add: user auth accomplished

deploy/k8s/service/email/email-api.yaml

@@ -19,12 +19,13 @@ spec:
       serviceAccountName: find-endpoints
       containers:
         - name: email-api
-          image: email
+          image: 103.236.53.208:4418/library/email-api@sha256:fe5c66f5bcb1a39652620df42351de3e48227920a34be3110a45eb13db327020
           ports:
             - containerPort: 8888
+            - containerPort: 4001
           env:
             - name: KAFKA_BROKER
-              value: "my-cluster-kafka-bootstrap.kafka.svc.cluster.local:9092"
+              value: "my-cluster-kafka-bootstrap.kafka:9092"
             - name: REDIS_M_HOST
               value: "user-redis-master.juwan:6379"
             - name: REDIS_S_HOST
@@ -65,10 +66,18 @@ kind: Service
 metadata:
   name: email-api-svc
   namespace: juwan
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "4001"
+    prometheus.io/path: "/metrics"
 spec:
   ports:
-    - port: 8888
+    - name: http
+      port: 8888
       targetPort: 8888
+    - name: metrics
+      port: 4001
+      targetPort: 4001
   selector:
     app: email-api
 

deploy/k8s/service/email/email-mq.yaml

@@ -24,7 +24,9 @@ spec:
       serviceAccountName: find-endpoints
       containers:
         - name: email-consumer
-          image: 103.236.53.208:4418/library/email-consumer@sha256:6fe8a3a57310a5e79feecc4bf38ac2c5b8c58a7f200f104f7bf4707b9db5fc13
+          image: 103.236.53.208:4418/library/email-mq@sha256:a9f76e8f4a17d1c00cefc429962037550e17feebb5cf38b28d360c91c8ba3e68
+          ports:
+            - containerPort: 4001
           resources:
             requests:
               cpu: 100m
@@ -46,10 +48,17 @@ kind: Service
 metadata:
   name: email-consumer-svc
   namespace: juwan
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "4001"
+    prometheus.io/path: "/metrics"
 spec:
   ports:
-    - port: 8080
-      targetPort: 8080
+    # - port: 8080
+    #   targetPort: 8080
+    - name: metrics
+      port: 4001
+      targetPort: 4001
   selector:
     app: email-consumer
 

deploy/k8s/service/snowflake/snowflake.yaml

@@ -1,5 +1,5 @@
 apiVersion: apps/v1
-kind: Deployment
+kind: StatefulSet
 metadata:
   name: snowflake
   namespace: juwan
@@ -71,7 +71,7 @@ metadata:
 spec:
   scaleTargetRef:
     apiVersion: apps/v1
-    kind: Deployment
+    kind: StatefulSet
     name: snowflake
   minReplicas: 3
   maxReplicas: 10
@@ -94,7 +94,7 @@ metadata:
 spec:
   scaleTargetRef:
     apiVersion: apps/v1
-    kind: Deployment
+    kind: StatefulSet
     name: snowflake
   minReplicas: 3
   maxReplicas: 10

deploy/k8s/service/user/user-api.yaml

@@ -6,7 +6,7 @@ metadata:
   labels:
     app: user-api
 spec:
-  replicas: 3
+  replicas: 1
   revisionHistoryLimit: 5
   selector:
     matchLabels:
@@ -19,7 +19,7 @@ spec:
       serviceAccountName: find-endpoints
       containers:
       - name: user-api
-        image: user-api:v1
+        image: 103.236.53.208:4418/library/user-api@sha256:a152f5fd13fc865ae3d9aeaa54eacad6bcaa0cb4f0ccb770fbb746be95360991
         ports:
         - containerPort: 8888
         readinessProbe:
@@ -61,50 +61,50 @@ spec:
   selector:
     app: user-api
 
----
-
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: user-api-hpa-c
-  namespace: juwan
-  labels:
-    app: user-api-hpa-c
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: user-api
-  minReplicas: 3
-  maxReplicas: 10
-  metrics:
-  - type: Resource
-    resource:
-      name: cpu
-      target:
-        type: Utilization
-        averageUtilization: 80
-
----
-
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: user-api-hpa-m
-  namespace: juwan
-  labels:
-    app: user-api-hpa-m
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: user-api
-  minReplicas: 3
-  maxReplicas: 10
-  metrics:
-  - type: Resource
-    resource:
-      name: memory
-      target:
-        type: Utilization
-        averageUtilization: 80
+#---
+#
+#apiVersion: autoscaling/v2
+#kind: HorizontalPodAutoscaler
+#metadata:
+#  name: user-api-hpa-c
+#  namespace: juwan
+#  labels:
+#    app: user-api-hpa-c
+#spec:
+#  scaleTargetRef:
+#    apiVersion: apps/v1
+#    kind: Deployment
+#    name: user-api
+#  minReplicas: 3
+#  maxReplicas: 10
+#  metrics:
+#  - type: Resource
+#    resource:
+#      name: cpu
+#      target:
+#        type: Utilization
+#        averageUtilization: 80
+#
+#---
+#
+#apiVersion: autoscaling/v2
+#kind: HorizontalPodAutoscaler
+#metadata:
+#  name: user-api-hpa-m
+#  namespace: juwan
+#  labels:
+#    app: user-api-hpa-m
+#spec:
+#  scaleTargetRef:
+#    apiVersion: apps/v1
+#    kind: Deployment
+#    name: user-api
+#  minReplicas: 3
+#  maxReplicas: 10
+#  metrics:
+#  - type: Resource
+#    resource:
+#      name: memory
+#      target:
+#        type: Utilization
+#        averageUtilization: 80

deploy/k8s/service/user/user-rpc.yaml

@@ -6,7 +6,7 @@ metadata:
   labels:
     app: user-rpc
 spec:
-  replicas: 3
+  replicas: 1
   revisionHistoryLimit: 5
   selector:
     matchLabels:
@@ -29,7 +29,7 @@ spec:
             ]
       containers:
         - name: user-rpc
-          image: 103.236.53.208:4418/library/user-rpc@sha256:57746256905acb5757153aef536ebfd19338b7f935f01ba1f538fbfd0a12f6f5
+          image: 103.236.53.208:4418/library/user-rpc@sha256:3d1d3cc02188a9b1a29a308a4867638b25b6e480e5a6bdaeb938f262f53969b7
           ports:
             - containerPort: 9001
             - containerPort: 4001
@@ -114,143 +114,151 @@ spec:
   selector:
     app: user-rpc
 
----
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: user-rpc-hpa-c
-  namespace: juwan
-  labels:
-    app: user-rpc-hpa-c
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: user-rpc
-  minReplicas: 3
-  maxReplicas: 10
-  metrics:
-    - type: Resource
-      resource:
-        name: cpu
-        target:
-          type: Utilization
-          averageUtilization: 80
-
----
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: user-rpc-hpa-m
-  namespace: juwan
-  labels:
-    app: user-rpc-hpa-m
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: user-rpc
-  minReplicas: 3
-  maxReplicas: 10
-  metrics:
-    - type: Resource
-      resource:
-        name: memory
-        target:
-          type: Utilization
-          averageUtilization: 80
----
-# Redis 主从复制
-apiVersion: redis.redis.opstreelabs.in/v1beta2
-kind: RedisReplication
-metadata:
-  name: user-redis
-  namespace: juwan
-spec:
-  clusterSize: 3
-  kubernetesConfig:
-    image: quay.io/opstree/redis:v7.0.12
-    imagePullPolicy: IfNotPresent
-    resources:
-      requests:
-        cpu: 100m
-        memory: 128Mi
-      limits:
-        cpu: 500m
-        memory: 512Mi
-    redisSecret:
-      name: user-redis
-      key: password
-
-  redisExporter:
-    enabled: true
-    image: quay.io/opstree/redis-exporter:latest
-    imagePullPolicy: Always
-  podSecurityContext:
-    runAsUser: 1000
-    fsGroup: 1000
-  storage:
-    volumeClaimTemplate:
-      spec:
-        accessModes: ["ReadWriteOnce"]
-        resources:
-          requests:
-            storage: 1Gi
-
----
-# Sentinel 监控
-apiVersion: redis.redis.opstreelabs.in/v1beta2
-kind: RedisSentinel
-metadata:
-  name: user-redis-sentinel
-  namespace: juwan
-spec:
-  clusterSize: 3
-  kubernetesConfig:
-    image: quay.io/opstree/redis-sentinel:v7.0.12
-    imagePullPolicy: IfNotPresent
-    resources:
-      requests:
-        cpu: 100m
-        memory: 128Mi
-      limits:
-        cpu: 500m
-        memory: 512Mi
-  podSecurityContext:
-    runAsUser: 1000
-    fsGroup: 1000
-  redisSentinelConfig:
-    redisReplicationName: user-redis
-    masterGroupName: mymaster
-    redisPort: "6379"
-    quorum: "2"
-    downAfterMilliseconds: "5000"
-    failoverTimeout: "10000"
-    parallelSyncs: "1"
-
----
-# PostgreSQL 集群
-apiVersion: postgresql.cnpg.io/v1
-kind: Cluster
-metadata:
-  namespace: juwan
-  name: user-db
-spec:
-  instances: 3
-  backup:
-    barmanObjectStore:
-      destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/
-      endpointURL: https://cn-nb1.rains3.com
-      s3Credentials:
-        accessKeyId:
-          name: rc-creds
-          key: SOucqRaJr4OyfcIu
-        secretAccessKey:
-          name: rc-creds
-          key: tn2Agj9EowMwuPA9y7TdSL0AXKsMEz
-      wal:
-        compression: gzip
-  storage:
-    size: 1Gi
-  monitoring:
-    enablePodMonitor: true
+#---
+#apiVersion: autoscaling/v2
+#kind: HorizontalPodAutoscaler
+#metadata:
+#  name: user-rpc-hpa-c
+#  namespace: juwan
+#  labels:
+#    app: user-rpc-hpa-c
+#spec:
+#  scaleTargetRef:
+#    apiVersion: apps/v1
+#    kind: Deployment
+#    name: user-rpc
+#  minReplicas: 3
+#  maxReplicas: 10
+#  metrics:
+#    - type: Resource
+#      resource:
+#        name: cpu
+#        target:
+#          type: Utilization
+#          averageUtilization: 80
+#
+#---
+#apiVersion: autoscaling/v2
+#kind: HorizontalPodAutoscaler
+#metadata:
+#  name: user-rpc-hpa-m
+#  namespace: juwan
+#  labels:
+#    app: user-rpc-hpa-m
+#spec:
+#  scaleTargetRef:
+#    apiVersion: apps/v1
+#    kind: Deployment
+#    name: user-rpc
+#  minReplicas: 3
+#  maxReplicas: 10
+#  metrics:
+#    - type: Resource
+#      resource:
+#        name: memory
+#        target:
+#          type: Utilization
+#          averageUtilization: 80
+#---
+## Redis 主从复制
+#apiVersion: redis.redis.opstreelabs.in/v1beta2
+#kind: RedisReplication
+#metadata:
+#  name: user-redis
+#  namespace: juwan
+#spec:
+#  clusterSize: 3
+#  kubernetesConfig:
+#    image: quay.io/opstree/redis:v7.0.12
+#    imagePullPolicy: IfNotPresent
+#    resources:
+#      requests:
+#        cpu: 100m
+#        memory: 128Mi
+#      limits:
+#        cpu: 500m
+#        memory: 512Mi
+#    redisSecret:
+#      name: user-redis
+#      key: password
+#
+#  redisExporter:
+#    enabled: true
+#    image: quay.io/opstree/redis-exporter:latest
+#    imagePullPolicy: Always
+#  podSecurityContext:
+#    runAsUser: 1000
+#    fsGroup: 1000
+#  storage:
+#    volumeClaimTemplate:
+#      spec:
+#        accessModes: ["ReadWriteOnce"]
+#        resources:
+#          requests:
+#            storage: 1Gi
+#
+#---
+## Sentinel 监控
+#apiVersion: redis.redis.opstreelabs.in/v1beta2
+#kind: RedisSentinel
+#metadata:
+#  name: user-redis-sentinel
+#  namespace: juwan
+#spec:
+#  clusterSize: 3
+#  kubernetesConfig:
+#    image: quay.io/opstree/redis-sentinel:v7.0.12
+#    imagePullPolicy: IfNotPresent
+#    resources:
+#      requests:
+#        cpu: 100m
+#        memory: 128Mi
+#      limits:
+#        cpu: 500m
+#        memory: 512Mi
+#  podSecurityContext:
+#    runAsUser: 1000
+#    fsGroup: 1000
+#  redisSentinelConfig:
+#    redisReplicationName: user-redis
+#    masterGroupName: mymaster
+#    redisPort: "6379"
+#    quorum: "2"
+#    downAfterMilliseconds: "5000"
+#    failoverTimeout: "10000"
+#    parallelSyncs: "1"
+#
+#---
+## PostgreSQL 集群
+#apiVersion: postgresql.cnpg.io/v1
+#kind: Cluster
+#metadata:
+#  namespace: juwan
+#  name: user-db
+#spec:
+#  instances: 3
+#  primaryUpdateStrategy: unsupervised
+#  bootstrap:
+#    initdb:
+#      database: app
+#      owner: app
+#      # 只在 PVC 为空时初始化
+#      postInitSQL:
+#        - CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+#  backup:
+#    barmanObjectStore:
+#      destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/
+#      endpointURL: https://cn-nb1.rains3.com
+#      s3Credentials:
+#        accessKeyId:
+#          name: rc-creds
+#          key: SOucqRaJr4OyfcIu
+#        secretAccessKey:
+#          name: rc-creds
+#          key: tn2Agj9EowMwuPA9y7TdSL0AXKsMEz
+#      wal:
+#        compression: gzip
+#  storage:
+#    size: 1Gi
+#  monitoring:
+#    enablePodMonitor: true