apiVersion: apps/v1 kind: Deployment metadata: name: user-rpc namespace: juwan labels: app: user-rpc spec: replicas: 1 revisionHistoryLimit: 5 selector: matchLabels: app: user-rpc template: metadata: labels: app: user-rpc spec: # serviceAccountName: find-endpoints serviceAccountName: user-rpc initContainers: # 等待数据库就绪的 Init Container 不影响资源使用但是影响调度策略(也可以忽略不计) - name: wait-for-db image: busybox:1.36 command: [ "sh", "-c", 'until nc -z -v -w5 user-db-rw 5432; do echo "Waiting for database..."; sleep 2; done;', ] containers: - name: user-rpc image: 103.236.53.208:4418/library/user-rpc@sha256:28d785c4152d28b5cb368316e0fb3d48d728303e4439cdce13ebdbc5af8d19ce ports: - containerPort: 9001 - containerPort: 4001 env: - name: DB_PORT valueFrom: secretKeyRef: name: user-db-app key: port - name: DB_PASSWORD valueFrom: secretKeyRef: name: user-db-app key: password - name: PD_USERNAME valueFrom: secretKeyRef: name: user-db-app key: username - name: DB_NAME valueFrom: secretKeyRef: name: user-db-app key: dbname - name: REDIS_M_HOST value: "user-redis-master.juwan:6379" - name: REDIS_S_HOST value: "user-redis-replica.juwan:6379" - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: user-redis key: password - name: JWT_SECRET_KEY valueFrom: secretKeyRef: name: jwt-secret key: secret-key readinessProbe: tcpSocket: port: 9001 initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: tcpSocket: port: 9001 initialDelaySeconds: 15 periodSeconds: 20 resources: requests: cpu: 500m memory: 512Mi limits: cpu: 1000m memory: 1024Mi volumeMounts: - name: timezone mountPath: /etc/localtime volumes: - name: timezone hostPath: path: /usr/share/zoneinfo/Asia/Shanghai --- apiVersion: v1 kind: Service metadata: name: user-rpc-svc namespace: juwan annotations: prometheus.io/scrape: "true" prometheus.io/port: "4001" prometheus.io/path: "/metrics" spec: ports: - name: rpc port: 9001 targetPort: 9001 - name: metrics port: 4001 targetPort: 4001 selector: app: user-rpc #--- #apiVersion: autoscaling/v2 #kind: HorizontalPodAutoscaler #metadata: # name: user-rpc-hpa-c # namespace: juwan # labels: # app: user-rpc-hpa-c #spec: # scaleTargetRef: # apiVersion: apps/v1 # kind: Deployment # name: user-rpc # minReplicas: 3 # maxReplicas: 10 # metrics: # - type: Resource # resource: # name: cpu # target: # type: Utilization # averageUtilization: 80 # #--- #apiVersion: autoscaling/v2 #kind: HorizontalPodAutoscaler #metadata: # name: user-rpc-hpa-m # namespace: juwan # labels: # app: user-rpc-hpa-m #spec: # scaleTargetRef: # apiVersion: apps/v1 # kind: Deployment # name: user-rpc # minReplicas: 3 # maxReplicas: 10 # metrics: # - type: Resource # resource: # name: memory # target: # type: Utilization # averageUtilization: 80 #--- # Redis 主从复制 apiVersion: redis.redis.opstreelabs.in/v1beta2 kind: RedisReplication metadata: name: user-redis namespace: juwan spec: clusterSize: 3 kubernetesConfig: image: quay.io/opstree/redis:v7.0.12 imagePullPolicy: IfNotPresent resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 512Mi redisSecret: name: user-redis key: password redisExporter: enabled: true image: quay.io/opstree/redis-exporter:latest imagePullPolicy: Always podSecurityContext: runAsUser: 1000 fsGroup: 1000 storage: volumeClaimTemplate: spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 1Gi --- # Sentinel 监控 apiVersion: redis.redis.opstreelabs.in/v1beta2 kind: RedisSentinel metadata: name: user-redis-sentinel namespace: juwan spec: clusterSize: 3 kubernetesConfig: image: quay.io/opstree/redis-sentinel:v7.0.12 imagePullPolicy: IfNotPresent resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 512Mi podSecurityContext: runAsUser: 1000 fsGroup: 1000 redisSentinelConfig: redisReplicationName: user-redis masterGroupName: mymaster redisPort: "6379" quorum: "2" downAfterMilliseconds: "5000" failoverTimeout: "10000" parallelSyncs: "1" --- # PostgreSQL 集群 apiVersion: postgresql.cnpg.io/v1 kind: Cluster metadata: namespace: juwan name: user-db spec: instances: 3 primaryUpdateStrategy: unsupervised bootstrap: initdb: database: app owner: app # 只在 PVC 为空时初始化 postInitSQL: - CREATE EXTENSION IF NOT EXISTS pg_stat_statements; backup: barmanObjectStore: destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/ endpointURL: https://cn-nb1.rains3.com s3Credentials: accessKeyId: name: rc-creds key: ACCESS_KEY_ID secretAccessKey: name: rc-creds key: SECRET_ACCESS_KEY wal: compression: gzip storage: size: 1Gi monitoring: enablePodMonitor: true