gitadmin/erp-java
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d4cf2846de
erp-java/infrastructure/kubernetes/erp-global-infra.yaml

260 lines
6.5 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

apiVersion: v1
kind: Namespace
metadata:
name: erp-prod
labels:
name: erp-prod
environment: production
---
apiVersion: v1
kind: Namespace
metadata:
name: erp-infra
labels:
name: erp-infra
environment: production
---
# ============================================================
# 全局ERP ConfigMap
# ============================================================
apiVersion: v1
kind: ConfigMap
metadata:
name: erp-config
namespace: erp-prod
data:
# Nacos配置中心
NACOS_HOST: "nacos.erp-infra.svc.cluster.local"
NACOS_PORT: "8848"
NACOS_NAMESPACE: "prod"
NACOS_GROUP: "DEFAULT_GROUP"
# 数据库
DB_HOST: "mysql.erp-infra.svc.cluster.local"
DB_PORT: "3306"
DB_NAME: "erp_java"
DB_USERNAME: "erp_user"
# Redis
REDIS_HOST: "redis.erp-infra.svc.cluster.local"
REDIS_PORT: "6379"
REDIS_DB: "0"
# RocketMQ
ROCKETMQ_NAMESRV_ADDR: "rocketmq.erp-infra.svc.cluster.local:9876"
# Seata
SEATA_SERVER_ADDR: "seata.erp-infra.svc.cluster.local:8091"
# MinIO
MINIO_ENDPOINT: "http://minio.erp-infra.svc.cluster.local:9000"
MINIO_BUCKET: "erp"
# SkyWalking
SW_OAP_ADDR: "skywalking-oap.erp-infra.svc.cluster.local:11800"
# 应用公共配置
SPRING_PROFILES_ACTIVE: "prod"
JAVA_OPTS: "-Xms512m -Xmx1024m -XX:+UseG1GC -XX:+HeapDumpOnOutOfMemoryError"
LOG_LEVEL: "INFO"
ENABLE_PROMETHEUS: "true"
METRICS_PATH: "/actuator/prometheus"
---
# ============================================================
# 全局ERP Secrets生产环境请使用Vault/AWS Secrets Manager等外部密钥管理
# ============================================================
apiVersion: v1
kind: Secret
metadata:
name: erp-secrets
namespace: erp-prod
type: Opaque
stringData:
# 数据库
DB_PASSWORD: "REPLACE_WITH_DB_PASSWORD"
MYSQL_ROOT_PASSWORD: "REPLACE_WITH_ROOT_PASSWORD"
# Redis
REDIS_PASSWORD: "REPLACE_WITH_REDIS_PASSWORD"
# JWT
JWT_SECRET: "REPLACE_WITH_JWT_SECRET_MIN_32_CHARS"
# MinIO
MINIO_ACCESS_KEY: "REPLACE_WITH_MINIO_ACCESS_KEY"
MINIO_SECRET_KEY: "REPLACE_WITH_MINIO_SECRET_KEY"
# Nacos
NACOS_USERNAME: "nacos"
NACOS_PASSWORD: "REPLACE_WITH_NACOS_PASSWORD"
# Seata
SEATA_TX_VGROUP: "erp_tx_group"
SEATA_SECRET: "REPLACE_WITH_SEATA_SECRET"
---
# ============================================================
# 主Ingress - API网关入口
# ============================================================
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: erp-api-ingress
namespace: erp-prod
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "100m"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
nginx.ingress.kubernetes.io/rate-limit: "100"
nginx.ingress.kubernetes.io/rate-limit-window: "1m"
nginx.ingress.kubernetes.io/enable-access-log: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- api.erpzbbh.cn
- erpzbbh.cn
secretName: erp-api-tls
rules:
- host: api.erpzbbh.cn
http:
paths:
# 用户服务
- path: /user
pathType: Prefix
backend:
service:
name: user-service
port:
name: http
# 认证服务
- path: /auth
pathType: Prefix
backend:
service:
name: user-service
port:
name: http
# 产品服务
- path: /product
pathType: Prefix
backend:
service:
name: product-service
port:
name: http
# 订单服务
- path: /order
pathType: Prefix
backend:
service:
name: order-service
port:
name: http
# 库存服务
- path: /inventory
pathType: Prefix
backend:
service:
name: inventory-service
port:
name: http
# 租户服务
- path: /tenant
pathType: Prefix
backend:
service:
name: tenant-service
port:
name: http
# 权限服务
- path: /permission
pathType: Prefix
backend:
service:
name: permission-service
port:
name: http
# 文件服务
- path: /file
pathType: Prefix
backend:
service:
name: file-service
port:
name: http
# 报表服务
- path: /report
pathType: Prefix
backend:
service:
name: report-service
port:
name: http
# 仪表盘服务
- path: /dashboard
pathType: Prefix
backend:
service:
name: dashboard-service
port:
name: http
# 定时任务服务
- path: /task
pathType: Prefix
backend:
service:
name: scheduled-task-service
port:
name: http
---
# ============================================================
# RabbitMQ Service供需要MQ的服务使用
# ============================================================
apiVersion: v1
kind: Service
metadata:
name: rocketmq
namespace: erp-infra
labels:
app: rocketmq
spec:
type: ClusterIP
ports:
- name: namesrv
port: 9876
targetPort: 9876
- name: broker
port: 10911
targetPort: 10911
selector:
app: rocketmq
---
# ============================================================
# SkyWalking Ingress
# ============================================================
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: skywalking-ui-ingress
namespace: erp-infra
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- skywalking.erpzbbh.cn
secretName: skywalking-ui-tls
rules:
- host: skywalking.erpzbbh.cn
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: skywalking-ui
port:
name: http
Reference in New Issue View Git Blame Copy Permalink