apiVersion: apps/v1 kind: Deployment metadata: name: user-rpc namespace: juwan labels: app: user-rpc spec: replicas: 3 revisionHistoryLimit: 5 selector: matchLabels: app: user-rpc # .Name template: metadata: labels: app: user-rpc spec: # serviceAccountName: find-endpoints serviceAccountName: user-rpc initContainers: # 等待数据库就绪的 Init Container 不影响资源使用但是影响调度策略(也可以忽略不计) - name: wait-for-db image: busybox:1.36 command: [ "sh", "-c", 'until nc -z -v -w5 user-db-rw 5432; do echo "Waiting for database..."; sleep 2; done;', ] containers: - name: user-rpc # image: 103.236.53.208:4418/library/user-rpc@sha256:28d785c4152d28b5cb368316e0fb3d48d728303e4439cdce13ebdbc5af8d19ce image: 103.236.53.208:4418/juwan/user-rpc:latest imagePullPolicy: Always ports: - containerPort: 9001 - containerPort: 4001 env: - name: DB_PORT valueFrom: secretKeyRef: name: user-db-app key: port - name: DB_PASSWORD valueFrom: secretKeyRef: name: user-db-app key: password - name: PD_USERNAME valueFrom: secretKeyRef: name: user-db-app key: username - name: DB_NAME valueFrom: secretKeyRef: name: user-db-app key: dbname - name: REDIS_M_HOST value: "user-redis-master.juwan:6379" - name: REDIS_S_HOST value: "user-redis-replica.juwan:6379" - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: user-redis key: password - name: JWT_SECRET_KEY valueFrom: secretKeyRef: name: jwt-secret key: secret-key readinessProbe: tcpSocket: port: 9001 initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: tcpSocket: port: 9001 initialDelaySeconds: 15 periodSeconds: 20 resources: requests: cpu: 500m memory: 512Mi limits: cpu: 1000m memory: 1024Mi volumeMounts: - name: timezone mountPath: /etc/localtime volumes: - name: timezone hostPath: path: /usr/share/zoneinfo/Asia/Shanghai --- apiVersion: v1 kind: Service metadata: name: user-rpc-svc namespace: juwan annotations: prometheus.io/scrape: "true" prometheus.io/port: "4001" prometheus.io/path: "/metrics" spec: ports: - name: rpc port: 9001 targetPort: 9001 - name: metrics port: 4001 targetPort: 4001 selector: app: user-rpc --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: user-rpc-hpa-c namespace: juwan labels: app: user-rpc-hpa-c spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: user-rpc minReplicas: 3 maxReplicas: 10 metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 80 --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: user-rpc-hpa-m namespace: juwan labels: app: user-rpc-hpa-m spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: user-rpc minReplicas: 3 maxReplicas: 10 metrics: - type: Resource resource: name: memory target: type: Utilization averageUtilization: 80 --- # Redis 主从复制 apiVersion: redis.redis.opstreelabs.in/v1beta2 kind: RedisReplication metadata: name: user-redis namespace: juwan spec: clusterSize: 3 kubernetesConfig: image: quay.io/opstree/redis:v7.0.12 imagePullPolicy: IfNotPresent resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 512Mi redisSecret: name: user-redis key: password redisExporter: enabled: true image: quay.io/opstree/redis-exporter:latest imagePullPolicy: Always podSecurityContext: runAsUser: 1000 fsGroup: 1000 storage: volumeClaimTemplate: spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 1Gi --- # Sentinel 监控 apiVersion: redis.redis.opstreelabs.in/v1beta2 kind: RedisSentinel metadata: name: user-redis-sentinel namespace: juwan spec: clusterSize: 3 kubernetesConfig: image: quay.io/opstree/redis-sentinel:v7.0.12 imagePullPolicy: IfNotPresent resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 512Mi podSecurityContext: runAsUser: 1000 fsGroup: 1000 redisSentinelConfig: redisReplicationName: user-redis masterGroupName: mymaster redisPort: "6379" quorum: "2" downAfterMilliseconds: "5000" failoverTimeout: "10000" parallelSyncs: "1" --- # PostgreSQL 集群 apiVersion: postgresql.cnpg.io/v1 kind: Cluster metadata: namespace: juwan name: user-db spec: instances: 3 primaryUpdateStrategy: unsupervised bootstrap: initdb: database: app owner: app # 只在 PVC 为空时初始化 postInitSQL: - CREATE EXTENSION IF NOT EXISTS pg_stat_statements; backup: barmanObjectStore: destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/ endpointURL: https://cn-nb1.rains3.com s3Credentials: accessKeyId: name: rc-creds key: ACCESS_KEY_ID secretAccessKey: name: rc-creds key: SECRET_ACCESS_KEY wal: compression: gzip storage: size: 1Gi monitoring: enablePodMonitor: true