227 lines
5.1 KiB
YAML
227 lines
5.1 KiB
YAML
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: erp-prod
|
|
labels:
|
|
name: erp-prod
|
|
environment: production
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: audit-log-service
|
|
namespace: erp-prod
|
|
labels:
|
|
app: audit-log-service
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: audit-log-service-secrets
|
|
namespace: erp-prod
|
|
type: Opaque
|
|
stringData:
|
|
DB_PASSWORD: "REPLACE_WITH_DB_PASSWORD"
|
|
REDIS_PASSWORD: "REPLACE_WITH_REDIS_PASSWORD"
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: audit-log-service-config
|
|
namespace: erp-prod
|
|
data:
|
|
SPRING_PROFILES_ACTIVE: "prod"
|
|
JAVA_OPTS: "-Xms256m -Xmx512m -XX:+UseG1GC -XX:+HeapDumpOnOutOfMemoryError"
|
|
NACOS_HOST: "nacos"
|
|
NACOS_NAMESPACE: "prod"
|
|
NACOS_PORT: "8848"
|
|
DB_HOST: "mysql"
|
|
DB_PORT: "3306"
|
|
DB_NAME: "erp_java"
|
|
DB_USERNAME: "erp_user"
|
|
REDIS_HOST: "redis"
|
|
REDIS_PORT: "6379"
|
|
REDIS_DB: "0"
|
|
SERVER_PORT: "8098"
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: audit-log-service
|
|
namespace: erp-prod
|
|
labels:
|
|
app: audit-log-service
|
|
version: v1
|
|
tier: backend
|
|
spec:
|
|
replicas: 2
|
|
revisionHistoryLimit: 10
|
|
selector:
|
|
matchLabels:
|
|
app: audit-log-service
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxSurge: 1
|
|
maxUnavailable: 0
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: audit-log-service
|
|
version: v1
|
|
tier: backend
|
|
annotations:
|
|
prometheus.io/scrape: "true"
|
|
prometheus.io/port: "8098"
|
|
prometheus.io/path: "/actuator/prometheus"
|
|
spec:
|
|
serviceAccountName: audit-log-service
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1001
|
|
fsGroup: 1001
|
|
containers:
|
|
- name: audit-log-service
|
|
image: registry.erpzbbh.cn/erp/audit-log-service:1.0.0
|
|
imagePullPolicy: Always
|
|
ports:
|
|
- name: http
|
|
containerPort: 8098
|
|
protocol: TCP
|
|
envFrom:
|
|
- configMapRef:
|
|
name: audit-log-service-config
|
|
- secretRef:
|
|
name: audit-log-service-secrets
|
|
env:
|
|
- name: POD_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
resources:
|
|
requests:
|
|
memory: "256Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "512Mi"
|
|
cpu: "500m"
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /actuator/health/liveness
|
|
port: http
|
|
initialDelaySeconds: 60
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 3
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /actuator/health/readiness
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 5
|
|
timeoutSeconds: 3
|
|
failureThreshold: 3
|
|
startupProbe:
|
|
httpGet:
|
|
path: /actuator/health/liveness
|
|
port: http
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 5
|
|
failureThreshold: 30
|
|
lifecycle:
|
|
preStop:
|
|
exec:
|
|
command: ["sh", "-c", "sleep 10"]
|
|
volumeMounts:
|
|
- name: app-logs
|
|
mountPath: /app/logs
|
|
volumes:
|
|
- name: app-logs
|
|
emptyDir: {}
|
|
topologySpreadConstraints:
|
|
- maxSkew: 1
|
|
topologyKey: kubernetes.io/hostname
|
|
whenUnsatisfiable: ScheduleAnyway
|
|
labelSelector:
|
|
matchLabels:
|
|
app: audit-log-service
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: audit-log-service
|
|
namespace: erp-prod
|
|
labels:
|
|
app: audit-log-service
|
|
spec:
|
|
type: ClusterIP
|
|
ports:
|
|
- name: http
|
|
port: 8098
|
|
targetPort: http
|
|
protocol: TCP
|
|
selector:
|
|
app: audit-log-service
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: audit-log-service-ingress
|
|
namespace: erp-prod
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
spec:
|
|
ingressClassName: nginx
|
|
tls:
|
|
- hosts:
|
|
- audit.erpzbbh.cn
|
|
secretName: audit-log-service-tls
|
|
rules:
|
|
- host: audit.erpzbbh.cn
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: audit-log-service
|
|
port:
|
|
name: http
|
|
---
|
|
apiVersion: autoscaling/v2
|
|
kind: HorizontalPodAutoscaler
|
|
metadata:
|
|
name: audit-log-service-hpa
|
|
namespace: erp-prod
|
|
spec:
|
|
scaleTargetRef:
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
name: audit-log-service
|
|
minReplicas: 2
|
|
maxReplicas: 8
|
|
metrics:
|
|
- type: Resource
|
|
resource:
|
|
name: cpu
|
|
target:
|
|
type: Utilization
|
|
averageUtilization: 70
|
|
- type: Resource
|
|
resource:
|
|
name: memory
|
|
target:
|
|
type: Utilization
|
|
averageUtilization: 80
|
|
---
|
|
apiVersion: policy/v1
|
|
kind: PodDisruptionBudget
|
|
metadata:
|
|
name: audit-log-service-pdb
|
|
namespace: erp-prod
|
|
spec:
|
|
minAvailable: 1
|
|
selector:
|
|
matchLabels:
|
|
app: audit-log-service
|