From: 刘洪青 <hongqing.liu@supwisdom.com>
Date: Fri, 11 Oct 2019 08:02:03 +0000 (+0800)
Subject: chore: k8s部署脚本
X-Git-Url: https://source.supwisdom.com/gerrit/gitweb?a=commitdiff_plain;h=6486457e9a41c4d8e6604dda41465774293576b4;p=institute%2Fsw-backend.git

chore: k8s部署脚本
---

diff --git a/deploy-manifests/k8s/01-sw-backend-base.yaml b/deploy-manifests/k8s/01-sw-backend-base.yaml
index ac92dd7..7993ba3 100644
--- a/deploy-manifests/k8s/01-sw-backend-base.yaml
+++ b/deploy-manifests/k8s/01-sw-backend-base.yaml
@@ -51,3 +51,121 @@ subsets:
       - name: tcp-mysql
         port: 10021
         protocol: TCP
+
+####################################################
+# redis-server
+####################################################
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: sw-admin-framework
+  name: redis-server
+  labels:
+    app: redis
+    release: redis-server
+type: Opaque
+data:
+  REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: sw-admin-framework
+  name: redis-server
+  labels:
+    app: redis
+    release: redis-server
+spec:
+  ports:
+  - name: redis
+    port: 6379
+    protocol: TCP
+    targetPort: redis
+  selector:
+    app: redis
+    release: redis-server
+    role: master
+  type: ClusterIP
+---
+apiVersion: apps/v1beta2
+kind: StatefulSet
+metadata:
+  namespace: sw-admin-framework
+  name: redis-server
+  labels:
+    app: redis
+    release: redis-server
+spec:
+  podManagementPolicy: OrderedReady
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: redis
+      release: redis-server
+      role: master
+  serviceName: redis-master
+  template:
+    metadata:
+      labels:
+        app: redis
+        release: redis-server
+        role: master
+    spec:
+      containers:
+      - name: redis-server
+        env:
+        - name: REDIS_DISABLE_COMMANDS
+          value: FLUSHDB,FLUSHALL
+        - name: REDIS_REPLICATION_MODE
+          value: master
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: redis-server
+              key: REDIS_PASSWORD
+        image: bitnami/redis:4.0
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          exec:
+            command:
+            - redis-cli
+            - ping
+          failureThreshold: 5
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 5
+        ports:
+        - containerPort: 6379
+          name: redis
+          protocol: TCP
+        readinessProbe:
+          exec:
+            command:
+            - redis-cli
+            - ping
+          failureThreshold: 5
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        volumeMounts:
+        - mountPath: /bitnami/redis/data
+          name: redis-data
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      securityContext:
+        fsGroup: 1001
+        # runAsUser: 1001
+        # https://github.com/bitnami/bitnami-docker-redis/issues/106#issuecomment-388884372
+        runAsUser: 0
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - emptyDir: {}
+        name: redis-data
+  updateStrategy:
+    rollingUpdate:
+      partition: 0
+    type: RollingUpdate
diff --git a/deploy-manifests/k8s/04-1-sw-backend-gateway.yaml b/deploy-manifests/k8s/04-1-sw-backend-gateway.yaml
index e888025..b670d45 100644
--- a/deploy-manifests/k8s/04-1-sw-backend-gateway.yaml
+++ b/deploy-manifests/k8s/04-1-sw-backend-gateway.yaml
@@ -14,7 +14,7 @@ data:
 
   SW_BACKEND_BFF_API_URI: http://sw-backend-admin-bff-svc.sw-admin-framework.svc.cluster.local:8080
 
-  SW_BACKEND_BASE_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
+  #SW_BACKEND_BASE_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
   SW_BACKEND_SYSTEM_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
   SW_BACKEND_BIZ_API_URI: http://sw-backend-biz-sa-svc.sw-admin-framework.svc.cluster.local:8080
 
@@ -28,11 +28,16 @@ data:
   #APP_LOGOUT_URL: "/cas/logout"
   CAS_SERVER_HOST_URL: "https://cas.supwisdom.com/cas"
 
-  #SW_BACKEND_BASE_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
+  SW_BACKEND_BASE_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
   SW_BACKEND_BASE_API_CLIENT_AUTH_ENABLED: "false"
   #SW_BACKEND_BASE_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
   #SW_BACKEND_BASE_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
 
+  SW_BACKEND_AGENT_POA_URI: http://sw-backend-thirdparty-agent-svc.sw-admin-framework.svc.cluster.local:8080
+  SW_BACKEND_AGENT_POA_CLIENT_AUTH_ENABLED: "false"
+  #SW_BACKEND_AGENT_POA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #SW_BACKEND_AGENT_POA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+
 ---
 apiVersion: v1
 kind: Secret
@@ -51,6 +56,10 @@ data:
   #SW_BACKEND_BASE_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
   #SW_BACKEND_BASE_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
 
+  #SW_BACKEND_AGENT_POA_CLIENT_AUTH_KEY_PASSWORD: ""
+  #SW_BACKEND_AGENT_POA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #SW_BACKEND_AGENT_POA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
 ---
 apiVersion: v1
 kind: Service
@@ -90,7 +99,7 @@ spec:
     spec:
       containers:
       - name: sw-backend-gateway
-        image: harbor.supwisdom.com/sw-admin-framework/sw-backend-gateway:0.0.1-SNAPSHOT
+        image: harbor.supwisdom.com/sw-admin-framework/sw-backend-gateway:0.0.2-SNAPSHOT
         imagePullPolicy: Always
         ports:
         - containerPort: 8080
diff --git a/deploy-manifests/k8s/04-2-sw-backend-admin-bff.yaml b/deploy-manifests/k8s/04-2-sw-backend-admin-bff.yaml
index 8bb4c60..e95a904 100644
--- a/deploy-manifests/k8s/04-2-sw-backend-admin-bff.yaml
+++ b/deploy-manifests/k8s/04-2-sw-backend-admin-bff.yaml
@@ -89,7 +89,7 @@ spec:
     spec:
       containers:
       - name: sw-backend-admin-bff
-        image: harbor.supwisdom.com/sw-admin-framework/sw-backend-admin-bff:0.0.1-SNAPSHOT
+        image: harbor.supwisdom.com/sw-admin-framework/sw-backend-admin-bff:0.0.2-SNAPSHOT
         imagePullPolicy: Always
         ports:
         - containerPort: 8080
diff --git a/deploy-manifests/k8s/04-3-sw-backend-admin-sa.yaml b/deploy-manifests/k8s/04-3-sw-backend-admin-sa.yaml
index a03da7b..6d03a9a 100644
--- a/deploy-manifests/k8s/04-3-sw-backend-admin-sa.yaml
+++ b/deploy-manifests/k8s/04-3-sw-backend-admin-sa.yaml
@@ -62,7 +62,7 @@ spec:
     spec:
       containers:
       - name: sw-backend-admin-sa
-        image: harbor.supwisdom.com/sw-admin-framework/sw-backend-admin-sa:0.0.1-SNAPSHOT
+        image: harbor.supwisdom.com/sw-admin-framework/sw-backend-admin-sa:0.0.2-SNAPSHOT
         imagePullPolicy: Always
         ports:
         - containerPort: 8080
diff --git a/deploy-manifests/k8s/04-4-sw-backend-agent.yaml b/deploy-manifests/k8s/04-4-sw-backend-agent.yaml
new file mode 100644
index 0000000..67dfee5
--- /dev/null
+++ b/deploy-manifests/k8s/04-4-sw-backend-agent.yaml
@@ -0,0 +1,104 @@
+# sw-backend-agent.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: sw-admin-framework
+  name: sw-backend-thirdparty-agent-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+
+  POA_SERVER_URL: https://poa.supwisdom.com
+  POA_SCOPES: user:v1:readUser,user:v1:readOrganization,user:v1:readGroup,user:v1:readLabel,authz:v1:readRole
+
+  USER_AUTHORIZATION_SERVICE_APPLICATION_ID: "2"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: sw-admin-framework
+  name: sw-backend-thirdparty-agent-env-secret
+type: Opaque
+data:
+  #SSL_KEYSTORE_PASSWORD: ""
+  #SSL_TRUSTSTORE_PASSWORD: ""
+
+  POA_CLIENT_ID: blY4VVM5dUFkRlEwb3Z1WXBGT2xvWHRGa01FPQ==
+  POA_CLIENT_SECRET: ZERnWkF6dU5uT2pmc2JtOGlEb2h5VkNYQlUxR3dJbWVNc21rSnpqeUdoOD0=
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: sw-admin-framework
+  name: sw-backend-thirdparty-agent-svc
+  labels:
+    app: sw-backend-thirdparty-agent-svc
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: sw-backend-thirdparty-agent
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: sw-admin-framework
+  name: sw-backend-thirdparty-agent
+spec:
+  selector:
+    matchLabels:
+      app: sw-backend-thirdparty-agent
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: sw-backend-thirdparty-agent
+    spec:
+      containers:
+      - name: sw-backend-thirdparty-agent
+        image: harbor.supwisdom.com/sw-admin-framework/sw-backend-thirdparty-agent:0.0.2-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: redis-env-secret
+        - secretRef:
+            name: sw-backend-thirdparty-agent-env-secret
+        - configMapRef:
+            name: sw-backend-thirdparty-agent-env
+        resources:
+          requests:
+            memory: "400Mi"
+          limits:
+            memory: "400Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8080
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-supwisdom