juwan/juwan-backend
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

add: user auth accomplished

Browse Source
This commit is contained in:
wwweww
2026-02-26 02:17:07 +08:00
parent 300058ad01
commit 60b6f40f9f
54 changed files with 1601 additions and 2303 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy/k8s/base/snowflake-workid.yaml
-33
View File
@@ -1,33 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: snowflake-sve
namespace: juwan
spec:
ClusterIP: None
selector:
app: snowflake
ports:
- port: 9000
targetPort: 9000
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: snowflake
namespace: juwan
spec:
serviceName: snowflake-svc
replicas: 3
selector:
matchLabels:
app: snowflake
template:
metadata:
labels:
app: snowflake
spec:
containers:
- name: snowflake
image:
deploy/k8s/envoy-gateway.yaml
-262
View File
@@ -1,262 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: juwan
---
apiVersion: v1
kind: ConfigMap
metadata:
name: envoy-config
namespace: juwan
data:
envoy.yaml: |
static_resources:
listeners:
- name: listener_http
address:
socket_address:
address: 0.0.0.0
port_value: 8080
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
access_log:
- name: envoy.access_loggers.stdout
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
http_filters:
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
route_config:
name: local_route
virtual_hosts:
- name: backend
domains: ["*"]
routes:
- match:
prefix: /api/v1/users
route:
cluster: user_api_cluster
timeout: 30s
- match:
prefix: /api/v1/orders
route:
cluster: order_api_cluster
timeout: 30s
- match:
prefix: /health
route:
cluster: user_api_cluster
timeout: 10s
- match:
prefix: /
route:
cluster: user_api_cluster
timeout: 30s
clusters:
- name: user_api_cluster
connect_timeout: 5s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: user_api_cluster
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: user-api-svc.juwan.svc.cluster.local
port_value: 8888
health_checks:
- timeout: 3s
interval: 10s
unhealthy_threshold: 2
healthy_threshold: 2
http_health_check:
path: /health
- name: order_api_cluster
connect_timeout: 5s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: order_api_cluster
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: order-api-svc.juwan.svc.cluster.local
port_value: 8889
health_checks:
- timeout: 3s
interval: 10s
unhealthy_threshold: 2
healthy_threshold: 2
http_health_check:
path: /health
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address:
address: 0.0.0.0
port_value: 9901
---
apiVersion: v1
kind: Service
metadata:
name: envoy-gateway
namespace: juwan
spec:
type: LoadBalancer
ports:
- name: http
port: 80
targetPort: 8080
protocol: TCP
- name: admin
port: 9901
targetPort: 9901
protocol: TCP
selector:
app: envoy-gateway
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: envoy-gateway
namespace: juwan
labels:
app: envoy-gateway
spec:
replicas: 2
selector:
matchLabels:
app: envoy-gateway
template:
metadata:
labels:
app: envoy-gateway
spec:
serviceAccountName: envoy-gateway
containers:
- name: envoy
image: envoyproxy/envoy:v1.27-latest
ports:
- name: http
containerPort: 8080
- name: admin
containerPort: 9901
volumeMounts:
- name: envoy-config
mountPath: /etc/envoy
readinessProbe:
httpGet:
path: /stats
port: 9901
initialDelaySeconds: 10
periodSeconds: 5
livenessProbe:
httpGet:
path: /stats
port: 9901
initialDelaySeconds: 10
periodSeconds: 10
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
volumes:
- name: envoy-config
configMap:
name: envoy-config
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: envoy-gateway
namespace: juwan
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: envoy-gateway
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch"]
- apiGroups: ["discovery.k8s.io"]
resources: ["endpointslices"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: envoy-gateway
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: envoy-gateway
subjects:
- kind: ServiceAccount
name: envoy-gateway
namespace: juwan
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: envoy-gateway-network-policy
namespace: juwan
spec:
podSelector:
matchLabels:
app: envoy-gateway
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector: {}
ports:
- protocol: TCP
port: 8080
egress:
- to:
- namespaceSelector: {}
ports:
- protocol: UDP
port: 53
- to:
- podSelector:
matchLabels:
app: user-api
- podSelector:
matchLabels:
app: order-api
ports:
- protocol: TCP
port: 8888
- protocol: TCP
port: 8889
deploy/k8s/envoy/envoy.yaml
+294
View File
@@ -0,0 +1,294 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: envoy-config
namespace: juwan
data:
envoy.yaml: |
static_resources:
listeners:
- name: ingress_http
address:
socket_address:
address: 0.0.0.0
port_value: 8080
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
codec_type: AUTO
generate_request_id: true
use_remote_address: true
route_config:
name: local_route
virtual_hosts:
- name: juwan_services
domains: ["*"]
routes:
- match:
path: /healthz
direct_response:
status: 200
body:
inline_string: ok
- match:
prefix: /api/email
route:
cluster: email_api_cluster
timeout: 30s
- match:
prefix: /api/users
route:
cluster: user_api_cluster
timeout: 30s
- match:
prefix: /
direct_response:
status: 404
body:
inline_string: "gateway route not found"
http_filters:
- name: envoy.filters.http.lua
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua
inline_code: |
local TOKEN_COOKIE = "csrf_token"
local GUARD_COOKIE = "csrf_guard"
local TOKEN_HEADER = "x-csrf-token"
local GUARD_HEADER = "x-csrf-guard"
local seeded = false
local function seed_random()
if seeded then
return
end
seeded = true
math.randomseed(os.time())
end
local function split_cookie(header)
local out = {}
if not header then
return out
end
for pair in string.gmatch(header, "([^;]+)") do
local key, value = string.match(pair, "^%s*([^=]+)=?(.*)$")
if key ~= nil and value ~= nil then
out[string.lower(key)] = value
end
end
return out
end
local function is_safe_method(method)
return method == "GET" or method == "HEAD" or method == "OPTIONS"
end
local function build_token(request_id)
seed_random()
local rnd = tostring(math.random(100000, 999999))
local rid = request_id or "rid"
return tostring(os.time()) .. "-" .. rid .. "-" .. rnd
end
function envoy_on_request(request_handle)
local headers = request_handle:headers()
local method = headers:get(":method")
local cookie_header = headers:get("cookie")
local cookies = split_cookie(cookie_header)
local csrf_token_cookie = cookies[TOKEN_COOKIE]
local csrf_guard_cookie = cookies[GUARD_COOKIE]
request_handle:streamInfo():dynamicMetadata():set("csrf", "need_set_token_cookie", csrf_token_cookie == nil or csrf_token_cookie == "")
request_handle:streamInfo():dynamicMetadata():set("csrf", "need_set_guard_cookie", csrf_guard_cookie == nil or csrf_guard_cookie == "")
if csrf_token_cookie == nil or csrf_token_cookie == "" then
csrf_token_cookie = build_token(headers:get("x-request-id"))
request_handle:streamInfo():dynamicMetadata():set("csrf", "token_value", csrf_token_cookie)
else
request_handle:streamInfo():dynamicMetadata():set("csrf", "token_value", csrf_token_cookie)
end
if csrf_guard_cookie == nil or csrf_guard_cookie == "" then
csrf_guard_cookie = build_token(headers:get("x-request-id"))
request_handle:streamInfo():dynamicMetadata():set("csrf", "guard_value", csrf_guard_cookie)
else
request_handle:streamInfo():dynamicMetadata():set("csrf", "guard_value", csrf_guard_cookie)
end
if is_safe_method(method) then
return
end
local csrf_token_header = headers:get(TOKEN_HEADER)
local csrf_guard_header = headers:get(GUARD_HEADER)
if csrf_token_header == nil or csrf_guard_header == nil then
request_handle:respond(
{[":status"] = "403", ["content-type"] = "application/json"},
'{"code":403,"message":"missing csrf headers"}'
)
return
end
if csrf_token_cookie == nil or csrf_guard_cookie == nil then
request_handle:respond(
{[":status"] = "403", ["content-type"] = "application/json"},
'{"code":403,"message":"missing csrf cookies"}'
)
return
end
if csrf_token_header ~= csrf_token_cookie or csrf_guard_header ~= csrf_guard_cookie then
request_handle:respond(
{[":status"] = "403", ["content-type"] = "application/json"},
'{"code":403,"message":"csrf token mismatch"}'
)
return
end
end
function envoy_on_response(response_handle)
local metadata = response_handle:streamInfo():dynamicMetadata():get("csrf")
if metadata == nil then
return
end
local token_value = metadata["token_value"]
local guard_value = metadata["guard_value"]
if metadata["need_set_token_cookie"] == true and token_value ~= nil and token_value ~= "" then
response_handle:headers():add(
"set-cookie",
TOKEN_COOKIE .. "=" .. token_value .. "; Path=/; SameSite=Strict"
)
end
if metadata["need_set_guard_cookie"] == true and guard_value ~= nil and guard_value ~= "" then
response_handle:headers():add(
"set-cookie",
GUARD_COOKIE .. "=" .. guard_value .. "; Path=/; SameSite=Strict"
)
end
end
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
clusters:
- name: user_api_cluster
connect_timeout: 2s
type: STRICT_DNS
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: user_api_cluster
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: user-api-svc.juwan.svc.cluster.local
port_value: 8888
- name: email_api_cluster
connect_timeout: 2s
type: STRICT_DNS
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: email_api_cluster
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: email-api-svc.juwan.svc.cluster.local
port_value: 8888
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address:
address: 0.0.0.0
port_value: 9901
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: envoy-gateway
namespace: juwan
labels:
app: envoy-gateway
spec:
replicas: 2
revisionHistoryLimit: 5
selector:
matchLabels:
app: envoy-gateway
template:
metadata:
labels:
app: envoy-gateway
spec:
containers:
- name: envoy
image: envoyproxy/envoy:v1.31-latest
imagePullPolicy: IfNotPresent
command: ["/usr/local/bin/envoy"]
args:
- "-c"
- "/etc/envoy/envoy.yaml"
- "--log-level"
- "info"
ports:
- containerPort: 8080
name: http
- containerPort: 9901
name: admin
livenessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 10
periodSeconds: 15
readinessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
volumeMounts:
- name: envoy-config
mountPath: /etc/envoy
volumes:
- name: envoy-config
configMap:
name: envoy-config
---
apiVersion: v1
kind: Service
metadata:
name: envoy-gateway
namespace: juwan
spec:
selector:
app: envoy-gateway
ports:
- name: http
port: 80
targetPort: 8080
- name: admin
port: 9901
targetPort: 9901
type: ClusterIP
deploy/k8s/service/email/email-api.yaml
+12 -3
View File
@@ -19,12 +19,13 @@ spec:
serviceAccountName: find-endpoints
containers:
- name: email-api
image: email
image: 103.236.53.208:4418/library/email-api@sha256:fe5c66f5bcb1a39652620df42351de3e48227920a34be3110a45eb13db327020
ports:
- containerPort: 8888
- containerPort: 4001
env:
- name: KAFKA_BROKER
value: "my-cluster-kafka-bootstrap.kafka.svc.cluster.local:9092"
value: "my-cluster-kafka-bootstrap.kafka:9092"
- name: REDIS_M_HOST
value: "user-redis-master.juwan:6379"
- name: REDIS_S_HOST
@@ -65,10 +66,18 @@ kind: Service
metadata:
name: email-api-svc
namespace: juwan
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "4001"
prometheus.io/path: "/metrics"
spec:
ports:
- port: 8888
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: email-api
deploy/k8s/service/email/email-mq.yaml
+12 -3
View File
@@ -24,7 +24,9 @@ spec:
serviceAccountName: find-endpoints
containers:
- name: email-consumer
image: 103.236.53.208:4418/library/email-consumer@sha256:6fe8a3a57310a5e79feecc4bf38ac2c5b8c58a7f200f104f7bf4707b9db5fc13
image: 103.236.53.208:4418/library/email-mq@sha256:a9f76e8f4a17d1c00cefc429962037550e17feebb5cf38b28d360c91c8ba3e68
ports:
- containerPort: 4001
resources:
requests:
cpu: 100m
@@ -46,10 +48,17 @@ kind: Service
metadata:
name: email-consumer-svc
namespace: juwan
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "4001"
prometheus.io/path: "/metrics"
spec:
ports:
- port: 8080
targetPort: 8080
# - port: 8080
# targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: email-consumer
deploy/k8s/service/snowflake/snowflake.yaml
+3 -3
View File
@@ -1,5 +1,5 @@
apiVersion: apps/v1
kind: Deployment
kind: StatefulSet
metadata:
name: snowflake
namespace: juwan
@@ -71,7 +71,7 @@ metadata:
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
kind: StatefulSet
name: snowflake
minReplicas: 3
maxReplicas: 10
@@ -94,7 +94,7 @@ metadata:
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
kind: StatefulSet
name: snowflake
minReplicas: 3
maxReplicas: 10
deploy/k8s/service/user/user-api.yaml
+49 -49
View File
@@ -6,7 +6,7 @@ metadata:
labels:
app: user-api
spec:
replicas: 3
replicas: 1
revisionHistoryLimit: 5
selector:
matchLabels:
@@ -19,7 +19,7 @@ spec:
serviceAccountName: find-endpoints
containers:
- name: user-api
image: user-api:v1
image: 103.236.53.208:4418/library/user-api@sha256:a152f5fd13fc865ae3d9aeaa54eacad6bcaa0cb4f0ccb770fbb746be95360991
ports:
- containerPort: 8888
readinessProbe:
@@ -61,50 +61,50 @@ spec:
selector:
app: user-api
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: user-api-hpa-c
namespace: juwan
labels:
app: user-api-hpa-c
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: user-api
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 80
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: user-api-hpa-m
namespace: juwan
labels:
app: user-api-hpa-m
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: user-api
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
#---
#
#apiVersion: autoscaling/v2
#kind: HorizontalPodAutoscaler
#metadata:
# name: user-api-hpa-c
# namespace: juwan
# labels:
# app: user-api-hpa-c
#spec:
# scaleTargetRef:
# apiVersion: apps/v1
# kind: Deployment
# name: user-api
# minReplicas: 3
# maxReplicas: 10
# metrics:
# - type: Resource
# resource:
# name: cpu
# target:
# type: Utilization
# averageUtilization: 80
#
#---
#
#apiVersion: autoscaling/v2
#kind: HorizontalPodAutoscaler
#metadata:
# name: user-api-hpa-m
# namespace: juwan
# labels:
# app: user-api-hpa-m
#spec:
# scaleTargetRef:
# apiVersion: apps/v1
# kind: Deployment
# name: user-api
# minReplicas: 3
# maxReplicas: 10
# metrics:
# - type: Resource
# resource:
# name: memory
# target:
# type: Utilization
# averageUtilization: 80
deploy/k8s/service/user/user-rpc.yaml
+150 -142
View File
@@ -6,7 +6,7 @@ metadata:
labels:
app: user-rpc
spec:
replicas: 3
replicas: 1
revisionHistoryLimit: 5
selector:
matchLabels:
@@ -29,7 +29,7 @@ spec:
]
containers:
- name: user-rpc
image: 103.236.53.208:4418/library/user-rpc@sha256:57746256905acb5757153aef536ebfd19338b7f935f01ba1f538fbfd0a12f6f5
image: 103.236.53.208:4418/library/user-rpc@sha256:3d1d3cc02188a9b1a29a308a4867638b25b6e480e5a6bdaeb938f262f53969b7
ports:
- containerPort: 9001
- containerPort: 4001
@@ -114,143 +114,151 @@ spec:
selector:
app: user-rpc
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: user-rpc-hpa-c
namespace: juwan
labels:
app: user-rpc-hpa-c
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: user-rpc
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 80
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: user-rpc-hpa-m
namespace: juwan
labels:
app: user-rpc-hpa-m
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: user-rpc
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
---
# Redis 主从复制
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: user-redis
namespace: juwan
spec:
clusterSize: 3
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.12
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
redisSecret:
name: user-redis
key: password
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:latest
imagePullPolicy: Always
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
# Sentinel 监控
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisSentinel
metadata:
name: user-redis-sentinel
namespace: juwan
spec:
clusterSize: 3
kubernetesConfig:
image: quay.io/opstree/redis-sentinel:v7.0.12
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
redisSentinelConfig:
redisReplicationName: user-redis
masterGroupName: mymaster
redisPort: "6379"
quorum: "2"
downAfterMilliseconds: "5000"
failoverTimeout: "10000"
parallelSyncs: "1"
---
# PostgreSQL 集群
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: user-db
spec:
instances: 3
backup:
barmanObjectStore:
destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/
endpointURL: https://cn-nb1.rains3.com
s3Credentials:
accessKeyId:
name: rc-creds
key: SOucqRaJr4OyfcIu
secretAccessKey:
name: rc-creds
key: tn2Agj9EowMwuPA9y7TdSL0AXKsMEz
wal:
compression: gzip
storage:
size: 1Gi
monitoring:
enablePodMonitor: true
#---
#apiVersion: autoscaling/v2
#kind: HorizontalPodAutoscaler
#metadata:
# name: user-rpc-hpa-c
# namespace: juwan
# labels:
# app: user-rpc-hpa-c
#spec:
# scaleTargetRef:
# apiVersion: apps/v1
# kind: Deployment
# name: user-rpc
# minReplicas: 3
# maxReplicas: 10
# metrics:
# - type: Resource
# resource:
# name: cpu
# target:
# type: Utilization
# averageUtilization: 80
#
#---
#apiVersion: autoscaling/v2
#kind: HorizontalPodAutoscaler
#metadata:
# name: user-rpc-hpa-m
# namespace: juwan
# labels:
# app: user-rpc-hpa-m
#spec:
# scaleTargetRef:
# apiVersion: apps/v1
# kind: Deployment
# name: user-rpc
# minReplicas: 3
# maxReplicas: 10
# metrics:
# - type: Resource
# resource:
# name: memory
# target:
# type: Utilization
# averageUtilization: 80
#---
## Redis 主从复制
#apiVersion: redis.redis.opstreelabs.in/v1beta2
#kind: RedisReplication
#metadata:
# name: user-redis
# namespace: juwan
#spec:
# clusterSize: 3
# kubernetesConfig:
# image: quay.io/opstree/redis:v7.0.12
# imagePullPolicy: IfNotPresent
# resources:
# requests:
# cpu: 100m
# memory: 128Mi
# limits:
# cpu: 500m
# memory: 512Mi
# redisSecret:
# name: user-redis
# key: password
#
# redisExporter:
# enabled: true
# image: quay.io/opstree/redis-exporter:latest
# imagePullPolicy: Always
# podSecurityContext:
# runAsUser: 1000
# fsGroup: 1000
# storage:
# volumeClaimTemplate:
# spec:
# accessModes: ["ReadWriteOnce"]
# resources:
# requests:
# storage: 1Gi
#
#---
## Sentinel 监控
#apiVersion: redis.redis.opstreelabs.in/v1beta2
#kind: RedisSentinel
#metadata:
# name: user-redis-sentinel
# namespace: juwan
#spec:
# clusterSize: 3
# kubernetesConfig:
# image: quay.io/opstree/redis-sentinel:v7.0.12
# imagePullPolicy: IfNotPresent
# resources:
# requests:
# cpu: 100m
# memory: 128Mi
# limits:
# cpu: 500m
# memory: 512Mi
# podSecurityContext:
# runAsUser: 1000
# fsGroup: 1000
# redisSentinelConfig:
# redisReplicationName: user-redis
# masterGroupName: mymaster
# redisPort: "6379"
# quorum: "2"
# downAfterMilliseconds: "5000"
# failoverTimeout: "10000"
# parallelSyncs: "1"
#
#---
## PostgreSQL 集群
#apiVersion: postgresql.cnpg.io/v1
#kind: Cluster
#metadata:
# namespace: juwan
# name: user-db
#spec:
# instances: 3
# primaryUpdateStrategy: unsupervised
# bootstrap:
# initdb:
# database: app
# owner: app
# # 只在 PVC 为空时初始化
# postInitSQL:
# - CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
# backup:
# barmanObjectStore:
# destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/
# endpointURL: https://cn-nb1.rains3.com
# s3Credentials:
# accessKeyId:
# name: rc-creds
# key: SOucqRaJr4OyfcIu
# secretAccessKey:
# name: rc-creds
# key: tn2Agj9EowMwuPA9y7TdSL0AXKsMEz
# wal:
# compression: gzip
# storage:
# size: 1Gi
# monitoring:
# enablePodMonitor: true