juwan/juwan-backend
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Compare commits

base: juwan/juwan-backend:7a12a9e702587589020bf4e6184bd4867e144b7b
Branches Tags
juwan/juwan-backend:main juwan/juwan-backend:main-merge-base-a
..
compare: juwan/juwan-backend:d9a41c983137a14632d48cd7ffd2276b823781a9
Branches Tags
juwan/juwan-backend:main juwan/juwan-backend:main-merge-base-a

10 Commits
7a12a9e702 .. d9a41c9831

Author SHA1 Message Date
zetaloop d9a41c9831 chore: point frontend submodule to new gitea instance
build-and-push-harbor / docker-build-push (push) Waiting to run
Details
2026-05-05 12:51:39 +08:00
zetaloop e92bdf30d9 feat(k01): add agent join mode to install-k3s.sh 2026-05-05 12:29:56 +08:00
zetaloop c456f3e296 fix(snowflake): support per-replica WorkerId via env for multi-instance StatefulSet 2026-05-05 12:29:47 +08:00
zetaloop cba510c675 docs(k01): fix readme 2026-05-05 12:22:14 +08:00
zetaloop 8697569b81 docs(k01): rewrite readme following center host documentation style 2026-05-05 12:11:30 +08:00
zetaloop 20ca50c127 feat(deploy): add k01 business cluster manifests for k3s with cnpg, strimzi, redis and mongodb operators 2026-05-05 12:08:10 +08:00
zetaloop 2d4dc236e9 fix(center/zot): drop unworkable healthcheck for distroless image 2026-05-05 11:08:04 +08:00
zetaloop f3b12f30f0 feat(center/caddy): add WebTransport reverse-proxy passthrough via PR #7669 fork 2026-05-05 10:54:37 +08:00
zetaloop 2a41969771 feat(deploy): add center host docker compose stack for git, registry and s3 hosting 2026-05-05 08:45:58 +08:00
wwweww d1ff2661d1 fix(k8s): lower cpu/memory requests for dev environment (50m/128Mi) 2026-05-04 13:59:15 +08:00
75 changed files with 5009 additions and 116 deletions
Expand all files Collapse all files
.gitignore
+5 -1
View File
@@ -119,7 +119,11 @@ dist
# End of https://mrkandreev.name/snippets/gitignore-generator/#Node
DockerFile
/app/*/api/Dockerfile
/app/*/rpc/Dockerfile
/app/*/mq/Dockerfile
/app/*/adapter/Dockerfile
/app/*/test/Dockerfile
.idea
# Go compiled binaries
.gitmodules
+1 -1
View File
@@ -1,3 +1,3 @@
[submodule "frontend"]
path = frontend
url = http://103.236.53.208:3000/juwan/juwan-frontend.git
url = https://git.juwan.xhttp.zip/juwan/juwan-frontend.git
app/snowflake/rpc/etc/snowflake.yaml
+2 -2
View File
@@ -2,5 +2,5 @@ Name: snowflake.rpc
ListenOn: 0.0.0.0:8080
Snowflake:
DatacenterId: 1
WorkerId: 0
DatacenterId: ${SNOWFLAKE_DATACENTER_ID}
WorkerId: ${SNOWFLAKE_WORKER_ID}
deploy/center/.env.example
+2
View File
@@ -0,0 +1,2 @@
GITEA_DOMAIN=git.juwan.xhttp.zip
RUNNER_TOKEN=
deploy/center/.gitignore
+4
View File
@@ -0,0 +1,4 @@
/secrets/
/garage/garage.toml
/zot/htpasswd
/.env
deploy/center/README.md
+100
View File
@@ -0,0 +1,100 @@
# 管理机部署
Zot(容器仓库)、Garage(对象存储)、Gitea(代码 + Actions Runner)、CaddyHTTPS 反代 + 业务入口),全部在同一台 center 机器上以 Docker Compose 运行。业务服务部署在另一台 k01 机器上,公网流量经由 center 的 Caddy 反代到 k01 上的 envoy-gateway NodePort。
部署机参考:centerVultr High Frequency / 1 vCPU / 1 GB RAM / 32 GB NVMe)。
## 前置条件
- Docker Engine 与 compose v2
- `apache2-utils`(提供 `htpasswd` 命令,用于给 Zot 生成 bcrypt 密码)
- DNS`git` / `registry` / `s3` / `juwan` 四条 A 记录全部指向 66.135.5.101,灰云直连
- 防火墙入站规则允许 TCP 80、443、UDP 443
## 首次部署
```bash
cd deploy/center
# 生成所有随机密码与 token,渲染 garage.toml / zot.htpasswd / .env
bash init.sh
# 启动 Caddy + Zot + Garage + Gitea
docker compose up -d caddy zot garage gitea
# 创建 Gitea 管理员
docker compose exec -u git gitea gitea admin user create \
--username admin \
--email admin@juwan.xhttp.zip \
--password "$(cat secrets/gitea-admin-password)" \
--admin --must-change-password=false
# 在浏览器打开 https://git.juwan.xhttp.zip
# → Site Administration → Actions → Runners → 生成 runner token
# → 把 token 写入 .env 的 RUNNER_TOKEN
# → 回到终端执行:
docker compose up -d runner
# 初始化 Garage:创建 layout、两个 bucket、生成 access key
bash garage/bootstrap.sh
```
`bootstrap.sh` 最后会打印 S3 连接信息,其中 `S3_ACCESS_KEY` / `S3_SECRET_KEY` 留给 k01 的 `objectstory-rpc` 和 CNPG backup 配置。
## 访问入口
| 子域 | 内容 |
| -------------------------- | ------------------------------------------------- |
| `git.juwan.xhttp.zip` | Gitea 代码仓库 |
| `registry.juwan.xhttp.zip` | Zot 镜像仓库 + 内置 zui 浏览器 |
| `s3.juwan.xhttp.zip` | Garage S3 API |
| `juwan.xhttp.zip` | 业务前端,Caddy 反代至 k01 envoy-gateway NodePort |
## 凭据与认证
`init.sh` 会把所有密码写入 `secrets/` 目录(权限 600`.gitignore` 已排除)。`garage/garage.toml``zot/htpasswd` 由模板渲染生成,同样不在仓库中跟踪。
### Zot
匿名用户可浏览 zui、`docker pull` 镜像。推送或删除需要登录:
```bash
docker login registry.juwan.xhttp.zip -u admin -p "$(cat secrets/zot-admin-password)"
```
### Gitea
注册链接默认关闭。管理员登录后通过以下方式创建新用户:
```bash
docker compose exec -u git gitea gitea admin user create \
--username NAME --email MAIL --password PASS
```
## Runner
通过宿主 `/var/run/docker.sock` 启动 job 容器。Workflow 里写 `runs-on: ubuntu-latest` 时,runner 会拉取 `gitea/runner-images:ubuntu-latest-slim` 作为临时工作环境。`docker build` 命令在此容器内调用宿主的 dockerd,生成的镜像可直接推送到本机 Zot。
## 日常维护
```bash
docker compose restart # 全部重启
docker compose logs -f caddy # 查看 Caddy 日志(含 ACME 信息)
docker compose logs -f runner # 查看 Runner 日志(含 job 输出)
# 彻底重置:删除所有 Compose 卷与 init.sh 生成的本地文件
docker compose down -v
rm -rf secrets garage/garage.toml zot/htpasswd
```
持久化数据所在的 Docker 卷:
| 卷 | 内容 |
| -------------------- | ------------------------ |
| `juwan-caddy-data` | ACME 证书 |
| `juwan-caddy-config` | Caddy 自动配置 |
| `juwan-zot-data` | 容器镜像层 |
| `juwan-garage-meta` | Garage 元数据 |
| `juwan-garage-data` | S3 对象数据 |
| `juwan-gitea-data` | Git 仓库与 SQLite 数据库 |
| `juwan-runner-data` | Runner 注册信息 |
deploy/center/caddy/Caddyfile
+78
View File
@@ -0,0 +1,78 @@
{
email admin@juwan.xhttp.zip
servers {
enable_webtransport
}
}
(common_log) {
log {
output stdout
format console {
time_format common_log
time_local
}
}
}
(stream_proxy) {
flush_interval -1
transport http {
read_timeout 0
write_timeout 0
response_header_timeout 0
}
}
git.juwan.xhttp.zip {
import common_log
request_body {
max_size 2GB
}
reverse_proxy http://gitea:3000 {
import stream_proxy
}
}
registry.juwan.xhttp.zip {
import common_log
request_body {
max_size 2GB
}
reverse_proxy http://zot:5000 {
import stream_proxy
}
}
s3.juwan.xhttp.zip {
import common_log
request_body {
max_size 5GB
}
reverse_proxy http://garage:3900 {
import stream_proxy
}
}
juwan.xhttp.zip {
import common_log
handle /wt/* {
reverse_proxy https://140.82.15.92:8443 {
transport http {
versions 3
tls_insecure_skip_verify
}
}
}
handle {
reverse_proxy http://140.82.15.92:30080 {
lb_policy round_robin
health_uri /healthz
health_interval 10s
fail_duration 30s
import stream_proxy
}
}
}
deploy/center/caddy/Dockerfile
+10
View File
@@ -0,0 +1,10 @@
FROM caddy:2.11.2-builder-alpine AS builder
# 编译带 PR #7669experimental WebTransport reverse-proxy passthrough
# 的 Caddy。来源是 tomholford 的 fork 分支 webtransport-reverse-proxy。
RUN xcaddy build \
--with github.com/caddyserver/caddy/v2=github.com/tomholford/caddy/v2@webtransport-reverse-proxy
FROM caddy:2.11.2-alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
deploy/center/docker-compose.yml
+113
View File
@@ -0,0 +1,113 @@
services:
# ==================== 反代 ====================
caddy:
build:
context: ./caddy
image: juwan-center/caddy:wt
container_name: juwan-caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- ./caddy/Caddyfile:/etc/caddy/Caddyfile:ro
- caddy-data:/data
- caddy-config:/config
depends_on:
- gitea
- zot
- garage
# ==================== 容器仓库 ====================
zot:
image: ghcr.io/project-zot/zot:v2.1.16
container_name: juwan-zot
restart: unless-stopped
command: ["serve", "/etc/zot/config.json"]
volumes:
- ./zot/config.json:/etc/zot/config.json:ro
- ./zot/htpasswd:/etc/zot/htpasswd:ro
- zot-data:/var/lib/registry
expose:
- "5000"
# ==================== S3 对象存储 ====================
garage:
image: dxflrs/garage:v2.3.0
container_name: juwan-garage
restart: unless-stopped
command: ["/garage", "server"]
volumes:
- ./garage/garage.toml:/etc/garage.toml:ro
- garage-meta:/var/lib/garage/meta
- garage-data:/var/lib/garage/data
expose:
- "3900"
- "3901"
- "3902"
- "3903"
# ==================== Git 服务 ====================
gitea:
image: docker.gitea.com/gitea:1.26.1
container_name: juwan-gitea
restart: unless-stopped
environment:
USER_UID: "1000"
USER_GID: "1000"
GITEA__database__DB_TYPE: sqlite3
GITEA__server__DOMAIN: ${GITEA_DOMAIN}
GITEA__server__ROOT_URL: https://${GITEA_DOMAIN}/
GITEA__server__PROTOCOL: http
GITEA__server__HTTP_PORT: "3000"
GITEA__server__DISABLE_SSH: "true"
GITEA__service__DISABLE_REGISTRATION: "true"
GITEA__security__INSTALL_LOCK: "true"
GITEA__actions__ENABLED: "true"
volumes:
- gitea-data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
expose:
- "3000"
healthcheck:
test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:3000/api/healthz >/dev/null || exit 1"]
interval: 30s
timeout: 5s
retries: 5
start_period: 30s
# ==================== CI/CD 执行器 ====================
runner:
image: gitea/act_runner:0.6.1
container_name: juwan-runner
restart: unless-stopped
environment:
GITEA_INSTANCE_URL: http://gitea:3000
GITEA_RUNNER_REGISTRATION_TOKEN: ${RUNNER_TOKEN}
GITEA_RUNNER_NAME: juwan-center
GITEA_RUNNER_LABELS: ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest-slim
CONFIG_FILE: /data/config.yaml
volumes:
- runner-data:/data
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
gitea:
condition: service_healthy
volumes:
caddy-data:
name: juwan-caddy-data
caddy-config:
name: juwan-caddy-config
zot-data:
name: juwan-zot-data
garage-meta:
name: juwan-garage-meta
garage-data:
name: juwan-garage-data
gitea-data:
name: juwan-gitea-data
runner-data:
name: juwan-runner-data
deploy/center/garage/bootstrap.sh
Executable
+31
View File
@@ -0,0 +1,31 @@
#!/usr/bin/env bash
set -euo pipefail
GARAGE="docker compose exec -T garage /garage"
NODE_ID="$($GARAGE node id -q | cut -d@ -f1 | tr -d '\r')"
echo "node id: $NODE_ID"
$GARAGE layout assign -z dc1 -c 10G "$NODE_ID"
$GARAGE layout apply --version 1
$GARAGE bucket create juwan-objectstory
$GARAGE bucket create juwan-pg-backup
KEY_INFO="$($GARAGE key create juwan-app)"
echo "$KEY_INFO"
ACCESS_KEY="$(echo "$KEY_INFO" | awk '/Key ID:/ {print $3}')"
SECRET_KEY="$(echo "$KEY_INFO" | awk '/Secret key:/ {print $3}')"
$GARAGE bucket allow --read --write --owner juwan-objectstory --key juwan-app
$GARAGE bucket allow --read --write --owner juwan-pg-backup --key juwan-app
cat <<EOF
S3_ENDPOINT=https://s3.juwan.xhttp.zip
S3_REGION=garage
S3_ACCESS_KEY=$ACCESS_KEY
S3_SECRET_KEY=$SECRET_KEY
S3_BUCKET_NAME=juwan-objectstory
EOF
deploy/center/garage/garage.toml.template
+26
View File
@@ -0,0 +1,26 @@
metadata_dir = "/var/lib/garage/meta"
data_dir = "/var/lib/garage/data"
db_engine = "sqlite"
replication_factor = 1
consistency_mode = "consistent"
rpc_bind_addr = "[::]:3901"
rpc_public_addr = "garage:3901"
rpc_secret = "@RPC_SECRET@"
[s3_api]
api_bind_addr = "[::]:3900"
s3_region = "garage"
root_domain = ".s3.juwan.xhttp.zip"
[s3_web]
bind_addr = "[::]:3902"
root_domain = ".web.juwan.xhttp.zip"
index = "index.html"
[admin]
api_bind_addr = "[::]:3903"
admin_token = "@ADMIN_TOKEN@"
metrics_token = "@METRICS_TOKEN@"
metrics_require_token = true
deploy/center/init.sh
Executable
+50
View File
@@ -0,0 +1,50 @@
#!/usr/bin/env bash
set -euo pipefail
CENTER_DIR="$(cd "$(dirname "$0")" && pwd)"
cd "$CENTER_DIR"
mkdir -p secrets
chmod 700 secrets
write_secret() {
local name="$1" value="$2"
printf '%s\n' "$value" > "secrets/$name"
chmod 600 "secrets/$name"
}
RPC_SECRET="$(openssl rand -hex 32)"
ADMIN_TOKEN="$(openssl rand -base64 32 | tr -d '\n')"
METRICS_TOKEN="$(openssl rand -base64 32 | tr -d '\n')"
ZOT_PASSWORD="$(openssl rand -hex 16)"
GITEA_PASSWORD="$(openssl rand -hex 16)"
write_secret garage-rpc-secret "$RPC_SECRET"
write_secret garage-admin-token "$ADMIN_TOKEN"
write_secret garage-metrics-token "$METRICS_TOKEN"
write_secret zot-admin-password "$ZOT_PASSWORD"
write_secret gitea-admin-password "$GITEA_PASSWORD"
if [ ! -f .env ]; then
cp .env.example .env
fi
python3 - "$RPC_SECRET" "$ADMIN_TOKEN" "$METRICS_TOKEN" <<'PY'
import sys, pathlib
rpc, admin, metrics = sys.argv[1:4]
src = pathlib.Path("garage/garage.toml.template").read_text()
out = (src
.replace("@RPC_SECRET@", rpc)
.replace("@ADMIN_TOKEN@", admin)
.replace("@METRICS_TOKEN@", metrics))
pathlib.Path("garage/garage.toml").write_text(out)
PY
htpasswd -bBn admin "$ZOT_PASSWORD" > zot/htpasswd
chmod 600 zot/htpasswd
echo
echo "secrets/ 写入完成,garage/garage.toml、zot/htpasswd 已渲染"
echo
echo "Zot: admin / $ZOT_PASSWORD"
echo "Gitea: admin / $GITEA_PASSWORD"
deploy/center/zot/config.json
+50
View File
@@ -0,0 +1,50 @@
{
"distSpecVersion": "1.1.1",
"storage": {
"rootDirectory": "/var/lib/registry",
"dedupe": true,
"gc": true,
"gcDelay": "1h",
"gcInterval": "24h"
},
"http": {
"address": "0.0.0.0",
"port": "5000",
"realm": "zot",
"compat": ["docker2s2"],
"auth": {
"htpasswd": {
"path": "/etc/zot/htpasswd"
},
"failDelay": 5
},
"accessControl": {
"repositories": {
"**": {
"anonymousPolicy": ["read"],
"defaultPolicy": ["read", "create", "update", "delete"]
}
},
"metrics": {
"users": ["admin"]
}
}
},
"log": {
"level": "info"
},
"extensions": {
"search": {
"enable": true
},
"ui": {
"enable": true
},
"metrics": {
"enable": true,
"prometheus": {
"path": "/metrics"
}
}
}
}
deploy/dev/docker-compose.yml
+3
View File
@@ -210,6 +210,9 @@ services:
image: juwan/snowflake-rpc:dev
container_name: juwan-snowflake
restart: unless-stopped
environment:
SNOWFLAKE_DATACENTER_ID: 1
SNOWFLAKE_WORKER_ID: 0
authz-adapter:
image: juwan/authz-adapter:dev
deploy/k01/.env.example
+24
View File
@@ -0,0 +1,24 @@
REGISTRY_HOST=registry.juwan.xhttp.zip
REGISTRY_USERNAME=admin
REGISTRY_PASSWORD=
JWT_SECRET_KEY=
ADMIN_USERNAME=admin
ADMIN_PASSWORD=
ADMIN_EMAIL=admin@juwan.xhttp.zip
EMAIL_SMTP_HOST=smtp-relay.brevo.com
EMAIL_SMTP_PORT=587
EMAIL_SMTP_USERNAME=
EMAIL_SMTP_PASSWORD=
EMAIL_FROM_ADDRESS=dev@juwan.xhttp.zip
EMAIL_FROM_NAME=Juwan Team
EMAIL_REPLY_TO=
S3_ENDPOINT=https://s3.juwan.xhttp.zip
S3_ACCESS_KEY=
S3_SECRET_KEY=
S3_BUCKET_NAME=juwan-objectstory
S3_REGION=garage
MONGO_PASSWORD=
deploy/k01/.gitignore
+2
View File
@@ -0,0 +1,2 @@
secrets/
.env
deploy/k01/00-base/namespace.yaml
+38
View File
@@ -0,0 +1,38 @@
apiVersion: v1
kind: Namespace
metadata:
name: juwan
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: juwan
name: find-endpoints
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: discov-endpoints
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch"]
- apiGroups: ["discovery.k8s.io"]
resources: ["endpointslices"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: find-endpoints-discov-endpoints
subjects:
- kind: ServiceAccount
namespace: juwan
name: find-endpoints
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: discov-endpoints
deploy/k01/01-infra/envoy.yaml
+1096
View File
File diff suppressed because it is too large Load Diff
deploy/k01/01-infra/kafka.yaml
+72
View File
@@ -0,0 +1,72 @@
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaNodePool
metadata:
name: controller
namespace: kafka
labels:
strimzi.io/cluster: juwan-kafka
spec:
replicas: 1
roles:
- controller
storage:
type: persistent-claim
size: 1Gi
deleteClaim: false
---
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaNodePool
metadata:
name: broker
namespace: kafka
labels:
strimzi.io/cluster: juwan-kafka
spec:
replicas: 1
roles:
- broker
storage:
type: persistent-claim
size: 5Gi
deleteClaim: false
---
apiVersion: kafka.strimzi.io/v1beta2
kind: Kafka
metadata:
name: juwan-kafka
namespace: kafka
annotations:
strimzi.io/node-pools: enabled
strimzi.io/kraft: enabled
spec:
kafka:
version: 4.2.0
metadataVersion: 4.2-IV0
listeners:
- name: plain
port: 9092
type: internal
tls: false
config:
offsets.topic.replication.factor: 1
transaction.state.log.replication.factor: 1
transaction.state.log.min.isr: 1
default.replication.factor: 1
min.insync.replicas: 1
entityOperator:
topicOperator: {}
userOperator: {}
---
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaTopic
metadata:
name: email-task
namespace: kafka
labels:
strimzi.io/cluster: juwan-kafka
spec:
partitions: 1
replicas: 1
deploy/k01/01-infra/load-schema.sh
Executable
+58
View File
@@ -0,0 +1,58 @@
#!/usr/bin/env bash
set -euo pipefail
K01_DIR="$(cd "$(dirname "$0")" && pwd)"
REPO_ROOT="$(cd "$K01_DIR/../.." && pwd)"
SQL_DIR="$REPO_ROOT/desc/sql"
FIXTURE_DIR="$REPO_ROOT/deploy/dev/fixture"
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
declare -A SCHEMA_MAP=(
[user-db]=users
[player-db]=player
[game-db]=game
[shop-db]=shop
[order-db]=order
[wallet-db]=wallet
[community-db]=community
[review-db]=review
[dispute-db]=dispute
[notification-db]=notification
[search-db]=search
)
psql_exec() {
local cluster="$1" sql="$2"
kubectl -n juwan exec -i "${cluster}-1" -c postgres -- psql \
-v ON_ERROR_STOP=1 -U app -d app <<<"$sql"
}
psql_file() {
local cluster="$1" file="$2"
kubectl -n juwan exec -i "${cluster}-1" -c postgres -- psql \
-v ON_ERROR_STOP=1 -U app -d app < "$file"
}
for cluster in "${!SCHEMA_MAP[@]}"; do
domain="${SCHEMA_MAP[$cluster]}"
echo ">>> $cluster ($domain)"
kubectl -n juwan wait --for=condition=Ready "cluster.postgresql.cnpg.io/${cluster}" --timeout=300s
psql_file "$cluster" "$SQL_DIR/common/update_updated_at_column.sql"
for f in "$SQL_DIR/$domain"/*.sql; do
[ -f "$f" ] || continue
echo " schema: $(basename "$f")"
psql_file "$cluster" "$f"
done
if [ -f "$FIXTURE_DIR/$domain.sql" ]; then
echo " fixture: $domain.sql"
psql_file "$cluster" "$FIXTURE_DIR/$domain.sql"
fi
done
echo
echo "schema + fixture loaded into 11 CNPG clusters"
deploy/k01/01-infra/mongo.yaml
+41
View File
@@ -0,0 +1,41 @@
apiVersion: mongodbcommunity.mongodb.com/v1
kind: MongoDBCommunity
metadata:
name: chat-mongodb
namespace: juwan
spec:
members: 1
type: ReplicaSet
version: "8.2.6"
security:
authentication:
modes:
- SCRAM
users:
- name: app-user
db: admin
passwordSecretRef:
name: chat-mongodb-app-user-password
roles:
- name: readWrite
db: juwan_chat
scramCredentialsSecretName: chat-mongodb-app-user-scram
additionalMongodConfig:
storage.wiredTiger.engineConfig.journalCompressor: zlib
statefulSet:
spec:
volumeClaimTemplates:
- metadata:
name: data-volume
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
- metadata:
name: logs-volume
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 256Mi
deploy/k01/01-infra/postgres.yaml
+185
View File
@@ -0,0 +1,185 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: user-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: player-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: game-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: shop-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: order-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: wallet-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: community-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: review-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: dispute-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: notification-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: juwan
name: search-db
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:18.3-system-trixie
primaryUpdateStrategy: unsupervised
bootstrap:
initdb:
database: app
owner: app
storage:
size: 1Gi
deploy/k01/01-infra/ratelimit.yaml
+149
View File
@@ -0,0 +1,149 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: ratelimit-config
namespace: juwan
data:
ratelimit.yaml: |
domain: api
descriptors:
- key: generic_key
value: login
descriptors:
- key: remote_address
rate_limit:
unit: MINUTE
requests_per_unit: 10
- key: generic_key
value: register
descriptors:
- key: remote_address
rate_limit:
unit: MINUTE
requests_per_unit: 5
- key: generic_key
value: forgot_password_send
descriptors:
- key: remote_address
rate_limit:
unit: MINUTE
requests_per_unit: 3
- key: generic_key
value: verify_code_send
descriptors:
- key: remote_address
rate_limit:
unit: MINUTE
requests_per_unit: 3
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: rl-redis
namespace: juwan
labels:
app: rl-redis
spec:
replicas: 1
selector:
matchLabels:
app: rl-redis
template:
metadata:
labels:
app: rl-redis
spec:
containers:
- name: redis
image: redis:8.6.2-alpine
ports:
- containerPort: 6379
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: rl-redis-svc
namespace: juwan
spec:
ports:
- port: 6379
targetPort: 6379
selector:
app: rl-redis
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ratelimit
namespace: juwan
labels:
app: ratelimit
spec:
replicas: 1
selector:
matchLabels:
app: ratelimit
template:
metadata:
labels:
app: ratelimit
spec:
containers:
- name: ratelimit
image: envoyproxy/ratelimit:fe26676d
command: ["/bin/ratelimit"]
env:
- name: REDIS_SOCKET_TYPE
value: tcp
- name: REDIS_URL
value: rl-redis-svc:6379
- name: USE_STATSD
value: "false"
- name: RUNTIME_ROOT
value: /data
- name: RUNTIME_SUBDIRECTORY
value: ratelimit
- name: RUNTIME_WATCH_ROOT
value: "true"
- name: LOG_LEVEL
value: info
ports:
- containerPort: 8081
name: grpc
- containerPort: 6070
name: debug
volumeMounts:
- name: config
mountPath: /data/ratelimit/config
resources:
requests:
cpu: 50m
memory: 64Mi
volumes:
- name: config
configMap:
name: ratelimit-config
---
apiVersion: v1
kind: Service
metadata:
name: ratelimit-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8081
targetPort: 8081
- name: debug
port: 6070
targetPort: 6070
selector:
app: ratelimit
deploy/k01/01-infra/redis.yaml
+346
View File
@@ -0,0 +1,346 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: user-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: user-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: player-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: player-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: game-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: game-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: shop-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: shop-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: order-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: order-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: wallet-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: wallet-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: community-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: community-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: review-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: review-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: dispute-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: dispute-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: notification-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: notification-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: search-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: search-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: chat-redis
namespace: juwan
spec:
clusterSize: 1
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.15
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
redisSecret:
name: chat-redis
key: password
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
deploy/k01/02-service/authz-adapter.yaml
+48
View File
@@ -0,0 +1,48 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: authz-adapter
namespace: juwan
labels:
app: authz-adapter
spec:
replicas: 1
selector:
matchLabels:
app: authz-adapter
template:
metadata:
labels:
app: authz-adapter
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: authz-adapter
image: registry.juwan.xhttp.zip/juwan/authz-adapter:latest
ports:
- name: grpc
containerPort: 9002
env:
- name: LISTEN_ON
value: "0.0.0.0:9002"
- name: USER_RPC_TARGET
value: "user-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: authz-adapter-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 9002
targetPort: 9002
selector:
app: authz-adapter
deploy/k01/02-service/chat.yaml
+97
View File
@@ -0,0 +1,97 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: chat-api
namespace: juwan
labels:
app: chat-api
spec:
replicas: 1
selector:
matchLabels:
app: chat-api
template:
metadata:
labels:
app: chat-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: chat-api
image: registry.juwan.xhttp.zip/juwan/chat-api:latest
ports:
- name: http
containerPort: 8888
- name: ws
containerPort: 8889
- name: wt
containerPort: 8443
hostPort: 8443
protocol: UDP
- name: metrics
containerPort: 4001
env:
- name: MONGO_PASSWORD
valueFrom:
secretKeyRef:
name: chat-mongodb-app-user-password
key: password
- name: MONGO_URI
value: "mongodb://app-user:$(MONGO_PASSWORD)@chat-mongodb-0.chat-mongodb-svc.juwan.svc.cluster.local:27017/juwan_chat?replicaSet=chat-mongodb&authSource=admin"
- name: MONGO_DATABASE
value: juwan_chat
- name: REDIS_HOST
value: chat-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: chat-redis
key: password
- name: JWT_SECRET_KEY
valueFrom:
secretKeyRef:
name: jwt-secret
key: secret-key
- name: CHAT_WT_CERT_FILE
value: "/etc/certs/tls.crt"
- name: CHAT_WT_KEY_FILE
value: "/etc/certs/tls.key"
volumeMounts:
- name: certs
mountPath: /etc/certs
readOnly: true
resources:
requests:
cpu: 20m
memory: 32Mi
volumes:
- name: certs
secret:
secretName: chat-wt-tls
---
apiVersion: v1
kind: Service
metadata:
name: chat-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: ws
port: 8889
targetPort: 8889
- name: wt
port: 8443
targetPort: 8443
protocol: UDP
- name: metrics
port: 4001
targetPort: 4001
selector:
app: chat-api
deploy/k01/02-service/community.yaml
+136
View File
@@ -0,0 +1,136 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: community-rpc
namespace: juwan
labels:
app: community-rpc
spec:
replicas: 1
selector:
matchLabels:
app: community-rpc
template:
metadata:
labels:
app: community-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: community-rpc
image: registry.juwan.xhttp.zip/juwan/community-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: community-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: community-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: community-db-app
key: dbname
- name: DB_HOST
value: community-db-rw.juwan
- name: DB_HOST_RO
value: community-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: community-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: community-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: community-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: community-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: community-api
namespace: juwan
labels:
app: community-api
spec:
replicas: 1
selector:
matchLabels:
app: community-api
template:
metadata:
labels:
app: community-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: community-api
image: registry.juwan.xhttp.zip/juwan/community-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: COMMUNITY_RPC_TARGET
value: "community-rpc-svc.juwan:8080"
- name: USER_RPC_TARGET
value: "user-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: community-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: community-api
deploy/k01/02-service/dispute.yaml
+138
View File
@@ -0,0 +1,138 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: dispute-rpc
namespace: juwan
labels:
app: dispute-rpc
spec:
replicas: 1
selector:
matchLabels:
app: dispute-rpc
template:
metadata:
labels:
app: dispute-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: dispute-rpc
image: registry.juwan.xhttp.zip/juwan/dispute-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: dispute-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: dispute-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: dispute-db-app
key: dbname
- name: DB_HOST
value: dispute-db-rw.juwan
- name: DB_HOST_RO
value: dispute-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: dispute-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: dispute-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: dispute-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: dispute-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: dispute-api
namespace: juwan
labels:
app: dispute-api
spec:
replicas: 1
selector:
matchLabels:
app: dispute-api
template:
metadata:
labels:
app: dispute-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: dispute-api
image: registry.juwan.xhttp.zip/juwan/dispute-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: DISPUTE_RPC_TARGET
value: "dispute-rpc-svc.juwan:8080"
- name: ORDER_RPC_TARGET
value: "order-rpc-svc.juwan:8080"
- name: PLAYER_RPC_TARGET
value: "player-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: dispute-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: dispute-api
deploy/k01/02-service/email.yaml
+143
View File
@@ -0,0 +1,143 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: email-api
namespace: juwan
labels:
app: email-api
spec:
replicas: 1
selector:
matchLabels:
app: email-api
template:
metadata:
labels:
app: email-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: email-api
image: registry.juwan.xhttp.zip/juwan/email-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: REDIS_HOST
value: user-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: user-redis
key: password
- name: KAFKA_BROKER
value: "juwan-kafka-kafka-bootstrap.kafka:9092"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: email-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: email-api
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: email-mq
namespace: juwan
labels:
app: email-mq
spec:
replicas: 1
selector:
matchLabels:
app: email-mq
template:
metadata:
labels:
app: email-mq
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: email-mq
image: registry.juwan.xhttp.zip/juwan/email-mq:latest
ports:
- name: metrics
containerPort: 4001
env:
- name: KAFKA_BROKER
value: "juwan-kafka-kafka-bootstrap.kafka:9092"
- name: EMAIL_SMTP_HOST
valueFrom:
secretKeyRef:
name: email-smtp
key: host
- name: EMAIL_SMTP_PORT
valueFrom:
secretKeyRef:
name: email-smtp
key: port
- name: EMAIL_SMTP_USERNAME
valueFrom:
secretKeyRef:
name: email-smtp
key: username
- name: EMAIL_SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: email-smtp
key: password
- name: EMAIL_FROM_ADDRESS
valueFrom:
secretKeyRef:
name: email-smtp
key: from-address
- name: EMAIL_FROM_NAME
valueFrom:
secretKeyRef:
name: email-smtp
key: from-name
- name: EMAIL_REPLY_TO
valueFrom:
secretKeyRef:
name: email-smtp
key: reply-to
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: email-mq-svc
namespace: juwan
spec:
ports:
- name: metrics
port: 4001
targetPort: 4001
selector:
app: email-mq
deploy/k01/02-service/frontend.yaml
+43
View File
@@ -0,0 +1,43 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: juwan
labels:
app: frontend
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: frontend
image: registry.juwan.xhttp.zip/juwan/frontend:latest
ports:
- name: http
containerPort: 3000
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: frontend-svc
namespace: juwan
spec:
ports:
- name: http
port: 3000
targetPort: 3000
selector:
app: frontend
deploy/k01/02-service/game.yaml
+134
View File
@@ -0,0 +1,134 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: game-rpc
namespace: juwan
labels:
app: game-rpc
spec:
replicas: 1
selector:
matchLabels:
app: game-rpc
template:
metadata:
labels:
app: game-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: game-rpc
image: registry.juwan.xhttp.zip/juwan/game-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: game-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: game-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: game-db-app
key: dbname
- name: DB_HOST
value: game-db-rw.juwan
- name: DB_HOST_RO
value: game-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: game-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: game-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: game-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: game-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: game-api
namespace: juwan
labels:
app: game-api
spec:
replicas: 1
selector:
matchLabels:
app: game-api
template:
metadata:
labels:
app: game-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: game-api
image: registry.juwan.xhttp.zip/juwan/game-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: GAME_RPC_TARGET
value: "game-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: game-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: game-api
deploy/k01/02-service/notification.yaml
+134
View File
@@ -0,0 +1,134 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: notification-rpc
namespace: juwan
labels:
app: notification-rpc
spec:
replicas: 1
selector:
matchLabels:
app: notification-rpc
template:
metadata:
labels:
app: notification-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: notification-rpc
image: registry.juwan.xhttp.zip/juwan/notification-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: notification-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: notification-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: notification-db-app
key: dbname
- name: DB_HOST
value: notification-db-rw.juwan
- name: DB_HOST_RO
value: notification-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: notification-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: notification-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: notification-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: notification-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: notification-api
namespace: juwan
labels:
app: notification-api
spec:
replicas: 1
selector:
matchLabels:
app: notification-api
template:
metadata:
labels:
app: notification-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: notification-api
image: registry.juwan.xhttp.zip/juwan/notification-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: NOTIFICATION_RPC_TARGET
value: "notification-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: notification-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: notification-api
deploy/k01/02-service/objectstory.yaml
+127
View File
@@ -0,0 +1,127 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: objectstory-rpc
namespace: juwan
labels:
app: objectstory-rpc
spec:
replicas: 1
selector:
matchLabels:
app: objectstory-rpc
template:
metadata:
labels:
app: objectstory-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: objectstory-rpc
image: registry.juwan.xhttp.zip/juwan/objectstory-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: S3_ENDPOINT
valueFrom:
secretKeyRef:
name: objectstory-s3
key: endpoint
- name: S3_ACCESS_KEY
valueFrom:
secretKeyRef:
name: objectstory-s3
key: access-key
- name: S3_SECRET_KEY
valueFrom:
secretKeyRef:
name: objectstory-s3
key: secret-key
- name: S3_BUCKET_NAME
valueFrom:
secretKeyRef:
name: objectstory-s3
key: bucket
- name: S3_REGION
valueFrom:
secretKeyRef:
name: objectstory-s3
key: region
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: objectstory-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: objectstory-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: objectstory-api
namespace: juwan
labels:
app: objectstory-api
spec:
replicas: 1
selector:
matchLabels:
app: objectstory-api
template:
metadata:
labels:
app: objectstory-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: objectstory-api
image: registry.juwan.xhttp.zip/juwan/objectstory-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: OBJECTSTORY_RPC_TARGET
value: "objectstory-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: objectstory-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: objectstory-api
deploy/k01/02-service/order.yaml
+138
View File
@@ -0,0 +1,138 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: order-rpc
namespace: juwan
labels:
app: order-rpc
spec:
replicas: 1
selector:
matchLabels:
app: order-rpc
template:
metadata:
labels:
app: order-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: order-rpc
image: registry.juwan.xhttp.zip/juwan/order-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: order-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: order-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: order-db-app
key: dbname
- name: DB_HOST
value: order-db-rw.juwan
- name: DB_HOST_RO
value: order-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: order-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: order-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: order-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: order-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: order-api
namespace: juwan
labels:
app: order-api
spec:
replicas: 1
selector:
matchLabels:
app: order-api
template:
metadata:
labels:
app: order-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: order-api
image: registry.juwan.xhttp.zip/juwan/order-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: ORDER_RPC_TARGET
value: "order-rpc-svc.juwan:8080"
- name: PLAYER_RPC_TARGET
value: "player-rpc-svc.juwan:8080"
- name: SHOP_RPC_TARGET
value: "shop-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: order-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: order-api
deploy/k01/02-service/player.yaml
+136
View File
@@ -0,0 +1,136 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: player-rpc
namespace: juwan
labels:
app: player-rpc
spec:
replicas: 1
selector:
matchLabels:
app: player-rpc
template:
metadata:
labels:
app: player-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: player-rpc
image: registry.juwan.xhttp.zip/juwan/player-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: player-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: player-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: player-db-app
key: dbname
- name: DB_HOST
value: player-db-rw.juwan
- name: DB_HOST_RO
value: player-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: player-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: player-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: player-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: player-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: player-api
namespace: juwan
labels:
app: player-api
spec:
replicas: 1
selector:
matchLabels:
app: player-api
template:
metadata:
labels:
app: player-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: player-api
image: registry.juwan.xhttp.zip/juwan/player-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: PLAYER_RPC_TARGET
value: "player-rpc-svc.juwan:8080"
- name: USER_RPC_TARGET
value: "user-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: player-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: player-api
deploy/k01/02-service/review.yaml
+138
View File
@@ -0,0 +1,138 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: review-rpc
namespace: juwan
labels:
app: review-rpc
spec:
replicas: 1
selector:
matchLabels:
app: review-rpc
template:
metadata:
labels:
app: review-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: review-rpc
image: registry.juwan.xhttp.zip/juwan/review-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: review-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: review-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: review-db-app
key: dbname
- name: DB_HOST
value: review-db-rw.juwan
- name: DB_HOST_RO
value: review-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: review-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: review-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: review-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: review-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: review-api
namespace: juwan
labels:
app: review-api
spec:
replicas: 1
selector:
matchLabels:
app: review-api
template:
metadata:
labels:
app: review-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: review-api
image: registry.juwan.xhttp.zip/juwan/review-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: ORDER_RPC_TARGET
value: "order-rpc-svc.juwan:8080"
- name: PLAYER_RPC_TARGET
value: "player-rpc-svc.juwan:8080"
- name: REVIEW_RPC_TARGET
value: "review-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: review-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: review-api
deploy/k01/02-service/search.yaml
+134
View File
@@ -0,0 +1,134 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: search-rpc
namespace: juwan
labels:
app: search-rpc
spec:
replicas: 1
selector:
matchLabels:
app: search-rpc
template:
metadata:
labels:
app: search-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: search-rpc
image: registry.juwan.xhttp.zip/juwan/search-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: search-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: search-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: search-db-app
key: dbname
- name: DB_HOST
value: search-db-rw.juwan
- name: DB_HOST_RO
value: search-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: search-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: search-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: search-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: search-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: search-api
namespace: juwan
labels:
app: search-api
spec:
replicas: 1
selector:
matchLabels:
app: search-api
template:
metadata:
labels:
app: search-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: search-api
image: registry.juwan.xhttp.zip/juwan/search-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: SEARCH_RPC_TARGET
value: "search-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: search-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: search-api
deploy/k01/02-service/shop.yaml
+138
View File
@@ -0,0 +1,138 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: shop-rpc
namespace: juwan
labels:
app: shop-rpc
spec:
replicas: 1
selector:
matchLabels:
app: shop-rpc
template:
metadata:
labels:
app: shop-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: shop-rpc
image: registry.juwan.xhttp.zip/juwan/shop-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: shop-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: shop-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: shop-db-app
key: dbname
- name: DB_HOST
value: shop-db-rw.juwan
- name: DB_HOST_RO
value: shop-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: shop-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: shop-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
- name: USER_RPC_TARGET
value: "user-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: shop-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: shop-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: shop-api
namespace: juwan
labels:
app: shop-api
spec:
replicas: 1
selector:
matchLabels:
app: shop-api
template:
metadata:
labels:
app: shop-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: shop-api
image: registry.juwan.xhttp.zip/juwan/shop-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: PLAYER_RPC_TARGET
value: "player-rpc-svc.juwan:8080"
- name: SHOP_RPC_TARGET
value: "shop-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: shop-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: shop-api
deploy/k01/02-service/snowflake.yaml
+71
View File
@@ -0,0 +1,71 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: snowflake
namespace: juwan
labels:
app: snowflake
spec:
serviceName: snowflake-headless
replicas: 1
selector:
matchLabels:
app: snowflake
template:
metadata:
labels:
app: snowflake
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: snowflake
image: registry.juwan.xhttp.zip/juwan/snowflake-rpc:latest
command: ["/bin/sh", "-c"]
args:
- |
export SNOWFLAKE_WORKER_ID="${POD_NAME##*-}"
exec /app/main -f /app/etc/snowflake.yaml
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: SNOWFLAKE_DATACENTER_ID
value: "1"
ports:
- name: grpc
containerPort: 8080
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: snowflake-headless
namespace: juwan
spec:
clusterIP: None
selector:
app: snowflake
ports:
- name: grpc
port: 8080
targetPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: snowflake-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
selector:
app: snowflake
deploy/k01/02-service/user-verifications.yaml
+83
View File
@@ -0,0 +1,83 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-verifications-rpc
namespace: juwan
labels:
app: user-verifications-rpc
spec:
replicas: 1
selector:
matchLabels:
app: user-verifications-rpc
template:
metadata:
labels:
app: user-verifications-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: user-verifications-rpc
image: registry.juwan.xhttp.zip/juwan/user_verifications-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: user-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: user-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: user-db-app
key: dbname
- name: DB_HOST
value: user-db-rw.juwan
- name: DB_HOST_RO
value: user-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: user-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: user-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
- name: USER_RPC_TARGET
value: "user-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: user-verifications-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: user-verifications-rpc
deploy/k01/02-service/user.yaml
+156
View File
@@ -0,0 +1,156 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-rpc
namespace: juwan
labels:
app: user-rpc
spec:
replicas: 1
selector:
matchLabels:
app: user-rpc
template:
metadata:
labels:
app: user-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: user-rpc
image: registry.juwan.xhttp.zip/juwan/users-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: user-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: user-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: user-db-app
key: dbname
- name: DB_HOST
value: user-db-rw.juwan
- name: DB_HOST_RO
value: user-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: user-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: user-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
- name: ADMIN_USERNAME
valueFrom:
secretKeyRef:
name: admin-bootstrap
key: username
- name: ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: admin-bootstrap
key: password
- name: ADMIN_EMAIL
valueFrom:
secretKeyRef:
name: admin-bootstrap
key: email
- name: JWT_SECRET_KEY
valueFrom:
secretKeyRef:
name: jwt-secret
key: secret-key
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: user-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: user-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: user-api
namespace: juwan
labels:
app: user-api
spec:
replicas: 1
selector:
matchLabels:
app: user-api
template:
metadata:
labels:
app: user-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: user-api
image: registry.juwan.xhttp.zip/juwan/users-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: USER_RPC_TARGET
value: "user-rpc-svc.juwan:8080"
- name: USER_VERIFICATIONS_RPC_TARGET
value: "user-verifications-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: user-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: user-api
deploy/k01/02-service/wallet.yaml
+134
View File
@@ -0,0 +1,134 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: wallet-rpc
namespace: juwan
labels:
app: wallet-rpc
spec:
replicas: 1
selector:
matchLabels:
app: wallet-rpc
template:
metadata:
labels:
app: wallet-rpc
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: wallet-rpc
image: registry.juwan.xhttp.zip/juwan/wallet-rpc:latest
ports:
- name: grpc
containerPort: 8080
- name: metrics
containerPort: 4001
env:
- name: PD_USERNAME
valueFrom:
secretKeyRef:
name: wallet-db-app
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: wallet-db-app
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: wallet-db-app
key: dbname
- name: DB_HOST
value: wallet-db-rw.juwan
- name: DB_HOST_RO
value: wallet-db-ro.juwan
- name: DB_PORT
value: "5432"
- name: REDIS_HOST
value: wallet-redis-master.juwan
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: wallet-redis
key: password
- name: SNOWFLAKE_RPC_TARGET
value: "snowflake-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: wallet-rpc-svc
namespace: juwan
spec:
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: metrics
port: 4001
targetPort: 4001
selector:
app: wallet-rpc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wallet-api
namespace: juwan
labels:
app: wallet-api
spec:
replicas: 1
selector:
matchLabels:
app: wallet-api
template:
metadata:
labels:
app: wallet-api
spec:
imagePullSecrets:
- name: registry-creds
containers:
- name: wallet-api
image: registry.juwan.xhttp.zip/juwan/wallet-api:latest
ports:
- name: http
containerPort: 8888
- name: metrics
containerPort: 4001
env:
- name: WALLET_RPC_TARGET
value: "wallet-rpc-svc.juwan:8080"
resources:
requests:
cpu: 20m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
name: wallet-api-svc
namespace: juwan
spec:
ports:
- name: http
port: 8888
targetPort: 8888
- name: metrics
port: 4001
targetPort: 4001
selector:
app: wallet-api
deploy/k01/README.md
+88
View File
@@ -0,0 +1,88 @@
# k01 业务集群
该目录是 juwan-backend 所有 k3s 节点的初始化配置。公网入口由 center 的 Caddy 接管——`/wt/*` 走 UDP 直达 chat-api,其余路径反代到 envoy-gateway NodePort 30080。
第一台机器按以下步骤初始化为 k3s server;后续加入的 k02、k03 只运行 `install-k3s.sh agent`,其他步骤(k8s Secret、CR、业务 yaml)在 server 上 apply 一次即可。
## 前置条件
- Ubuntu 26.04 LTSroot
- center 已部署,`registry.juwan.xhttp.zip` 可推可拉
- 已从 Gitea 拉取仓库:`git clone https://git.juwan.xhttp.zip/juwan/juwan-backend.git`
- `/root/registry-password` 文件存放 zot admin 密码(`chmod 600`
## k3s server 初始化
```bash
cd /root/juwan-backend/deploy/k01
# 装 k3s(禁用内置 traefik+ Helm + 四个 Operator
bash install-k3s.sh
# 准备 .env,填 zot Admin 密码 / Brevo SMTP / Garage S3 凭据
cp .env.example .env
nano .env
# 应用 namespace + RBAC,生成全部 k8s Secret
kubectl apply -f 00-base/
bash secrets.sh
# 应用基础设施(Operator CR
kubectl apply -f 01-infra/postgres.yaml
kubectl apply -f 01-infra/redis.yaml
kubectl apply -f 01-infra/mongo.yaml
kubectl apply -f 01-infra/kafka.yaml
kubectl apply -f 01-infra/ratelimit.yaml
kubectl apply -f 01-infra/envoy.yaml
# 等 PostgreSQL Cluster 全部 Ready 后再灌 schema
bash 01-infra/load-schema.sh
# 启动业务服务
kubectl apply -f 02-service/
kubectl -n juwan get pods -w
```
## 做什么
四层结构。控制面是 k3s server,跑着 CNPG / Strimzi / Redis / MongoDB 四个 Operator 管理有状态服务。
数据层 11 个 per-domain PostgreSQL Cluster + 12 个 RedisReplication + 1 个 MongoDBCommunitychat+ Strimzi KRaft Kafka1 broker)。
业务层 27 个 Go 服务镜像指向 `registry.juwan.xhttp.zip/juwan/<name>:latest`,每个 domain 一套 rpc + api,外加 snowflake、authz-adapter、email-mq 和 frontend。所有 Deployment 带 `imagePullSecrets: registry-creds`containerd 的 `registries.yaml` 配了 zot admin 凭据。
email-api 跟 user-rpc 共用 user-redis 实例,因为注册和重置密码的验证码 key 跨服务读写。
chat-api 的 WebTransport 走 UDP 8443 hostPortcenter Caddy 的 PR 7669 fork 把这路流量终结后反代过来。
## 生成的 Secret
`secrets.sh` 生成随机密码写入 `secrets/` 目录,同时 `kubectl create secret``juwan` namespace。需要手动填的是 `.env` 里的 zot admin 密码、Brevo SMTP key 和 Garage S3 access key。
CNPG 每个 Cluster Ready 后自动生成 `<cluster>-app` Secretusername/password/dbname/host/port),业务 pod 的 env 直接从这些 Secret 取值。
## 加节点
在 server 上取 token
```bash
cat /var/lib/rancher/k3s/server/node-token
```
新机器上执行:
```bash
cd /root/juwan-backend/deploy/k01
echo "<zot-admin-password>" > /root/registry-password && chmod 600 /root/registry-password
K3S_URL=https://<server-ip>:6443 K3S_TOKEN=<token> bash install-k3s.sh agent
```
## 日常操作
```bash
kubectl -n juwan get pods -o wide
kubectl -n juwan rollout restart deploy/user-rpc
kubectl -n kafka get kafka,kafkatopic,kafkanodepool
```
deploy/k01/install-k3s.sh
Executable
+106
View File
@@ -0,0 +1,106 @@
#!/usr/bin/env bash
set -euo pipefail
REGISTRY_HOST="registry.juwan.xhttp.zip"
CNPG_VERSION="1.29.0"
STRIMZI_VERSION="1.0.0"
REDIS_OP_VERSION="0.24.0"
MONGODB_OP_VERSION="1.8.0"
MODE="${1:-server}"
if [ "$MODE" != "server" ] && [ "$MODE" != "agent" ]; then
echo "usage: $0 [server|agent]" >&2
exit 1
fi
if [ ! -f /root/registry-password ]; then
echo "need /root/registry-password (zot admin password)" >&2
exit 1
fi
write_registries() {
mkdir -p /etc/rancher/k3s
cat > /etc/rancher/k3s/registries.yaml <<EOF
mirrors:
${REGISTRY_HOST}:
endpoint:
- "https://${REGISTRY_HOST}"
configs:
${REGISTRY_HOST}:
auth:
username: admin
password: $(cat /root/registry-password)
EOF
}
if [ "$MODE" = "agent" ]; then
if [ -z "${K3S_URL:-}" ] || [ -z "${K3S_TOKEN:-}" ]; then
echo "agent mode requires K3S_URL and K3S_TOKEN env" >&2
echo " on the server: cat /var/lib/rancher/k3s/server/node-token" >&2
echo " then on agent: K3S_URL=https://<server-ip>:6443 K3S_TOKEN=<token> $0 agent" >&2
exit 1
fi
write_registries
if ! command -v k3s-agent >/dev/null 2>&1 && ! systemctl is-active --quiet k3s-agent; then
curl -sfL https://get.k3s.io | K3S_URL="$K3S_URL" K3S_TOKEN="$K3S_TOKEN" sh -
else
systemctl restart k3s-agent
fi
echo
echo "k3s agent joined ${K3S_URL}"
exit 0
fi
if ! systemctl is-active --quiet k3s; then
curl -sfL https://get.k3s.io | \
INSTALL_K3S_EXEC="--disable=traefik --write-kubeconfig-mode=644" \
sh -
fi
if ! command -v helm >/dev/null 2>&1; then
curl -fsSL https://packages.buildkite.com/helm-linux/helm-debian/gpgkey | \
gpg --dearmor -o /usr/share/keyrings/helm.gpg
echo "deb [signed-by=/usr/share/keyrings/helm.gpg] https://packages.buildkite.com/helm-linux/helm-debian/any/ any main" \
> /etc/apt/sources.list.d/helm-stable-debian.list
apt-get update
apt-get install -y helm
fi
write_registries
systemctl restart k3s
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
until kubectl get nodes >/dev/null 2>&1; do sleep 2; done
K01_DIR="$(cd "$(dirname "$0")" && pwd)"
kubectl apply -f "${K01_DIR}/00-base/"
kubectl apply -f \
"https://github.com/cloudnative-pg/cloudnative-pg/releases/download/v${CNPG_VERSION}/cnpg-${CNPG_VERSION}.yaml"
kubectl create namespace kafka 2>/dev/null || true
kubectl apply -n kafka \
-f "https://github.com/strimzi/strimzi-kafka-operator/releases/download/${STRIMZI_VERSION}/strimzi-cluster-operator-${STRIMZI_VERSION}.yaml"
helm repo add ot-helm https://ot-container-kit.github.io/helm-charts/ 2>/dev/null || true
helm repo add mongodb https://mongodb.github.io/helm-charts 2>/dev/null || true
helm repo update
helm upgrade --install redis-operator ot-helm/redis-operator \
--version "${REDIS_OP_VERSION}" \
--namespace redis-operator --create-namespace
helm upgrade --install mongodb-kubernetes mongodb/mongodb-kubernetes \
--version "${MONGODB_OP_VERSION}" \
--namespace mongodb-operator --create-namespace \
--set operator.watchNamespace=juwan
kubectl -n cnpg-system rollout status deploy/cnpg-controller-manager --timeout=300s
kubectl -n kafka rollout status deploy/strimzi-cluster-operator --timeout=300s
kubectl -n redis-operator rollout status deploy/redis-operator --timeout=300s
kubectl -n mongodb-operator rollout status deploy/mongodb-kubernetes-operator --timeout=300s
echo
echo "k3s server + 4 operators ready"
echo "node token: $(cat /var/lib/rancher/k3s/server/node-token)"
deploy/k01/secrets.sh
Executable
+89
View File
@@ -0,0 +1,89 @@
#!/usr/bin/env bash
set -euo pipefail
K01_DIR="$(cd "$(dirname "$0")" && pwd)"
cd "$K01_DIR"
if [ ! -f .env ]; then
echo ".env not found, copy from .env.example and fill in" >&2
exit 1
fi
set -a
. ./.env
set +a
mkdir -p secrets
chmod 700 secrets
write_secret() {
local name="$1" value="$2"
printf '%s\n' "$value" > "secrets/$name"
chmod 600 "secrets/$name"
}
JWT_SECRET_KEY="${JWT_SECRET_KEY:-$(openssl rand -hex 32)}"
ADMIN_PASSWORD="${ADMIN_PASSWORD:-$(openssl rand -hex 16)}"
write_secret jwt-secret "$JWT_SECRET_KEY"
write_secret admin-password "$ADMIN_PASSWORD"
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
kubectl -n juwan create secret docker-registry registry-creds \
--docker-server="${REGISTRY_HOST}" \
--docker-username="${REGISTRY_USERNAME}" \
--docker-password="${REGISTRY_PASSWORD}" \
--dry-run=client -o yaml | kubectl apply -f -
kubectl -n juwan create secret generic jwt-secret \
--from-literal=secret-key="$JWT_SECRET_KEY" \
--dry-run=client -o yaml | kubectl apply -f -
kubectl -n juwan create secret generic admin-bootstrap \
--from-literal=username="${ADMIN_USERNAME}" \
--from-literal=password="$ADMIN_PASSWORD" \
--from-literal=email="${ADMIN_EMAIL}" \
--dry-run=client -o yaml | kubectl apply -f -
kubectl -n juwan create secret generic email-smtp \
--from-literal=host="${EMAIL_SMTP_HOST}" \
--from-literal=port="${EMAIL_SMTP_PORT}" \
--from-literal=username="${EMAIL_SMTP_USERNAME}" \
--from-literal=password="${EMAIL_SMTP_PASSWORD}" \
--from-literal=from-address="${EMAIL_FROM_ADDRESS}" \
--from-literal=from-name="${EMAIL_FROM_NAME}" \
--from-literal=reply-to="${EMAIL_REPLY_TO:-}" \
--dry-run=client -o yaml | kubectl apply -f -
kubectl -n juwan create secret generic objectstory-s3 \
--from-literal=endpoint="${S3_ENDPOINT}" \
--from-literal=access-key="${S3_ACCESS_KEY}" \
--from-literal=secret-key="${S3_SECRET_KEY}" \
--from-literal=bucket="${S3_BUCKET_NAME}" \
--from-literal=region="${S3_REGION}" \
--dry-run=client -o yaml | kubectl apply -f -
DEV_CERTS="$(cd "$K01_DIR/../dev/certs" && pwd)"
kubectl -n juwan create secret tls chat-wt-tls \
--cert="${DEV_CERTS}/tls.crt" \
--key="${DEV_CERTS}/tls.key" \
--dry-run=client -o yaml | kubectl apply -f -
DOMAINS=(user player game shop order wallet community review dispute notification search chat)
for d in "${DOMAINS[@]}"; do
pwd_val="$(openssl rand -hex 16)"
write_secret "redis-${d}-password" "$pwd_val"
kubectl -n juwan create secret generic "${d}-redis" \
--from-literal=password="$pwd_val" \
--dry-run=client -o yaml | kubectl apply -f -
done
MONGO_PASSWORD="${MONGO_PASSWORD:-$(openssl rand -hex 16)}"
write_secret mongo-password "$MONGO_PASSWORD"
kubectl -n juwan create secret generic chat-mongodb-app-user-password \
--from-literal=password="$MONGO_PASSWORD" \
--dry-run=client -o yaml | kubectl apply -f -
echo
echo "secrets/ written, k8s Secrets applied to namespace juwan"
echo "admin password: $ADMIN_PASSWORD"
deploy/k8s/service/authz/authz-adapter.yaml
+2 -2
View File
@@ -45,8 +45,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
volumeMounts:
- name: timezone
mountPath: /etc/localtime
deploy/k8s/service/chat/chat-api.yaml
+6 -6
View File
@@ -68,8 +68,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
@@ -240,8 +240,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
redisSecret:
name: chat-redis
key: password
@@ -276,8 +276,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
deploy/k8s/service/community/community-api.yaml
+2 -2
View File
@@ -36,8 +36,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
deploy/k8s/service/community/community-rpc.yaml
+6 -6
View File
@@ -66,8 +66,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
@@ -195,8 +195,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
redisSecret:
name: community-redis
key: password
@@ -231,8 +231,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
deploy/k8s/service/dispute/dispute-api.yaml
+2 -2
View File
@@ -36,8 +36,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
deploy/k8s/service/dispute/dispute-rpc.yaml
+6 -6
View File
@@ -66,8 +66,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
@@ -195,8 +195,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
redisSecret:
name: dispute-redis
key: password
@@ -231,8 +231,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
deploy/k8s/service/email/email-api.yaml
+2 -2
View File
@@ -49,8 +49,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
deploy/k8s/service/email/email-mq.yaml
+2 -2
View File
@@ -72,8 +72,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
volumeMounts:
- name: timezone
mountPath: /etc/localtime
deploy/k8s/service/game/game-api.yaml
+2 -2
View File
@@ -36,8 +36,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
deploy/k8s/service/game/game-rpc.yaml
+6 -6
View File
@@ -66,8 +66,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
@@ -166,8 +166,8 @@ spec:
# cpu: 100m
# memory: 128Mi
# limits:
# cpu: 500m
# memory: 512Mi
# cpu: 50m
# memory: 128Mi
# redisSecret: # 记得创建密码
# name: game-redis
# key: password
@@ -204,8 +204,8 @@ spec:
# cpu: 100m
# memory: 128Mi
# limits:
# cpu: 500m
# memory: 512Mi
# cpu: 50m
# memory: 128Mi
# podSecurityContext:
# runAsUser: 1000
# fsGroup: 1000
deploy/k8s/service/notification/notification-api.yaml
+2 -2
View File
@@ -36,8 +36,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
deploy/k8s/service/notification/notification-rpc.yaml
+6 -6
View File
@@ -66,8 +66,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
@@ -195,8 +195,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
redisSecret:
name: notification-redis
key: password
@@ -231,8 +231,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
deploy/k8s/service/objectstory/objectstory-api.yaml
+2 -2
View File
@@ -35,8 +35,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
deploy/k8s/service/objectstory/objectstory-rpc.yaml
+2 -2
View File
@@ -35,8 +35,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
deploy/k8s/service/order/order-api.yaml
+2 -2
View File
@@ -36,8 +36,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
deploy/k8s/service/order/order-rpc.yaml
+6 -6
View File
@@ -66,8 +66,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
@@ -195,8 +195,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
redisSecret:
name: order-redis
key: password
@@ -231,8 +231,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
deploy/k8s/service/player/player-api.yaml
+2 -2
View File
@@ -35,8 +35,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
deploy/k8s/service/player/player-rpc.yaml
+6 -6
View File
@@ -66,8 +66,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
@@ -166,8 +166,8 @@ spec:
# cpu: 100m
# memory: 128Mi
# limits:
# cpu: 500m
# memory: 512Mi
# cpu: 50m
# memory: 128Mi
# redisSecret: # 记得创建密码
# name: player-rpc-redis
# key: password
@@ -204,8 +204,8 @@ spec:
# cpu: 100m
# memory: 128Mi
# limits:
# cpu: 500m
# memory: 512Mi
# cpu: 50m
# memory: 128Mi
# podSecurityContext:
# runAsUser: 1000
# fsGroup: 1000
deploy/k8s/service/review/review-api.yaml
+2 -2
View File
@@ -36,8 +36,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
deploy/k8s/service/review/review-rpc.yaml
+6 -6
View File
@@ -66,8 +66,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
@@ -195,8 +195,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
redisSecret:
name: review-redis
key: password
@@ -231,8 +231,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
deploy/k8s/service/search/search-api.yaml
+2 -2
View File
@@ -36,8 +36,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
deploy/k8s/service/search/search-rpc.yaml
+6 -6
View File
@@ -66,8 +66,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
@@ -195,8 +195,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
redisSecret:
name: search-redis
key: password
@@ -231,8 +231,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
deploy/k8s/service/shop/shop-api.yaml
+2 -2
View File
@@ -35,8 +35,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
deploy/k8s/service/shop/shop-rpc.yaml
+6 -6
View File
@@ -65,8 +65,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
@@ -165,8 +165,8 @@ spec:
# cpu: 100m
# memory: 128Mi
# limits:
# cpu: 500m
# memory: 512Mi
# cpu: 50m
# memory: 128Mi
# redisSecret: # 记得创建密码
# name: shop-rpc-redis
# key: password
@@ -203,8 +203,8 @@ spec:
# cpu: 100m
# memory: 128Mi
# limits:
# cpu: 500m
# memory: 512Mi
# cpu: 50m
# memory: 128Mi
# podSecurityContext:
# runAsUser: 1000
# fsGroup: 1000
deploy/k8s/service/snowflake/snowflake.yaml
+2 -2
View File
@@ -35,8 +35,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
deploy/k8s/service/user/user-api.yaml
+2 -2
View File
@@ -36,8 +36,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
deploy/k8s/service/user/user-rpc.yaml
+6 -6
View File
@@ -82,8 +82,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
@@ -178,8 +178,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
redisSecret:
name: user-redis
key: password
@@ -216,8 +216,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
deploy/k8s/service/user_verifications/user-verifications-rpc.yaml
+6 -6
View File
@@ -66,8 +66,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
@@ -195,8 +195,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
redisSecret:
name: user-verifications-redis
key: password
@@ -231,8 +231,8 @@ spec:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
deploy/k8s/service/wallet/wallet-api.yaml
+2 -2
View File
@@ -35,8 +35,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
deploy/k8s/service/wallet/wallet-rpc.yaml
+6 -6
View File
@@ -65,8 +65,8 @@ spec:
periodSeconds: 20
resources:
requests:
cpu: 500m
memory: 512Mi
cpu: 50m
memory: 128Mi
limits:
cpu: 1000m
memory: 1024Mi
@@ -165,8 +165,8 @@ spec:
# cpu: 100m
# memory: 128Mi
# limits:
# cpu: 500m
# memory: 512Mi
# cpu: 50m
# memory: 128Mi
# redisSecret: # 记得创建密码
# name: wallet-rpc-redis
# key: password
@@ -203,8 +203,8 @@ spec:
# cpu: 100m
# memory: 128Mi
# limits:
# cpu: 500m
# memory: 512Mi
# cpu: 50m
# memory: 128Mi
# podSecurityContext:
# runAsUser: 1000
# fsGroup: 1000