8.9 KiB
8.9 KiB
ERP Java Backend 部署文档
📁 目录结构
erp-java-backend/
├── docker-compose.yml # 全量Docker Compose(本地开发/测试)
├── infrastructure/
│ ├── kubernetes/
│ │ ├── erp-global-infra.yaml # 全局K8s配置(ConfigMap/Secret/Ingress)
│ │ ├── erp-db-init-job.yaml # 数据库初始化Job
│ │ └── kustomization.yaml # Kustomization配置
│ └── mysql/
│ └── init.sql # 数据库初始化SQL
├── gateway/
│ └── docker/
│ ├── Dockerfile # API网关Dockerfile
│ └── docker-compose.yml # 网关独立部署
└── services/
├── {service-name}/
│ ├── Dockerfile # 多阶段构建Dockerfile
│ ├── docker-compose.yml # 服务独立部署
│ └── k8s/
│ └── deployment.yaml # K8s完整部署(含HPA/PDB/Ingress)
🚀 快速开始
1. 本地Docker Compose启动(推荐开发测试用)
cd erp-java-backend
# 启动所有基础设施服务
docker-compose up -d mysql redis nacos
# 启动网关
docker-compose up -d gateway
# 按需启动业务服务
docker-compose up -d user-service product-service order-service
2. 本地构建并启动
# 构建所有服务镜像
docker-compose build
# 启动全部服务
docker-compose up -d
# 查看服务状态
docker-compose ps
# 查看日志
docker-compose logs -f user-service
3. 单服务独立部署
cd services/user-service
# 构建镜像
docker build -t erp-user-service:1.0.0 -f Dockerfile ../..
# 启动服务
docker-compose up -d
# 查看日志
docker logs -f erp-user-service
☸️ Kubernetes部署
前置要求
- Kubernetes 1.25+
- kubectl configured
- Ingress Controller (nginx-ingress)
- StorageClass (用于持久化存储)
部署步骤
# 1. 创建命名空间
kubectl apply -f infrastructure/kubernetes/erp-global-infra.yaml
# 2. 部署基础设施(MySQL/Redis/Nacos等)
# 参考 infrastructure/kubernetes/ 下的各服务配置
# 3. 部署业务服务
for svc in user product order inventory tenant; do
kubectl apply -f services/${svc}-service/k8s/deployment.yaml
done
# 4. 使用Kustomization一键部署
kubectl apply -k infrastructure/kubernetes/
# 5. 验证部署
kubectl get pods -n erp-prod
kubectl get svc -n erp-prod
kubectl get ingress -n erp-prod
HPA自动扩缩容
所有服务均已配置HPA,基于CPU和内存利用率自动扩缩:
# 示例:user-service HPA配置
spec:
minReplicas: 3 # 最小3个副本
maxReplicas: 10 # 最大10个副本
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70 # CPU 70%时扩容
PDB保护
所有服务配置了PodDisruptionBudget,保证滚动更新时最小可用副本数:
kubectl get pdb -n erp-prod
🔧 服务端口映射
| 服务 | 端口 | K8s Service | Ingress域名 |
|---|---|---|---|
| gateway | 8080 | gateway | api.erpzbbh.cn |
| user-service | 8082 | user-service | user.erpzbbh.cn |
| admin-service | 8081 | admin-service | admin.erpzbbh.cn |
| product-service | 8083 | product-service | product.erpzbbh.cn |
| tenant-service | 8083 | tenant-service | tenant.erpzbbh.cn |
| permission-service | 8084 | permission-service | permission.erpzbbh.cn |
| inventory-service | 8084 | inventory-service | inventory.erpzbbh.cn |
| order-service | 8082 | order-service | order.erpzbbh.cn |
| file-service | 8082 | file-service | file.erpzbbh.cn |
| scheduled-task-service | 8088 | scheduled-task-service | task.erpzbbh.cn |
| approval-flow-service | 8086 | approval-flow-service | approval.erpzbbh.cn |
| customer-service | 8086 | customer-service | customer.erpzbbh.cn |
| supplier-service | 8086 | supplier-service | supplier.erpzbbh.cn |
| invoice-service | 8086 | invoice-service | invoice.erpzbbh.cn |
| logistics-service | 8086 | logistics-service | logistics.erpzbbh.cn |
| waybill-service | 8086 | waybill-service | waybill.erpzbbh.cn |
| dashboard-service | 8086 | dashboard-service | dashboard.erpzbbh.cn |
| finance-service | 8007 | finance-service | finance.erpzbbh.cn |
| purchase-service | 8010 | purchase-service | purchase.erpzbbh.cn |
| reconciliation-service | 8018 | reconciliation-service | reconciliation.erpzbbh.cn |
| report-service | 8084 | report-service | report.erpzbbh.cn |
| sku-match-service | 8084 | sku-match-service | skumatch.erpzbbh.cn |
| notification-service | 8087 | notification-service | notification.erpzbbh.cn |
| system-tool-service | 8087 | system-tool-service | systemtool.erpzbbh.cn |
| print-service | 8089 | print-service | print.erpzbbh.cn |
| aftersale-service | 8087 | aftersale-service | aftersale.erpzbbh.cn |
| audit-log-service | 8098 | audit-log-service | audit.erpzbbh.cn |
| category-service | 8085 | category-service | category.erpzbbh.cn |
| data-import-export-service | 8088 | data-import-export-service | dataie.erpzbbh.cn |
| warehouse-service | 8084 | warehouse-service | warehouse.erpzbbh.cn |
| ai-service | 8087 | ai-service | ai.erpzbbh.cn |
🐳 Dockerfile规范
所有Dockerfile统一使用多阶段构建:
# Stage 1: Build
FROM maven:3.9-eclipse-temurin-17-alpine AS builder
WORKDIR /app
COPY pom.xml .
RUN mvn dependency:go-offline -B # 利用Docker缓存
COPY . .
WORKDIR /app/services/{service}
RUN mvn clean package -DskipTests -B
# Stage 2: Runtime
FROM eclipse-temurin:17-jre-alpine
RUN addgroup -g 1001 -S appgroup && \
adduser -u 1001 -S appuser -G appgroup
WORKDIR /app
COPY --from=builder /app/services/{service}/target/*.jar app.jar
RUN chown appuser:appgroup app.jar
ENV JAVA_OPTS="-Xms512m -Xmx1024m -XX:+UseG1GC"
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD wget -q --spider http://localhost:{port}/actuator/health || exit 1
EXPOSE {port}
USER appuser
ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS -jar app.jar"]
🔍 健康检查
所有服务暴露以下健康检查端点:
/actuator/health- 基础健康检查/actuator/health/liveness- K8s livenessProbe/actuator/health/readiness- K8s readinessProbe/actuator/prometheus- Prometheus监控指标
📊 资源限制
| 服务类型 | CPU Request | CPU Limit | Memory Request | Memory Limit |
|---|---|---|---|---|
| 重量级服务 | 250m | 1000m | 512Mi | 1Gi |
| 轻量级服务 | 100m | 500m | 256Mi | 512Mi |
| 基础设施 | 100m | 500m | 256Mi | 512Mi |
🔐 安全配置
- 所有容器以非root用户运行 (UID 1001)
- 使用Alpine轻量级基础镜像
- 敏感配置通过K8s Secret注入
- 生产环境建议使用外部密钥管理(Vault/AWS Secrets Manager)
📝 数据库迁移
K8s Job方式(推荐生产)
# 部署数据库初始化Job
kubectl apply -f infrastructure/kubernetes/erp-db-init-job.yaml
# 查看Job状态
kubectl get job erp-db-init -n erp-prod
kubectl logs job/erp-db-init -n erp-prod
Docker Compose方式
# 初始化脚本会自动执行 init.sql
docker-compose up -d mysql
🌐 Ingress配置
所有服务均配置了TLS Ingress,示例:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: user-service-ingress
namespace: erp-prod
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "10m"
spec:
ingressClassName: nginx
tls:
- hosts:
- user-service.erpzbbh.cn
secretName: user-service-tls
rules:
- host: user-service.erpzbbh.cn
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: user-service
port:
name: http
🔧 故障排查
# 查看Pod日志
kubectl logs -f deployment/user-service -n erp-prod
# 进入Pod调试
kubectl exec -it deployment/user-service -n erp-prod -- sh
# 查看Pod事件
kubectl describe pod -n erp-prod -l app=user-service
# 查看资源使用
kubectl top pod -n erp-prod
# 重启Deployment
kubectl rollout restart deployment/user-service -n erp-prod
# 回滚到上一版本
kubectl rollout undo deployment/user-service -n erp-prod
📋 环境变量参考
| 变量名 | 说明 | 示例值 |
|---|---|---|
| SPRING_PROFILES_ACTIVE | 激活的配置环境 | prod |
| NACOS_SERVER_ADDR | Nacos地址 | nacos:8848 |
| NACOS_NAMESPACE | Nacos命名空间 | prod |
| DB_HOST | 数据库主机 | mysql |
| DB_PORT | 数据库端口 | 3306 |
| DB_NAME | 数据库名 | erp_java |
| DB_USERNAME | 数据库用户名 | erp_user |
| DB_PASSWORD | 数据库密码 | * |
| REDIS_HOST | Redis主机 | redis |
| REDIS_PORT | Redis端口 | 6379 |
| REDIS_PASSWORD | Redis密码 | * |
| JAVA_OPTS | JVM参数 | -Xms512m -Xmx1024m |