wwweww
267 lines
6.1 KiB
YAML
267 lines
6.1 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: user-rpc
|
|
namespace: juwan
|
|
labels:
|
|
app: user-rpc
|
|
spec:
|
|
replicas: 3
|
|
revisionHistoryLimit: 5
|
|
selector:
|
|
matchLabels:
|
|
app: user-rpc # .Name
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: user-rpc
|
|
spec:
|
|
# serviceAccountName: find-endpoints
|
|
serviceAccountName: user-rpc
|
|
initContainers: # 等待数据库就绪的 Init Container 不影响资源使用但是影响调度策略(也可以忽略不计)
|
|
- name: wait-for-db
|
|
image: busybox:1.36
|
|
command:
|
|
[
|
|
"sh",
|
|
"-c",
|
|
'until nc -z -v -w5 user-db-rw 5432; do echo "Waiting for database..."; sleep 2; done;',
|
|
]
|
|
containers:
|
|
- name: user-rpc
|
|
# image: 103.236.53.208:4418/library/user-rpc@sha256:28d785c4152d28b5cb368316e0fb3d48d728303e4439cdce13ebdbc5af8d19ce
|
|
image: 103.236.53.208:4418/juwan/user-rpc:latest
|
|
imagePullPolicy: Always
|
|
ports:
|
|
- containerPort: 9001
|
|
- containerPort: 4001
|
|
env:
|
|
- name: DB_PORT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: user-db-app
|
|
key: port
|
|
- name: DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: user-db-app
|
|
key: password
|
|
- name: PD_USERNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: user-db-app
|
|
key: username
|
|
- name: DB_NAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: user-db-app
|
|
key: dbname
|
|
- name: REDIS_M_HOST
|
|
value: "user-redis-master.juwan:6379"
|
|
- name: REDIS_S_HOST
|
|
value: "user-redis-replica.juwan:6379"
|
|
- name: REDIS_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: user-redis
|
|
key: password
|
|
- name: JWT_SECRET_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: jwt-secret
|
|
key: secret-key
|
|
readinessProbe:
|
|
tcpSocket:
|
|
port: 9001
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
livenessProbe:
|
|
tcpSocket:
|
|
port: 9001
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 20
|
|
resources:
|
|
requests:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1024Mi
|
|
volumeMounts:
|
|
- name: timezone
|
|
mountPath: /etc/localtime
|
|
volumes:
|
|
- name: timezone
|
|
hostPath:
|
|
path: /usr/share/zoneinfo/Asia/Shanghai
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: user-rpc-svc
|
|
namespace: juwan
|
|
annotations:
|
|
prometheus.io/scrape: "true"
|
|
prometheus.io/port: "4001"
|
|
prometheus.io/path: "/metrics"
|
|
spec:
|
|
ports:
|
|
- name: rpc
|
|
port: 9001
|
|
targetPort: 9001
|
|
- name: metrics
|
|
port: 4001
|
|
targetPort: 4001
|
|
selector:
|
|
app: user-rpc
|
|
|
|
---
|
|
apiVersion: autoscaling/v2
|
|
kind: HorizontalPodAutoscaler
|
|
metadata:
|
|
name: user-rpc-hpa-c
|
|
namespace: juwan
|
|
labels:
|
|
app: user-rpc-hpa-c
|
|
spec:
|
|
scaleTargetRef:
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
name: user-rpc
|
|
minReplicas: 3
|
|
maxReplicas: 10
|
|
metrics:
|
|
- type: Resource
|
|
resource:
|
|
name: cpu
|
|
target:
|
|
type: Utilization
|
|
averageUtilization: 80
|
|
|
|
---
|
|
apiVersion: autoscaling/v2
|
|
kind: HorizontalPodAutoscaler
|
|
metadata:
|
|
name: user-rpc-hpa-m
|
|
namespace: juwan
|
|
labels:
|
|
app: user-rpc-hpa-m
|
|
spec:
|
|
scaleTargetRef:
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
name: user-rpc
|
|
minReplicas: 3
|
|
maxReplicas: 10
|
|
metrics:
|
|
- type: Resource
|
|
resource:
|
|
name: memory
|
|
target:
|
|
type: Utilization
|
|
averageUtilization: 80
|
|
---
|
|
# Redis 主从复制
|
|
apiVersion: redis.redis.opstreelabs.in/v1beta2
|
|
kind: RedisReplication
|
|
metadata:
|
|
name: user-redis
|
|
namespace: juwan
|
|
spec:
|
|
clusterSize: 3
|
|
kubernetesConfig:
|
|
image: quay.io/opstree/redis:v7.0.12
|
|
imagePullPolicy: IfNotPresent
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
redisSecret:
|
|
name: user-redis
|
|
key: password
|
|
|
|
redisExporter:
|
|
enabled: true
|
|
image: quay.io/opstree/redis-exporter:latest
|
|
imagePullPolicy: Always
|
|
podSecurityContext:
|
|
runAsUser: 1000
|
|
fsGroup: 1000
|
|
storage:
|
|
volumeClaimTemplate:
|
|
spec:
|
|
accessModes: ["ReadWriteOnce"]
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
|
|
---
|
|
# Sentinel 监控
|
|
apiVersion: redis.redis.opstreelabs.in/v1beta2
|
|
kind: RedisSentinel
|
|
metadata:
|
|
name: user-redis-sentinel
|
|
namespace: juwan
|
|
spec:
|
|
clusterSize: 3
|
|
kubernetesConfig:
|
|
image: quay.io/opstree/redis-sentinel:v7.0.12
|
|
imagePullPolicy: IfNotPresent
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
podSecurityContext:
|
|
runAsUser: 1000
|
|
fsGroup: 1000
|
|
redisSentinelConfig:
|
|
redisReplicationName: user-redis
|
|
masterGroupName: mymaster
|
|
redisPort: "6379"
|
|
quorum: "2"
|
|
downAfterMilliseconds: "5000"
|
|
failoverTimeout: "10000"
|
|
parallelSyncs: "1"
|
|
|
|
---
|
|
# PostgreSQL 集群
|
|
apiVersion: postgresql.cnpg.io/v1
|
|
kind: Cluster
|
|
metadata:
|
|
namespace: juwan
|
|
name: user-db
|
|
spec:
|
|
instances: 3
|
|
primaryUpdateStrategy: unsupervised
|
|
bootstrap:
|
|
initdb:
|
|
database: app
|
|
owner: app
|
|
# 只在 PVC 为空时初始化
|
|
postInitSQL:
|
|
- CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
|
|
backup:
|
|
barmanObjectStore:
|
|
destinationPath: s3://juwan-dev-pg-backups-zj/pg-data/
|
|
endpointURL: https://cn-nb1.rains3.com
|
|
s3Credentials:
|
|
accessKeyId:
|
|
name: rc-creds
|
|
key: ACCESS_KEY_ID
|
|
secretAccessKey:
|
|
name: rc-creds
|
|
key: SECRET_ACCESS_KEY
|
|
wal:
|
|
compression: gzip
|
|
storage:
|
|
size: 1Gi
|
|
monitoring:
|
|
enablePodMonitor: true
|