Merge pull request #958 from pikasTech/fix/sub2api-d518-api2-source-truth

修复 D518/api2 Sub2API source-truth 漂移
This commit is contained in:
Lyon
2026-06-26 11:54:34 +08:00
committed by GitHub
6 changed files with 102 additions and 6 deletions
+13
View File
@@ -90,6 +90,9 @@ postgres:
- id: G14-public
cidr: 202.98.17.68/32
purpose: platform-infra-runtime
- id: D518-public
cidr: 202.98.13.68/32
purpose: platform-infra-sub2api-active
tuning:
maxConnections: 50
sharedBuffers: 512MB
@@ -140,6 +143,16 @@ postgres:
user: sub2api
address: 36.49.29.0/24
method: scram-sha-256
- type: hostssl
database: sub2api
user: sub2api
address: 202.98.13.68/32
method: scram-sha-256
- type: hostssl
database: postgres
user: sub2api
address: 202.98.13.68/32
method: scram-sha-256
- type: hostssl
database: langbot
user: langbot
+79
View File
@@ -173,6 +173,85 @@ targets:
- 74.48.78.17
- hyueapi.com
- .hyueapi.com
- id: D518
route: D518:k3s
namespace: platform-infra
role: active
enabled: true
databaseMode: external-active
redisMode: local-ephemeral
appReplicas: 1
redisReplicas: 1
image:
repository: weishaw/sub2api
tag: 0.1.138
pullPolicy: IfNotPresent
dependencyImages:
postgres: docker.m.daocloud.io/library/postgres:18-alpine
redis: docker.m.daocloud.io/library/redis:8-alpine
publicExposure:
enabled: true
publicBaseUrl: https://api2.pikapython.com
dns:
hostname: api2.pikapython.com
expectedA: 82.156.23.220
resolvers: [1.1.1.1, 8.8.8.8, 223.5.5.5, 114.114.114.114]
frpc:
deploymentName: sub2api-frpc
secretName: sub2api-frpc-secrets
secretKey: frpc.toml
image: ghcr.io/fatedier/frpc:v0.68.1
serverAddr: 82.156.23.220
serverPort: 22000
proxyName: platform-infra-sub2api-d518-api
remotePort: 22094
localIP: sub2api.platform-infra.svc.cluster.local
localPort: 8080
tokenSourceRef: platform-infra/pk01-frp.env
tokenSourceKey: FRP_TOKEN
pk01:
route: PK01
caddyBinaryPath: /usr/local/bin/caddy
caddyDownloadUrl: https://caddyserver.com/api/download?os=linux&arch=amd64
caddyDownloadProxyUrl: http://127.0.0.1:18789
caddyConfigPath: /etc/caddy/Caddyfile
caddyServiceName: caddy
caddyStorageDir: /var/lib/caddy
caddyEmail: ops@pikapython.com
pikanodeRoot: /home/ubuntu/pikanode
pikanodeContainerName: pikanode
pikanodeImage: pikanode
pikanodeHttpHostPort: 18888
responseHeaderTimeoutSeconds: 600
egressProxy:
enabled: true
deploymentName: sub2api-egress-proxy
serviceName: sub2api-egress-proxy
secretName: sub2api-egress-proxy-config
secretKey: config.json
image: ghcr.io/sagernet/sing-box:latest
imagePullPolicy: IfNotPresent
listenPort: 10808
sourceRef: platform-infra/master-vpn-subscription.env
sourceKey: MASTER_VPN_SUBSCRIPTION_URL
sourceType: subscription-url
preferredOutbound: hysteria2
applyToSub2Api: true
applyToSentinel: true
healthProbeUrl: https://www.gstatic.com/generate_204
noProxy:
- localhost
- 127.0.0.1
- ::1
- .svc
- .cluster.local
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 82.156.23.220
- 74.48.78.17
- hyueapi.com
- .hyueapi.com
runtime:
database:
mode: external
+1 -1
View File
@@ -152,7 +152,7 @@ export function plan(options: TargetOptions): Record<string, unknown> {
? {
mode: "pk01-caddy-frp-direct",
dataPath: `client -> PK01 Caddy -> PK01 frps remotePort -> ${target.id} frpc -> Sub2API`,
pikanodeRole: "pikapython.com upstream only; api.pikapython.com does not pass through pikanode Express",
pikanodeRole: `pikapython.com upstream only; ${target.publicExposure.dns.hostname} does not pass through pikanode Express`,
publicBaseUrl: target.publicExposure.publicBaseUrl,
hostname: target.publicExposure.dns.hostname,
expectedA: target.publicExposure.dns.expectedA,
+2 -2
View File
@@ -18,10 +18,10 @@ import type { EgressProxySecretMaterial, ExternalActiveSecretMaterial, PublicExp
import { fieldManager, requiredSecretKeys, sub2apiCaddyManagedMarker } from "./entry";
import { managedResourceCleanupPlan } from "./manifest";
export function renderPk01Caddyfile(exposure: Sub2ApiPublicExposureConfig): string {
export function renderPk01Caddyfile(target: Sub2ApiTargetConfig, exposure: Sub2ApiPublicExposureConfig): string {
const apexHost = baseDomain(exposure.dns.hostname);
const apiBlock = renderCaddyManagedBlock(
sub2apiCaddyManagedMarker,
sub2apiCaddyManagedMarker(target),
renderSimpleReverseProxyCaddySiteBlock({
hostname: exposure.dns.hostname,
upstream: `127.0.0.1:${exposure.frpc.remotePort}`,
+5 -1
View File
@@ -27,7 +27,11 @@ export const configPath = rootPath("config", "platform-infra", "sub2api.yaml");
export const codexPoolConfigPath = rootPath("config", "platform-infra", "sub2api-codex-pool.yaml");
export const sub2apiCaddyManagedMarker = "sub2api";
export const legacySub2apiCaddyManagedMarker = "sub2api";
export function sub2apiCaddyManagedMarker(target: Sub2ApiTargetConfig): string {
return target.id.toUpperCase() === "D601" ? legacySub2apiCaddyManagedMarker : `${legacySub2apiCaddyManagedMarker}-${target.id.toLowerCase()}`;
}
export const requiredSecretKeys = ["POSTGRES_PASSWORD", "ADMIN_PASSWORD", "JWT_SECRET", "TOTP_ENCRYPTION_KEY"] as const;
@@ -429,7 +429,7 @@ if [ -f "$download_cache" ]; then stat -c 'cache_bytes=%s cache_mtime=%y' "$down
}
export function pk01PublicExposureScript(target: Sub2ApiTargetConfig, exposure: Sub2ApiPublicExposureConfig): string {
const caddyfile = renderPk01Caddyfile(exposure);
const caddyfile = renderPk01Caddyfile(target, exposure);
const serviceUnit = renderPk01CaddyService(exposure);
const caddyfileB64 = Buffer.from(caddyfile, "utf8").toString("base64");
const serviceUnitB64 = Buffer.from(serviceUnit, "utf8").toString("base64");
@@ -606,7 +606,7 @@ payload = {
"hostname": "${exposure.dns.hostname}",
"expectedA": "${exposure.dns.expectedA}",
"dataPath": "client -> PK01 Caddy -> PK01 frps remotePort -> ${target.id} frpc -> Sub2API",
"pikanodeRole": "pikapython.com upstream only; api.pikapython.com does not pass through pikanode Express",
"pikanodeRole": "pikapython.com upstream only; ${exposure.dns.hostname} does not pass through pikanode Express",
"caddy": {
"binaryPath": "${exposure.pk01.caddyBinaryPath}",
"configPath": "${exposure.pk01.caddyConfigPath}",