1 feat: 重构基础设施架构并完善Consul集群配置

2 3 主要变更: 4 - 重构Terraform/OpenTofu目录结构，统一迁移至infrastructure/opentofu 5 - 添加"7天创造世界"文档，记录基础设施建设演进逻辑 6 - 更新Consul集群配置管理经验，添加实际案例和解决方案 7 - 修正README中的Sticky Note，反映Consul集群健康状态 8 - 添加Ansible部署配置和inventory文件 9 - 完善项目文档结构，添加各组件配置指南 10 11 技术架构演进: 12 - 第1天: Tailscale网络连接基础 ✅ 13 - 第2天: Ansible分布式控制 ✅ 14 - 第3天: Nomad服务感知与任务调度 ✅ 15 - 第4天: Consul配置集中管理 ✅ 16 - 第5天: OpenTofu状态一致性 ✅ 17 - 第6天: Vault密钥管理 ⏳ 18 - 第7天: Waypoint应用部署 ⏳
2025-09-30 03:46:33 +00:00
parent c0064b2cad
commit e8bfc76038
119 changed files with 1772 additions and 631 deletions
--- a/infrastructure/configs/dynamic/config.yml
+++ b/infrastructure/configs/dynamic/config.yml
@@ -0,0 +1,58 @@
+# Traefik动态配置文件
+# 这里可以添加动态路由、中间件等配置
+
+# HTTP路由示例
+http:
+  routers:
+    # 测试路由
+    test-router:
+      rule: "Host(`test.service.consul`)"
+      service: "test-service"
+      entryPoints:
+        - "https"
+      tls:
+        certResolver: "default"
+  
+  services:
+    # 测试服务
+    test-service:
+      loadBalancer:
+        servers:
+          - url: "http://127.0.0.1:8080"
+        passHostHeader: true
+
+  middlewares:
+    # 基本认证中间件
+    basic-auth:
+      basicAuth:
+        users:
+          - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
+    
+    # 安全头中间件
+    security-headers:
+      headers:
+        sslRedirect: true
+        stsSeconds: 31536000
+        stsIncludeSubdomains: true
+        stsPreload: true
+        forceSTSHeader: true
+        customFrameOptionsValue: "SAMEORIGIN"
+        contentTypeNosniff: true
+        browserXssFilter: true
+
+# TCP路由示例
+tcp:
+  routers:
+    # TCP测试路由
+    tcp-test-router:
+      rule: "HostSNI(`*`)"
+      service: "tcp-test-service"
+      entryPoints:
+        - "https"
+  
+  services:
+    # TCP测试服务
+    tcp-test-service:
+      loadBalancer:
+        servers:
+          - address: "127.0.0.1:8080"
--- a/infrastructure/configs/nomad-ash3c.hcl
+++ b/infrastructure/configs/nomad-ash3c.hcl
@@ -0,0 +1,47 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+
+bind_addr = "100.116.80.94"
+
+addresses {
+  http = "100.116.80.94"
+  rpc  = "100.116.80.94"
+  serf = "100.116.80.94"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = false
+}
+
+client {
+  enabled = true
+  network_interface = "tailscale0"
+  
+  servers = [
+    "100.116.158.95:4647",  # semaphore
+    "100.103.147.94:4647", # ash2e
+    "100.81.26.3:4647",    # ash1d
+    "100.90.159.68:4647"   # ch2
+  ]
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {
+  address = "100.116.80.94:8500"
+}
--- a/infrastructure/configs/nomad-master.hcl
+++ b/infrastructure/configs/nomad-master.hcl
@@ -0,0 +1,47 @@
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+
+bind_addr = "100.117.106.136"
+
+addresses {
+  http = "100.117.106.136"
+  rpc  = "100.117.106.136"
+  serf = "100.117.106.136"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = false
+}
+
+client {
+  enabled = true
+  network_interface = "tailscale0"
+  
+  servers = [
+    "100.116.158.95:4647",  # semaphore
+    "100.103.147.94:4647", # ash2e
+    "100.81.26.3:4647",    # ash1d
+    "100.90.159.68:4647"   # ch2
+  ]
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {
+  address = "100.117.106.136:8500"
+}
--- a/infrastructure/configs/prometheus.yml
+++ b/infrastructure/configs/prometheus.yml
@@ -0,0 +1,38 @@
+global:
+  scrape_interval: 15s
+  evaluation_interval: 15s
+
+rule_files:
+  # - "first_rules.yml"
+  # - "second_rules.yml"
+
+scrape_configs:
+  - job_name: 'prometheus'
+    static_configs:
+      - targets: ['localhost:9090']
+
+  - job_name: 'openfaas'
+    static_configs:
+      - targets: ['gateway:8080']
+    metrics_path: /metrics
+    scrape_interval: 15s
+    scrape_timeout: 10s
+
+  - job_name: 'nats'
+    static_configs:
+      - targets: ['nats:8222']
+    metrics_path: /metrics
+    scrape_interval: 15s
+    scrape_timeout: 10s
+
+  - job_name: 'node-exporter'
+    static_configs:
+      - targets: ['node-exporter:9100']
+    scrape_interval: 15s
+    scrape_timeout: 10s
+
+  - job_name: 'cadvisor'
+    static_configs:
+      - targets: ['cadvisor:8080']
+    scrape_interval: 15s
+    scrape_timeout: 10s
--- a/infrastructure/configs/traefik.yml
+++ b/infrastructure/configs/traefik.yml
@@ -0,0 +1,63 @@
+# Traefik静态配置文件
+global:
+  sendAnonymousUsage: false
+
+# API和仪表板配置
+api:
+  dashboard: true
+  insecure: true  # 仅用于测试，生产环境应使用安全配置
+
+# 入口点配置
+entryPoints:
+  http:
+    address: ":80"
+    # 重定向HTTP到HTTPS
+    http:
+      redirections:
+        entryPoint:
+          to: https
+          scheme: https
+  https:
+    address: ":443"
+  api:
+    address: ":8080"
+
+# 提供者配置
+providers:
+  # 启用Consul Catalog提供者
+  consulCatalog:
+    exposedByDefault: false
+    prefix: "traefik"
+    refreshInterval: 15s
+    requireConsistent: true
+    stale: false
+    watch: true
+    endpoint:
+      address: "http://127.0.0.1:8500"
+      scheme: "http"
+    connectAware: true
+    connectByDefault: false
+  
+  # 启用Nomad提供者
+  nomad:
+    exposedByDefault: false
+    prefix: "traefik"
+    refreshInterval: 15s
+    stale: false
+    watch: true
+    endpoint:
+      address: "http://127.0.0.1:4646"
+      scheme: "http"
+    allowEmptyServices: true
+
+# 日志配置
+log:
+  level: "INFO"
+  format: "json"
+
+accessLog:
+  format: "json"
+  fields:
+    defaultMode: "keep"
+    headers:
+      defaultMode: "keep"