apiVersion: v1 kind: Namespace metadata: name: erp-prod labels: name: erp-prod environment: production --- apiVersion: v1 kind: Namespace metadata: name: erp-infra labels: name: erp-infra environment: production --- # ============================================================ # 全局ERP ConfigMap # ============================================================ apiVersion: v1 kind: ConfigMap metadata: name: erp-config namespace: erp-prod data: # Nacos配置中心 NACOS_HOST: "nacos.erp-infra.svc.cluster.local" NACOS_PORT: "8848" NACOS_NAMESPACE: "prod" NACOS_GROUP: "DEFAULT_GROUP" # 数据库 DB_HOST: "mysql.erp-infra.svc.cluster.local" DB_PORT: "3306" DB_NAME: "erp_java" DB_USERNAME: "erp_user" # Redis REDIS_HOST: "redis.erp-infra.svc.cluster.local" REDIS_PORT: "6379" REDIS_DB: "0" # RocketMQ ROCKETMQ_NAMESRV_ADDR: "rocketmq.erp-infra.svc.cluster.local:9876" # Seata SEATA_SERVER_ADDR: "seata.erp-infra.svc.cluster.local:8091" # MinIO MINIO_ENDPOINT: "http://minio.erp-infra.svc.cluster.local:9000" MINIO_BUCKET: "erp" # SkyWalking SW_OAP_ADDR: "skywalking-oap.erp-infra.svc.cluster.local:11800" # 应用公共配置 SPRING_PROFILES_ACTIVE: "prod" JAVA_OPTS: "-Xms512m -Xmx1024m -XX:+UseG1GC -XX:+HeapDumpOnOutOfMemoryError" LOG_LEVEL: "INFO" ENABLE_PROMETHEUS: "true" METRICS_PATH: "/actuator/prometheus" --- # ============================================================ # 全局ERP Secrets(生产环境请使用Vault/AWS Secrets Manager等外部密钥管理) # ============================================================ apiVersion: v1 kind: Secret metadata: name: erp-secrets namespace: erp-prod type: Opaque stringData: # 数据库 DB_PASSWORD: "REPLACE_WITH_DB_PASSWORD" MYSQL_ROOT_PASSWORD: "REPLACE_WITH_ROOT_PASSWORD" # Redis REDIS_PASSWORD: "REPLACE_WITH_REDIS_PASSWORD" # JWT JWT_SECRET: "REPLACE_WITH_JWT_SECRET_MIN_32_CHARS" # MinIO MINIO_ACCESS_KEY: "REPLACE_WITH_MINIO_ACCESS_KEY" MINIO_SECRET_KEY: "REPLACE_WITH_MINIO_SECRET_KEY" # Nacos NACOS_USERNAME: "nacos" NACOS_PASSWORD: "REPLACE_WITH_NACOS_PASSWORD" # Seata SEATA_TX_VGROUP: "erp_tx_group" SEATA_SECRET: "REPLACE_WITH_SEATA_SECRET" --- # ============================================================ # 主Ingress - API网关入口 # ============================================================ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: erp-api-ingress namespace: erp-prod annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "100m" nginx.ingress.kubernetes.io/proxy-read-timeout: "300" nginx.ingress.kubernetes.io/proxy-send-timeout: "300" nginx.ingress.kubernetes.io/rate-limit: "100" nginx.ingress.kubernetes.io/rate-limit-window: "1m" nginx.ingress.kubernetes.io/enable-access-log: "true" spec: ingressClassName: nginx tls: - hosts: - api.erpzbbh.cn - erpzbbh.cn secretName: erp-api-tls rules: - host: api.erpzbbh.cn http: paths: # 用户服务 - path: /user pathType: Prefix backend: service: name: user-service port: name: http # 认证服务 - path: /auth pathType: Prefix backend: service: name: user-service port: name: http # 产品服务 - path: /product pathType: Prefix backend: service: name: product-service port: name: http # 订单服务 - path: /order pathType: Prefix backend: service: name: order-service port: name: http # 库存服务 - path: /inventory pathType: Prefix backend: service: name: inventory-service port: name: http # 租户服务 - path: /tenant pathType: Prefix backend: service: name: tenant-service port: name: http # 权限服务 - path: /permission pathType: Prefix backend: service: name: permission-service port: name: http # 文件服务 - path: /file pathType: Prefix backend: service: name: file-service port: name: http # 报表服务 - path: /report pathType: Prefix backend: service: name: report-service port: name: http # 仪表盘服务 - path: /dashboard pathType: Prefix backend: service: name: dashboard-service port: name: http # 定时任务服务 - path: /task pathType: Prefix backend: service: name: scheduled-task-service port: name: http --- # ============================================================ # RabbitMQ Service(供需要MQ的服务使用) # ============================================================ apiVersion: v1 kind: Service metadata: name: rocketmq namespace: erp-infra labels: app: rocketmq spec: type: ClusterIP ports: - name: namesrv port: 9876 targetPort: 9876 - name: broker port: 10911 targetPort: 10911 selector: app: rocketmq --- # ============================================================ # SkyWalking Ingress # ============================================================ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: skywalking-ui-ingress namespace: erp-infra annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: ingressClassName: nginx tls: - hosts: - skywalking.erpzbbh.cn secretName: skywalking-ui-tls rules: - host: skywalking.erpzbbh.cn http: paths: - path: / pathType: Prefix backend: service: name: skywalking-ui port: name: http