apiVersion: apps/v1
kind: Deployment
metadata:
  name: wallet-rpc
  namespace: juwan
  labels:
    app: wallet-rpc
spec:
  replicas: 3
  revisionHistoryLimit: 5
  selector:
    matchLabels:
      app: wallet-rpc
  template:
    metadata:
      labels:
        app: wallet-rpc
    spec:
      serviceAccountName: find-endpoints
      containers:
      - name: wallet-rpc
        image: 103.236.53.208:4418/juwan/wallet-rpc:latest
        ports:
        - containerPort: 8080
        - containerPort: 4001 # 暴露端口
        env:
          - name: DB_PORT
            valueFrom:
              secretKeyRef:
                name: user-db-app
                key: port
          - name: DB_PASSWORD
            valueFrom:
              secretKeyRef:
                name: user-db-app
                key: password
          - name: PD_USERNAME
            valueFrom:
              secretKeyRef:
                name: user-db-app
                key: username
          - name: DB_NAME
            valueFrom:
              secretKeyRef:
                name: user-db-app
                key: dbname
          - name: REDIS_M_HOST
            value: "user-redis-master.juwan:6379"
          - name: REDIS_S_HOST
            value: "user-redis-replica.juwan:6379"
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
                name: user-redis
                key: password
        readinessProbe:
          tcpSocket:
            port: 8080
          initialDelaySeconds: 5
          periodSeconds: 10
        livenessProbe:
          tcpSocket:
            port: 8080
          initialDelaySeconds: 15
          periodSeconds: 20
        resources:
          requests:
            cpu: 50m
            memory: 128Mi
          limits:
            cpu: 1000m
            memory: 1024Mi
        volumeMounts:
        - name: timezone
          mountPath: /etc/localtime
      volumes:
        - name: timezone
          hostPath:
            path: /usr/share/zoneinfo/Asia/Shanghai

---

apiVersion: v1
kind: Service
metadata:
  name: wallet-rpc-svc
  namespace: juwan
  annotations:
    prometheus.io/scrape: "true"
    prometheus.io/port: "4001"
    prometheus.io/path: "/metrics"
spec:
  ports:
    - name: metrics
      port: 4001
      targetPort: 4001
    - name: http
      port: 8080
      targetPort: 8080
  selector:
    app: wallet-rpc

---

apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: wallet-rpc-hpa-c
  namespace: juwan
  labels:
    app: wallet-rpc-hpa-c
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: wallet-rpc
  minReplicas: 3
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 80

---

apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: wallet-rpc-hpa-m
  namespace: juwan
  labels:
    app: wallet-rpc-hpa-m
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: wallet-rpc
  minReplicas: 3
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: memory
      target:
        type: Utilization
        averageUtilization: 80

#---
## Redis 主从复制
#apiVersion: redis.redis.opstreelabs.in/v1beta2
#kind: RedisReplication
#metadata:
#  name: wallet-rpc-redis
#  namespace: juwan
#spec:
#  clusterSize: 3
#  kubernetesConfig:
#    image: quay.io/opstree/redis:v7.0.12
#    imagePullPolicy: IfNotPresent
#    resources:
#      requests:
#        cpu: 100m
#        memory: 128Mi
#      limits:
#        cpu: 50m
#        memory: 128Mi
#    redisSecret: # 记得创建密码
#      name: wallet-rpc-redis
#      key: password
#
#  redisExporter:
#    enabled: true
#    image: quay.io/opstree/redis-exporter:latest
#    imagePullPolicy: Always
#  podSecurityContext:
#    runAsUser: 1000
#    fsGroup: 1000
#  storage:
#    volumeClaimTemplate:
#      spec:
#        accessModes: ["ReadWriteOnce"]
#        resources:
#          requests:
#            storage: 1Gi
#
#---
## Sentinel 监控
#apiVersion: redis.redis.opstreelabs.in/v1beta2
#kind: RedisSentinel
#metadata:
#  name: wallet-rpc-redis-sentinel
#  namespace: juwan
#spec:
#  clusterSize: 3
#  kubernetesConfig:
#    image: quay.io/opstree/redis-sentinel:v7.0.12
#    imagePullPolicy: IfNotPresent
#    resources:
#      requests:
#        cpu: 100m
#        memory: 128Mi
#      limits:
#        cpu: 50m
#        memory: 128Mi
#  podSecurityContext:
#    runAsUser: 1000
#    fsGroup: 1000
#  redisSentinelConfig:
#    redisReplicationName: wallet-rpc-redis
#    masterGroupName: mymaster
#    redisPort: "6379"
#    quorum: "2"
#    downAfterMilliseconds: "5000"
#    failoverTimeout: "10000"
#    parallelSyncs: "1"
#
#---
## PostgreSQL 集群
#apiVersion: postgresql.cnpg.io/v1
#kind: Cluster
#metadata:
#  namespace: juwan
#  name: wallet-rpc-db
#spec:
#  instances: 3
#  primaryUpdateStrategy: unsupervised
#  bootstrap:
#    initdb:
#      database: app
#      owner: app
#      # 只在 PVC 为空时初始化
#      postInitSQL:
#        - CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
#  backup:
#    barmanObjectStore:
#      destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/
#      endpointURL: https://cn-nb1.rains3.com
#      s3Credentials:
#        accessKeyId:
#          name: rc-creds
#          key: ACCESS_KEY_ID
#        secretAccessKey:
#          name: rc-creds
#          key: SECRET_ACCESS_KEY
#      wal:
#        compression: gzip
#  storage:
#    size: 1Gi
#  monitoring:
#    enablePodMonitor: true