/make.mysql.go +++ /dev/null @@ -1 +0,0 @@ -package cmd diff --git a/internal/cmd/make.redis.go b/internal/cmd/make.redis.go deleted file mode 100644 index 1d619dd..0000000 --- a/internal/cmd/make.redis.go +++ /dev/null @@ -1 +0,0 @@ -package cmd diff --git a/internal/cmd/makecmd/app.go b/internal/cmd/makecmd/app.go index e458d93..aae755a 100644 --- a/internal/cmd/makecmd/app.go +++ b/internal/cmd/makecmd/app.go @@ -18,6 +18,7 @@ func App() *cobra.Command { appGateway(), appMie(), appOEM(), + appFront(), appNginx(), ) @@ -121,6 +122,27 @@ func appOEM() *cobra.Command { return _cmd } +func appFront() *cobra.Command { + var ( + replica int + vendor string + ) + + _cmd := &cobra.Command{ + Use: "front", + Short: "Make Front App", + RunE: func(cmd *cobra.Command, args []string) error { + mk := maker.NewMaker(opt.Cfg.Make.Dir) + return mk.AppFront(cmd.Context(), vendor, replica) + }, + } + + _cmd.Flags().IntVar(&replica, "replica-count", 2, "Replica count") + _cmd.Flags().StringVar(&vendor, "vendor", "standard", "Vendor name") + + return _cmd +} + func appNginx() *cobra.Command { var ( replica int diff --git a/internal/cmd/makecmd/minio.go b/internal/cmd/makecmd/minio.go new file mode 100644 index 0000000..25204de --- /dev/null +++ b/internal/cmd/makecmd/minio.go @@ -0,0 +1,28 @@ +package makecmd + +import ( + "fmt" + + "github.com/spf13/cobra" + "yizhisec.com/hsv2/forge/internal/controller/maker" + "yizhisec.com/hsv2/forge/internal/opt" +) + +func Minio() *cobra.Command { + var ( + storage int + ) + + _cmd := &cobra.Command{ + Use: "minio", + Short: "Make Minio", + RunE: func(cmd *cobra.Command, args []string) error { + mk := maker.NewMaker(opt.Cfg.Make.Dir) + return mk.Minio(cmd.Context(), fmt.Sprintf("%dGi", storage)) + }, + } + + _cmd.Flags().IntVar(&storage, "storage-size", 100, "Storage size(GB)") + + return _cmd +} diff --git a/internal/controller/maker/app.front.go b/internal/controller/maker/app.front.go new file mode 100644 index 0000000..80684f4 --- /dev/null +++ b/internal/controller/maker/app.front.go @@ -0,0 +1,73 @@ +package maker + +import ( + "context" + "fmt" + "os" + "path/filepath" + + "gitea.loveuer.com/yizhisec/pkg3/logger" + "yizhisec.com/hsv2/forge/pkg/model" + "yizhisec.com/hsv2/forge/pkg/resource" +) + +func (m *maker) AppFront(ctx context.Context, vendor string, replica int) error { + var ( + err error + location = filepath.Join(m.workdir, "app", "front") + bs []byte + _vendor = model.GetVendor(vendor) + ) + + logger.Info("☑️ maker.Front: 开始构建 front app..., workdir = %s", location) + + if _vendor == nil { + logger.Debug("❌ maker.Front: vendor not supported, vendor = %s", vendor) + return fmt.Errorf("vendor not supported: %s", vendor) + } + + if err = os.MkdirAll(location, 0755); err != nil { + logger.Debug("❌ maker.Front: 创建目录失败: path = %s, err = %v", location, err) + return err + } + + path := filepath.Join(location, "front.user.yaml") + logger.Debug("☑️ maker.Front: writing front.user.yaml, path = %s", path) + bs = []byte(fmt.Sprintf(resource.YAMLAppFrontUser, replica)) + if err = os.WriteFile(path, bs, 0644); err != nil { + logger.Debug("❌ maker.Front: 写入 front.user.yaml 失败: path = %s, err = %v", path, err) + return err + } + logger.Debug("✅ maker.Front: write front.user.yaml success, path = %s", path) + + path = filepath.Join(location, "front.admin.yaml") + logger.Debug("☑️ maker.Front: writing front.admin.yaml, path = %s", path) + bs = []byte(fmt.Sprintf(resource.YAMLAppFrontAdmin, replica)) + if err = os.WriteFile(path, bs, 0644); err != nil { + logger.Debug("❌ maker.Front: 写入 front.admin.yaml 失败: path = %s, err = %v", path, err) + return err + } + logger.Debug("✅ maker.Front: write front.admin.yaml success, path = %s", path) + + // todo, pull front images + // 1. make image dir + imgDir := filepath.Join(m.workdir, "dependency", "image") + if err = os.MkdirAll(imgDir, 0755); err != nil { + logger.Debug("❌ maker.Front: 创建目录失败: path = %s, err = %v", imgDir, err) + return err + } + + logger.Debug("☑️ maker.Front: pulling front images, vendor = %s", vendor) + if err = m.Image(ctx, _vendor.AppFrontUserImageName, WithImageSave(filepath.Join(imgDir, "app.front.user.tar")), WithImageForcePull(true)); err != nil { + logger.Debug("❌ maker.Front: 拉取 front 用户镜像失败: %s, err = %v", _vendor.AppFrontUserImageName, err) + return err + } + if err = m.Image(ctx, _vendor.AppFrontAdminImageName, WithImageSave(filepath.Join(imgDir, "app.front.admin.tar")), WithImageForcePull(true)); err != nil { + logger.Debug("❌ maker.Front: 拉取 front 管理镜像失败: %s, err = %v", _vendor.AppFrontAdminImageName, err) + return err + } + + logger.Info("✅ maker.Front: 构建 front app 完成") + + return nil +} diff --git a/internal/controller/maker/app.nginx.go b/internal/controller/maker/app.nginx.go index 0a26e27..daade44 100644 --- a/internal/controller/maker/app.nginx.go +++ b/internal/controller/maker/app.nginx.go @@ -59,7 +59,7 @@ kubectl create configmap ssl-client-server-key --namespace hsv2 --from-file=clie kubectl create configmap ssl-web-server-crt --namespace hsv2 --from-file=web.server.crt=./ssl/web.server.crt --dry-run=client -o yaml | kubectl apply -f - kubectl create configmap ssl-web-server-key --namespace hsv2 --from-file=web.server.key=./ssl/web.server.key --dry-run=client -o yaml | kubectl apply -f - -kubectl apply -f deployment.yaml +kubectl apply -f nginx.yaml kubectl rollout restart deployment nginx-deployment -n hsv2` ) var ( diff --git a/internal/controller/maker/app.oem.go b/internal/controller/maker/app.oem.go index 650bc0b..7e15810 100644 --- a/internal/controller/maker/app.oem.go +++ b/internal/controller/maker/app.oem.go @@ -8,8 +8,8 @@ import ( "path/filepath" "gitea.loveuer.com/yizhisec/pkg3/logger" - "github.com/samber/lo" "yizhisec.com/hsv2/forge/pkg/archiver" + "yizhisec.com/hsv2/forge/pkg/model" "yizhisec.com/hsv2/forge/pkg/resource" ) @@ -54,30 +54,17 @@ COPY nginx.conf /etc/nginx/nginx.conf CMD ["nginx", "-g", "daemon off;"]` _image = "hub.yizhisec.com/hybridscope/v2/oem-%s:latest" ) - type Vendor struct { - URL string - Dir string - } var ( - vendorURLMap = map[string]*Vendor{ - "standard": &Vendor{URL: "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem.tar.gz", Dir: "oem"}, - "elink": &Vendor{URL: "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem_csgElink.tar.gz", Dir: "oem_csgElink"}, - "noah": &Vendor{URL: "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem_noah.tar.gz", Dir: "oem_noah"}, - "heishuimeng": &Vendor{URL: "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem_heishuimeng.tar.gz", Dir: "oem_heishuimeng"}, - } err error - _vendor *Vendor - ok bool + _vendor = model.GetVendor(vendor) workdir = filepath.Join(m.workdir, "app", "oem") output []byte ) logger.Info("☑️ maker.AppOEM: 开始构建 oem[%s], workdir = %s", vendor, workdir) - if _vendor, ok = vendorURLMap[vendor]; !ok { - supported := lo.MapToSlice(vendorURLMap, func(key string, _ *Vendor) string { - return key - }) + if _vendor == nil { + supported := model.GetVendorNames() logger.Debug("❌ maker.AppOEM: vendor not supported, 支持的 vendor 有: %v", supported) return fmt.Errorf("请检查 vendor 是否正确, 支持的 vendor 有: %v", supported) } @@ -91,13 +78,13 @@ CMD ["nginx", "-g", "daemon off;"]` // 2. download oem.tar.gz logger.Debug("☑️ maker.AppOEM: 开始下载 oem[%s] url = %s", vendor, _vendor) - if err = archiver.DownloadAndExtract(ctx, _vendor.URL, workdir); err != nil { - logger.Debug("❌ maker.AppOEM: oem[%s] tar 下载失败, url = %s, err = %v", vendor, _vendor.URL, err) + if err = archiver.DownloadAndExtract(ctx, _vendor.OEMUrl, workdir); err != nil { + logger.Debug("❌ maker.AppOEM: oem[%s] tar 下载失败, url = %s, err = %v", vendor, _vendor.OEMUrl, err) return err } - if _vendor.Dir != "oem" { + if _vendor.OEMDir != "oem" { if err = os.Rename( - filepath.Join(workdir, _vendor.Dir), + filepath.Join(workdir, _vendor.OEMDir), filepath.Join(workdir, "oem"), ); err != nil { logger.Debug("❌ maker.AppOEM: oem[%s] tar 重命名失败, err = %v", vendor, err) diff --git a/internal/controller/maker/app.user.go b/internal/controller/maker/app.user.go index 6f9488e..1d7cb94 100644 --- a/internal/controller/maker/app.user.go +++ b/internal/controller/maker/app.user.go @@ -19,7 +19,7 @@ Database: IPDB: Path: /etc/hs_user_management/ipdb/ip.ipdb Mysql: - Address: mysql.db-mysql:3306 + Address: mysql-cluster-mysql-master.db-mysql:3306 DBName: mie Password: L0hMysql. UserName: root diff --git a/internal/controller/maker/configmap.go b/internal/controller/maker/configmap.go index 07c1bfd..8e9afe9 100644 --- a/internal/controller/maker/configmap.go +++ b/internal/controller/maker/configmap.go @@ -1,17 +1,17 @@ package maker import ( - "context" - "fmt" - "os" - "path/filepath" - "strings" + "context" + "fmt" + "os" + "path/filepath" + "strings" - "gitea.loveuer.com/yizhisec/pkg3/logger" - "github.com/samber/lo" - "yizhisec.com/hsv2/forge/pkg/downloader" - "yizhisec.com/hsv2/forge/pkg/extractor" - "yizhisec.com/hsv2/forge/pkg/tool/random" + "gitea.loveuer.com/yizhisec/pkg3/logger" + "github.com/samber/lo" + "yizhisec.com/hsv2/forge/pkg/downloader" + "yizhisec.com/hsv2/forge/pkg/extractor" + "yizhisec.com/hsv2/forge/pkg/tool/random" ) type ConfigMapOpt func(*configMapOpt) @@ -85,6 +85,11 @@ EEuYRYXDouPJ1F//rYraSoJ4mtaipB6z1A== -----END EC PRIVATE KEY-----` upsert = `#!/bin/bash +# Generate server_license_init.conf +uuid=$(cat /proc/sys/kernel/random/uuid) +now=$(date +%s) +echo "{\"uuid\": \"$uuid\", \"install_time\": $now}" > ./server_license_init.conf + kubectl create configmap config-token --namespace hsv2 --from-file=token=./token --dry-run=client -o yaml | kubectl apply -f - kubectl create configmap config-license-init --namespace hsv2 --from-file=server_license_init.conf=./server_license_init.conf --dry-run=client -o yaml | kubectl apply -f - kubectl create configmap config-oem-data --namespace hsv2 --from-file=data.json=./oem_data.json --dry-run=client -o yaml | kubectl apply -f - @@ -100,7 +105,7 @@ kubectl create configmap ssl-web-crt --namespace hsv2 --from-file=web.server.crt var ( err error - dir = filepath.Join(m.workdir, "configmap") + dir = filepath.Join(m.workdir, "configmap") vendorUrlMap = map[string]string{ "standard": "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem.tar.gz", "elink": "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem_csgElink.tar.gz", diff --git a/internal/controller/maker/emqx.go b/internal/controller/maker/emqx.go index 1646560..6c491a5 100644 --- a/internal/controller/maker/emqx.go +++ b/internal/controller/maker/emqx.go @@ -12,7 +12,7 @@ import ( func (m *maker) EMQX(ctx context.Context) error { var ( err error - location = filepath.Join(m.workdir, "emqx") + location = filepath.Join(m.workdir, "dependency", "emqx") ) logger.Info("☑️ maker.EMQX: 开始构建 emqx(mqtt) 依赖...") diff --git a/internal/controller/maker/image.go b/internal/controller/maker/image.go index 4ff8b65..7d0bce4 100644 --- a/internal/controller/maker/image.go +++ b/internal/controller/maker/image.go @@ -148,8 +148,9 @@ func (m *maker) Images(ctx context.Context) error { {Name: "hub.yizhisec.com/external/kibana:7.17.28", Fallback: "", Save: "kibana.7.17.28.tar"}, {Name: "hub.yizhisec.com/external/emqx:5.1", Fallback: "", Save: "emqx.5.1.tar"}, - {Name: "hub.yizhisec.com/build/hybirdscope/front/admin:latest", Fallback: "", Save: "app.front.admin.tar", Force: true}, - {Name: "hub.yizhisec.com/hybridscope/v2/front-user:latest", Fallback: "", Save: "app.front.user.tar", Force: true}, + {Name: "hub.yizhisec.com/hybridscope/v3/minio-init:latest", Fallback: "", Save: "dep.minio-init.tar"}, + {Name: "hub.yizhisec.com/external/minio:RELEASE.2025-03-12T18-04-18Z", Fallback: "", Save: "dep.minio.tar"}, + {Name: "hub.yizhisec.com/hybridscope/user_management:latest", Fallback: "", Save: "app.user.tar", Force: true}, {Name: "hub.yizhisec.com/hybridscope/gateway_controller:latest", Fallback: "", Save: "app.gateway.tar", Force: true}, {Name: "hub.yizhisec.com/hybridscope/client_server:latest", Fallback: "", Save: "app.client.tar", Force: true}, diff --git a/internal/controller/maker/minio.go b/internal/controller/maker/minio.go new file mode 100644 index 0000000..41aaefd --- /dev/null +++ b/internal/controller/maker/minio.go @@ -0,0 +1,41 @@ +package maker + +import ( + "context" + "fmt" + "os" + "path/filepath" + + "gitea.loveuer.com/yizhisec/pkg3/logger" + "yizhisec.com/hsv2/forge/pkg/resource" +) + +// todo, remake minio-init image +func (m *maker) Minio(ctx context.Context, storage string) error { + var ( + err error + workdir = filepath.Join(m.workdir, "dependency", "minio") + ) + + logger.Info("☑️ maker.Minio: 开始构建 minio 依赖, workdir = %s", workdir) + + logger.Debug("☑️ maker.Minio: 构建工作目录, workdir = %s", workdir) + if err = os.MkdirAll(workdir, 0755); err != nil { + logger.Debug("❌ maker.Minio: 创建工作目录失败, workdir = %s, err = %v", workdir, err) + return err + } + logger.Debug("✅ maker.Minio: 创建工作目录成功, workdir = %s", workdir) + + filename := filepath.Join(workdir, "minio.yaml") + logger.Debug("☑️ maker.Minio: 准备资源文件, filename = %s, storage = %s", filename, storage) + bs := []byte(fmt.Sprintf(resource.YAMLMinIO, storage)) + if err = os.WriteFile(filename, bs, 0644); err != nil { + logger.Debug("❌ maker.Minio: 写入资源文件失败, filename = %s, err = %v", filename, err) + return err + } + logger.Debug("✅ maker.Minio: 准备资源文件成功, filename = %s", filename) + + logger.Info("✅ maker.Minio: 构建 minio 依赖成功, workdir = %s", workdir) + + return nil +} diff --git a/pkg/model/vendor.go b/pkg/model/vendor.go new file mode 100644 index 0000000..d8f6817 --- /dev/null +++ b/pkg/model/vendor.go @@ -0,0 +1,58 @@ +package model + +type Vendor struct { + Name string + OEMUrl string + OEMDir string + AppFrontUserImageName string + AppFrontAdminImageName string +} + +var ( + vendorMap = map[string]*Vendor{ + "standard": &Vendor{ + Name: "Standard", + OEMUrl: "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem.tar.gz", + OEMDir: "oem", + AppFrontUserImageName: "hub.yizhisec.com/hybridscope/v2/front-user:latest", + AppFrontAdminImageName: "hub.yizhisec.com/build/hybirdscope/front/admin:latest", + }, + "elink": &Vendor{ + Name: "elink", + OEMUrl: "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem_csgElink.tar.gz", + OEMDir: "oem_csgElink", + AppFrontUserImageName: "hub.yizhisec.com/hybridscope/v2/front-user-elink:latest", + AppFrontAdminImageName: "hub.yizhisec.com/build/hybirdscope/front/admin:latest", + }, + "noah": &Vendor{ + Name: "noah", + OEMUrl: "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem_noah.tar.gz", + OEMDir: "oem_noah", + AppFrontUserImageName: "hub.yizhisec.com/hybridscope/v2/front-user:latest", + AppFrontAdminImageName: "hub.yizhisec.com/build/hybirdscope/front/admin:latest", + }, + "heishuimeng": &Vendor{ + Name: "heishuimeng", + OEMUrl: "https://artifactory.yizhisec.com/artifactory/yizhisec-release/oem/release/2.1.0-std/oem_heishuimeng.tar.gz", + OEMDir: "oem_heishuimeng", + AppFrontUserImageName: "hub.yizhisec.com/hybridscope/v2/front-user:latest", + AppFrontAdminImageName: "hub.yizhisec.com/build/hybirdscope/front/admin:latest", + }, + } +) + +func GetVendor(name string) *Vendor { + if vendor, ok := vendorMap[name]; ok { + return vendor + } + + return nil +} + +func GetVendorNames() []string { + names := make([]string, 0, len(vendorMap)) + for name := range vendorMap { + names = append(names, name) + } + return names +} diff --git a/pkg/resource/resource.go b/pkg/resource/resource.go index 01e2de9..3f95bbd 100644 --- a/pkg/resource/resource.go +++ b/pkg/resource/resource.go @@ -20,6 +20,9 @@ var ( //go:embed yaml/emqx.yaml YAMLEMQX []byte + //go:embed yaml/minio.yaml + YAMLMinIO string + //go:embed sql/yosguard.create.sql SQLYosguard []byte @@ -56,6 +59,12 @@ var ( //go:embed yaml/app.oem.yaml YAMLAppOEM string + //go:embed yaml/app.front.user.yaml + YAMLAppFrontUser string + + //go:embed yaml/app.front.admin.yaml + YAMLAppFrontAdmin string + //go:embed yaml/app.nginx.yaml YAMLAppNGINX string diff --git a/pkg/resource/yaml/app.front.admin.yaml b/pkg/resource/yaml/app.front.admin.yaml new file mode 100644 index 0000000..eb2666c --- /dev/null +++ b/pkg/resource/yaml/app.front.admin.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: front-admin-deployment + namespace: hsv2 +spec: + replicas: %d + selector: + matchLabels: + app: front-admin + template: + metadata: + labels: + app: front-admin + spec: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: front-admin + containers: + - name: front-admin + image: hub.yizhisec.com/build/hybirdscope/front/admin:latest + imagePullPolicy: IfNotPresent + ports: + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: front-admin-service + namespace: hsv2 +spec: + selector: + app: front-admin + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: ClusterIP diff --git a/pkg/resource/yaml/app.front.user.yaml b/pkg/resource/yaml/app.front.user.yaml new file mode 100644 index 0000000..51d6fae --- /dev/null +++ b/pkg/resource/yaml/app.front.user.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: front-user-deployment + namespace: hsv2 +spec: + replicas: %d + selector: + matchLabels: + app: front-user + template: + metadata: + labels: + app: front-user + spec: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: front-user + containers: + - name: front-user + image: hub.yizhisec.com/hybridscope/v2/front-user:latest + imagePullPolicy: IfNotPresent + ports: + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: front-user-service + namespace: hsv2 +spec: + selector: + app: front-user + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: ClusterIP diff --git a/pkg/resource/yaml/app.nginx.yaml b/pkg/resource/yaml/app.nginx.yaml index 4912ddf..aa8cbfa 100644 --- a/pkg/resource/yaml/app.nginx.yaml +++ b/pkg/resource/yaml/app.nginx.yaml @@ -4,7 +4,7 @@ metadata: name: nginx-deployment namespace: hsv2 spec: - replicas: 2 + replicas: %d selector: matchLabels: app: nginx diff --git a/pkg/resource/yaml/app.user.yaml b/pkg/resource/yaml/app.user.yaml index 1a2d642..74a6bfd 100644 --- a/pkg/resource/yaml/app.user.yaml +++ b/pkg/resource/yaml/app.user.yaml @@ -1,3 +1,4 @@ +apiVersion: apps/v1 kind: Deployment metadata: name: user-deployment diff --git a/pkg/resource/yaml/minio.yaml b/pkg/resource/yaml/minio.yaml new file mode 100644 index 0000000..a3f9fb9 --- /dev/null +++ b/pkg/resource/yaml/minio.yaml @@ -0,0 +1,184 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: db-minio +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: minio-init-job + namespace: db-minio +spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: minio-init + image: hub.yizhisec.com/hybridscope/v3/minio-init:latest + command: + - /bin/sh + - -c + args: + - | + #!/bin/sh + set -e + + # Function to add timestamp to log messages + log() { + echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" + } + + log "Starting MinIO initialization..." + log "Environment: MINIO_ROOT_USER=admin, MINIO_ROOT_PASSWORD=YizhiSEC@123" + log "Target MinIO endpoint: http://minio-service:9000" + + # 等待 MinIO 服务就绪 + log "Phase 1: Waiting for MinIO service to be ready..." + log "Checking network connectivity to minio-service:9000..." + + # 首先等待服务可达 + RETRY_COUNT=0 + until timeout 10 nc -z minio-service 9000; do + RETRY_COUNT=$((RETRY_COUNT + 1)) + log "Attempt $RETRY_COUNT: MinIO service is not reachable - sleeping 5 seconds..." + sleep 5 + done + + log "✓ Network connectivity to MinIO service established" + log "Phase 2: Waiting for MinIO API to respond..." + + # 然后等待 MinIO API 响应 + RETRY_COUNT=0 + until mc alias set minio http://minio-service:9000 admin YizhiSEC@123; do + RETRY_COUNT=$((RETRY_COUNT + 1)) + log "Attempt $RETRY_COUNT: MinIO API is not ready - sleeping 5 seconds..." + sleep 5 + done + + log "✓ MinIO API is ready and responding" + + # 创建服务账户 + log "Phase 3: Creating service account..." + if mc admin user svcacct add minio admin --access-key "pU3bsxic6LGNQbKLhsTf" --secret-key "GGmvLzY4IZUsV1taKA27YpTgN3ieES2DzCrKQe6p"; then + log "✓ User created successfully" + else + log "✗ Failed to create user" + exit 1 + fi + + # 创建存储桶 + log "Phase 4: Creating storage buckets..." + log "Creating bucket: hsv2" + + if mc mb minio/hsv2; then + log "✓ Bucket 'hsv2' created successfully" + else + log "ℹ Bucket 'hsv2' already exists or creation failed" + fi + + # 上传 ipv4.ipdb 文件 + log "Phase 5: Uploading ipv4.ipdb file..." + log "Checking if /data/ipv4.ipdb exists..." + + if [ -f "/data/ipv4.ipdb" ]; then + log "✓ Found ipv4.ipdb file, uploading to hsv2 bucket..." + if mc cp /data/ipv4.ipdb minio/hsv2/db/ipv4.ipdb; then + log "✓ Successfully uploaded ipv4.ipdb to hsv2/db/ipv4.ipdb" + else + log "✗ Failed to upload ipv4.ipdb file" + exit 1 + fi + else + log "⚠ Warning: /data/ipv4.ipdb file not found, skipping upload" + fi + + log "🎉 MinIO initialization completed successfully!" + log "Summary:" + log " - MinIO service: Ready" + log " - Service account: Created for API access" + log " - Bucket 'hsv2': Available" + log " - File 'db/ipv4.ipdb': Uploaded to hsv2 bucket" + +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: minio + namespace: db-minio + labels: + app: minio +spec: + serviceName: minio-service + replicas: 1 + selector: + matchLabels: + app: minio + template: + metadata: + labels: + app: minio + spec: + containers: + - name: minio + image: hub.yizhisec.com/external/minio:RELEASE.2025-03-12T18-04-18Z + command: + - /bin/sh + - -c + args: + - minio server /data --console-address ":9001" + env: + - name: MINIO_ROOT_USER + value: "admin" + - name: MINIO_ROOT_PASSWORD + value: "YizhiSEC@123" + ports: + - containerPort: 9000 + name: api + - containerPort: 9001 + name: console + volumeMounts: + - name: minio-data + mountPath: /data + readinessProbe: + httpGet: + path: /minio/health/ready + port: 9001 + initialDelaySeconds: 15 + timeoutSeconds: 2 + livenessProbe: + httpGet: + path: /minio/health/live + port: 9001 + initialDelaySeconds: 30 + volumes: + - name: minio-data + persistentVolumeClaim: + claimName: minio-data + volumeClaimTemplates: + - metadata: + name: minio-data + spec: + accessModes: ["ReadWriteOnce"] + storageClassName: longhorn + resources: + requests: + storage: %s +--- +apiVersion: v1 +kind: Service +metadata: + name: minio-service + namespace: db-minio +spec: + type: ClusterIP + selector: + app: minio + ports: + - name: api + port: 9000 + protocol: TCP + targetPort: api + - name: console + port: 9001 + protocol: TCP + targetPort: console