#!/bin/bash # ============================================================================= # AWOOOI Phase 0 基建部署腳本 # ============================================================================= # 負責人: CIO/CTO # 版本: v1.0 # 日期: 2026-03-20 # # 功能: # 1. 將 K8s YAML 傳送到 K3s Master (192.168.0.120) # 2. 建立 Namespace、ResourceQuota、NetworkPolicy、ConfigMap # 3. 驗證部署狀態 # # 使用方式: # chmod +x deploy-infra.sh # ./deploy-infra.sh # ============================================================================= set -e # 遇錯即停 # ============================================================================= # 配置區 # ============================================================================= K3S_MASTER="192.168.0.120" K3S_USER="wooo" REMOTE_DIR="/tmp/awoooi-k8s" LOCAL_K8S_DIR="$(dirname "$0")/k8s/awoooi-prod" NAMESPACE="awoooi-prod" # Phase 0 需部署的檔案 (不含 secrets 和 deployments) PHASE0_FILES=( "01-namespace-quota.yaml" "02-network-policy.yaml" "04-configmap.yaml" ) # 顏色輸出 RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' CYAN='\033[0;36m' NC='\033[0m' # No Color # ============================================================================= # 函式區 # ============================================================================= log_info() { echo -e "${CYAN}[INFO]${NC} $1" } log_success() { echo -e "${GREEN}[OK]${NC} $1" } log_warn() { echo -e "${YELLOW}[WARN]${NC} $1" } log_error() { echo -e "${RED}[ERROR]${NC} $1" } # ============================================================================= # 主流程 # ============================================================================= echo "" echo "============================================================" echo " AWOOOI Phase 0 基建部署" echo " Target: ${K3S_MASTER} (K3s Master)" echo "============================================================" echo "" # ----------------------------------------------------------------------------- # Step 1: 驗證本地檔案 # ----------------------------------------------------------------------------- log_info "Step 1: 驗證本地 YAML 檔案..." for file in "${PHASE0_FILES[@]}"; do if [[ ! -f "${LOCAL_K8S_DIR}/${file}" ]]; then log_error "找不到檔案: ${LOCAL_K8S_DIR}/${file}" exit 1 fi log_success " ${file}" done # ----------------------------------------------------------------------------- # Step 2: 建立遠端目錄並傳送檔案 # ----------------------------------------------------------------------------- log_info "Step 2: 傳送 YAML 到 ${K3S_MASTER}..." ssh "${K3S_USER}@${K3S_MASTER}" "mkdir -p ${REMOTE_DIR}" for file in "${PHASE0_FILES[@]}"; do scp -q "${LOCAL_K8S_DIR}/${file}" "${K3S_USER}@${K3S_MASTER}:${REMOTE_DIR}/" log_success " ${file} -> ${K3S_MASTER}:${REMOTE_DIR}/" done # ----------------------------------------------------------------------------- # Step 3: 執行 kubectl apply # ----------------------------------------------------------------------------- log_info "Step 3: 執行 kubectl apply..." for file in "${PHASE0_FILES[@]}"; do log_info " Applying ${file}..." ssh "${K3S_USER}@${K3S_MASTER}" "kubectl apply -f ${REMOTE_DIR}/${file}" done # ----------------------------------------------------------------------------- # Step 4: 驗證部署狀態 # ----------------------------------------------------------------------------- echo "" log_info "Step 4: 驗證部署狀態..." echo "" echo "--- Namespace ---" ssh "${K3S_USER}@${K3S_MASTER}" "kubectl get ns ${NAMESPACE} -o wide" echo "" echo "--- ResourceQuota ---" ssh "${K3S_USER}@${K3S_MASTER}" "kubectl get resourcequota -n ${NAMESPACE}" echo "" echo "--- LimitRange ---" ssh "${K3S_USER}@${K3S_MASTER}" "kubectl get limitrange -n ${NAMESPACE}" echo "" echo "--- NetworkPolicy (零信任) ---" ssh "${K3S_USER}@${K3S_MASTER}" "kubectl get networkpolicy -n ${NAMESPACE}" echo "" echo "--- ConfigMap ---" ssh "${K3S_USER}@${K3S_MASTER}" "kubectl get configmap -n ${NAMESPACE}" echo "" # ----------------------------------------------------------------------------- # Step 5: 清理遠端暫存 # ----------------------------------------------------------------------------- log_info "Step 5: 清理遠端暫存..." ssh "${K3S_USER}@${K3S_MASTER}" "rm -rf ${REMOTE_DIR}" log_success "已清理 ${REMOTE_DIR}" # ----------------------------------------------------------------------------- # 完成 # ----------------------------------------------------------------------------- echo "" echo "============================================================" echo -e " ${GREEN}Phase 0 基建部署完成!${NC}" echo "============================================================" echo "" echo "已建立:" echo " - Namespace: ${NAMESPACE}" echo " - ResourceQuota: awoooi-prod-quota (CPU 4/8, Mem 8Gi/16Gi)" echo " - LimitRange: awoooi-prod-limits" echo " - NetworkPolicy: default-deny-all, allow-nginx-ingress, allow-required-egress" echo " - ConfigMap: awoooi-config" echo "" echo "下一步:" echo " 1. CIO 手動配置 03-secrets.yaml 實際值" echo " 2. CI/CD 建置映像後自動部署 Deployment" echo ""