diff --git a/deploy/k8s/service/authz/authz-adapter.yaml b/deploy/k8s/service/authz/authz-adapter.yaml index 8df524e..97f1e64 100644 --- a/deploy/k8s/service/authz/authz-adapter.yaml +++ b/deploy/k8s/service/authz/authz-adapter.yaml @@ -20,7 +20,7 @@ spec: containers: - name: authz-adapter # image: 103.236.53.208:4418/library/authz-adapter@sha256:84dd29596f94dd38d3a7a7924f4d5ed71b661b6d2a78d65c1741b11c2d8eea98 - image: authz-adapter:latest + image: 103.236.53.208:4418/juwan/authz-adapter:latest imagePullPolicy: Always ports: - containerPort: 9002 diff --git a/deploy/k8s/service/chat/chat-api.yaml b/deploy/k8s/service/chat/chat-api.yaml new file mode 100644 index 0000000..efbaa25 --- /dev/null +++ b/deploy/k8s/service/chat/chat-api.yaml @@ -0,0 +1,291 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: chat-api + namespace: juwan + labels: + app: chat-api +spec: + replicas: 3 + revisionHistoryLimit: 5 + selector: + matchLabels: + app: chat-api + template: + metadata: + labels: + app: chat-api + spec: + serviceAccountName: find-endpoints + containers: + - name: chat-api + image: chat-api:latest + imagePullPolicy: Always + ports: + - containerPort: 8888 + name: http + protocol: TCP + - containerPort: 8889 + name: ws + protocol: TCP + - containerPort: 8443 + name: wt + protocol: UDP + - containerPort: 4001 + name: metrics + protocol: TCP + env: + - name: REDIS_M_HOST + value: "chat-redis-master.juwan:6379" + - name: REDIS_S_HOST + value: "chat-redis-replica.juwan:6379" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: chat-redis + key: password + - name: JWT_SECRET_KEY + valueFrom: + secretKeyRef: + name: jwt-secret + key: secret-key + - name: MONGO_URI + value: "mongodb://app-user:$(MONGO_PASSWORD)@chat-mongodb-0.chat-mongodb-svc.juwan.svc.cluster.local:27017,chat-mongodb-1.chat-mongodb-svc.juwan.svc.cluster.local:27017,chat-mongodb-2.chat-mongodb-svc.juwan.svc.cluster.local:27017/juwan_chat?replicaSet=chat-mongodb&authSource=admin" + - name: MONGO_PASSWORD + valueFrom: + secretKeyRef: + name: chat-mongodb-app-user-password + key: password + readinessProbe: + tcpSocket: + port: 8888 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 8888 + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 1000m + memory: 1024Mi + volumeMounts: + - name: timezone + mountPath: /etc/localtime + - name: wt-tls + mountPath: /etc/certs + readOnly: true + volumes: + - name: timezone + hostPath: + path: /usr/share/zoneinfo/Asia/Shanghai + - name: wt-tls + secret: + secretName: chat-wt-tls + optional: true + +--- +# TCP Service: REST API + WebSocket +apiVersion: v1 +kind: Service +metadata: + name: chat-api-svc + namespace: juwan + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "4001" + prometheus.io/path: "/metrics" +spec: + ports: + - name: http + port: 8888 + targetPort: 8888 + protocol: TCP + - name: ws + port: 8889 + targetPort: 8889 + protocol: TCP + - name: metrics + port: 4001 + targetPort: 4001 + protocol: TCP + selector: + app: chat-api + +--- +# UDP Service: WebTransport (QUIC) +apiVersion: v1 +kind: Service +metadata: + name: chat-api-wt + namespace: juwan +spec: + ports: + - name: webtransport + port: 8443 + targetPort: 8443 + protocol: UDP + selector: + app: chat-api + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: chat-api-hpa-c + namespace: juwan + labels: + app: chat-api-hpa-c +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: chat-api + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: chat-api-hpa-m + namespace: juwan + labels: + app: chat-api-hpa-m +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: chat-api + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: v1 +kind: Secret +metadata: + name: chat-mongodb-app-user-password + namespace: juwan +type: Opaque +stringData: + password: CHANGE_ME_CHAT_MONGO_PASSWORD + +--- +apiVersion: mongodbcommunity.mongodb.com/v1 +kind: MongoDBCommunity +metadata: + name: chat-mongodb + namespace: juwan +spec: + members: 3 + type: ReplicaSet + version: "7.0.12" + security: + authentication: + modes: + - SCRAM + users: + - name: app-user + db: admin + passwordSecretRef: + name: chat-mongodb-app-user-password + roles: + - name: readWrite + db: juwan_chat + scramCredentialsSecretName: chat-mongodb-app-user-scram + additionalMongodConfig: + storage.wiredTiger.engineConfig.journalCompressor: zlib + +--- +apiVersion: v1 +kind: Secret +metadata: + name: chat-redis + namespace: juwan +type: Opaque +stringData: + password: CHANGE_ME_CHAT_REDIS_PASSWORD + +--- +apiVersion: redis.redis.opstreelabs.in/v1beta2 +kind: RedisReplication +metadata: + name: chat-redis + namespace: juwan +spec: + clusterSize: 3 + kubernetesConfig: + image: quay.io/opstree/redis:v7.0.12 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + redisSecret: + name: chat-redis + key: password + redisExporter: + enabled: true + image: quay.io/opstree/redis-exporter:latest + imagePullPolicy: Always + podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 + storage: + volumeClaimTemplate: + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + +--- +apiVersion: redis.redis.opstreelabs.in/v1beta2 +kind: RedisSentinel +metadata: + name: chat-redis-sentinel + namespace: juwan +spec: + clusterSize: 3 + kubernetesConfig: + image: quay.io/opstree/redis-sentinel:v7.0.12 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 + redisSentinelConfig: + redisReplicationName: chat-redis + masterGroupName: mymaster + redisPort: "6379" + quorum: "2" + downAfterMilliseconds: "5000" + failoverTimeout: "10000" + parallelSyncs: "1" diff --git a/deploy/k8s/service/community/community-api.yaml b/deploy/k8s/service/community/community-api.yaml new file mode 100644 index 0000000..22f98ca --- /dev/null +++ b/deploy/k8s/service/community/community-api.yaml @@ -0,0 +1,117 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: community-api + namespace: juwan + labels: + app: community-api +spec: + replicas: 3 + revisionHistoryLimit: 5 + selector: + matchLabels: + app: community-api + template: + metadata: + labels: + app: community-api + spec: + serviceAccountName: find-endpoints + containers: + - name: community-api + image: community-api:latest + imagePullPolicy: Always + ports: + - containerPort: 8888 + - containerPort: 4001 + readinessProbe: + tcpSocket: + port: 8888 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 8888 + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 1000m + memory: 1024Mi + volumeMounts: + - name: timezone + mountPath: /etc/localtime + volumes: + - name: timezone + hostPath: + path: /usr/share/zoneinfo/Asia/Shanghai + +--- +apiVersion: v1 +kind: Service +metadata: + name: community-api-svc + namespace: juwan + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "4001" + prometheus.io/path: "/metrics" +spec: + ports: + - name: http + port: 8888 + targetPort: 8888 + - name: metrics + port: 4001 + targetPort: 4001 + selector: + app: community-api + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: community-api-hpa-c + namespace: juwan + labels: + app: community-api-hpa-c +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: community-api + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: community-api-hpa-m + namespace: juwan + labels: + app: community-api-hpa-m +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: community-api + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 diff --git a/deploy/k8s/service/community/community-rpc.yaml b/deploy/k8s/service/community/community-rpc.yaml new file mode 100644 index 0000000..51eae72 --- /dev/null +++ b/deploy/k8s/service/community/community-rpc.yaml @@ -0,0 +1,246 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: community-rpc + namespace: juwan + labels: + app: community-rpc +spec: + replicas: 3 + revisionHistoryLimit: 5 + selector: + matchLabels: + app: community-rpc + template: + metadata: + labels: + app: community-rpc + spec: + serviceAccountName: find-endpoints + containers: + - name: community-rpc + image: community-rpc:latest + imagePullPolicy: Always + ports: + - containerPort: 8080 + - containerPort: 4001 + env: + - name: DB_PORT + valueFrom: + secretKeyRef: + name: community-db-app + key: port + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: community-db-app + key: password + - name: PD_USERNAME + valueFrom: + secretKeyRef: + name: community-db-app + key: username + - name: DB_NAME + valueFrom: + secretKeyRef: + name: community-db-app + key: dbname + - name: REDIS_M_HOST + value: "community-redis-master.juwan:6379" + - name: REDIS_S_HOST + value: "community-redis-replica.juwan:6379" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: community-redis + key: password + readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 1000m + memory: 1024Mi + volumeMounts: + - name: timezone + mountPath: /etc/localtime + volumes: + - name: timezone + hostPath: + path: /usr/share/zoneinfo/Asia/Shanghai + +--- +apiVersion: v1 +kind: Service +metadata: + name: community-rpc-svc + namespace: juwan + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "4001" + prometheus.io/path: "/metrics" +spec: + ports: + - name: rpc + port: 8080 + targetPort: 8080 + - name: metrics + port: 4001 + targetPort: 4001 + selector: + app: community-rpc + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: community-rpc-hpa-c + namespace: juwan + labels: + app: community-rpc-hpa-c +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: community-rpc + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: community-rpc-hpa-m + namespace: juwan + labels: + app: community-rpc-hpa-m +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: community-rpc + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + namespace: juwan + name: community-db +spec: + instances: 3 + primaryUpdateStrategy: unsupervised + bootstrap: + initdb: + database: app + owner: app + postInitSQL: + - CREATE EXTENSION IF NOT EXISTS pg_stat_statements; + backup: + barmanObjectStore: + destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/ + endpointURL: https://cn-nb1.rains3.com + s3Credentials: + accessKeyId: + name: rc-creds + key: ACCESS_KEY_ID + secretAccessKey: + name: rc-creds + key: SECRET_ACCESS_KEY + wal: + compression: gzip + storage: + size: 1Gi + monitoring: + enablePodMonitor: true + +--- +apiVersion: redis.redis.opstreelabs.in/v1beta2 +kind: RedisReplication +metadata: + name: community-redis + namespace: juwan +spec: + clusterSize: 3 + kubernetesConfig: + image: quay.io/opstree/redis:v7.0.12 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + redisSecret: + name: community-redis + key: password + redisExporter: + enabled: true + image: quay.io/opstree/redis-exporter:latest + imagePullPolicy: Always + podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 + storage: + volumeClaimTemplate: + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + +--- +apiVersion: redis.redis.opstreelabs.in/v1beta2 +kind: RedisSentinel +metadata: + name: community-redis-sentinel + namespace: juwan +spec: + clusterSize: 3 + kubernetesConfig: + image: quay.io/opstree/redis-sentinel:v7.0.12 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 + redisSentinelConfig: + redisReplicationName: community-redis + masterGroupName: mymaster + redisPort: "6379" + quorum: "2" + downAfterMilliseconds: "5000" + failoverTimeout: "10000" + parallelSyncs: "1" diff --git a/deploy/k8s/service/dispute/dispute-api.yaml b/deploy/k8s/service/dispute/dispute-api.yaml new file mode 100644 index 0000000..27c589f --- /dev/null +++ b/deploy/k8s/service/dispute/dispute-api.yaml @@ -0,0 +1,117 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dispute-api + namespace: juwan + labels: + app: dispute-api +spec: + replicas: 3 + revisionHistoryLimit: 5 + selector: + matchLabels: + app: dispute-api + template: + metadata: + labels: + app: dispute-api + spec: + serviceAccountName: find-endpoints + containers: + - name: dispute-api + image: dispute-api:latest + imagePullPolicy: Always + ports: + - containerPort: 8888 + - containerPort: 4001 + readinessProbe: + tcpSocket: + port: 8888 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 8888 + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 1000m + memory: 1024Mi + volumeMounts: + - name: timezone + mountPath: /etc/localtime + volumes: + - name: timezone + hostPath: + path: /usr/share/zoneinfo/Asia/Shanghai + +--- +apiVersion: v1 +kind: Service +metadata: + name: dispute-api-svc + namespace: juwan + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "4001" + prometheus.io/path: "/metrics" +spec: + ports: + - name: http + port: 8888 + targetPort: 8888 + - name: metrics + port: 4001 + targetPort: 4001 + selector: + app: dispute-api + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: dispute-api-hpa-c + namespace: juwan + labels: + app: dispute-api-hpa-c +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: dispute-api + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: dispute-api-hpa-m + namespace: juwan + labels: + app: dispute-api-hpa-m +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: dispute-api + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 diff --git a/deploy/k8s/service/dispute/dispute-rpc.yaml b/deploy/k8s/service/dispute/dispute-rpc.yaml new file mode 100644 index 0000000..d19d117 --- /dev/null +++ b/deploy/k8s/service/dispute/dispute-rpc.yaml @@ -0,0 +1,246 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dispute-rpc + namespace: juwan + labels: + app: dispute-rpc +spec: + replicas: 3 + revisionHistoryLimit: 5 + selector: + matchLabels: + app: dispute-rpc + template: + metadata: + labels: + app: dispute-rpc + spec: + serviceAccountName: find-endpoints + containers: + - name: dispute-rpc + image: dispute-rpc:latest + imagePullPolicy: Always + ports: + - containerPort: 8080 + - containerPort: 4001 + env: + - name: DB_PORT + valueFrom: + secretKeyRef: + name: dispute-db-app + key: port + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: dispute-db-app + key: password + - name: PD_USERNAME + valueFrom: + secretKeyRef: + name: dispute-db-app + key: username + - name: DB_NAME + valueFrom: + secretKeyRef: + name: dispute-db-app + key: dbname + - name: REDIS_M_HOST + value: "dispute-redis-master.juwan:6379" + - name: REDIS_S_HOST + value: "dispute-redis-replica.juwan:6379" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: dispute-redis + key: password + readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 1000m + memory: 1024Mi + volumeMounts: + - name: timezone + mountPath: /etc/localtime + volumes: + - name: timezone + hostPath: + path: /usr/share/zoneinfo/Asia/Shanghai + +--- +apiVersion: v1 +kind: Service +metadata: + name: dispute-rpc-svc + namespace: juwan + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "4001" + prometheus.io/path: "/metrics" +spec: + ports: + - name: rpc + port: 8080 + targetPort: 8080 + - name: metrics + port: 4001 + targetPort: 4001 + selector: + app: dispute-rpc + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: dispute-rpc-hpa-c + namespace: juwan + labels: + app: dispute-rpc-hpa-c +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: dispute-rpc + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: dispute-rpc-hpa-m + namespace: juwan + labels: + app: dispute-rpc-hpa-m +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: dispute-rpc + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + namespace: juwan + name: dispute-db +spec: + instances: 3 + primaryUpdateStrategy: unsupervised + bootstrap: + initdb: + database: app + owner: app + postInitSQL: + - CREATE EXTENSION IF NOT EXISTS pg_stat_statements; + backup: + barmanObjectStore: + destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/ + endpointURL: https://cn-nb1.rains3.com + s3Credentials: + accessKeyId: + name: rc-creds + key: ACCESS_KEY_ID + secretAccessKey: + name: rc-creds + key: SECRET_ACCESS_KEY + wal: + compression: gzip + storage: + size: 1Gi + monitoring: + enablePodMonitor: true + +--- +apiVersion: redis.redis.opstreelabs.in/v1beta2 +kind: RedisReplication +metadata: + name: dispute-redis + namespace: juwan +spec: + clusterSize: 3 + kubernetesConfig: + image: quay.io/opstree/redis:v7.0.12 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + redisSecret: + name: dispute-redis + key: password + redisExporter: + enabled: true + image: quay.io/opstree/redis-exporter:latest + imagePullPolicy: Always + podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 + storage: + volumeClaimTemplate: + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + +--- +apiVersion: redis.redis.opstreelabs.in/v1beta2 +kind: RedisSentinel +metadata: + name: dispute-redis-sentinel + namespace: juwan +spec: + clusterSize: 3 + kubernetesConfig: + image: quay.io/opstree/redis-sentinel:v7.0.12 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 + redisSentinelConfig: + redisReplicationName: dispute-redis + masterGroupName: mymaster + redisPort: "6379" + quorum: "2" + downAfterMilliseconds: "5000" + failoverTimeout: "10000" + parallelSyncs: "1" diff --git a/deploy/k8s/service/notification/notification-api.yaml b/deploy/k8s/service/notification/notification-api.yaml new file mode 100644 index 0000000..22836b2 --- /dev/null +++ b/deploy/k8s/service/notification/notification-api.yaml @@ -0,0 +1,117 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: notification-api + namespace: juwan + labels: + app: notification-api +spec: + replicas: 3 + revisionHistoryLimit: 5 + selector: + matchLabels: + app: notification-api + template: + metadata: + labels: + app: notification-api + spec: + serviceAccountName: find-endpoints + containers: + - name: notification-api + image: notification-api:latest + imagePullPolicy: Always + ports: + - containerPort: 8888 + - containerPort: 4001 + readinessProbe: + tcpSocket: + port: 8888 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 8888 + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 1000m + memory: 1024Mi + volumeMounts: + - name: timezone + mountPath: /etc/localtime + volumes: + - name: timezone + hostPath: + path: /usr/share/zoneinfo/Asia/Shanghai + +--- +apiVersion: v1 +kind: Service +metadata: + name: notification-api-svc + namespace: juwan + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "4001" + prometheus.io/path: "/metrics" +spec: + ports: + - name: http + port: 8888 + targetPort: 8888 + - name: metrics + port: 4001 + targetPort: 4001 + selector: + app: notification-api + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: notification-api-hpa-c + namespace: juwan + labels: + app: notification-api-hpa-c +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: notification-api + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: notification-api-hpa-m + namespace: juwan + labels: + app: notification-api-hpa-m +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: notification-api + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 diff --git a/deploy/k8s/service/notification/notification-rpc.yaml b/deploy/k8s/service/notification/notification-rpc.yaml new file mode 100644 index 0000000..97a66b9 --- /dev/null +++ b/deploy/k8s/service/notification/notification-rpc.yaml @@ -0,0 +1,246 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: notification-rpc + namespace: juwan + labels: + app: notification-rpc +spec: + replicas: 3 + revisionHistoryLimit: 5 + selector: + matchLabels: + app: notification-rpc + template: + metadata: + labels: + app: notification-rpc + spec: + serviceAccountName: find-endpoints + containers: + - name: notification-rpc + image: notification-rpc:latest + imagePullPolicy: Always + ports: + - containerPort: 8080 + - containerPort: 4001 + env: + - name: DB_PORT + valueFrom: + secretKeyRef: + name: notification-db-app + key: port + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: notification-db-app + key: password + - name: PD_USERNAME + valueFrom: + secretKeyRef: + name: notification-db-app + key: username + - name: DB_NAME + valueFrom: + secretKeyRef: + name: notification-db-app + key: dbname + - name: REDIS_M_HOST + value: "notification-redis-master.juwan:6379" + - name: REDIS_S_HOST + value: "notification-redis-replica.juwan:6379" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: notification-redis + key: password + readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 1000m + memory: 1024Mi + volumeMounts: + - name: timezone + mountPath: /etc/localtime + volumes: + - name: timezone + hostPath: + path: /usr/share/zoneinfo/Asia/Shanghai + +--- +apiVersion: v1 +kind: Service +metadata: + name: notification-rpc-svc + namespace: juwan + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "4001" + prometheus.io/path: "/metrics" +spec: + ports: + - name: rpc + port: 8080 + targetPort: 8080 + - name: metrics + port: 4001 + targetPort: 4001 + selector: + app: notification-rpc + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: notification-rpc-hpa-c + namespace: juwan + labels: + app: notification-rpc-hpa-c +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: notification-rpc + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: notification-rpc-hpa-m + namespace: juwan + labels: + app: notification-rpc-hpa-m +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: notification-rpc + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + namespace: juwan + name: notification-db +spec: + instances: 3 + primaryUpdateStrategy: unsupervised + bootstrap: + initdb: + database: app + owner: app + postInitSQL: + - CREATE EXTENSION IF NOT EXISTS pg_stat_statements; + backup: + barmanObjectStore: + destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/ + endpointURL: https://cn-nb1.rains3.com + s3Credentials: + accessKeyId: + name: rc-creds + key: ACCESS_KEY_ID + secretAccessKey: + name: rc-creds + key: SECRET_ACCESS_KEY + wal: + compression: gzip + storage: + size: 1Gi + monitoring: + enablePodMonitor: true + +--- +apiVersion: redis.redis.opstreelabs.in/v1beta2 +kind: RedisReplication +metadata: + name: notification-redis + namespace: juwan +spec: + clusterSize: 3 + kubernetesConfig: + image: quay.io/opstree/redis:v7.0.12 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + redisSecret: + name: notification-redis + key: password + redisExporter: + enabled: true + image: quay.io/opstree/redis-exporter:latest + imagePullPolicy: Always + podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 + storage: + volumeClaimTemplate: + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + +--- +apiVersion: redis.redis.opstreelabs.in/v1beta2 +kind: RedisSentinel +metadata: + name: notification-redis-sentinel + namespace: juwan +spec: + clusterSize: 3 + kubernetesConfig: + image: quay.io/opstree/redis-sentinel:v7.0.12 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 + redisSentinelConfig: + redisReplicationName: notification-redis + masterGroupName: mymaster + redisPort: "6379" + quorum: "2" + downAfterMilliseconds: "5000" + failoverTimeout: "10000" + parallelSyncs: "1" diff --git a/deploy/k8s/service/order/order-api.yaml b/deploy/k8s/service/order/order-api.yaml new file mode 100644 index 0000000..22f3d06 --- /dev/null +++ b/deploy/k8s/service/order/order-api.yaml @@ -0,0 +1,117 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: order-api + namespace: juwan + labels: + app: order-api +spec: + replicas: 3 + revisionHistoryLimit: 5 + selector: + matchLabels: + app: order-api + template: + metadata: + labels: + app: order-api + spec: + serviceAccountName: find-endpoints + containers: + - name: order-api + image: order-api:latest + imagePullPolicy: Always + ports: + - containerPort: 8888 + - containerPort: 4001 + readinessProbe: + tcpSocket: + port: 8888 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 8888 + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 1000m + memory: 1024Mi + volumeMounts: + - name: timezone + mountPath: /etc/localtime + volumes: + - name: timezone + hostPath: + path: /usr/share/zoneinfo/Asia/Shanghai + +--- +apiVersion: v1 +kind: Service +metadata: + name: order-api-svc + namespace: juwan + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "4001" + prometheus.io/path: "/metrics" +spec: + ports: + - name: http + port: 8888 + targetPort: 8888 + - name: metrics + port: 4001 + targetPort: 4001 + selector: + app: order-api + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: order-api-hpa-c + namespace: juwan + labels: + app: order-api-hpa-c +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: order-api + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: order-api-hpa-m + namespace: juwan + labels: + app: order-api-hpa-m +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: order-api + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 diff --git a/deploy/k8s/service/order/order-rpc.yaml b/deploy/k8s/service/order/order-rpc.yaml new file mode 100644 index 0000000..63ef926 --- /dev/null +++ b/deploy/k8s/service/order/order-rpc.yaml @@ -0,0 +1,246 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: order-rpc + namespace: juwan + labels: + app: order-rpc +spec: + replicas: 3 + revisionHistoryLimit: 5 + selector: + matchLabels: + app: order-rpc + template: + metadata: + labels: + app: order-rpc + spec: + serviceAccountName: find-endpoints + containers: + - name: order-rpc + image: order-rpc:latest + imagePullPolicy: Always + ports: + - containerPort: 8080 + - containerPort: 4001 + env: + - name: DB_PORT + valueFrom: + secretKeyRef: + name: order-db-app + key: port + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: order-db-app + key: password + - name: PD_USERNAME + valueFrom: + secretKeyRef: + name: order-db-app + key: username + - name: DB_NAME + valueFrom: + secretKeyRef: + name: order-db-app + key: dbname + - name: REDIS_M_HOST + value: "order-redis-master.juwan:6379" + - name: REDIS_S_HOST + value: "order-redis-replica.juwan:6379" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: order-redis + key: password + readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 1000m + memory: 1024Mi + volumeMounts: + - name: timezone + mountPath: /etc/localtime + volumes: + - name: timezone + hostPath: + path: /usr/share/zoneinfo/Asia/Shanghai + +--- +apiVersion: v1 +kind: Service +metadata: + name: order-rpc-svc + namespace: juwan + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "4001" + prometheus.io/path: "/metrics" +spec: + ports: + - name: rpc + port: 8080 + targetPort: 8080 + - name: metrics + port: 4001 + targetPort: 4001 + selector: + app: order-rpc + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: order-rpc-hpa-c + namespace: juwan + labels: + app: order-rpc-hpa-c +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: order-rpc + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: order-rpc-hpa-m + namespace: juwan + labels: + app: order-rpc-hpa-m +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: order-rpc + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + namespace: juwan + name: order-db +spec: + instances: 3 + primaryUpdateStrategy: unsupervised + bootstrap: + initdb: + database: app + owner: app + postInitSQL: + - CREATE EXTENSION IF NOT EXISTS pg_stat_statements; + backup: + barmanObjectStore: + destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/ + endpointURL: https://cn-nb1.rains3.com + s3Credentials: + accessKeyId: + name: rc-creds + key: ACCESS_KEY_ID + secretAccessKey: + name: rc-creds + key: SECRET_ACCESS_KEY + wal: + compression: gzip + storage: + size: 1Gi + monitoring: + enablePodMonitor: true + +--- +apiVersion: redis.redis.opstreelabs.in/v1beta2 +kind: RedisReplication +metadata: + name: order-redis + namespace: juwan +spec: + clusterSize: 3 + kubernetesConfig: + image: quay.io/opstree/redis:v7.0.12 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + redisSecret: + name: order-redis + key: password + redisExporter: + enabled: true + image: quay.io/opstree/redis-exporter:latest + imagePullPolicy: Always + podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 + storage: + volumeClaimTemplate: + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + +--- +apiVersion: redis.redis.opstreelabs.in/v1beta2 +kind: RedisSentinel +metadata: + name: order-redis-sentinel + namespace: juwan +spec: + clusterSize: 3 + kubernetesConfig: + image: quay.io/opstree/redis-sentinel:v7.0.12 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 + redisSentinelConfig: + redisReplicationName: order-redis + masterGroupName: mymaster + redisPort: "6379" + quorum: "2" + downAfterMilliseconds: "5000" + failoverTimeout: "10000" + parallelSyncs: "1" diff --git a/deploy/k8s/service/review/review-api.yaml b/deploy/k8s/service/review/review-api.yaml new file mode 100644 index 0000000..a697d6b --- /dev/null +++ b/deploy/k8s/service/review/review-api.yaml @@ -0,0 +1,117 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: review-api + namespace: juwan + labels: + app: review-api +spec: + replicas: 3 + revisionHistoryLimit: 5 + selector: + matchLabels: + app: review-api + template: + metadata: + labels: + app: review-api + spec: + serviceAccountName: find-endpoints + containers: + - name: review-api + image: review-api:latest + imagePullPolicy: Always + ports: + - containerPort: 8888 + - containerPort: 4001 + readinessProbe: + tcpSocket: + port: 8888 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 8888 + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 1000m + memory: 1024Mi + volumeMounts: + - name: timezone + mountPath: /etc/localtime + volumes: + - name: timezone + hostPath: + path: /usr/share/zoneinfo/Asia/Shanghai + +--- +apiVersion: v1 +kind: Service +metadata: + name: review-api-svc + namespace: juwan + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "4001" + prometheus.io/path: "/metrics" +spec: + ports: + - name: http + port: 8888 + targetPort: 8888 + - name: metrics + port: 4001 + targetPort: 4001 + selector: + app: review-api + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: review-api-hpa-c + namespace: juwan + labels: + app: review-api-hpa-c +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: review-api + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: review-api-hpa-m + namespace: juwan + labels: + app: review-api-hpa-m +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: review-api + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 diff --git a/deploy/k8s/service/review/review-rpc.yaml b/deploy/k8s/service/review/review-rpc.yaml new file mode 100644 index 0000000..4c84cbb --- /dev/null +++ b/deploy/k8s/service/review/review-rpc.yaml @@ -0,0 +1,246 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: review-rpc + namespace: juwan + labels: + app: review-rpc +spec: + replicas: 3 + revisionHistoryLimit: 5 + selector: + matchLabels: + app: review-rpc + template: + metadata: + labels: + app: review-rpc + spec: + serviceAccountName: find-endpoints + containers: + - name: review-rpc + image: review-rpc:latest + imagePullPolicy: Always + ports: + - containerPort: 8080 + - containerPort: 4001 + env: + - name: DB_PORT + valueFrom: + secretKeyRef: + name: review-db-app + key: port + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: review-db-app + key: password + - name: PD_USERNAME + valueFrom: + secretKeyRef: + name: review-db-app + key: username + - name: DB_NAME + valueFrom: + secretKeyRef: + name: review-db-app + key: dbname + - name: REDIS_M_HOST + value: "review-redis-master.juwan:6379" + - name: REDIS_S_HOST + value: "review-redis-replica.juwan:6379" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: review-redis + key: password + readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 1000m + memory: 1024Mi + volumeMounts: + - name: timezone + mountPath: /etc/localtime + volumes: + - name: timezone + hostPath: + path: /usr/share/zoneinfo/Asia/Shanghai + +--- +apiVersion: v1 +kind: Service +metadata: + name: review-rpc-svc + namespace: juwan + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "4001" + prometheus.io/path: "/metrics" +spec: + ports: + - name: rpc + port: 8080 + targetPort: 8080 + - name: metrics + port: 4001 + targetPort: 4001 + selector: + app: review-rpc + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: review-rpc-hpa-c + namespace: juwan + labels: + app: review-rpc-hpa-c +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: review-rpc + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: review-rpc-hpa-m + namespace: juwan + labels: + app: review-rpc-hpa-m +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: review-rpc + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + namespace: juwan + name: review-db +spec: + instances: 3 + primaryUpdateStrategy: unsupervised + bootstrap: + initdb: + database: app + owner: app + postInitSQL: + - CREATE EXTENSION IF NOT EXISTS pg_stat_statements; + backup: + barmanObjectStore: + destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/ + endpointURL: https://cn-nb1.rains3.com + s3Credentials: + accessKeyId: + name: rc-creds + key: ACCESS_KEY_ID + secretAccessKey: + name: rc-creds + key: SECRET_ACCESS_KEY + wal: + compression: gzip + storage: + size: 1Gi + monitoring: + enablePodMonitor: true + +--- +apiVersion: redis.redis.opstreelabs.in/v1beta2 +kind: RedisReplication +metadata: + name: review-redis + namespace: juwan +spec: + clusterSize: 3 + kubernetesConfig: + image: quay.io/opstree/redis:v7.0.12 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + redisSecret: + name: review-redis + key: password + redisExporter: + enabled: true + image: quay.io/opstree/redis-exporter:latest + imagePullPolicy: Always + podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 + storage: + volumeClaimTemplate: + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + +--- +apiVersion: redis.redis.opstreelabs.in/v1beta2 +kind: RedisSentinel +metadata: + name: review-redis-sentinel + namespace: juwan +spec: + clusterSize: 3 + kubernetesConfig: + image: quay.io/opstree/redis-sentinel:v7.0.12 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 + redisSentinelConfig: + redisReplicationName: review-redis + masterGroupName: mymaster + redisPort: "6379" + quorum: "2" + downAfterMilliseconds: "5000" + failoverTimeout: "10000" + parallelSyncs: "1" diff --git a/deploy/k8s/service/search/search-api.yaml b/deploy/k8s/service/search/search-api.yaml new file mode 100644 index 0000000..16557fc --- /dev/null +++ b/deploy/k8s/service/search/search-api.yaml @@ -0,0 +1,117 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: search-api + namespace: juwan + labels: + app: search-api +spec: + replicas: 3 + revisionHistoryLimit: 5 + selector: + matchLabels: + app: search-api + template: + metadata: + labels: + app: search-api + spec: + serviceAccountName: find-endpoints + containers: + - name: search-api + image: search-api:latest + imagePullPolicy: Always + ports: + - containerPort: 8888 + - containerPort: 4001 + readinessProbe: + tcpSocket: + port: 8888 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 8888 + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 1000m + memory: 1024Mi + volumeMounts: + - name: timezone + mountPath: /etc/localtime + volumes: + - name: timezone + hostPath: + path: /usr/share/zoneinfo/Asia/Shanghai + +--- +apiVersion: v1 +kind: Service +metadata: + name: search-api-svc + namespace: juwan + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "4001" + prometheus.io/path: "/metrics" +spec: + ports: + - name: http + port: 8888 + targetPort: 8888 + - name: metrics + port: 4001 + targetPort: 4001 + selector: + app: search-api + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: search-api-hpa-c + namespace: juwan + labels: + app: search-api-hpa-c +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: search-api + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: search-api-hpa-m + namespace: juwan + labels: + app: search-api-hpa-m +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: search-api + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 diff --git a/deploy/k8s/service/search/search-rpc.yaml b/deploy/k8s/service/search/search-rpc.yaml new file mode 100644 index 0000000..0804cf2 --- /dev/null +++ b/deploy/k8s/service/search/search-rpc.yaml @@ -0,0 +1,246 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: search-rpc + namespace: juwan + labels: + app: search-rpc +spec: + replicas: 3 + revisionHistoryLimit: 5 + selector: + matchLabels: + app: search-rpc + template: + metadata: + labels: + app: search-rpc + spec: + serviceAccountName: find-endpoints + containers: + - name: search-rpc + image: search-rpc:latest + imagePullPolicy: Always + ports: + - containerPort: 8080 + - containerPort: 4001 + env: + - name: DB_PORT + valueFrom: + secretKeyRef: + name: search-db-app + key: port + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: search-db-app + key: password + - name: PD_USERNAME + valueFrom: + secretKeyRef: + name: search-db-app + key: username + - name: DB_NAME + valueFrom: + secretKeyRef: + name: search-db-app + key: dbname + - name: REDIS_M_HOST + value: "search-redis-master.juwan:6379" + - name: REDIS_S_HOST + value: "search-redis-replica.juwan:6379" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: search-redis + key: password + readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 1000m + memory: 1024Mi + volumeMounts: + - name: timezone + mountPath: /etc/localtime + volumes: + - name: timezone + hostPath: + path: /usr/share/zoneinfo/Asia/Shanghai + +--- +apiVersion: v1 +kind: Service +metadata: + name: search-rpc-svc + namespace: juwan + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "4001" + prometheus.io/path: "/metrics" +spec: + ports: + - name: rpc + port: 8080 + targetPort: 8080 + - name: metrics + port: 4001 + targetPort: 4001 + selector: + app: search-rpc + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: search-rpc-hpa-c + namespace: juwan + labels: + app: search-rpc-hpa-c +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: search-rpc + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: search-rpc-hpa-m + namespace: juwan + labels: + app: search-rpc-hpa-m +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: search-rpc + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + namespace: juwan + name: search-db +spec: + instances: 3 + primaryUpdateStrategy: unsupervised + bootstrap: + initdb: + database: app + owner: app + postInitSQL: + - CREATE EXTENSION IF NOT EXISTS pg_stat_statements; + backup: + barmanObjectStore: + destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/ + endpointURL: https://cn-nb1.rains3.com + s3Credentials: + accessKeyId: + name: rc-creds + key: ACCESS_KEY_ID + secretAccessKey: + name: rc-creds + key: SECRET_ACCESS_KEY + wal: + compression: gzip + storage: + size: 1Gi + monitoring: + enablePodMonitor: true + +--- +apiVersion: redis.redis.opstreelabs.in/v1beta2 +kind: RedisReplication +metadata: + name: search-redis + namespace: juwan +spec: + clusterSize: 3 + kubernetesConfig: + image: quay.io/opstree/redis:v7.0.12 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + redisSecret: + name: search-redis + key: password + redisExporter: + enabled: true + image: quay.io/opstree/redis-exporter:latest + imagePullPolicy: Always + podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 + storage: + volumeClaimTemplate: + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + +--- +apiVersion: redis.redis.opstreelabs.in/v1beta2 +kind: RedisSentinel +metadata: + name: search-redis-sentinel + namespace: juwan +spec: + clusterSize: 3 + kubernetesConfig: + image: quay.io/opstree/redis-sentinel:v7.0.12 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 + redisSentinelConfig: + redisReplicationName: search-redis + masterGroupName: mymaster + redisPort: "6379" + quorum: "2" + downAfterMilliseconds: "5000" + failoverTimeout: "10000" + parallelSyncs: "1" diff --git a/deploy/k8s/service/snowflake/snowflake.yaml b/deploy/k8s/service/snowflake/snowflake.yaml index 9f46f98..4bab5fe 100644 --- a/deploy/k8s/service/snowflake/snowflake.yaml +++ b/deploy/k8s/service/snowflake/snowflake.yaml @@ -20,7 +20,7 @@ spec: containers: - name: snowflake # image: 103.236.53.208:4418/library/snowflake@sha256:1679cf94b69f426eec5d2f960ffb153bb7dbcd3bcaf0286261a43756384a86b3 - image: snowflake:latest + image: 103.236.53.208:4418/juwan/snowflake:latest ports: - containerPort: 8080 readinessProbe: diff --git a/deploy/k8s/service/user/user-api.yaml b/deploy/k8s/service/user/user-api.yaml index d975ec9..e805e86 100644 --- a/deploy/k8s/service/user/user-api.yaml +++ b/deploy/k8s/service/user/user-api.yaml @@ -20,7 +20,7 @@ spec: containers: - name: user-api # image: 103.236.53.208:4418/library/user-api@sha256:d3187beb9c777a8dcbdc6a835a7887cb29fbea9571b08fe538a1eece403226e2 - image: user-api:latest + image: 103.236.53.208:4418/juwan/user-api:latest imagePullPolicy: Always ports: - containerPort: 8888 diff --git a/deploy/k8s/service/user/user-rpc.yaml b/deploy/k8s/service/user/user-rpc.yaml index 8f333c4..e220506 100644 --- a/deploy/k8s/service/user/user-rpc.yaml +++ b/deploy/k8s/service/user/user-rpc.yaml @@ -30,7 +30,7 @@ spec: containers: - name: user-rpc # image: 103.236.53.208:4418/library/user-rpc@sha256:28d785c4152d28b5cb368316e0fb3d48d728303e4439cdce13ebdbc5af8d19ce - image: user-rpc:latest + image: 103.236.53.208:4418/juwan/user-rpc:latest imagePullPolicy: Always ports: - containerPort: 9001 diff --git a/deploy/k8s/service/user_verifications/user-verifications-rpc.yaml b/deploy/k8s/service/user_verifications/user-verifications-rpc.yaml new file mode 100644 index 0000000..a890cc3 --- /dev/null +++ b/deploy/k8s/service/user_verifications/user-verifications-rpc.yaml @@ -0,0 +1,246 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: user-verifications-rpc + namespace: juwan + labels: + app: user-verifications-rpc +spec: + replicas: 3 + revisionHistoryLimit: 5 + selector: + matchLabels: + app: user-verifications-rpc + template: + metadata: + labels: + app: user-verifications-rpc + spec: + serviceAccountName: find-endpoints + containers: + - name: user-verifications-rpc + image: user-verifications-rpc:latest + imagePullPolicy: Always + ports: + - containerPort: 8080 + - containerPort: 4001 + env: + - name: DB_PORT + valueFrom: + secretKeyRef: + name: user-verifications-db-app + key: port + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: user-verifications-db-app + key: password + - name: PD_USERNAME + valueFrom: + secretKeyRef: + name: user-verifications-db-app + key: username + - name: DB_NAME + valueFrom: + secretKeyRef: + name: user-verifications-db-app + key: dbname + - name: REDIS_M_HOST + value: "user-verifications-redis-master.juwan:6379" + - name: REDIS_S_HOST + value: "user-verifications-redis-replica.juwan:6379" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: user-verifications-redis + key: password + readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 1000m + memory: 1024Mi + volumeMounts: + - name: timezone + mountPath: /etc/localtime + volumes: + - name: timezone + hostPath: + path: /usr/share/zoneinfo/Asia/Shanghai + +--- +apiVersion: v1 +kind: Service +metadata: + name: user-verifications-rpc-svc + namespace: juwan + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "4001" + prometheus.io/path: "/metrics" +spec: + ports: + - name: rpc + port: 8080 + targetPort: 8080 + - name: metrics + port: 4001 + targetPort: 4001 + selector: + app: user-verifications-rpc + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: user-verifications-rpc-hpa-c + namespace: juwan + labels: + app: user-verifications-rpc-hpa-c +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: user-verifications-rpc + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: user-verifications-rpc-hpa-m + namespace: juwan + labels: + app: user-verifications-rpc-hpa-m +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: user-verifications-rpc + minReplicas: 3 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 + +--- +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + namespace: juwan + name: user-verifications-db +spec: + instances: 3 + primaryUpdateStrategy: unsupervised + bootstrap: + initdb: + database: app + owner: app + postInitSQL: + - CREATE EXTENSION IF NOT EXISTS pg_stat_statements; + backup: + barmanObjectStore: + destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/ + endpointURL: https://cn-nb1.rains3.com + s3Credentials: + accessKeyId: + name: rc-creds + key: ACCESS_KEY_ID + secretAccessKey: + name: rc-creds + key: SECRET_ACCESS_KEY + wal: + compression: gzip + storage: + size: 1Gi + monitoring: + enablePodMonitor: true + +--- +apiVersion: redis.redis.opstreelabs.in/v1beta2 +kind: RedisReplication +metadata: + name: user-verifications-redis + namespace: juwan +spec: + clusterSize: 3 + kubernetesConfig: + image: quay.io/opstree/redis:v7.0.12 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + redisSecret: + name: user-verifications-redis + key: password + redisExporter: + enabled: true + image: quay.io/opstree/redis-exporter:latest + imagePullPolicy: Always + podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 + storage: + volumeClaimTemplate: + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + +--- +apiVersion: redis.redis.opstreelabs.in/v1beta2 +kind: RedisSentinel +metadata: + name: user-verifications-redis-sentinel + namespace: juwan +spec: + clusterSize: 3 + kubernetesConfig: + image: quay.io/opstree/redis-sentinel:v7.0.12 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 + redisSentinelConfig: + redisReplicationName: user-verifications-redis + masterGroupName: mymaster + redisPort: "6379" + quorum: "2" + downAfterMilliseconds: "5000" + failoverTimeout: "10000" + parallelSyncs: "1"