From 07ca7af1fc9dca4b73db0df199a52d8a0fda4086 Mon Sep 17 00:00:00 2001
From: =?utf8?q?=E5=88=98=E6=B4=AA=E9=9D=92?= <hongqing.liu@supwisdom.com>
Date: Fri, 20 Sep 2019 12:35:04 +0800
Subject: [PATCH] =?utf8?q?chore:=20k8s=20=E9=83=A8=E7=BD=B2=E8=84=9A?=
 =?utf8?q?=E6=9C=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 .../k8s/sw-backend-admin-bff.yaml             | 121 +++++++++++++++++
 deploy-manifests/k8s/sw-backend-admin-sa.yaml |  96 ++++++++++++++
 deploy-manifests/k8s/sw-backend-base.yaml     |  52 ++++++++
 deploy-manifests/k8s/sw-backend-env.yaml      |  33 +++++
 deploy-manifests/k8s/sw-backend-gateway.yaml  | 124 ++++++++++++++++++
 .../k8s/sw-backend-ingresses.yaml             |  17 +++
 6 files changed, 443 insertions(+)
 create mode 100644 deploy-manifests/k8s/sw-backend-admin-bff.yaml
 create mode 100644 deploy-manifests/k8s/sw-backend-admin-sa.yaml
 create mode 100644 deploy-manifests/k8s/sw-backend-base.yaml
 create mode 100644 deploy-manifests/k8s/sw-backend-env.yaml
 create mode 100644 deploy-manifests/k8s/sw-backend-gateway.yaml
 create mode 100644 deploy-manifests/k8s/sw-backend-ingresses.yaml

diff --git a/deploy-manifests/k8s/sw-backend-admin-bff.yaml b/deploy-manifests/k8s/sw-backend-admin-bff.yaml
new file mode 100644
index 0000000..0a91247
--- /dev/null
+++ b/deploy-manifests/k8s/sw-backend-admin-bff.yaml
@@ -0,0 +1,121 @@
+# sw-backend-admin-bff.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: sw-admin-framework
+  name: sw-backend-admin-bff-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+
+  SW_BACKEND_BASE_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
+  SW_BACKEND_BASE_API_CLIENT_AUTH_ENABLED: "false"
+  #SW_BACKEND_BASE_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #SW_BACKEND_BASE_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+
+  SW_BACKEND_SYSTEM_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
+  SW_BACKEND_SYSTEM_API_CLIENT_AUTH_ENABLED: "false"
+  #SW_BACKEND_SYSTEM_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #SW_BACKEND_SYSTEM_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+
+  SW_BACKEND_BIZ_API_URI: http://sw-backend-biz-sa-svc.sw-admin-framework.svc.cluster.local:8080
+  SW_BACKEND_BIZ_API_CLIENT_AUTH_ENABLED: "false"
+  #SW_BACKEND_BIZ_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #SW_BACKEND_BIZ_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: sw-admin-framework
+  name: sw-backend-admin-bff-env-secret
+type: Opaque
+data:
+  #SSL_KEYSTORE_PASSWORD: ""
+  #SSL_TRUSTSTORE_PASSWORD: ""
+
+  #SW_BACKEND_BASE_API_CLIENT_AUTH_KEY_PASSWORD: ""
+  #SW_BACKEND_BASE_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #SW_BACKEND_BASE_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  #SW_BACKEND_SYSTEM_API_CLIENT_AUTH_KEY_PASSWORD: ""
+  #SW_BACKEND_SYSTEM_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #SW_BACKEND_SYSTEM_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+  #SW_BACKEND_BIZ_API_CLIENT_AUTH_KEY_PASSWORD: ""
+  #SW_BACKEND_BIZ_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #SW_BACKEND_BIZ_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: sw-admin-framework
+  name: sw-backend-admin-bff-svc
+  labels:
+    app: sw-backend-admin-bff
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: sw-backend-admin-bff
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: sw-admin-framework
+  name: sw-backend-admin-bff
+spec:
+  selector:
+    matchLabels:
+      app: sw-backend-admin-bff
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: sw-backend-admin-bff
+    spec:
+      containers:
+      - name: sw-backend-admin-bff
+        image: harbor.supwisdom.com/sw-admin-framework/sw-backend-admin-bff:0.0.1-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: sw-backend-admin-bff-env-secret
+        - configMapRef:
+            name: sw-backend-admin-bff-env
+        resources:
+          requests:
+            memory: "400Mi"
+          limits:
+            memory: "400Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8080
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-supwisdom
diff --git a/deploy-manifests/k8s/sw-backend-admin-sa.yaml b/deploy-manifests/k8s/sw-backend-admin-sa.yaml
new file mode 100644
index 0000000..627f5c6
--- /dev/null
+++ b/deploy-manifests/k8s/sw-backend-admin-sa.yaml
@@ -0,0 +1,96 @@
+# sw-backend-admin-sa.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: sw-admin-framework
+  name: sw-backend-admin-sa-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: sw-admin-framework
+  name: sw-backend-admin-sa-env-secret
+type: Opaque
+data:
+  #SSL_KEYSTORE_PASSWORD: ""
+  #SSL_TRUSTSTORE_PASSWORD: ""
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: sw-admin-framework
+  name: sw-backend-admin-sa-svc
+  labels:
+    app: sw-backend-admin-sa
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: sw-backend-admin-sa
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: sw-admin-framework
+  name: sw-backend-admin-sa
+spec:
+  selector:
+    matchLabels:
+      app: sw-backend-admin-sa
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: sw-backend-admin-sa
+    spec:
+      containers:
+      - name: sw-backend-admin-sa
+        image: harbor.supwisdom.com/sw-admin-framework/sw-backend-admin-sa:0.0.1-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: datasource-env-secret
+        - secretRef:
+            name: sw-backend-admin-sa-env-secret
+        - configMapRef:
+            name: sw-backend-admin-sa-env
+        resources:
+          requests:
+            memory: "400Mi"
+          limits:
+            memory: "400Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8080
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-supwisdom
diff --git a/deploy-manifests/k8s/sw-backend-base.yaml b/deploy-manifests/k8s/sw-backend-base.yaml
new file mode 100644
index 0000000..f13a474
--- /dev/null
+++ b/deploy-manifests/k8s/sw-backend-base.yaml
@@ -0,0 +1,52 @@
+# sw-backend-base.yaml
+####################################################
+# namespace
+####################################################
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: sw-admin-framework
+  # labels:
+  #   istio-injection: enabled
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  namespace: sw-admin-framework
+  name: harbor-supwisdom
+data:
+  .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
+
+####################################################
+# mysql-server
+####################################################
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: sw-admin-framework
+  name: mysql-server
+spec:
+  ports:
+  - name: tcp-mysql
+    port: 3306
+    protocol: TCP
+    targetPort: 10021
+---
+kind: Endpoints
+apiVersion: v1
+metadata:
+  namespace: sw-admin-framework
+  name: mysql-server
+subsets:
+  - addresses:
+      - ip: 101.231.81.202
+    ports:
+      - name: tcp-mysql
+        port: 10021
+        protocol: TCP
diff --git a/deploy-manifests/k8s/sw-backend-env.yaml b/deploy-manifests/k8s/sw-backend-env.yaml
new file mode 100644
index 0000000..6c060ff
--- /dev/null
+++ b/deploy-manifests/k8s/sw-backend-env.yaml
@@ -0,0 +1,33 @@
+# sw-backend-env.yaml
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: sw-admin-framework
+  name: jvm-env
+data:
+  MAX_RAM_PERCENTAGE: "75.0"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: sw-admin-framework
+  name: datasource-env-secret
+type: Opaque
+data:
+  JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlcjozMzA2L3N3LWFkbWlu
+  JDBC_USERNAME: c3ctYWRtaW4=
+  JDBC_PASSWORD: a2luZ3N0YXI=
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: sw-admin-framework
+  name: redis-env-secret
+type: Opaque
+data:
+  SPRING_REDIS_HOST: cmVkaXMtc2VydmVy
+  SPRING_REDIS_PORT: NjM3OQ==
+  SPRING_REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
diff --git a/deploy-manifests/k8s/sw-backend-gateway.yaml b/deploy-manifests/k8s/sw-backend-gateway.yaml
new file mode 100644
index 0000000..55e4999
--- /dev/null
+++ b/deploy-manifests/k8s/sw-backend-gateway.yaml
@@ -0,0 +1,124 @@
+# sw-backend-gateway.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: sw-admin-framework
+  name: sw-backend-gateway-env
+data:
+  SERVER_PORT: "8080"
+  SSL_ENABLED: "false"
+  #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+  #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+
+  SW_BACKEND_BFF_API_URI: http://sw-backend-admin-bff-svc.sw-admin-framework.svc.cluster.local:8080
+
+  SW_BACKEND_BASE_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
+  SW_BACKEND_SYSTEM_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
+  SW_BACKEND_BIZ_API_URI: http://sw-backend-biz-sa-svc.sw-admin-framework.svc.cluster.local:8080
+
+  INFRAS_SECURITY_BASIC_REACTIVE_ENABLED: "false"
+
+  INFRAS_SECURITY_JWT_REACTIVE_ENABLED: "true"
+
+  INFRAS_SECURITY_CAS_REACTIVE_ENABLED: "false"
+  APP_SERVER_HOST_URL: "https://sw-backend.supwisdom.com"
+  #APP_LOGIN_URL: "/cas/login"
+  #APP_LOGOUT_URL: "/cas/logout"
+  CAS_SERVER_HOST_URL: "https://cas.supwisdom.com/cas"
+
+  #SW_BACKEND_BASE_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
+  SW_BACKEND_BASE_API_CLIENT_AUTH_ENABLED: "false"
+  #SW_BACKEND_BASE_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+  #SW_BACKEND_BASE_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: sw-admin-framework
+  name: sw-backend-gateway-env-secret
+type: Opaque
+data:
+  #SSL_KEYSTORE_PASSWORD: ""
+  #SSL_TRUSTSTORE_PASSWORD: ""
+
+  INFRAS_SECURITY_JWT_PUBLIC_KEY_PEM: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEMUdmZEo0M0N5N01tandpMUw2VFNMWEx5R0syNVB2c0pXRWVKOXpNNlBXa0hCUytGSmJzL0pkK0lUeUlWdWd3ZWxxNXBGT3JGSmd5WGJoQ2FxaTFCWUlSZ0tKYnJpSzFoS0lhUStWVnVVbVBFaEIweFpydGhsa0NHY1VJVHEyY3J6ZnhwTFFDUzFTZXhzaW5Dd21td09aMlpUeGNTQ1VtcnJXeFlNUDQxUXJ3SURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQ==
+  INFRAS_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNlQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQW1Jd2dnSmVBZ0VBQW9HQkFQVVo5MG5qY0xMc3lhUENMVXZwTkl0Y3ZJWXJiaysrd2xZUjRuM016bzlhUWNGTDRVbHV6OGwzNGhQSWhXNkRCNldybWtVNnNVbURKZHVFSnFxTFVGZ2hHQW9sdXVJcldFb2hwRDVWVzVTWThTRUhURm11MkdXUUlaeFFoT3JaeXZOL0drdEFKTFZKN0d5S2NMQ2FiQTVuWmxQRnhJSlNhdXRiRmd3L2pWQ3ZBZ01CQUFFQ2dZQXY1NEJPbjdaaU1pZUM2eXZCUDNZMm1zeDZDTGtKdXdYdW5wWSs4aTJaRlJIdS9xNnNsSXptR3BsRU5wZmxycFJyQyt3ZUJjZXF6NGd4ckZXR1ZhNUErV1BFTFJpeU4wNjVQaGRJdm85M2grWkFRODRBcWNQVXJ6WnBIMmROZ0QzSzB6ODlzWithNjBUM3A4aDIwM0k5enMxalpZMFdORC9IVnc3d2twZWVFUUpCQVB2V3R6dnhqVndNSkRqaVk0R012cWtPNEFJSGdtK1lqMW43TEJ6b2ZTQzFlbkRPRU1EM20renJwRXV0eXl6dmtCS1JzenVoRnB5NU0xL2FHbWtpSDVrQ1FRRDVKc0JSclF1QVVHOGZGcWlRMmM1Z0FtTmE5cHRBLzQyUHppSTRXL1N5ZTQ5TXB4RFpTVzJsZzZ2ek5raHJmSUlsMXZZa0FDRmxNTy84T2xWTUNEK0hBa0VBMTRsckJYaTAvV1MrMDVpZWhWQUtGZkxQTWExdnEwY3MyVndvNHd6dm1zRDNhL2hSU25ZaEUyS1NHTnREbXMvbHhKN0NnWFJiUUFNWnZ4MlJvUTA5Y1FKQkFNUkhCK2tRSnVoZDlUeUxrQjRVeUNVUW5JN3ppWmxwK1c2Wm1KSEh0M3pJSkRyaHZqOC9QbmJPeFM1anpDZUpQY3ByanhzTFUwT3hpczJzY3Jma0k0OENRUURYSWVVSVFna2lLenltT2Yxek5uN1ZpL0NQUlJTSzZTdWxrZGhpeURhZ3VtZGRWOS9QbFduakE5amhiczJ5L1AySkxOYUZzV2lNcXh6eGxmK2RLNlFWCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
+
+  #SW_BACKEND_BASE_API_CLIENT_AUTH_KEY_PASSWORD: ""
+  #SW_BACKEND_BASE_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+  #SW_BACKEND_BASE_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: sw-admin-framework
+  name: sw-backend-gateway-svc
+  labels:
+    app: sw-backend-gateway
+    needMonitor: 'true'
+spec:
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 6060
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    app: sw-backend-gateway
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: sw-admin-framework
+  name: sw-backend-gateway
+spec:
+  selector:
+    matchLabels:
+      app: sw-backend-gateway
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: sw-backend-gateway
+    spec:
+      containers:
+      - name: sw-backend-gateway
+        image: harbor.supwisdom.com/sw-admin-framework/sw-backend-gateway:0.0.1-SNAPSHOT
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: http
+        - containerPort: 6060
+          name: http-metrics
+        envFrom:
+        - configMapRef:
+            name: jvm-env
+        - secretRef:
+            name: redis-env-secret
+        - secretRef:
+            name: sw-backend-gateway-env-secret
+        - configMapRef:
+            name: sw-backend-gateway-env
+        resources:
+          requests:
+            memory: "400Mi"
+          limits:
+            memory: "400Mi"
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: 8080
+          initialDelaySeconds: 20
+          periodSeconds: 5
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 10
+      imagePullSecrets:
+        - name: harbor-supwisdom
diff --git a/deploy-manifests/k8s/sw-backend-ingresses.yaml b/deploy-manifests/k8s/sw-backend-ingresses.yaml
new file mode 100644
index 0000000..682475d
--- /dev/null
+++ b/deploy-manifests/k8s/sw-backend-ingresses.yaml
@@ -0,0 +1,17 @@
+# sw-backend-ingresses.yaml
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: sw-admin-framework
+  name: sw-backend-ingress
+spec:
+  rules:
+  - host: sw-backend.supwisdom.com
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: sw-backend-gateway-svc
+          servicePort: http
-- 
2.17.1