补齐各个服务的k8s配置清单

deploy/k8s/service/authz/authz-adapter.yaml

@@ -20,7 +20,7 @@ spec:
       containers:
         - name: authz-adapter
 #          image: 103.236.53.208:4418/library/authz-adapter@sha256:84dd29596f94dd38d3a7a7924f4d5ed71b661b6d2a78d65c1741b11c2d8eea98
-          image: authz-adapter:latest
+          image: 103.236.53.208:4418/juwan/authz-adapter:latest
           imagePullPolicy: Always
           ports:
             - containerPort: 9002

deploy/k8s/service/chat/chat-api.yaml

@@ -0,0 +1,291 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: chat-api
+  namespace: juwan
+  labels:
+    app: chat-api
+spec:
+  replicas: 3
+  revisionHistoryLimit: 5
+  selector:
+    matchLabels:
+      app: chat-api
+  template:
+    metadata:
+      labels:
+        app: chat-api
+    spec:
+      serviceAccountName: find-endpoints
+      containers:
+        - name: chat-api
+          image: chat-api:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8888
+              name: http
+              protocol: TCP
+            - containerPort: 8889
+              name: ws
+              protocol: TCP
+            - containerPort: 8443
+              name: wt
+              protocol: UDP
+            - containerPort: 4001
+              name: metrics
+              protocol: TCP
+          env:
+            - name: REDIS_M_HOST
+              value: "chat-redis-master.juwan:6379"
+            - name: REDIS_S_HOST
+              value: "chat-redis-replica.juwan:6379"
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: chat-redis
+                  key: password
+            - name: JWT_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: jwt-secret
+                  key: secret-key
+            - name: MONGO_URI
+              value: "mongodb://app-user:$(MONGO_PASSWORD)@chat-mongodb-0.chat-mongodb-svc.juwan.svc.cluster.local:27017,chat-mongodb-1.chat-mongodb-svc.juwan.svc.cluster.local:27017,chat-mongodb-2.chat-mongodb-svc.juwan.svc.cluster.local:27017/juwan_chat?replicaSet=chat-mongodb&authSource=admin"
+            - name: MONGO_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: chat-mongodb-app-user-password
+                  key: password
+          readinessProbe:
+            tcpSocket:
+              port: 8888
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket:
+              port: 8888
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          resources:
+            requests:
+              cpu: 500m
+              memory: 512Mi
+            limits:
+              cpu: 1000m
+              memory: 1024Mi
+          volumeMounts:
+            - name: timezone
+              mountPath: /etc/localtime
+            - name: wt-tls
+              mountPath: /etc/certs
+              readOnly: true
+      volumes:
+        - name: timezone
+          hostPath:
+            path: /usr/share/zoneinfo/Asia/Shanghai
+        - name: wt-tls
+          secret:
+            secretName: chat-wt-tls
+            optional: true
+
+---
+# TCP Service: REST API + WebSocket
+apiVersion: v1
+kind: Service
+metadata:
+  name: chat-api-svc
+  namespace: juwan
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "4001"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+    - name: http
+      port: 8888
+      targetPort: 8888
+      protocol: TCP
+    - name: ws
+      port: 8889
+      targetPort: 8889
+      protocol: TCP
+    - name: metrics
+      port: 4001
+      targetPort: 4001
+      protocol: TCP
+  selector:
+    app: chat-api
+
+---
+# UDP Service: WebTransport (QUIC)
+apiVersion: v1
+kind: Service
+metadata:
+  name: chat-api-wt
+  namespace: juwan
+spec:
+  ports:
+    - name: webtransport
+      port: 8443
+      targetPort: 8443
+      protocol: UDP
+  selector:
+    app: chat-api
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: chat-api-hpa-c
+  namespace: juwan
+  labels:
+    app: chat-api-hpa-c
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: chat-api
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: chat-api-hpa-m
+  namespace: juwan
+  labels:
+    app: chat-api-hpa-m
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: chat-api
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: chat-mongodb-app-user-password
+  namespace: juwan
+type: Opaque
+stringData:
+  password: CHANGE_ME_CHAT_MONGO_PASSWORD
+
+---
+apiVersion: mongodbcommunity.mongodb.com/v1
+kind: MongoDBCommunity
+metadata:
+  name: chat-mongodb
+  namespace: juwan
+spec:
+  members: 3
+  type: ReplicaSet
+  version: "7.0.12"
+  security:
+    authentication:
+      modes:
+        - SCRAM
+  users:
+    - name: app-user
+      db: admin
+      passwordSecretRef:
+        name: chat-mongodb-app-user-password
+      roles:
+        - name: readWrite
+          db: juwan_chat
+      scramCredentialsSecretName: chat-mongodb-app-user-scram
+  additionalMongodConfig:
+    storage.wiredTiger.engineConfig.journalCompressor: zlib
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: chat-redis
+  namespace: juwan
+type: Opaque
+stringData:
+  password: CHANGE_ME_CHAT_REDIS_PASSWORD
+
+---
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisReplication
+metadata:
+  name: chat-redis
+  namespace: juwan
+spec:
+  clusterSize: 3
+  kubernetesConfig:
+    image: quay.io/opstree/redis:v7.0.12
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+    redisSecret:
+      name: chat-redis
+      key: password
+  redisExporter:
+    enabled: true
+    image: quay.io/opstree/redis-exporter:latest
+    imagePullPolicy: Always
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  storage:
+    volumeClaimTemplate:
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 1Gi
+
+---
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisSentinel
+metadata:
+  name: chat-redis-sentinel
+  namespace: juwan
+spec:
+  clusterSize: 3
+  kubernetesConfig:
+    image: quay.io/opstree/redis-sentinel:v7.0.12
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  redisSentinelConfig:
+    redisReplicationName: chat-redis
+    masterGroupName: mymaster
+    redisPort: "6379"
+    quorum: "2"
+    downAfterMilliseconds: "5000"
+    failoverTimeout: "10000"
+    parallelSyncs: "1"

deploy/k8s/service/community/community-api.yaml

@@ -0,0 +1,117 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: community-api
+  namespace: juwan
+  labels:
+    app: community-api
+spec:
+  replicas: 3
+  revisionHistoryLimit: 5
+  selector:
+    matchLabels:
+      app: community-api
+  template:
+    metadata:
+      labels:
+        app: community-api
+    spec:
+      serviceAccountName: find-endpoints
+      containers:
+        - name: community-api
+          image: community-api:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8888
+            - containerPort: 4001
+          readinessProbe:
+            tcpSocket:
+              port: 8888
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket:
+              port: 8888
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          resources:
+            requests:
+              cpu: 500m
+              memory: 512Mi
+            limits:
+              cpu: 1000m
+              memory: 1024Mi
+          volumeMounts:
+            - name: timezone
+              mountPath: /etc/localtime
+      volumes:
+        - name: timezone
+          hostPath:
+            path: /usr/share/zoneinfo/Asia/Shanghai
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: community-api-svc
+  namespace: juwan
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "4001"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+    - name: http
+      port: 8888
+      targetPort: 8888
+    - name: metrics
+      port: 4001
+      targetPort: 4001
+  selector:
+    app: community-api
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: community-api-hpa-c
+  namespace: juwan
+  labels:
+    app: community-api-hpa-c
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: community-api
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: community-api-hpa-m
+  namespace: juwan
+  labels:
+    app: community-api-hpa-m
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: community-api
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: 80

deploy/k8s/service/community/community-rpc.yaml

@@ -0,0 +1,246 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: community-rpc
+  namespace: juwan
+  labels:
+    app: community-rpc
+spec:
+  replicas: 3
+  revisionHistoryLimit: 5
+  selector:
+    matchLabels:
+      app: community-rpc
+  template:
+    metadata:
+      labels:
+        app: community-rpc
+    spec:
+      serviceAccountName: find-endpoints
+      containers:
+        - name: community-rpc
+          image: community-rpc:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+            - containerPort: 4001
+          env:
+            - name: DB_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: community-db-app
+                  key: port
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: community-db-app
+                  key: password
+            - name: PD_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: community-db-app
+                  key: username
+            - name: DB_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: community-db-app
+                  key: dbname
+            - name: REDIS_M_HOST
+              value: "community-redis-master.juwan:6379"
+            - name: REDIS_S_HOST
+              value: "community-redis-replica.juwan:6379"
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: community-redis
+                  key: password
+          readinessProbe:
+            tcpSocket:
+              port: 8080
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket:
+              port: 8080
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          resources:
+            requests:
+              cpu: 500m
+              memory: 512Mi
+            limits:
+              cpu: 1000m
+              memory: 1024Mi
+          volumeMounts:
+            - name: timezone
+              mountPath: /etc/localtime
+      volumes:
+        - name: timezone
+          hostPath:
+            path: /usr/share/zoneinfo/Asia/Shanghai
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: community-rpc-svc
+  namespace: juwan
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "4001"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+    - name: rpc
+      port: 8080
+      targetPort: 8080
+    - name: metrics
+      port: 4001
+      targetPort: 4001
+  selector:
+    app: community-rpc
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: community-rpc-hpa-c
+  namespace: juwan
+  labels:
+    app: community-rpc-hpa-c
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: community-rpc
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: community-rpc-hpa-m
+  namespace: juwan
+  labels:
+    app: community-rpc-hpa-m
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: community-rpc
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  namespace: juwan
+  name: community-db
+spec:
+  instances: 3
+  primaryUpdateStrategy: unsupervised
+  bootstrap:
+    initdb:
+      database: app
+      owner: app
+      postInitSQL:
+        - CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+  backup:
+    barmanObjectStore:
+      destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/
+      endpointURL: https://cn-nb1.rains3.com
+      s3Credentials:
+        accessKeyId:
+          name: rc-creds
+          key: ACCESS_KEY_ID
+        secretAccessKey:
+          name: rc-creds
+          key: SECRET_ACCESS_KEY
+      wal:
+        compression: gzip
+  storage:
+    size: 1Gi
+  monitoring:
+    enablePodMonitor: true
+
+---
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisReplication
+metadata:
+  name: community-redis
+  namespace: juwan
+spec:
+  clusterSize: 3
+  kubernetesConfig:
+    image: quay.io/opstree/redis:v7.0.12
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+    redisSecret:
+      name: community-redis
+      key: password
+  redisExporter:
+    enabled: true
+    image: quay.io/opstree/redis-exporter:latest
+    imagePullPolicy: Always
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  storage:
+    volumeClaimTemplate:
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 1Gi
+
+---
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisSentinel
+metadata:
+  name: community-redis-sentinel
+  namespace: juwan
+spec:
+  clusterSize: 3
+  kubernetesConfig:
+    image: quay.io/opstree/redis-sentinel:v7.0.12
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  redisSentinelConfig:
+    redisReplicationName: community-redis
+    masterGroupName: mymaster
+    redisPort: "6379"
+    quorum: "2"
+    downAfterMilliseconds: "5000"
+    failoverTimeout: "10000"
+    parallelSyncs: "1"

deploy/k8s/service/dispute/dispute-api.yaml

@@ -0,0 +1,117 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dispute-api
+  namespace: juwan
+  labels:
+    app: dispute-api
+spec:
+  replicas: 3
+  revisionHistoryLimit: 5
+  selector:
+    matchLabels:
+      app: dispute-api
+  template:
+    metadata:
+      labels:
+        app: dispute-api
+    spec:
+      serviceAccountName: find-endpoints
+      containers:
+        - name: dispute-api
+          image: dispute-api:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8888
+            - containerPort: 4001
+          readinessProbe:
+            tcpSocket:
+              port: 8888
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket:
+              port: 8888
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          resources:
+            requests:
+              cpu: 500m
+              memory: 512Mi
+            limits:
+              cpu: 1000m
+              memory: 1024Mi
+          volumeMounts:
+            - name: timezone
+              mountPath: /etc/localtime
+      volumes:
+        - name: timezone
+          hostPath:
+            path: /usr/share/zoneinfo/Asia/Shanghai
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: dispute-api-svc
+  namespace: juwan
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "4001"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+    - name: http
+      port: 8888
+      targetPort: 8888
+    - name: metrics
+      port: 4001
+      targetPort: 4001
+  selector:
+    app: dispute-api
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: dispute-api-hpa-c
+  namespace: juwan
+  labels:
+    app: dispute-api-hpa-c
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: dispute-api
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: dispute-api-hpa-m
+  namespace: juwan
+  labels:
+    app: dispute-api-hpa-m
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: dispute-api
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: 80

deploy/k8s/service/dispute/dispute-rpc.yaml

@@ -0,0 +1,246 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dispute-rpc
+  namespace: juwan
+  labels:
+    app: dispute-rpc
+spec:
+  replicas: 3
+  revisionHistoryLimit: 5
+  selector:
+    matchLabels:
+      app: dispute-rpc
+  template:
+    metadata:
+      labels:
+        app: dispute-rpc
+    spec:
+      serviceAccountName: find-endpoints
+      containers:
+        - name: dispute-rpc
+          image: dispute-rpc:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+            - containerPort: 4001
+          env:
+            - name: DB_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: dispute-db-app
+                  key: port
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: dispute-db-app
+                  key: password
+            - name: PD_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: dispute-db-app
+                  key: username
+            - name: DB_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: dispute-db-app
+                  key: dbname
+            - name: REDIS_M_HOST
+              value: "dispute-redis-master.juwan:6379"
+            - name: REDIS_S_HOST
+              value: "dispute-redis-replica.juwan:6379"
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: dispute-redis
+                  key: password
+          readinessProbe:
+            tcpSocket:
+              port: 8080
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket:
+              port: 8080
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          resources:
+            requests:
+              cpu: 500m
+              memory: 512Mi
+            limits:
+              cpu: 1000m
+              memory: 1024Mi
+          volumeMounts:
+            - name: timezone
+              mountPath: /etc/localtime
+      volumes:
+        - name: timezone
+          hostPath:
+            path: /usr/share/zoneinfo/Asia/Shanghai
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: dispute-rpc-svc
+  namespace: juwan
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "4001"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+    - name: rpc
+      port: 8080
+      targetPort: 8080
+    - name: metrics
+      port: 4001
+      targetPort: 4001
+  selector:
+    app: dispute-rpc
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: dispute-rpc-hpa-c
+  namespace: juwan
+  labels:
+    app: dispute-rpc-hpa-c
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: dispute-rpc
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: dispute-rpc-hpa-m
+  namespace: juwan
+  labels:
+    app: dispute-rpc-hpa-m
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: dispute-rpc
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  namespace: juwan
+  name: dispute-db
+spec:
+  instances: 3
+  primaryUpdateStrategy: unsupervised
+  bootstrap:
+    initdb:
+      database: app
+      owner: app
+      postInitSQL:
+        - CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+  backup:
+    barmanObjectStore:
+      destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/
+      endpointURL: https://cn-nb1.rains3.com
+      s3Credentials:
+        accessKeyId:
+          name: rc-creds
+          key: ACCESS_KEY_ID
+        secretAccessKey:
+          name: rc-creds
+          key: SECRET_ACCESS_KEY
+      wal:
+        compression: gzip
+  storage:
+    size: 1Gi
+  monitoring:
+    enablePodMonitor: true
+
+---
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisReplication
+metadata:
+  name: dispute-redis
+  namespace: juwan
+spec:
+  clusterSize: 3
+  kubernetesConfig:
+    image: quay.io/opstree/redis:v7.0.12
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+    redisSecret:
+      name: dispute-redis
+      key: password
+  redisExporter:
+    enabled: true
+    image: quay.io/opstree/redis-exporter:latest
+    imagePullPolicy: Always
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  storage:
+    volumeClaimTemplate:
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 1Gi
+
+---
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisSentinel
+metadata:
+  name: dispute-redis-sentinel
+  namespace: juwan
+spec:
+  clusterSize: 3
+  kubernetesConfig:
+    image: quay.io/opstree/redis-sentinel:v7.0.12
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  redisSentinelConfig:
+    redisReplicationName: dispute-redis
+    masterGroupName: mymaster
+    redisPort: "6379"
+    quorum: "2"
+    downAfterMilliseconds: "5000"
+    failoverTimeout: "10000"
+    parallelSyncs: "1"

deploy/k8s/service/notification/notification-api.yaml

@@ -0,0 +1,117 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: notification-api
+  namespace: juwan
+  labels:
+    app: notification-api
+spec:
+  replicas: 3
+  revisionHistoryLimit: 5
+  selector:
+    matchLabels:
+      app: notification-api
+  template:
+    metadata:
+      labels:
+        app: notification-api
+    spec:
+      serviceAccountName: find-endpoints
+      containers:
+        - name: notification-api
+          image: notification-api:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8888
+            - containerPort: 4001
+          readinessProbe:
+            tcpSocket:
+              port: 8888
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket:
+              port: 8888
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          resources:
+            requests:
+              cpu: 500m
+              memory: 512Mi
+            limits:
+              cpu: 1000m
+              memory: 1024Mi
+          volumeMounts:
+            - name: timezone
+              mountPath: /etc/localtime
+      volumes:
+        - name: timezone
+          hostPath:
+            path: /usr/share/zoneinfo/Asia/Shanghai
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: notification-api-svc
+  namespace: juwan
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "4001"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+    - name: http
+      port: 8888
+      targetPort: 8888
+    - name: metrics
+      port: 4001
+      targetPort: 4001
+  selector:
+    app: notification-api
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: notification-api-hpa-c
+  namespace: juwan
+  labels:
+    app: notification-api-hpa-c
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: notification-api
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: notification-api-hpa-m
+  namespace: juwan
+  labels:
+    app: notification-api-hpa-m
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: notification-api
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: 80

deploy/k8s/service/notification/notification-rpc.yaml

@@ -0,0 +1,246 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: notification-rpc
+  namespace: juwan
+  labels:
+    app: notification-rpc
+spec:
+  replicas: 3
+  revisionHistoryLimit: 5
+  selector:
+    matchLabels:
+      app: notification-rpc
+  template:
+    metadata:
+      labels:
+        app: notification-rpc
+    spec:
+      serviceAccountName: find-endpoints
+      containers:
+        - name: notification-rpc
+          image: notification-rpc:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+            - containerPort: 4001
+          env:
+            - name: DB_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: notification-db-app
+                  key: port
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: notification-db-app
+                  key: password
+            - name: PD_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: notification-db-app
+                  key: username
+            - name: DB_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: notification-db-app
+                  key: dbname
+            - name: REDIS_M_HOST
+              value: "notification-redis-master.juwan:6379"
+            - name: REDIS_S_HOST
+              value: "notification-redis-replica.juwan:6379"
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: notification-redis
+                  key: password
+          readinessProbe:
+            tcpSocket:
+              port: 8080
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket:
+              port: 8080
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          resources:
+            requests:
+              cpu: 500m
+              memory: 512Mi
+            limits:
+              cpu: 1000m
+              memory: 1024Mi
+          volumeMounts:
+            - name: timezone
+              mountPath: /etc/localtime
+      volumes:
+        - name: timezone
+          hostPath:
+            path: /usr/share/zoneinfo/Asia/Shanghai
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: notification-rpc-svc
+  namespace: juwan
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "4001"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+    - name: rpc
+      port: 8080
+      targetPort: 8080
+    - name: metrics
+      port: 4001
+      targetPort: 4001
+  selector:
+    app: notification-rpc
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: notification-rpc-hpa-c
+  namespace: juwan
+  labels:
+    app: notification-rpc-hpa-c
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: notification-rpc
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: notification-rpc-hpa-m
+  namespace: juwan
+  labels:
+    app: notification-rpc-hpa-m
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: notification-rpc
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  namespace: juwan
+  name: notification-db
+spec:
+  instances: 3
+  primaryUpdateStrategy: unsupervised
+  bootstrap:
+    initdb:
+      database: app
+      owner: app
+      postInitSQL:
+        - CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+  backup:
+    barmanObjectStore:
+      destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/
+      endpointURL: https://cn-nb1.rains3.com
+      s3Credentials:
+        accessKeyId:
+          name: rc-creds
+          key: ACCESS_KEY_ID
+        secretAccessKey:
+          name: rc-creds
+          key: SECRET_ACCESS_KEY
+      wal:
+        compression: gzip
+  storage:
+    size: 1Gi
+  monitoring:
+    enablePodMonitor: true
+
+---
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisReplication
+metadata:
+  name: notification-redis
+  namespace: juwan
+spec:
+  clusterSize: 3
+  kubernetesConfig:
+    image: quay.io/opstree/redis:v7.0.12
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+    redisSecret:
+      name: notification-redis
+      key: password
+  redisExporter:
+    enabled: true
+    image: quay.io/opstree/redis-exporter:latest
+    imagePullPolicy: Always
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  storage:
+    volumeClaimTemplate:
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 1Gi
+
+---
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisSentinel
+metadata:
+  name: notification-redis-sentinel
+  namespace: juwan
+spec:
+  clusterSize: 3
+  kubernetesConfig:
+    image: quay.io/opstree/redis-sentinel:v7.0.12
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  redisSentinelConfig:
+    redisReplicationName: notification-redis
+    masterGroupName: mymaster
+    redisPort: "6379"
+    quorum: "2"
+    downAfterMilliseconds: "5000"
+    failoverTimeout: "10000"
+    parallelSyncs: "1"

deploy/k8s/service/order/order-api.yaml

@@ -0,0 +1,117 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: order-api
+  namespace: juwan
+  labels:
+    app: order-api
+spec:
+  replicas: 3
+  revisionHistoryLimit: 5
+  selector:
+    matchLabels:
+      app: order-api
+  template:
+    metadata:
+      labels:
+        app: order-api
+    spec:
+      serviceAccountName: find-endpoints
+      containers:
+        - name: order-api
+          image: order-api:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8888
+            - containerPort: 4001
+          readinessProbe:
+            tcpSocket:
+              port: 8888
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket:
+              port: 8888
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          resources:
+            requests:
+              cpu: 500m
+              memory: 512Mi
+            limits:
+              cpu: 1000m
+              memory: 1024Mi
+          volumeMounts:
+            - name: timezone
+              mountPath: /etc/localtime
+      volumes:
+        - name: timezone
+          hostPath:
+            path: /usr/share/zoneinfo/Asia/Shanghai
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: order-api-svc
+  namespace: juwan
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "4001"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+    - name: http
+      port: 8888
+      targetPort: 8888
+    - name: metrics
+      port: 4001
+      targetPort: 4001
+  selector:
+    app: order-api
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: order-api-hpa-c
+  namespace: juwan
+  labels:
+    app: order-api-hpa-c
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: order-api
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: order-api-hpa-m
+  namespace: juwan
+  labels:
+    app: order-api-hpa-m
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: order-api
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: 80

deploy/k8s/service/order/order-rpc.yaml

@@ -0,0 +1,246 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: order-rpc
+  namespace: juwan
+  labels:
+    app: order-rpc
+spec:
+  replicas: 3
+  revisionHistoryLimit: 5
+  selector:
+    matchLabels:
+      app: order-rpc
+  template:
+    metadata:
+      labels:
+        app: order-rpc
+    spec:
+      serviceAccountName: find-endpoints
+      containers:
+        - name: order-rpc
+          image: order-rpc:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+            - containerPort: 4001
+          env:
+            - name: DB_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: order-db-app
+                  key: port
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: order-db-app
+                  key: password
+            - name: PD_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: order-db-app
+                  key: username
+            - name: DB_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: order-db-app
+                  key: dbname
+            - name: REDIS_M_HOST
+              value: "order-redis-master.juwan:6379"
+            - name: REDIS_S_HOST
+              value: "order-redis-replica.juwan:6379"
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: order-redis
+                  key: password
+          readinessProbe:
+            tcpSocket:
+              port: 8080
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket:
+              port: 8080
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          resources:
+            requests:
+              cpu: 500m
+              memory: 512Mi
+            limits:
+              cpu: 1000m
+              memory: 1024Mi
+          volumeMounts:
+            - name: timezone
+              mountPath: /etc/localtime
+      volumes:
+        - name: timezone
+          hostPath:
+            path: /usr/share/zoneinfo/Asia/Shanghai
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: order-rpc-svc
+  namespace: juwan
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "4001"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+    - name: rpc
+      port: 8080
+      targetPort: 8080
+    - name: metrics
+      port: 4001
+      targetPort: 4001
+  selector:
+    app: order-rpc
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: order-rpc-hpa-c
+  namespace: juwan
+  labels:
+    app: order-rpc-hpa-c
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: order-rpc
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: order-rpc-hpa-m
+  namespace: juwan
+  labels:
+    app: order-rpc-hpa-m
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: order-rpc
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  namespace: juwan
+  name: order-db
+spec:
+  instances: 3
+  primaryUpdateStrategy: unsupervised
+  bootstrap:
+    initdb:
+      database: app
+      owner: app
+      postInitSQL:
+        - CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+  backup:
+    barmanObjectStore:
+      destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/
+      endpointURL: https://cn-nb1.rains3.com
+      s3Credentials:
+        accessKeyId:
+          name: rc-creds
+          key: ACCESS_KEY_ID
+        secretAccessKey:
+          name: rc-creds
+          key: SECRET_ACCESS_KEY
+      wal:
+        compression: gzip
+  storage:
+    size: 1Gi
+  monitoring:
+    enablePodMonitor: true
+
+---
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisReplication
+metadata:
+  name: order-redis
+  namespace: juwan
+spec:
+  clusterSize: 3
+  kubernetesConfig:
+    image: quay.io/opstree/redis:v7.0.12
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+    redisSecret:
+      name: order-redis
+      key: password
+  redisExporter:
+    enabled: true
+    image: quay.io/opstree/redis-exporter:latest
+    imagePullPolicy: Always
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  storage:
+    volumeClaimTemplate:
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 1Gi
+
+---
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisSentinel
+metadata:
+  name: order-redis-sentinel
+  namespace: juwan
+spec:
+  clusterSize: 3
+  kubernetesConfig:
+    image: quay.io/opstree/redis-sentinel:v7.0.12
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  redisSentinelConfig:
+    redisReplicationName: order-redis
+    masterGroupName: mymaster
+    redisPort: "6379"
+    quorum: "2"
+    downAfterMilliseconds: "5000"
+    failoverTimeout: "10000"
+    parallelSyncs: "1"

deploy/k8s/service/review/review-api.yaml

@@ -0,0 +1,117 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: review-api
+  namespace: juwan
+  labels:
+    app: review-api
+spec:
+  replicas: 3
+  revisionHistoryLimit: 5
+  selector:
+    matchLabels:
+      app: review-api
+  template:
+    metadata:
+      labels:
+        app: review-api
+    spec:
+      serviceAccountName: find-endpoints
+      containers:
+        - name: review-api
+          image: review-api:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8888
+            - containerPort: 4001
+          readinessProbe:
+            tcpSocket:
+              port: 8888
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket:
+              port: 8888
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          resources:
+            requests:
+              cpu: 500m
+              memory: 512Mi
+            limits:
+              cpu: 1000m
+              memory: 1024Mi
+          volumeMounts:
+            - name: timezone
+              mountPath: /etc/localtime
+      volumes:
+        - name: timezone
+          hostPath:
+            path: /usr/share/zoneinfo/Asia/Shanghai
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: review-api-svc
+  namespace: juwan
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "4001"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+    - name: http
+      port: 8888
+      targetPort: 8888
+    - name: metrics
+      port: 4001
+      targetPort: 4001
+  selector:
+    app: review-api
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: review-api-hpa-c
+  namespace: juwan
+  labels:
+    app: review-api-hpa-c
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: review-api
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: review-api-hpa-m
+  namespace: juwan
+  labels:
+    app: review-api-hpa-m
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: review-api
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: 80

deploy/k8s/service/review/review-rpc.yaml

@@ -0,0 +1,246 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: review-rpc
+  namespace: juwan
+  labels:
+    app: review-rpc
+spec:
+  replicas: 3
+  revisionHistoryLimit: 5
+  selector:
+    matchLabels:
+      app: review-rpc
+  template:
+    metadata:
+      labels:
+        app: review-rpc
+    spec:
+      serviceAccountName: find-endpoints
+      containers:
+        - name: review-rpc
+          image: review-rpc:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+            - containerPort: 4001
+          env:
+            - name: DB_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: review-db-app
+                  key: port
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: review-db-app
+                  key: password
+            - name: PD_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: review-db-app
+                  key: username
+            - name: DB_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: review-db-app
+                  key: dbname
+            - name: REDIS_M_HOST
+              value: "review-redis-master.juwan:6379"
+            - name: REDIS_S_HOST
+              value: "review-redis-replica.juwan:6379"
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: review-redis
+                  key: password
+          readinessProbe:
+            tcpSocket:
+              port: 8080
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket:
+              port: 8080
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          resources:
+            requests:
+              cpu: 500m
+              memory: 512Mi
+            limits:
+              cpu: 1000m
+              memory: 1024Mi
+          volumeMounts:
+            - name: timezone
+              mountPath: /etc/localtime
+      volumes:
+        - name: timezone
+          hostPath:
+            path: /usr/share/zoneinfo/Asia/Shanghai
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: review-rpc-svc
+  namespace: juwan
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "4001"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+    - name: rpc
+      port: 8080
+      targetPort: 8080
+    - name: metrics
+      port: 4001
+      targetPort: 4001
+  selector:
+    app: review-rpc
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: review-rpc-hpa-c
+  namespace: juwan
+  labels:
+    app: review-rpc-hpa-c
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: review-rpc
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: review-rpc-hpa-m
+  namespace: juwan
+  labels:
+    app: review-rpc-hpa-m
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: review-rpc
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  namespace: juwan
+  name: review-db
+spec:
+  instances: 3
+  primaryUpdateStrategy: unsupervised
+  bootstrap:
+    initdb:
+      database: app
+      owner: app
+      postInitSQL:
+        - CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+  backup:
+    barmanObjectStore:
+      destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/
+      endpointURL: https://cn-nb1.rains3.com
+      s3Credentials:
+        accessKeyId:
+          name: rc-creds
+          key: ACCESS_KEY_ID
+        secretAccessKey:
+          name: rc-creds
+          key: SECRET_ACCESS_KEY
+      wal:
+        compression: gzip
+  storage:
+    size: 1Gi
+  monitoring:
+    enablePodMonitor: true
+
+---
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisReplication
+metadata:
+  name: review-redis
+  namespace: juwan
+spec:
+  clusterSize: 3
+  kubernetesConfig:
+    image: quay.io/opstree/redis:v7.0.12
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+    redisSecret:
+      name: review-redis
+      key: password
+  redisExporter:
+    enabled: true
+    image: quay.io/opstree/redis-exporter:latest
+    imagePullPolicy: Always
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  storage:
+    volumeClaimTemplate:
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 1Gi
+
+---
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisSentinel
+metadata:
+  name: review-redis-sentinel
+  namespace: juwan
+spec:
+  clusterSize: 3
+  kubernetesConfig:
+    image: quay.io/opstree/redis-sentinel:v7.0.12
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  redisSentinelConfig:
+    redisReplicationName: review-redis
+    masterGroupName: mymaster
+    redisPort: "6379"
+    quorum: "2"
+    downAfterMilliseconds: "5000"
+    failoverTimeout: "10000"
+    parallelSyncs: "1"

deploy/k8s/service/search/search-api.yaml

@@ -0,0 +1,117 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: search-api
+  namespace: juwan
+  labels:
+    app: search-api
+spec:
+  replicas: 3
+  revisionHistoryLimit: 5
+  selector:
+    matchLabels:
+      app: search-api
+  template:
+    metadata:
+      labels:
+        app: search-api
+    spec:
+      serviceAccountName: find-endpoints
+      containers:
+        - name: search-api
+          image: search-api:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8888
+            - containerPort: 4001
+          readinessProbe:
+            tcpSocket:
+              port: 8888
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket:
+              port: 8888
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          resources:
+            requests:
+              cpu: 500m
+              memory: 512Mi
+            limits:
+              cpu: 1000m
+              memory: 1024Mi
+          volumeMounts:
+            - name: timezone
+              mountPath: /etc/localtime
+      volumes:
+        - name: timezone
+          hostPath:
+            path: /usr/share/zoneinfo/Asia/Shanghai
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: search-api-svc
+  namespace: juwan
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "4001"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+    - name: http
+      port: 8888
+      targetPort: 8888
+    - name: metrics
+      port: 4001
+      targetPort: 4001
+  selector:
+    app: search-api
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: search-api-hpa-c
+  namespace: juwan
+  labels:
+    app: search-api-hpa-c
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: search-api
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: search-api-hpa-m
+  namespace: juwan
+  labels:
+    app: search-api-hpa-m
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: search-api
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: 80

deploy/k8s/service/search/search-rpc.yaml

@@ -0,0 +1,246 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: search-rpc
+  namespace: juwan
+  labels:
+    app: search-rpc
+spec:
+  replicas: 3
+  revisionHistoryLimit: 5
+  selector:
+    matchLabels:
+      app: search-rpc
+  template:
+    metadata:
+      labels:
+        app: search-rpc
+    spec:
+      serviceAccountName: find-endpoints
+      containers:
+        - name: search-rpc
+          image: search-rpc:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+            - containerPort: 4001
+          env:
+            - name: DB_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: search-db-app
+                  key: port
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: search-db-app
+                  key: password
+            - name: PD_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: search-db-app
+                  key: username
+            - name: DB_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: search-db-app
+                  key: dbname
+            - name: REDIS_M_HOST
+              value: "search-redis-master.juwan:6379"
+            - name: REDIS_S_HOST
+              value: "search-redis-replica.juwan:6379"
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: search-redis
+                  key: password
+          readinessProbe:
+            tcpSocket:
+              port: 8080
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket:
+              port: 8080
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          resources:
+            requests:
+              cpu: 500m
+              memory: 512Mi
+            limits:
+              cpu: 1000m
+              memory: 1024Mi
+          volumeMounts:
+            - name: timezone
+              mountPath: /etc/localtime
+      volumes:
+        - name: timezone
+          hostPath:
+            path: /usr/share/zoneinfo/Asia/Shanghai
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: search-rpc-svc
+  namespace: juwan
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "4001"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+    - name: rpc
+      port: 8080
+      targetPort: 8080
+    - name: metrics
+      port: 4001
+      targetPort: 4001
+  selector:
+    app: search-rpc
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: search-rpc-hpa-c
+  namespace: juwan
+  labels:
+    app: search-rpc-hpa-c
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: search-rpc
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: search-rpc-hpa-m
+  namespace: juwan
+  labels:
+    app: search-rpc-hpa-m
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: search-rpc
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  namespace: juwan
+  name: search-db
+spec:
+  instances: 3
+  primaryUpdateStrategy: unsupervised
+  bootstrap:
+    initdb:
+      database: app
+      owner: app
+      postInitSQL:
+        - CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+  backup:
+    barmanObjectStore:
+      destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/
+      endpointURL: https://cn-nb1.rains3.com
+      s3Credentials:
+        accessKeyId:
+          name: rc-creds
+          key: ACCESS_KEY_ID
+        secretAccessKey:
+          name: rc-creds
+          key: SECRET_ACCESS_KEY
+      wal:
+        compression: gzip
+  storage:
+    size: 1Gi
+  monitoring:
+    enablePodMonitor: true
+
+---
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisReplication
+metadata:
+  name: search-redis
+  namespace: juwan
+spec:
+  clusterSize: 3
+  kubernetesConfig:
+    image: quay.io/opstree/redis:v7.0.12
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+    redisSecret:
+      name: search-redis
+      key: password
+  redisExporter:
+    enabled: true
+    image: quay.io/opstree/redis-exporter:latest
+    imagePullPolicy: Always
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  storage:
+    volumeClaimTemplate:
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 1Gi
+
+---
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisSentinel
+metadata:
+  name: search-redis-sentinel
+  namespace: juwan
+spec:
+  clusterSize: 3
+  kubernetesConfig:
+    image: quay.io/opstree/redis-sentinel:v7.0.12
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  redisSentinelConfig:
+    redisReplicationName: search-redis
+    masterGroupName: mymaster
+    redisPort: "6379"
+    quorum: "2"
+    downAfterMilliseconds: "5000"
+    failoverTimeout: "10000"
+    parallelSyncs: "1"

deploy/k8s/service/snowflake/snowflake.yaml

@@ -20,7 +20,7 @@ spec:
       containers:
         - name: snowflake
 #          image: 103.236.53.208:4418/library/snowflake@sha256:1679cf94b69f426eec5d2f960ffb153bb7dbcd3bcaf0286261a43756384a86b3
-          image: snowflake:latest
+          image: 103.236.53.208:4418/juwan/snowflake:latest
           ports:
             - containerPort: 8080
           readinessProbe:

deploy/k8s/service/user/user-api.yaml

@@ -20,7 +20,7 @@ spec:
       containers:
         - name: user-api
 #          image: 103.236.53.208:4418/library/user-api@sha256:d3187beb9c777a8dcbdc6a835a7887cb29fbea9571b08fe538a1eece403226e2
-          image: user-api:latest
+          image: 103.236.53.208:4418/juwan/user-api:latest
           imagePullPolicy: Always
           ports:
             - containerPort: 8888

deploy/k8s/service/user/user-rpc.yaml

@@ -30,7 +30,7 @@ spec:
       containers:
         - name: user-rpc
 #          image: 103.236.53.208:4418/library/user-rpc@sha256:28d785c4152d28b5cb368316e0fb3d48d728303e4439cdce13ebdbc5af8d19ce
-          image: user-rpc:latest
+          image: 103.236.53.208:4418/juwan/user-rpc:latest
           imagePullPolicy: Always
           ports:
             - containerPort: 9001

deploy/k8s/service/user_verifications/user-verifications-rpc.yaml

@@ -0,0 +1,246 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: user-verifications-rpc
+  namespace: juwan
+  labels:
+    app: user-verifications-rpc
+spec:
+  replicas: 3
+  revisionHistoryLimit: 5
+  selector:
+    matchLabels:
+      app: user-verifications-rpc
+  template:
+    metadata:
+      labels:
+        app: user-verifications-rpc
+    spec:
+      serviceAccountName: find-endpoints
+      containers:
+        - name: user-verifications-rpc
+          image: user-verifications-rpc:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+            - containerPort: 4001
+          env:
+            - name: DB_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: user-verifications-db-app
+                  key: port
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: user-verifications-db-app
+                  key: password
+            - name: PD_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: user-verifications-db-app
+                  key: username
+            - name: DB_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: user-verifications-db-app
+                  key: dbname
+            - name: REDIS_M_HOST
+              value: "user-verifications-redis-master.juwan:6379"
+            - name: REDIS_S_HOST
+              value: "user-verifications-redis-replica.juwan:6379"
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: user-verifications-redis
+                  key: password
+          readinessProbe:
+            tcpSocket:
+              port: 8080
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket:
+              port: 8080
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          resources:
+            requests:
+              cpu: 500m
+              memory: 512Mi
+            limits:
+              cpu: 1000m
+              memory: 1024Mi
+          volumeMounts:
+            - name: timezone
+              mountPath: /etc/localtime
+      volumes:
+        - name: timezone
+          hostPath:
+            path: /usr/share/zoneinfo/Asia/Shanghai
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: user-verifications-rpc-svc
+  namespace: juwan
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "4001"
+    prometheus.io/path: "/metrics"
+spec:
+  ports:
+    - name: rpc
+      port: 8080
+      targetPort: 8080
+    - name: metrics
+      port: 4001
+      targetPort: 4001
+  selector:
+    app: user-verifications-rpc
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: user-verifications-rpc-hpa-c
+  namespace: juwan
+  labels:
+    app: user-verifications-rpc-hpa-c
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: user-verifications-rpc
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: user-verifications-rpc-hpa-m
+  namespace: juwan
+  labels:
+    app: user-verifications-rpc-hpa-m
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: user-verifications-rpc
+  minReplicas: 3
+  maxReplicas: 10
+  metrics:
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: 80
+
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  namespace: juwan
+  name: user-verifications-db
+spec:
+  instances: 3
+  primaryUpdateStrategy: unsupervised
+  bootstrap:
+    initdb:
+      database: app
+      owner: app
+      postInitSQL:
+        - CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+  backup:
+    barmanObjectStore:
+      destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/
+      endpointURL: https://cn-nb1.rains3.com
+      s3Credentials:
+        accessKeyId:
+          name: rc-creds
+          key: ACCESS_KEY_ID
+        secretAccessKey:
+          name: rc-creds
+          key: SECRET_ACCESS_KEY
+      wal:
+        compression: gzip
+  storage:
+    size: 1Gi
+  monitoring:
+    enablePodMonitor: true
+
+---
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisReplication
+metadata:
+  name: user-verifications-redis
+  namespace: juwan
+spec:
+  clusterSize: 3
+  kubernetesConfig:
+    image: quay.io/opstree/redis:v7.0.12
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+    redisSecret:
+      name: user-verifications-redis
+      key: password
+  redisExporter:
+    enabled: true
+    image: quay.io/opstree/redis-exporter:latest
+    imagePullPolicy: Always
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  storage:
+    volumeClaimTemplate:
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 1Gi
+
+---
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisSentinel
+metadata:
+  name: user-verifications-redis-sentinel
+  namespace: juwan
+spec:
+  clusterSize: 3
+  kubernetesConfig:
+    image: quay.io/opstree/redis-sentinel:v7.0.12
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  redisSentinelConfig:
+    redisReplicationName: user-verifications-redis
+    masterGroupName: mymaster
+    redisPort: "6379"
+    quorum: "2"
+    downAfterMilliseconds: "5000"
+    failoverTimeout: "10000"
+    parallelSyncs: "1"