zyc/video-shuoshan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Switch deployment from kubectl to SSH for EC certificate compatibility
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 2m33s
Details

Browse Source 
K3s uses EC certificates which CI kubectl cannot parse. Deploy via SSH
to server where local kubectl works natively.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
zyc 2026-03-19 14:57:01 +08:00
parent ecde54b8d8
commit cc8cfe60cf
1 changed files with 34 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
.gitea/workflows/deploy.yaml
View File

@ -47,46 +47,48 @@ jobs:
--tag ${{ secrets.SWR_SERVER }}/${{ secrets.SWR_ORG }}/video-web:latest \
./web 2>&1 | tee -a /tmp/build.log
- name: Setup Kubectl
- name: Setup SSH
run: |
curl -LO "https://dl.k8s.io/release/v1.34.1/bin/linux/amd64/kubectl" || \
curl -LO "https://cdn.dl.k8s.io/release/v1.34.1/bin/linux/amd64/kubectl"
chmod +x kubectl
mv kubectl /usr/local/bin/
mkdir -p ~/.ssh
echo "${{ secrets.K3S_SSH_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H ${{ secrets.K3S_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
- name: Deploy to K3s
run: |
mkdir -p ~/.kube
echo "${{ secrets.KUBE_CONFIG_K3S }}" > ~/.kube/config
- name: Create or Update Secrets
run: |
kubectl create secret generic video-backend-secrets \
--from-literal=ARK_API_KEY=${{ secrets.ARK_API_KEY }} \
--from-literal=TOS_ACCESS_KEY=${{ secrets.TOS_ACCESS_KEY }} \
--from-literal=TOS_SECRET_KEY=${{ secrets.TOS_SECRET_KEY }} \
--from-literal=DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }} \
--from-literal=DB_HOST=${{ secrets.DB_HOST }} \
--from-literal=DB_USER=${{ secrets.DB_USER }} \
--from-literal=DB_PASSWORD=${{ secrets.DB_PASSWORD }} \
--dry-run=client -o yaml | kubectl apply -f -
- name: Apply K8s Manifests
- name: Deploy to K3s via SSH
id: deploy
run: |
# Replace image placeholders
sed -i "s|\${CI_REGISTRY_IMAGE}/video-backend:latest|${{ secrets.SWR_SERVER }}/${{ secrets.SWR_ORG }}/video-backend:latest|g" k8s/backend-deployment.yaml
sed -i "s|\${CI_REGISTRY_IMAGE}/video-web:latest|${{ secrets.SWR_SERVER }}/${{ secrets.SWR_ORG }}/video-web:latest|g" k8s/web-deployment.yaml
SWR_IMAGE="${{ secrets.SWR_SERVER }}/${{ secrets.SWR_ORG }}"
# Apply all manifests (cert-manager & issuer already installed on cluster)
# Replace image placeholders in yaml files
sed -i "s|\${CI_REGISTRY_IMAGE}/video-backend:latest|${SWR_IMAGE}/video-backend:latest|g" k8s/backend-deployment.yaml
sed -i "s|\${CI_REGISTRY_IMAGE}/video-web:latest|${SWR_IMAGE}/video-web:latest|g" k8s/web-deployment.yaml
# Copy k8s manifests to server
scp -o StrictHostKeyChecking=no k8s/backend-deployment.yaml k8s/web-deployment.yaml k8s/ingress.yaml root@${{ secrets.K3S_HOST }}:/tmp/
# Create/update secrets and apply manifests on server
set -o pipefail
{
kubectl apply -f k8s/backend-deployment.yaml
kubectl apply -f k8s/web-deployment.yaml
kubectl apply -f k8s/ingress.yaml
ssh -o StrictHostKeyChecking=no root@${{ secrets.K3S_HOST }} << ENDSSH
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
kubectl create secret generic video-backend-secrets \
--from-literal=ARK_API_KEY='${{ secrets.ARK_API_KEY }}' \
--from-literal=TOS_ACCESS_KEY='${{ secrets.TOS_ACCESS_KEY }}' \
--from-literal=TOS_SECRET_KEY='${{ secrets.TOS_SECRET_KEY }}' \
--from-literal=DJANGO_SECRET_KEY='${{ secrets.DJANGO_SECRET_KEY }}' \
--from-literal=DB_HOST='${{ secrets.DB_HOST }}' \
--from-literal=DB_USER='${{ secrets.DB_USER }}' \
--from-literal=DB_PASSWORD='${{ secrets.DB_PASSWORD }}' \
--dry-run=client -o yaml | kubectl apply -f -
kubectl apply -f /tmp/backend-deployment.yaml
kubectl apply -f /tmp/web-deployment.yaml
kubectl apply -f /tmp/ingress.yaml
kubectl rollout restart deployment/video-backend
kubectl rollout restart deployment/video-web
} 2>&1 | tee /tmp/deploy.log
rm -f /tmp/backend-deployment.yaml /tmp/web-deployment.yaml /tmp/ingress.yaml
ENDSSH
# ===== Log Center: failure reporting =====
- name: Report failure to Log Center