apiVersion: apps/v1 kind: Deployment metadata: name: user-rpc namespace: juwan labels: app: user-rpc spec: replicas: 1 revisionHistoryLimit: 5 selector: matchLabels: app: user-rpc template: metadata: labels: app: user-rpc spec: # serviceAccountName: find-endpoints serviceAccountName: user-rpc initContainers: # 等待数据库就绪的 Init Container 不影响资源使用但是影响调度策略(也可以忽略不计) - name: wait-for-db image: busybox:1.36 command: [ "sh", "-c", 'until nc -z -v -w5 user-db-rw 5432; do echo "Waiting for database..."; sleep 2; done;', ] containers: - name: user-rpc image: 103.236.53.208:4418/library/user-rpc@sha256:3d1d3cc02188a9b1a29a308a4867638b25b6e480e5a6bdaeb938f262f53969b7 ports: - containerPort: 9001 - containerPort: 4001 env: - name: DB_PORT valueFrom: secretKeyRef: name: user-db-app key: port - name: DB_PASSWORD valueFrom: secretKeyRef: name: user-db-app key: password - name: PD_USERNAME valueFrom: secretKeyRef: name: user-db-app key: username - name: DB_NAME valueFrom: secretKeyRef: name: user-db-app key: dbname - name: REDIS_M_HOST value: "user-redis-master.juwan:6379" - name: REDIS_S_HOST value: "user-redis-replica.juwan:6379" - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: user-redis key: password - name: JWT_SECRET_KEY valueFrom: secretKeyRef: name: jwt-secret key: secret-key readinessProbe: tcpSocket: port: 9001 initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: tcpSocket: port: 9001 initialDelaySeconds: 15 periodSeconds: 20 resources: requests: cpu: 500m memory: 512Mi limits: cpu: 1000m memory: 1024Mi volumeMounts: - name: timezone mountPath: /etc/localtime volumes: - name: timezone hostPath: path: /usr/share/zoneinfo/Asia/Shanghai --- apiVersion: v1 kind: Service metadata: name: user-rpc-svc namespace: juwan annotations: prometheus.io/scrape: "true" prometheus.io/port: "4001" prometheus.io/path: "/metrics" spec: ports: - name: rpc port: 9001 targetPort: 9001 - name: metrics port: 4001 targetPort: 4001 selector: app: user-rpc #--- #apiVersion: autoscaling/v2 #kind: HorizontalPodAutoscaler #metadata: # name: user-rpc-hpa-c # namespace: juwan # labels: # app: user-rpc-hpa-c #spec: # scaleTargetRef: # apiVersion: apps/v1 # kind: Deployment # name: user-rpc # minReplicas: 3 # maxReplicas: 10 # metrics: # - type: Resource # resource: # name: cpu # target: # type: Utilization # averageUtilization: 80 # #--- #apiVersion: autoscaling/v2 #kind: HorizontalPodAutoscaler #metadata: # name: user-rpc-hpa-m # namespace: juwan # labels: # app: user-rpc-hpa-m #spec: # scaleTargetRef: # apiVersion: apps/v1 # kind: Deployment # name: user-rpc # minReplicas: 3 # maxReplicas: 10 # metrics: # - type: Resource # resource: # name: memory # target: # type: Utilization # averageUtilization: 80 #--- ## Redis 主从复制 #apiVersion: redis.redis.opstreelabs.in/v1beta2 #kind: RedisReplication #metadata: # name: user-redis # namespace: juwan #spec: # clusterSize: 3 # kubernetesConfig: # image: quay.io/opstree/redis:v7.0.12 # imagePullPolicy: IfNotPresent # resources: # requests: # cpu: 100m # memory: 128Mi # limits: # cpu: 500m # memory: 512Mi # redisSecret: # name: user-redis # key: password # # redisExporter: # enabled: true # image: quay.io/opstree/redis-exporter:latest # imagePullPolicy: Always # podSecurityContext: # runAsUser: 1000 # fsGroup: 1000 # storage: # volumeClaimTemplate: # spec: # accessModes: ["ReadWriteOnce"] # resources: # requests: # storage: 1Gi # #--- ## Sentinel 监控 #apiVersion: redis.redis.opstreelabs.in/v1beta2 #kind: RedisSentinel #metadata: # name: user-redis-sentinel # namespace: juwan #spec: # clusterSize: 3 # kubernetesConfig: # image: quay.io/opstree/redis-sentinel:v7.0.12 # imagePullPolicy: IfNotPresent # resources: # requests: # cpu: 100m # memory: 128Mi # limits: # cpu: 500m # memory: 512Mi # podSecurityContext: # runAsUser: 1000 # fsGroup: 1000 # redisSentinelConfig: # redisReplicationName: user-redis # masterGroupName: mymaster # redisPort: "6379" # quorum: "2" # downAfterMilliseconds: "5000" # failoverTimeout: "10000" # parallelSyncs: "1" # #--- ## PostgreSQL 集群 #apiVersion: postgresql.cnpg.io/v1 #kind: Cluster #metadata: # namespace: juwan # name: user-db #spec: # instances: 3 # primaryUpdateStrategy: unsupervised # bootstrap: # initdb: # database: app # owner: app # # 只在 PVC 为空时初始化 # postInitSQL: # - CREATE EXTENSION IF NOT EXISTS pg_stat_statements; # backup: # barmanObjectStore: # destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/ # endpointURL: https://cn-nb1.rains3.com # s3Credentials: # accessKeyId: # name: rc-creds # key: SOucqRaJr4OyfcIu # secretAccessKey: # name: rc-creds # key: tn2Agj9EowMwuPA9y7TdSL0AXKsMEz # wal: # compression: gzip # storage: # size: 1Gi # monitoring: # enablePodMonitor: true