perf: kubectl 4s 超时 + 5 次重试，避免 K3s 内网抖动卡死部署

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 11:29:24 +08:00 · 2026-04-13 11:29:24 +08:00 · a6a3928091
commit a6a3928091
parent ab1b00f94a
1 changed files with 18 additions and 16 deletions
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@ -133,41 +133,43 @@ jobs:
          sed -i "s|redis://zyc:Zyc188208@redis-shzlsczo52dft8mia.redis.ivolces.com:6379/0|${{ env.REDIS_URL }}|g" k8s/celery-deployment.yaml

          # All kubectl operations with retry (K3s 内网连接可能抖动)
-          for attempt in 1 2 3; do
-            echo "Deploy attempt $attempt/3..."
+          export KUBECTL_TIMEOUT="--request-timeout=4s"
+
+          for attempt in 1 2 3 4 5; do
+            echo "Deploy attempt $attempt/5..."
            {
              # Create/update image pull secret for CR
-              kubectl create secret docker-registry cr-pull-secret \
+              kubectl $KUBECTL_TIMEOUT create secret docker-registry cr-pull-secret \
                --docker-server="${{ env.CR_SERVER_ACTIVE }}" \
                --docker-username="${{ env.CR_USERNAME_ACTIVE }}" \
                --docker-password="${{ env.CR_PASSWORD_ACTIVE }}" \
-                --dry-run=client -o yaml | kubectl apply -f -
+                --dry-run=client -o yaml | kubectl $KUBECTL_TIMEOUT apply -f -

              # Create/update secrets (业务密钥，DB 已写在 yaml 里)
-              kubectl create secret generic video-backend-secrets \
+              kubectl $KUBECTL_TIMEOUT create secret generic video-backend-secrets \
                --from-literal=ARK_API_KEY='${{ secrets.ARK_API_KEY }}' \
                --from-literal=TOS_ACCESS_KEY='${{ secrets.TOS_ACCESS_KEY }}' \
                --from-literal=TOS_SECRET_KEY='${{ secrets.TOS_SECRET_KEY }}' \
                --from-literal=DJANGO_SECRET_KEY='${{ secrets.DJANGO_SECRET_KEY }}' \
                --from-literal=ALIYUN_SMS_ACCESS_KEY='${{ secrets.ALIYUN_SMS_ACCESS_KEY }}' \
                --from-literal=ALIYUN_SMS_ACCESS_SECRET='${{ secrets.ALIYUN_SMS_ACCESS_SECRET }}' \
-                --dry-run=client -o yaml | kubectl apply -f -
+                --dry-run=client -o yaml | kubectl $KUBECTL_TIMEOUT apply -f -

              # Apply manifests
-              kubectl apply -f k8s/backend-deployment.yaml
-              kubectl apply -f k8s/celery-deployment.yaml
-              kubectl apply -f k8s/web-deployment.yaml
-              kubectl apply -f k8s/ingress.yaml
+              kubectl $KUBECTL_TIMEOUT apply -f k8s/backend-deployment.yaml
+              kubectl $KUBECTL_TIMEOUT apply -f k8s/celery-deployment.yaml
+              kubectl $KUBECTL_TIMEOUT apply -f k8s/web-deployment.yaml
+              kubectl $KUBECTL_TIMEOUT apply -f k8s/ingress.yaml

              # Preserve real client IP
-              kubectl patch svc traefik -n kube-system -p '{"spec":{"externalTrafficPolicy":"Local"}}' 2>/dev/null || true
+              kubectl $KUBECTL_TIMEOUT patch svc traefik -n kube-system -p '{"spec":{"externalTrafficPolicy":"Local"}}' 2>/dev/null || true

-              kubectl rollout restart deployment/video-backend
-              kubectl rollout restart deployment/celery-worker
-              kubectl rollout restart deployment/video-web
+              kubectl $KUBECTL_TIMEOUT rollout restart deployment/video-backend
+              kubectl $KUBECTL_TIMEOUT rollout restart deployment/celery-worker
+              kubectl $KUBECTL_TIMEOUT rollout restart deployment/video-web
            } 2>&1 | tee /tmp/deploy.log && break
-            echo "Attempt $attempt failed, retrying in 10s..."
-            sleep 10
+            echo "Attempt $attempt failed, retrying in 30s..."
+            sleep 30
          done

      # ===== Log Center: failure reporting =====