feat: 重构基础设施配置与安全凭证管理
- 新增多个云服务商配置文件(OCI、阿里云) - 重构Vault、Consul、Nomad等服务的部署配置 - 新增备份与恢复完美状态的脚本 - 更新安全凭证管理文档 - 优化Traefik动态配置 - 删除过时的脚本和配置文件 重构后的配置支持多区域部署,优化了服务发现和负载均衡机制,并完善了安全凭证的备份与恢复流程。
This commit is contained in:
@@ -16,6 +16,8 @@ job "traefik-cloudflare-v3" {
|
||||
source = "traefik-certs"
|
||||
}
|
||||
|
||||
|
||||
|
||||
network {
|
||||
mode = "host"
|
||||
port "http" {
|
||||
@@ -51,12 +53,24 @@ job "traefik-cloudflare-v3" {
|
||||
read_only = false
|
||||
}
|
||||
|
||||
|
||||
|
||||
template {
|
||||
data = <<EOF
|
||||
api:
|
||||
dashboard: true
|
||||
insecure: true
|
||||
|
||||
# 开启访问日志
|
||||
accessLog: {}
|
||||
|
||||
# 开启指标收集
|
||||
metrics:
|
||||
prometheus:
|
||||
addEntryPointsLabels: true
|
||||
addServicesLabels: true
|
||||
entryPoint: "traefik"
|
||||
|
||||
entryPoints:
|
||||
web:
|
||||
address: "0.0.0.0:80"
|
||||
@@ -81,7 +95,7 @@ providers:
|
||||
prefix: "traefik"
|
||||
defaultRule: "Host(`{{ .Name }}.git-4ta.live`)"
|
||||
file:
|
||||
filename: /local/dynamic.yml
|
||||
directory: /opt/traefik/certs
|
||||
watch: true
|
||||
|
||||
certificatesResolvers:
|
||||
@@ -99,153 +113,6 @@ EOF
|
||||
destination = "local/traefik.yml"
|
||||
}
|
||||
|
||||
template {
|
||||
data = <<EOF
|
||||
http:
|
||||
serversTransports:
|
||||
waypoint-insecure:
|
||||
insecureSkipVerify: true
|
||||
authentik-insecure:
|
||||
insecureSkipVerify: true
|
||||
|
||||
middlewares:
|
||||
consul-stripprefix:
|
||||
stripPrefix:
|
||||
prefixes:
|
||||
- "/consul"
|
||||
waypoint-auth:
|
||||
replacePathRegex:
|
||||
regex: "^/auth/token(.*)$"
|
||||
replacement: "/auth/token$1"
|
||||
|
||||
services:
|
||||
consul-cluster:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "http://ch4.tailnet-68f9.ts.net:8500" # 韩国,Leader
|
||||
- url: "http://warden.tailnet-68f9.ts.net:8500" # 北京,Follower
|
||||
- url: "http://ash3c.tailnet-68f9.ts.net:8500" # 美国,Follower
|
||||
healthCheck:
|
||||
path: "/v1/status/leader"
|
||||
interval: "30s"
|
||||
timeout: "15s"
|
||||
|
||||
nomad-cluster:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "http://ch2.tailnet-68f9.ts.net:4646" # 韩国,Leader
|
||||
- url: "http://ash3c.tailnet-68f9.ts.net:4646" # 美国,Follower
|
||||
healthCheck:
|
||||
path: "/v1/status/leader"
|
||||
interval: "30s"
|
||||
timeout: "15s"
|
||||
|
||||
waypoint-cluster:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "https://hcp1.tailnet-68f9.ts.net:9701" # hcp1 节点 HTTPS API
|
||||
serversTransport: waypoint-insecure
|
||||
|
||||
vault-cluster:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "http://warden.tailnet-68f9.ts.net:8200" # 北京,单节点
|
||||
healthCheck:
|
||||
path: "/ui/"
|
||||
interval: "30s"
|
||||
timeout: "15s"
|
||||
|
||||
authentik-cluster:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "https://authentik.tailnet-68f9.ts.net:9443" # Authentik容器HTTPS端口
|
||||
serversTransport: authentik-insecure
|
||||
healthCheck:
|
||||
path: "/flows/-/default/authentication/"
|
||||
interval: "30s"
|
||||
timeout: "15s"
|
||||
|
||||
grafana-cluster:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "http://influxdb.tailnet-68f9.ts.net:3000" # Grafana服务
|
||||
healthCheck:
|
||||
path: "/api/health"
|
||||
interval: "30s"
|
||||
timeout: "15s"
|
||||
|
||||
routers:
|
||||
consul-api:
|
||||
rule: "Host(`consul.git-4ta.live`)"
|
||||
service: consul-cluster
|
||||
middlewares:
|
||||
- consul-stripprefix
|
||||
entryPoints:
|
||||
- websecure
|
||||
tls:
|
||||
certResolver: cloudflare
|
||||
|
||||
traefik-dashboard:
|
||||
rule: "Host(`traefik.git-4ta.live`)"
|
||||
service: dashboard@internal
|
||||
middlewares:
|
||||
- dashboard_redirect@internal
|
||||
- dashboard_stripprefix@internal
|
||||
entryPoints:
|
||||
- websecure
|
||||
tls:
|
||||
certResolver: cloudflare
|
||||
|
||||
traefik-api:
|
||||
rule: "Host(`traefik.git-4ta.live`) && PathPrefix(`/api`)"
|
||||
service: api@internal
|
||||
entryPoints:
|
||||
- websecure
|
||||
tls:
|
||||
certResolver: cloudflare
|
||||
|
||||
nomad-ui:
|
||||
rule: "Host(`nomad.git-4ta.live`)"
|
||||
service: nomad-cluster
|
||||
entryPoints:
|
||||
- websecure
|
||||
tls:
|
||||
certResolver: cloudflare
|
||||
|
||||
waypoint-ui:
|
||||
rule: "Host(`waypoint.git-4ta.live`)"
|
||||
service: waypoint-cluster
|
||||
entryPoints:
|
||||
- websecure
|
||||
tls:
|
||||
certResolver: cloudflare
|
||||
|
||||
vault-ui:
|
||||
rule: "Host(`vault.git-4ta.live`)"
|
||||
service: vault-cluster
|
||||
entryPoints:
|
||||
- websecure
|
||||
tls:
|
||||
certResolver: cloudflare
|
||||
|
||||
authentik-ui:
|
||||
rule: "Host(`authentik1.git-4ta.live`)"
|
||||
service: authentik-cluster
|
||||
entryPoints:
|
||||
- websecure
|
||||
tls:
|
||||
certResolver: cloudflare
|
||||
|
||||
grafana-ui:
|
||||
rule: "Host(`grafana.git-4ta.live`)"
|
||||
service: grafana-cluster
|
||||
entryPoints:
|
||||
- websecure
|
||||
tls:
|
||||
certResolver: cloudflare
|
||||
EOF
|
||||
destination = "local/dynamic.yml"
|
||||
}
|
||||
|
||||
template {
|
||||
data = <<EOF
|
||||
|
||||
Reference in New Issue
Block a user