From 43fe1b8909c16ac1230ef7432417525c8cb49369 Mon Sep 17 00:00:00 2001 From: zyc <1439655764@qq.com> Date: Sat, 4 Apr 2026 15:15:01 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E5=B0=86=20kubectl=20secret=20=E5=88=9B?= =?UTF-8?q?=E5=BB=BA=E4=B9=9F=E7=BA=B3=E5=85=A5=E9=87=8D=E8=AF=95=E5=BE=AA?= =?UTF-8?q?=E7=8E=AF=EF=BC=8C=E4=BF=AE=E5=A4=8D=E9=87=8D=E8=AF=95=E6=9C=AA?= =?UTF-8?q?=E7=94=9F=E6=95=88=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.6 (1M context) --- .gitea/workflows/deploy.yaml | 38 ++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index 5133d67..4d83365 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -130,28 +130,28 @@ jobs: sed -i "s|redis://zyc:Zyc188208@redis-shzlsczo52dft8mia.redis.ivolces.com:6379/0|${{ env.REDIS_URL }}|g" k8s/backend-deployment.yaml sed -i "s|redis://zyc:Zyc188208@redis-shzlsczo52dft8mia.redis.ivolces.com:6379/0|${{ env.REDIS_URL }}|g" k8s/celery-deployment.yaml - # Create/update image pull secret for CR - kubectl create secret docker-registry cr-pull-secret \ - --docker-server="${{ env.CR_SERVER_ACTIVE }}" \ - --docker-username="${{ env.CR_USERNAME_ACTIVE }}" \ - --docker-password="${{ env.CR_PASSWORD_ACTIVE }}" \ - --dry-run=client -o yaml | kubectl apply -f - - - # Create/update secrets (业务密钥,DB 已写在 yaml 里) - kubectl create secret generic video-backend-secrets \ - --from-literal=ARK_API_KEY='${{ secrets.ARK_API_KEY }}' \ - --from-literal=TOS_ACCESS_KEY='${{ secrets.TOS_ACCESS_KEY }}' \ - --from-literal=TOS_SECRET_KEY='${{ secrets.TOS_SECRET_KEY }}' \ - --from-literal=DJANGO_SECRET_KEY='${{ secrets.DJANGO_SECRET_KEY }}' \ - --from-literal=ALIYUN_SMS_ACCESS_KEY='${{ secrets.ALIYUN_SMS_ACCESS_KEY }}' \ - --from-literal=ALIYUN_SMS_ACCESS_SECRET='${{ secrets.ALIYUN_SMS_ACCESS_SECRET }}' \ - --dry-run=client -o yaml | kubectl apply -f - - - # Apply manifests (with retry for transient network issues) - set -o pipefail + # All kubectl operations with retry (K3s 内网连接可能抖动) for attempt in 1 2 3; do echo "Deploy attempt $attempt/3..." { + # Create/update image pull secret for CR + kubectl create secret docker-registry cr-pull-secret \ + --docker-server="${{ env.CR_SERVER_ACTIVE }}" \ + --docker-username="${{ env.CR_USERNAME_ACTIVE }}" \ + --docker-password="${{ env.CR_PASSWORD_ACTIVE }}" \ + --dry-run=client -o yaml | kubectl apply -f - + + # Create/update secrets (业务密钥,DB 已写在 yaml 里) + kubectl create secret generic video-backend-secrets \ + --from-literal=ARK_API_KEY='${{ secrets.ARK_API_KEY }}' \ + --from-literal=TOS_ACCESS_KEY='${{ secrets.TOS_ACCESS_KEY }}' \ + --from-literal=TOS_SECRET_KEY='${{ secrets.TOS_SECRET_KEY }}' \ + --from-literal=DJANGO_SECRET_KEY='${{ secrets.DJANGO_SECRET_KEY }}' \ + --from-literal=ALIYUN_SMS_ACCESS_KEY='${{ secrets.ALIYUN_SMS_ACCESS_KEY }}' \ + --from-literal=ALIYUN_SMS_ACCESS_SECRET='${{ secrets.ALIYUN_SMS_ACCESS_SECRET }}' \ + --dry-run=client -o yaml | kubectl apply -f - + + # Apply manifests kubectl apply -f k8s/backend-deployment.yaml kubectl apply -f k8s/celery-deployment.yaml kubectl apply -f k8s/web-deployment.yaml