apiVersion: v1 kind: Namespace metadata: name: erp-prod labels: name: erp-prod environment: production --- apiVersion: v1 kind: ServiceAccount metadata: name: reconciliation-service namespace: erp-prod labels: app: reconciliation-service --- apiVersion: v1 kind: Secret metadata: name: reconciliation-service-secrets namespace: erp-prod type: Opaque stringData: DB_PASSWORD: "REPLACE_WITH_DB_PASSWORD" REDIS_PASSWORD: "REPLACE_WITH_REDIS_PASSWORD" --- apiVersion: v1 kind: ConfigMap metadata: name: reconciliation-service-config namespace: erp-prod data: SPRING_PROFILES_ACTIVE: "prod" JAVA_OPTS: "-Xms512m -Xmx1024m -XX:+UseG1GC" NACOS_HOST: "nacos" NACOS_NAMESPACE: "prod" NACOS_PORT: "8848" DB_HOST: "mysql" DB_PORT: "3306" DB_NAME: "erp_java" DB_USERNAME: "erp_user" REDIS_HOST: "redis" REDIS_PORT: "6379" SERVER_PORT: "8018" --- apiVersion: apps/v1 kind: Deployment metadata: name: reconciliation-service namespace: erp-prod labels: app: reconciliation-service version: v1 tier: backend spec: replicas: 2 revisionHistoryLimit: 10 selector: matchLabels: app: reconciliation-service strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 template: metadata: labels: app: reconciliation-service version: v1 tier: backend annotations: prometheus.io/scrape: "true" prometheus.io/port: "8018" prometheus.io/path: "/actuator/prometheus" spec: serviceAccountName: reconciliation-service securityContext: runAsNonRoot: true runAsUser: 1001 fsGroup: 1001 containers: - name: reconciliation-service image: registry.erpzbbh.cn/erp/reconciliation-service:1.0.0 imagePullPolicy: Always ports: - name: http containerPort: 8018 protocol: TCP envFrom: - configMapRef: name: reconciliation-service-config - secretRef: name: reconciliation-service-secrets resources: requests: memory: "512Mi" cpu: "250m" limits: memory: "1Gi" cpu: "1000m" livenessProbe: httpGet: path: /actuator/health/liveness port: http initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: httpGet: path: /actuator/health/readiness port: http initialDelaySeconds: 30 periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 3 startupProbe: httpGet: path: /actuator/health/liveness port: http initialDelaySeconds: 10 periodSeconds: 5 failureThreshold: 30 lifecycle: preStop: exec: command: ["sh", "-c", "sleep 10"] volumeMounts: - name: app-logs mountPath: /app/logs volumes: - name: app-logs emptyDir: {} topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: ScheduleAnyway labelSelector: matchLabels: app: reconciliation-service --- apiVersion: v1 kind: Service metadata: name: reconciliation-service namespace: erp-prod spec: type: ClusterIP ports: - name: http port: 8018 targetPort: http selector: app: reconciliation-service --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: reconciliation-service-ingress namespace: erp-prod annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: ingressClassName: nginx tls: - hosts: - reconciliation.erpzbbh.cn secretName: reconciliation-service-tls rules: - host: reconciliation.erpzbbh.cn http: paths: - path: / pathType: Prefix backend: service: name: reconciliation-service port: name: http --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: reconciliation-service-hpa namespace: erp-prod spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: reconciliation-service minReplicas: 2 maxReplicas: 10 metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 70 - type: Resource resource: name: memory target: type: Utilization averageUtilization: 80 --- apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: reconciliation-service-pdb namespace: erp-prod spec: minAvailable: 1 selector: matchLabels: app: reconciliation-service