juwan/juwan-backend
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

feat(deploy): add k01 business cluster manifests for k3s with cnpg, strimzi, redis and mongodb operators

Browse Source
This commit is contained in:
zetaloop
2026-05-05 12:08:10 +08:00
parent 2d4dc236e9
commit 20ca50c127
31 changed files with 4396 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy/k01/.env.example
+24
View File
@@ -0,0 +1,24 @@
REGISTRY_HOST=registry.juwan.xhttp.zip
REGISTRY_USERNAME=admin
REGISTRY_PASSWORD=
JWT_SECRET_KEY=
ADMIN_USERNAME=admin
ADMIN_PASSWORD=
ADMIN_EMAIL=admin@juwan.xhttp.zip
EMAIL_SMTP_HOST=smtp-relay.brevo.com
EMAIL_SMTP_PORT=587
EMAIL_SMTP_USERNAME=
EMAIL_SMTP_PASSWORD=
EMAIL_FROM_ADDRESS=dev@juwan.xhttp.zip
EMAIL_FROM_NAME=Juwan Team
EMAIL_REPLY_TO=
S3_ENDPOINT=https://s3.juwan.xhttp.zip
S3_ACCESS_KEY=
S3_SECRET_KEY=
S3_BUCKET_NAME=juwan-objectstory
S3_REGION=garage
MONGO_PASSWORD=
deploy/k01/.gitignore
+2
View File
@@ -0,0 +1,2 @@
secrets/
.env
deploy/k01/00-base/namespace.yaml
+38
View File
@@ -0,0 +1,38 @@
apiVersion: v1
kind: Namespace
metadata:
name: juwan
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: juwan
name: find-endpoints
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: discov-endpoints
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch"]
- apiGroups: ["discovery.k8s.io"]
resources: ["endpointslices"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: find-endpoints-discov-endpoints
subjects:
- kind: ServiceAccount
namespace: juwan
name: find-endpoints
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: discov-endpoints
deploy/k01/01-infra/envoy.yaml
+1096
View File
File diff suppressed because it is too large Load Diff
deploy/k01/01-infra/kafka.yaml
+72
View File
@@ -0,0 +1,72 @@
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaNodePool
metadata:
name: controller
namespace: kafka
labels:
strimzi.io/cluster: juwan-kafka
spec:
replicas: 1
roles:
- controller
storage:
type: persistent-claim
size: 1Gi
deleteClaim: false
---
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaNodePool
metadata:
name: broker
namespace: kafka
labels:
strimzi.io/cluster: juwan-kafka
spec:
replicas: 1
roles:
- broker
storage:
type: persistent-claim
size: 5Gi
deleteClaim: false
---
apiVersion: kafka.strimzi.io/v1beta2
kind: Kafka
metadata:
name: juwan-kafka
namespace: kafka
annotations:
strimzi.io/node-pools: enabled
strimzi.io/kraft: enabled
spec:
kafka:
version: 4.2.0
metadataVersion: 4.2-IV0
listeners:
- name: plain
port: 9092
type: internal
tls: false
config:
offsets.topic.replication.factor: 1
transaction.state.log.replication.factor: 1
transaction.state.log.min.isr: 1
default.replication.factor: 1
min.insync.replicas: 1
entityOperator:
topicOperator: {}
userOperator: {}
---
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaTopic
metadata:
name: email-task
namespace: kafka
labels:
strimzi.io/cluster: juwan-kafka
spec:
partitions: 1
replicas: 1
deploy/k01/01-infra/load-schema.sh
Executable
+58
View File
@@ -0,0 +1,58 @@
#!/usr/bin/env bash
set -euo pipefail
K01_DIR="$(cd "$(dirname "$0")" && pwd)"
REPO_ROOT="$(cd "$K01_DIR/../.." && pwd)"
SQL_DIR="$REPO_ROOT/desc/sql"
FIXTURE_DIR="$REPO_ROOT/deploy/dev/fixture"
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
declare -A SCHEMA_MAP=(
[user-db]=users
[player-db]=player
[game-db]=game
[shop-db]=shop
[order-db]=order
[wallet-db]=wallet
[community-db]=community
[review-db]=review
[dispute-db]=dispute
[notification-db]=notification
[search-db]=search
)
psql_exec() {
local cluster="$1" sql="$2"
kubectl -n juwan exec -i "${cluster}-1" -c postgres -- psql \
-v ON_ERROR_STOP=1 -U app -d app <<<"$sql"
}
psql_file() {
local cluster="$1" file="$2"
kubectl -n juwan exec -i "${cluster}-1" -c postgres -- psql \
-v ON_ERROR_STOP=1 -U app -d app < "$file"
}
for cluster in "${!SCHEMA_MAP[@]}"; do
domain="${SCHEMA_MAP[$cluster]}"
echo ">>> $cluster ($domain)"
kubectl -n juwan wait --for=condition=Ready "cluster.postgresql.cnpg.io/${cluster}" --timeout=300s
psql_file "$cluster" "$SQL_DIR/common/update_updated_at_column.sql"
for f in "$SQL_DIR/$domain"/*.sql; do
[ -f "$f" ] || continue
echo " schema: $(basename "$f")"
psql_file "$cluster" "$f"
done
if [ -f "$FIXTURE_DIR/$domain.sql" ]; then
echo " fixture: $domain.sql"
psql_file "$cluster" "$FIXTURE_DIR/$domain.sql"
fi
done
echo
echo "schema + fixture loaded into 11 CNPG clusters"
deploy/k01/01-infra/mongo.yaml
+41
View File
@@ -0,0 +1,41 @@
apiVersion: mongodbcommunity.mongodb.com/v1
kind: MongoDBCommunity
metadata:
name: chat-mongodb
namespace: juwan
spec:
members: 1
type: ReplicaSet
version: "8.2.6"
security:
authentication:
modes:
- SCRAM
users:
- name: app-user
db: admin
passwordSecretRef:
name: chat-mongodb-app-user-password
roles:
- name: readWrite
db: juwan_chat
scramCredentialsSecretName: chat-mongodb-app-user-scram
additionalMongodConfig:
storage.wiredTiger.engineConfig.journalCompressor: zlib
statefulSet:
spec:
volumeClaimTemplates:
- metadata:
name: data-volume
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
- metadata:
name: logs-volume
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 256Mi
deploy/k01/01-infra/postgres.yaml
+185
View File
@@ -0,0 +1,185 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: user-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: player-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: game-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: shop-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: order-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: wallet-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: community-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: review-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: dispute-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: notification-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: search-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
deploy/k01/01-infra/ratelimit.yaml
+149
View File
@@ -0,0 +1,149 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: ratelimit-config
namespace: juwan
data:
ratelimit.yaml: |
domain: api
descriptors:
- key: generic_key
value: login
descriptors:
- key: remote_address
rate_limit:
unit: MINUTE
requests_per_unit: 10
- key: generic_key
value: register
descriptors:
- key: remote_address
rate_limit:
unit: MINUTE
requests_per_unit: 5
- key: generic_key
value: forgot_password_send
descriptors:
- key: remote_address
rate_limit:
unit: MINUTE
requests_per_unit: 3
- key: generic_key
value: verify_code_send
descriptors:
- key: remote_address
rate_limit:
unit: MINUTE
requests_per_unit: 3
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: rl-redis
namespace: juwan
labels:
app: rl-redis
spec:
replicas: 1
selector:
matchLabels:
app: rl-redis
template:
metadata:
labels:
app: rl-redis
spec:
containers:
- name: redis
image: redis:8.6.2-alpine
ports:
- containerPort: 6379
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: rl-redis-svc
namespace: juwan
spec:
ports:
- port: 6379
targetPort: 6379
selector:
app: rl-redis
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ratelimit
namespace: juwan
labels:
app: ratelimit
spec:
replicas: 1
selector:
matchLabels:
app: ratelimit
template:
metadata:
labels:
app: ratelimit
spec:
containers:
- name: ratelimit
image: envoyproxy/ratelimit:fe26676d
command: ["/bin/ratelimit"]
env:
- name: REDIS_SOCKET_TYPE
value: tcp
- name: REDIS_URL
value: rl-redis-svc:6379
- name: USE_STATSD
value: "false"
- name: RUNTIME_ROOT
value: /data
- name: RUNTIME_SUBDIRECTORY
value: ratelimit
- name: RUNTIME_WATCH_ROOT
value: "true"
- name: LOG_LEVEL
value: info
ports:
- containerPort: 8081
name: grpc
- containerPort: 6070
name: debug
volumeMounts:
- name: config
mountPath: /data/ratelimit/config
resources:
requests:
cpu: 50m
memory: 64Mi
volumes:
- name: config
configMap:
name: ratelimit-config
---
apiVersion: v1
kind: Service
metadata:
name: ratelimit-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8081
targetPort: 8081
- name: debug
port: 6070
targetPort: 6070
selector:
app: ratelimit
deploy/k01/01-infra/redis.yaml
+346
View File
@@ -0,0 +1,346 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: user-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: user-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: player-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: player-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: game-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: game-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: shop-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: shop-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: order-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: order-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: wallet-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: wallet-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: community-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: community-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: review-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: review-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: dispute-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: dispute-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: notification-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: notification-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: search-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: search-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: chat-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: chat-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
deploy/k01/02-service/authz-adapter.yaml
+48
View File
@@ -0,0 +1,48 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: authz-adapter
namespace: juwan
labels:
app: authz-adapter
spec:
replicas: 1
selector:
matchLabels:
app: authz-adapter
template:
metadata:
labels:
app: authz-adapter
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: authz-adapter
image: registry.juwan.xhttp.zip/juwan/authz-adapter:latest
ports:
- name: grpc
containerPort: 9002
env:
- name: LISTEN_ON
value: "0.0.0.0:9002"
- name: USER_RPC_TARGET
value: "user-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: authz-adapter-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 9002
targetPort: 9002
selector:
app: authz-adapter
deploy/k01/02-service/chat.yaml
+97
View File
@@ -0,0 +1,97 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: chat-api
namespace: juwan
labels:
app: chat-api
spec:
replicas: 1
selector:
matchLabels:
app: chat-api
template:
metadata:
labels:
app: chat-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: chat-api
image: registry.juwan.xhttp.zip/juwan/chat-api:latest
ports:
- name: http
containerPort: 8888
- name: ws
containerPort: 8889
- name: wt
containerPort: 8443
hostPort: 8443
protocol: UDP
- name: metrics
containerPort: 4001
env:
- name: MONGO_PASSWORD
valueFrom:
secretKeyRef:
name: chat-mongodb-app-user-password
key: password
- name: MONGO_URI
value: "mongodb://app-user:$(MONGO_PASSWORD)@chat-mongodb-0.chat-mongodb-svc.juwan.svc.cluster.local:27017/juwan_chat?replicaSet=chat-mongodb&authSource=admin"
- name: MONGO_DATABASE
value: juwan_chat
- name: REDIS_HOST
value: chat-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: chat-redis
key: password
- name: JWT_SECRET_KEY
valueFrom:
secretKeyRef:
name: jwt-secret
key: secret-key
- name: CHAT_WT_CERT_FILE
value: "/etc/certs/tls.crt"
- name: CHAT_WT_KEY_FILE
value: "/etc/certs/tls.key"
volumeMounts:
- name: certs
mountPath: /etc/certs
readOnly: true
resources:
requests:
cpu: 20m
memory: 32Mi
volumes:
- name: certs
secret:
secretName: chat-wt-tls
---
apiVersion: v1
kind: Service
metadata:
name: chat-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: ws
port: 8889
targetPort: 8889
- name: wt
port: 8443
targetPort: 8443
protocol: UDP
- name: metrics
port: 4001
targetPort: 4001
selector:
app: chat-api
deploy/k01/02-service/community.yaml
+136
View File
@@ -0,0 +1,136 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: community-rpc
namespace: juwan
labels:
app: community-rpc
spec:
replicas: 1
selector:
matchLabels:
app: community-rpc
template:
metadata:
labels:
app: community-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: community-rpc
image: registry.juwan.xhttp.zip/juwan/community-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: community-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: community-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: community-db-app
key: dbname
- name: DB_HOST
value: community-db-rw.juwan
- name: DB_HOST_RO
value: community-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: community-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: community-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: community-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: community-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: community-api
namespace: juwan
labels:
app: community-api
spec:
replicas: 1
selector:
matchLabels:
app: community-api
template:
metadata:
labels:
app: community-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: community-api
image: registry.juwan.xhttp.zip/juwan/community-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: COMMUNITY_RPC_TARGET
value: "community-rpc-svc.juwan:8080"
- name: USER_RPC_TARGET
value: "user-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: community-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: community-api
deploy/k01/02-service/dispute.yaml
+138
View File
@@ -0,0 +1,138 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: dispute-rpc
namespace: juwan
labels:
app: dispute-rpc
spec:
replicas: 1
selector:
matchLabels:
app: dispute-rpc
template:
metadata:
labels:
app: dispute-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: dispute-rpc
image: registry.juwan.xhttp.zip/juwan/dispute-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: dispute-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: dispute-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: dispute-db-app
key: dbname
- name: DB_HOST
value: dispute-db-rw.juwan
- name: DB_HOST_RO
value: dispute-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: dispute-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: dispute-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: dispute-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: dispute-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: dispute-api
namespace: juwan
labels:
app: dispute-api
spec:
replicas: 1
selector:
matchLabels:
app: dispute-api
template:
metadata:
labels:
app: dispute-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: dispute-api
image: registry.juwan.xhttp.zip/juwan/dispute-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: DISPUTE_RPC_TARGET
value: "dispute-rpc-svc.juwan:8080"
- name: ORDER_RPC_TARGET
value: "order-rpc-svc.juwan:8080"
- name: PLAYER_RPC_TARGET
value: "player-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: dispute-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: dispute-api
deploy/k01/02-service/email.yaml
+143
View File
@@ -0,0 +1,143 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: email-api
namespace: juwan
labels:
app: email-api
spec:
replicas: 1
selector:
matchLabels:
app: email-api
template:
metadata:
labels:
app: email-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: email-api
image: registry.juwan.xhttp.zip/juwan/email-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: REDIS_HOST
value: user-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: user-redis
key: password
- name: KAFKA_BROKER
value: "juwan-kafka-kafka-bootstrap.kafka:9092"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: email-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: email-api
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: email-mq
namespace: juwan
labels:
app: email-mq
spec:
replicas: 1
selector:
matchLabels:
app: email-mq
template:
metadata:
labels:
app: email-mq
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: email-mq
image: registry.juwan.xhttp.zip/juwan/email-mq:latest
ports:
- name: metrics
containerPort: 4001
env:
- name: KAFKA_BROKER
value: "juwan-kafka-kafka-bootstrap.kafka:9092"
- name: EMAIL_SMTP_HOST
valueFrom:
secretKeyRef:
name: email-smtp
key: host
- name: EMAIL_SMTP_PORT
valueFrom:
secretKeyRef:
name: email-smtp
key: port
- name: EMAIL_SMTP_USERNAME
valueFrom:
secretKeyRef:
name: email-smtp
key: username
- name: EMAIL_SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: email-smtp
key: password
- name: EMAIL_FROM_ADDRESS
valueFrom:
secretKeyRef:
name: email-smtp
key: from-address
- name: EMAIL_FROM_NAME
valueFrom:
secretKeyRef:
name: email-smtp
key: from-name
- name: EMAIL_REPLY_TO
valueFrom:
secretKeyRef:
name: email-smtp
key: reply-to
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: email-mq-svc
namespace: juwan
spec:
ports:
- name: metrics
port: 4001
targetPort: 4001
selector:
app: email-mq
deploy/k01/02-service/frontend.yaml
+43
View File
@@ -0,0 +1,43 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: juwan
labels:
app: frontend
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: frontend
image: registry.juwan.xhttp.zip/juwan/frontend:latest
ports:
- name: http
containerPort: 3000
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: frontend-svc
namespace: juwan
spec:
ports:
- name: http
port: 3000
targetPort: 3000
selector:
app: frontend
deploy/k01/02-service/game.yaml
+134
View File
@@ -0,0 +1,134 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: game-rpc
namespace: juwan
labels:
app: game-rpc
spec:
replicas: 1
selector:
matchLabels:
app: game-rpc
template:
metadata:
labels:
app: game-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: game-rpc
image: registry.juwan.xhttp.zip/juwan/game-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: game-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: game-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: game-db-app
key: dbname
- name: DB_HOST
value: game-db-rw.juwan
- name: DB_HOST_RO
value: game-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: game-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: game-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: game-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: game-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: game-api
namespace: juwan
labels:
app: game-api
spec:
replicas: 1
selector:
matchLabels:
app: game-api
template:
metadata:
labels:
app: game-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: game-api
image: registry.juwan.xhttp.zip/juwan/game-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: GAME_RPC_TARGET
value: "game-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: game-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: game-api
deploy/k01/02-service/notification.yaml
+134
View File
@@ -0,0 +1,134 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: notification-rpc
namespace: juwan
labels:
app: notification-rpc
spec:
replicas: 1
selector:
matchLabels:
app: notification-rpc
template:
metadata:
labels:
app: notification-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: notification-rpc
image: registry.juwan.xhttp.zip/juwan/notification-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: notification-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: notification-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: notification-db-app
key: dbname
- name: DB_HOST
value: notification-db-rw.juwan
- name: DB_HOST_RO
value: notification-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: notification-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: notification-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: notification-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: notification-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: notification-api
namespace: juwan
labels:
app: notification-api
spec:
replicas: 1
selector:
matchLabels:
app: notification-api
template:
metadata:
labels:
app: notification-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: notification-api
image: registry.juwan.xhttp.zip/juwan/notification-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: NOTIFICATION_RPC_TARGET
value: "notification-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: notification-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: notification-api
deploy/k01/02-service/objectstory.yaml
+127
View File
@@ -0,0 +1,127 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: objectstory-rpc
namespace: juwan
labels:
app: objectstory-rpc
spec:
replicas: 1
selector:
matchLabels:
app: objectstory-rpc
template:
metadata:
labels:
app: objectstory-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: objectstory-rpc
image: registry.juwan.xhttp.zip/juwan/objectstory-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: S3_ENDPOINT
valueFrom:
secretKeyRef:
name: objectstory-s3
key: endpoint
- name: S3_ACCESS_KEY
valueFrom:
secretKeyRef:
name: objectstory-s3
key: access-key
- name: S3_SECRET_KEY
valueFrom:
secretKeyRef:
name: objectstory-s3
key: secret-key
- name: S3_BUCKET_NAME
valueFrom:
secretKeyRef:
name: objectstory-s3
key: bucket
- name: S3_REGION
valueFrom:
secretKeyRef:
name: objectstory-s3
key: region
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: objectstory-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: objectstory-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: objectstory-api
namespace: juwan
labels:
app: objectstory-api
spec:
replicas: 1
selector:
matchLabels:
app: objectstory-api
template:
metadata:
labels:
app: objectstory-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: objectstory-api
image: registry.juwan.xhttp.zip/juwan/objectstory-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: OBJECTSTORY_RPC_TARGET
value: "objectstory-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: objectstory-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: objectstory-api
deploy/k01/02-service/order.yaml
+138
View File
@@ -0,0 +1,138 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: order-rpc
namespace: juwan
labels:
app: order-rpc
spec:
replicas: 1
selector:
matchLabels:
app: order-rpc
template:
metadata:
labels:
app: order-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: order-rpc
image: registry.juwan.xhttp.zip/juwan/order-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: order-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: order-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: order-db-app
key: dbname
- name: DB_HOST
value: order-db-rw.juwan
- name: DB_HOST_RO
value: order-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: order-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: order-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: order-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: order-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: order-api
namespace: juwan
labels:
app: order-api
spec:
replicas: 1
selector:
matchLabels:
app: order-api
template:
metadata:
labels:
app: order-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: order-api
image: registry.juwan.xhttp.zip/juwan/order-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: ORDER_RPC_TARGET
value: "order-rpc-svc.juwan:8080"
- name: PLAYER_RPC_TARGET
value: "player-rpc-svc.juwan:8080"
- name: SHOP_RPC_TARGET
value: "shop-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: order-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: order-api
deploy/k01/02-service/player.yaml
+136
View File
@@ -0,0 +1,136 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: player-rpc
namespace: juwan
labels:
app: player-rpc
spec:
replicas: 1
selector:
matchLabels:
app: player-rpc
template:
metadata:
labels:
app: player-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: player-rpc
image: registry.juwan.xhttp.zip/juwan/player-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: player-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: player-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: player-db-app
key: dbname
- name: DB_HOST
value: player-db-rw.juwan
- name: DB_HOST_RO
value: player-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: player-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: player-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: player-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: player-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: player-api
namespace: juwan
labels:
app: player-api
spec:
replicas: 1
selector:
matchLabels:
app: player-api
template:
metadata:
labels:
app: player-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: player-api
image: registry.juwan.xhttp.zip/juwan/player-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: PLAYER_RPC_TARGET
value: "player-rpc-svc.juwan:8080"
- name: USER_RPC_TARGET
value: "user-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: player-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: player-api
deploy/k01/02-service/review.yaml
+138
View File
@@ -0,0 +1,138 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: review-rpc
namespace: juwan
labels:
app: review-rpc
spec:
replicas: 1
selector:
matchLabels:
app: review-rpc
template:
metadata:
labels:
app: review-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: review-rpc
image: registry.juwan.xhttp.zip/juwan/review-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: review-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: review-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: review-db-app
key: dbname
- name: DB_HOST
value: review-db-rw.juwan
- name: DB_HOST_RO
value: review-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: review-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: review-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: review-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: review-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: review-api
namespace: juwan
labels:
app: review-api
spec:
replicas: 1
selector:
matchLabels:
app: review-api
template:
metadata:
labels:
app: review-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: review-api
image: registry.juwan.xhttp.zip/juwan/review-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: ORDER_RPC_TARGET
value: "order-rpc-svc.juwan:8080"
- name: PLAYER_RPC_TARGET
value: "player-rpc-svc.juwan:8080"
- name: REVIEW_RPC_TARGET
value: "review-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: review-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: review-api
deploy/k01/02-service/search.yaml
+134
View File
@@ -0,0 +1,134 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: search-rpc
namespace: juwan
labels:
app: search-rpc
spec:
replicas: 1
selector:
matchLabels:
app: search-rpc
template:
metadata:
labels:
app: search-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: search-rpc
image: registry.juwan.xhttp.zip/juwan/search-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: search-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: search-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: search-db-app
key: dbname
- name: DB_HOST
value: search-db-rw.juwan
- name: DB_HOST_RO
value: search-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: search-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: search-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: search-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: search-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: search-api
namespace: juwan
labels:
app: search-api
spec:
replicas: 1
selector:
matchLabels:
app: search-api
template:
metadata:
labels:
app: search-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: search-api
image: registry.juwan.xhttp.zip/juwan/search-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: SEARCH_RPC_TARGET
value: "search-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: search-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: search-api
deploy/k01/02-service/shop.yaml
+138
View File
@@ -0,0 +1,138 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: shop-rpc
namespace: juwan
labels:
app: shop-rpc
spec:
replicas: 1
selector:
matchLabels:
app: shop-rpc
template:
metadata:
labels:
app: shop-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: shop-rpc
image: registry.juwan.xhttp.zip/juwan/shop-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: shop-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: shop-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: shop-db-app
key: dbname
- name: DB_HOST
value: shop-db-rw.juwan
- name: DB_HOST_RO
value: shop-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: shop-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: shop-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
- name: USER_RPC_TARGET
value: "user-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: shop-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: shop-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: shop-api
namespace: juwan
labels:
app: shop-api
spec:
replicas: 1
selector:
matchLabels:
app: shop-api
template:
metadata:
labels:
app: shop-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: shop-api
image: registry.juwan.xhttp.zip/juwan/shop-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: PLAYER_RPC_TARGET
value: "player-rpc-svc.juwan:8080"
- name: SHOP_RPC_TARGET
value: "shop-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: shop-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: shop-api
deploy/k01/02-service/snowflake.yaml
+43
View File
@@ -0,0 +1,43 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: snowflake
namespace: juwan
labels:
app: snowflake
spec:
replicas: 1
selector:
matchLabels:
app: snowflake
template:
metadata:
labels:
app: snowflake
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: snowflake
image: registry.juwan.xhttp.zip/juwan/snowflake-rpc:latest
ports:
- name: grpc
containerPort: 8080
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: snowflake-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
selector:
app: snowflake
deploy/k01/02-service/user-verifications.yaml
+83
View File
@@ -0,0 +1,83 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-verifications-rpc
namespace: juwan
labels:
app: user-verifications-rpc
spec:
replicas: 1
selector:
matchLabels:
app: user-verifications-rpc
template:
metadata:
labels:
app: user-verifications-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: user-verifications-rpc
image: registry.juwan.xhttp.zip/juwan/user_verifications-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: user-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: user-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: user-db-app
key: dbname
- name: DB_HOST
value: user-db-rw.juwan
- name: DB_HOST_RO
value: user-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: user-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: user-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
- name: USER_RPC_TARGET
value: "user-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: user-verifications-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: user-verifications-rpc
deploy/k01/02-service/user.yaml
+156
View File
@@ -0,0 +1,156 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-rpc
namespace: juwan
labels:
app: user-rpc
spec:
replicas: 1
selector:
matchLabels:
app: user-rpc
template:
metadata:
labels:
app: user-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: user-rpc
image: registry.juwan.xhttp.zip/juwan/users-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: user-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: user-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: user-db-app
key: dbname
- name: DB_HOST
value: user-db-rw.juwan
- name: DB_HOST_RO
value: user-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: user-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: user-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
- name: ADMIN_USERNAME
valueFrom:
secretKeyRef:
name: admin-bootstrap
key: username
- name: ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: admin-bootstrap
key: password
- name: ADMIN_EMAIL
valueFrom:
secretKeyRef:
name: admin-bootstrap
key: email
- name: JWT_SECRET_KEY
valueFrom:
secretKeyRef:
name: jwt-secret
key: secret-key
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: user-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: user-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-api
namespace: juwan
labels:
app: user-api
spec:
replicas: 1
selector:
matchLabels:
app: user-api
template:
metadata:
labels:
app: user-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: user-api
image: registry.juwan.xhttp.zip/juwan/users-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: USER_RPC_TARGET
value: "user-rpc-svc.juwan:8080"
- name: USER_VERIFICATIONS_RPC_TARGET
value: "user-verifications-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: user-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: user-api
deploy/k01/02-service/wallet.yaml
+134
View File
@@ -0,0 +1,134 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: wallet-rpc
namespace: juwan
labels:
app: wallet-rpc
spec:
replicas: 1
selector:
matchLabels:
app: wallet-rpc
template:
metadata:
labels:
app: wallet-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: wallet-rpc
image: registry.juwan.xhttp.zip/juwan/wallet-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: wallet-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: wallet-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: wallet-db-app
key: dbname
- name: DB_HOST
value: wallet-db-rw.juwan
- name: DB_HOST_RO
value: wallet-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: wallet-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: wallet-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: wallet-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: wallet-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wallet-api
namespace: juwan
labels:
app: wallet-api
spec:
replicas: 1
selector:
matchLabels:
app: wallet-api
template:
metadata:
labels:
app: wallet-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: wallet-api
image: registry.juwan.xhttp.zip/juwan/wallet-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: WALLET_RPC_TARGET
value: "wallet-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: wallet-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: wallet-api
deploy/k01/README.md
+118
View File
@@ -0,0 +1,118 @@
# k01 业务集群部署
承载 juwan-backend 全部业务的 k3s 单节点集群(演示阶段),后续可扩 k02 / k03。
## 架构层次
| 层 | 组件 |
|---|---|
| 控制面 | k3s server(已禁用内置 traefik |
| Operator | CloudNativePG / Strimzi Kafka / Ot-Container-Kit Redis / MongoDB Community |
| 数据 | 11 CNPG Cluster / 12 RedisReplication / Strimzi KRaft Kafka 1 broker / MongoDBCommunity 单实例 |
| 网络 | envoy-gatewayNodePort 30080/ ratelimit + rl-redis |
| 业务 | snowflake、authz-adapter、12 rpc、14 api、email-mq、frontend |
## 入口路径
```
juwan.xhttp.zip
├─ /wt/* → center Caddy → k01 chat-api UDP 8443hostPort
└─ 其他 → center Caddy → k01 envoy-gateway TCP 30080
```
## 前置条件
- Ubuntu 26.04 LTSroot
- center 已部署,registry.juwan.xhttp.zip 可推可拉
- DNS`juwan.xhttp.zip` A 记录指向 k01140.82.15.92
- 仓库已复制到 `/root/juwan-backend`
## 首次部署
```bash
cd /root/juwan-backend/deploy/k01
# 1. zot admin 密码写到文件供 install-k3s 读取
echo "<zot-admin-password>" > /root/registry-password
chmod 600 /root/registry-password
# 2. 装 k3s + 4 个 Operator
bash install-k3s.sh
# 3. 准备 .env,填入 zot 凭据 / brevo SMTP / garage S3 凭据等
cp .env.example .env
nano .env
# 4. 应用 namespace + RBAC,生成所有 k8s Secret
kubectl apply -f 00-base/
bash secrets.sh
# 5. 应用基础设施
kubectl apply -f 01-infra/postgres.yaml
kubectl apply -f 01-infra/redis.yaml
kubectl apply -f 01-infra/mongo.yaml
kubectl apply -f 01-infra/kafka.yaml
kubectl apply -f 01-infra/ratelimit.yaml
kubectl apply -f 01-infra/envoy.yaml
# 等所有 CNPG Cluster Ready,灌入 schema + fixture
bash 01-infra/load-schema.sh
# 6. 应用业务服务
kubectl apply -f 02-service/
# 7. 观察 pod
kubectl -n juwan get pods -w
```
## 凭据管理
`secrets.sh` 生成的全部明文密码写入 `secrets/` 目录,`chmod 600``.gitignore` 已排除。
| Secret | 用途 |
|---|---|
| `registry-creds` | imagePullSecretzot |
| `jwt-secret` | user-rpc 签发 / 校验 JWT |
| `admin-bootstrap` | user-rpc 启动时插入 admin 账号 |
| `email-smtp` | email-mq 发邮件 |
| `objectstory-s3` | objectstory-rpc 接 garage |
| `chat-wt-tls` | chat-api WT 自签证书(来自 `deploy/dev/certs` |
| `<domain>-redis` | 12 个 RedisReplication 的 password |
| `chat-mongodb-app-user-password` | MongoDB SCRAM 密码 |
| `<cluster>-app` | CNPG 自动生成的 PG 凭据 |
## 已知限制
- snowflake 使用 Deployment + WorkerId=0。扩到多副本前需让 snowflake 业务代码支持从 env 读 WorkerId。
- chat-api UDP 8443 走 hostPort,扩 k02/k03 时新 node 需开放 UDP 8443DNS 也要做轮询或 LB。
- email-api 复用 user-redis 实例(验证码 key 与 user-rpc 共享读写),跟 dev 行为一致。
- HPA 暂不部署。加副本前把 `replicas: 1` 改大或加 HPA。
## 加节点(k02 / k03
```bash
# 在 k01 取 token
cat /var/lib/rancher/k3s/server/node-token
# 在 k02 上
curl -sfL https://get.k3s.io | \
K3S_URL=https://140.82.15.92:6443 K3S_TOKEN=<token> \
sh -
# 复制 registries.yaml
scp root@140.82.15.92:/etc/rancher/k3s/registries.yaml \
/etc/rancher/k3s/registries.yaml
systemctl restart k3s-agent
```
## 与 center 协同
| 事项 | 哪一边 |
|---|---|
| `juwan.xhttp.zip` LE 证书 | center Caddy 自动签 |
| WebTransport 终结 | center CaddyPR 7669 fork |
| WebTransport 上游 | k01 chat-api UDP 8443hostPort |
| envoy-gateway 上游 | k01 NodePort 30080 |
| 镜像拉取 | k01 containerd → registry.juwan.xhttp.zip |
| S3 后端 | k01 objectstory-rpc → s3.juwan.xhttp.zip → center Garage |
| CD 触发 | gitea Actions runner(在 center → kubectl 远程操作 k01 |
deploy/k01/install-k3s.sh
Executable
+78
View File
@@ -0,0 +1,78 @@
#!/usr/bin/env bash
set -euo pipefail
REGISTRY_HOST="registry.juwan.xhttp.zip"
CNPG_VERSION="1.29.0"
STRIMZI_VERSION="1.0.0"
REDIS_OP_VERSION="0.24.0"
MONGODB_OP_VERSION="1.8.0"
if ! command -v kubectl >/dev/null 2>&1; then
curl -sfL https://get.k3s.io | \
INSTALL_K3S_EXEC="--disable=traefik --write-kubeconfig-mode=644" \
sh -
fi
if ! command -v helm >/dev/null 2>&1; then
curl -fsSL https://packages.buildkite.com/helm-linux/helm-debian/gpgkey | \
gpg --dearmor -o /usr/share/keyrings/helm.gpg
echo "deb [signed-by=/usr/share/keyrings/helm.gpg] https://packages.buildkite.com/helm-linux/helm-debian/any/ any main" \
> /etc/apt/sources.list.d/helm-stable-debian.list
apt-get update
apt-get install -y helm
fi
if [ ! -f /root/registry-password ]; then
echo "need /root/registry-password (zot admin password)" >&2
exit 1
fi
mkdir -p /etc/rancher/k3s
cat > /etc/rancher/k3s/registries.yaml <<EOF
mirrors:
${REGISTRY_HOST}:
endpoint:
- "https://${REGISTRY_HOST}"
configs:
${REGISTRY_HOST}:
auth:
username: admin
password: $(cat /root/registry-password)
EOF
systemctl restart k3s
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
until kubectl get nodes >/dev/null 2>&1; do sleep 2; done
K01_DIR="$(cd "$(dirname "$0")" && pwd)"
kubectl apply -f "${K01_DIR}/00-base/"
kubectl apply -f \
"https://github.com/cloudnative-pg/cloudnative-pg/releases/download/v${CNPG_VERSION}/cnpg-${CNPG_VERSION}.yaml"
kubectl create namespace kafka 2>/dev/null || true
kubectl apply -n kafka \
-f "https://github.com/strimzi/strimzi-kafka-operator/releases/download/${STRIMZI_VERSION}/strimzi-cluster-operator-${STRIMZI_VERSION}.yaml"
helm repo add ot-helm https://ot-container-kit.github.io/helm-charts/ 2>/dev/null || true
helm repo add mongodb https://mongodb.github.io/helm-charts 2>/dev/null || true
helm repo update
helm upgrade --install redis-operator ot-helm/redis-operator \
--version "${REDIS_OP_VERSION}" \
--namespace redis-operator --create-namespace
helm upgrade --install mongodb-kubernetes mongodb/mongodb-kubernetes \
--version "${MONGODB_OP_VERSION}" \
--namespace mongodb-operator --create-namespace \
--set operator.watchNamespace=juwan
kubectl -n cnpg-system rollout status deploy/cnpg-controller-manager --timeout=300s
kubectl -n kafka rollout status deploy/strimzi-cluster-operator --timeout=300s
kubectl -n redis-operator rollout status deploy/redis-operator --timeout=300s
kubectl -n mongodb-operator rollout status deploy/mongodb-kubernetes-operator --timeout=300s
echo
echo "k3s + 4 operators ready"
deploy/k01/secrets.sh
Executable
+89
View File
@@ -0,0 +1,89 @@
#!/usr/bin/env bash
set -euo pipefail
K01_DIR="$(cd "$(dirname "$0")" && pwd)"
cd "$K01_DIR"
if [ ! -f .env ]; then
echo ".env not found, copy from .env.example and fill in" >&2
exit 1
fi
set -a
. ./.env
set +a
mkdir -p secrets
chmod 700 secrets
write_secret() {
local name="$1" value="$2"
printf '%s\n' "$value" > "secrets/$name"
chmod 600 "secrets/$name"
}
JWT_SECRET_KEY="${JWT_SECRET_KEY:-$(openssl rand -hex 32)}"
ADMIN_PASSWORD="${ADMIN_PASSWORD:-$(openssl rand -hex 16)}"
write_secret jwt-secret "$JWT_SECRET_KEY"
write_secret admin-password "$ADMIN_PASSWORD"
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
kubectl -n juwan create secret docker-registry registry-creds \
--docker-server="${REGISTRY_HOST}" \
--docker-username="${REGISTRY_USERNAME}" \
--docker-password="${REGISTRY_PASSWORD}" \
--dry-run=client -o yaml | kubectl apply -f -
kubectl -n juwan create secret generic jwt-secret \
--from-literal=secret-key="$JWT_SECRET_KEY" \
--dry-run=client -o yaml | kubectl apply -f -
kubectl -n juwan create secret generic admin-bootstrap \
--from-literal=username="${ADMIN_USERNAME}" \
--from-literal=password="$ADMIN_PASSWORD" \
--from-literal=email="${ADMIN_EMAIL}" \
--dry-run=client -o yaml | kubectl apply -f -
kubectl -n juwan create secret generic email-smtp \
--from-literal=host="${EMAIL_SMTP_HOST}" \
--from-literal=port="${EMAIL_SMTP_PORT}" \
--from-literal=username="${EMAIL_SMTP_USERNAME}" \
--from-literal=password="${EMAIL_SMTP_PASSWORD}" \
--from-literal=from-address="${EMAIL_FROM_ADDRESS}" \
--from-literal=from-name="${EMAIL_FROM_NAME}" \
--from-literal=reply-to="${EMAIL_REPLY_TO:-}" \
--dry-run=client -o yaml | kubectl apply -f -
kubectl -n juwan create secret generic objectstory-s3 \
--from-literal=endpoint="${S3_ENDPOINT}" \
--from-literal=access-key="${S3_ACCESS_KEY}" \
--from-literal=secret-key="${S3_SECRET_KEY}" \
--from-literal=bucket="${S3_BUCKET_NAME}" \
--from-literal=region="${S3_REGION}" \
--dry-run=client -o yaml | kubectl apply -f -
DEV_CERTS="$(cd "$K01_DIR/../dev/certs" && pwd)"
kubectl -n juwan create secret tls chat-wt-tls \
--cert="${DEV_CERTS}/tls.crt" \
--key="${DEV_CERTS}/tls.key" \
--dry-run=client -o yaml | kubectl apply -f -
DOMAINS=(user player game shop order wallet community review dispute notification search chat)
for d in "${DOMAINS[@]}"; do
pwd_val="$(openssl rand -hex 16)"
write_secret "redis-${d}-password" "$pwd_val"
kubectl -n juwan create secret generic "${d}-redis" \
--from-literal=password="$pwd_val" \
--dry-run=client -o yaml | kubectl apply -f -
done
MONGO_PASSWORD="${MONGO_PASSWORD:-$(openssl rand -hex 16)}"
write_secret mongo-password "$MONGO_PASSWORD"
kubectl -n juwan create secret generic chat-mongodb-app-user-password \
--from-literal=password="$MONGO_PASSWORD" \
--dry-run=client -o yaml | kubectl apply -f -
echo
echo "secrets/ written, k8s Secrets applied to namespace juwan"
echo "admin password: $ADMIN_PASSWORD"