| # 0.authx-service-base.yaml |
| |
| #################################################### |
| # supwisdom harbor private docker registry |
| #################################################### |
| --- |
| apiVersion: v1 |
| kind: Secret |
| type: kubernetes.io/dockerconfigjson |
| metadata: |
| namespace: authx-service |
| name: harbor-registry |
| data: |
| # 修改harbor仓库配置,并使用 base64 工具进行编码 |
| # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}} |
| .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19 |
| |
| |
| |
| #################################################### |
| # redis-server |
| #################################################### |
| |
| --- |
| apiVersion: v1 |
| kind: PersistentVolumeClaim |
| metadata: |
| namespace: authx-service |
| name: redis-data-pvc |
| spec: |
| accessModes: |
| - ReadWriteMany |
| # 根据情况修改 |
| storageClassName: nfs-client |
| resources: |
| requests: |
| storage: 10Gi |
| |
| --- |
| apiVersion: v1 |
| kind: Secret |
| metadata: |
| namespace: authx-service |
| name: redis-server |
| labels: |
| app: redis |
| release: redis-server |
| type: Opaque |
| data: |
| REDIS_PASSWORD: OEt1d29zbE9pdXc3SA== |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| namespace: authx-service |
| name: redis-server |
| labels: |
| app: redis |
| release: redis-server |
| spec: |
| ports: |
| - name: redis |
| port: 6379 |
| protocol: TCP |
| targetPort: redis |
| selector: |
| app: redis |
| release: redis-server |
| role: master |
| type: ClusterIP |
| --- |
| apiVersion: apps/v1 |
| kind: StatefulSet |
| metadata: |
| namespace: authx-service |
| name: redis-server |
| labels: |
| app: redis |
| release: redis-server |
| spec: |
| podManagementPolicy: OrderedReady |
| replicas: 1 |
| revisionHistoryLimit: 10 |
| selector: |
| matchLabels: |
| app: redis |
| release: redis-server |
| role: master |
| serviceName: redis-master |
| template: |
| metadata: |
| labels: |
| app: redis |
| release: redis-server |
| role: master |
| spec: |
| # 若使用了学校搭设的私有仓库,请增加以下配置(取消注释即可,注意这里的缩进,imagePullSecrets要对齐到本行#符号) |
| # imagePullSecrets: |
| # - name: harbor-registry |
| containers: |
| - name: redis-server |
| env: |
| - name: REDIS_DISABLE_COMMANDS |
| value: FLUSHDB,FLUSHALL |
| - name: REDIS_REPLICATION_MODE |
| value: master |
| - name: REDIS_PASSWORD |
| valueFrom: |
| secretKeyRef: |
| name: redis-server |
| key: REDIS_PASSWORD |
| # 若使用了学校搭设的私有仓库,请修改 |
| image: paas.harbor.nwpu.edu.cn/bitnami/redis:4.0 |
| # 若使用了学校搭设的私有仓库,请修改 为 Always |
| imagePullPolicy: IfNotPresent |
| # imagePullPolicy: Always |
| livenessProbe: |
| exec: |
| command: |
| - redis-cli |
| - ping |
| failureThreshold: 5 |
| initialDelaySeconds: 30 |
| periodSeconds: 10 |
| successThreshold: 1 |
| timeoutSeconds: 5 |
| ports: |
| - containerPort: 6379 |
| name: redis |
| protocol: TCP |
| readinessProbe: |
| exec: |
| command: |
| - redis-cli |
| - ping |
| failureThreshold: 5 |
| initialDelaySeconds: 5 |
| periodSeconds: 10 |
| successThreshold: 1 |
| timeoutSeconds: 1 |
| resources: |
| requests: |
| memory: "1024Mi" |
| limits: |
| memory: "1024Mi" |
| volumeMounts: |
| - mountPath: /bitnami/redis/data |
| name: redis-data |
| dnsPolicy: ClusterFirst |
| restartPolicy: Always |
| securityContext: |
| fsGroup: 0 |
| # runAsUser: 1001 |
| # https://github.com/bitnami/bitnami-docker-redis/issues/106#issuecomment-388884372 |
| # runAsUser: 0 |
| terminationGracePeriodSeconds: 30 |
| volumes: |
| # - name: redis-data |
| # emptyDir: {} |
| - name: redis-data |
| persistentVolumeClaim: |
| claimName: redis-data-pvc |
| updateStrategy: |
| rollingUpdate: |
| partition: 0 |
| type: RollingUpdate |
| |
| |
| |
| #################################################### |
| # rabbitmq-server |
| #################################################### |
| --- |
| apiVersion: v1 |
| kind: Secret |
| metadata: |
| namespace: authx-service |
| name: rabbitmq-server |
| labels: |
| app: rabbitmq |
| release: rabbitmq-server |
| type: Opaque |
| data: |
| RABBITMQ_USERNAME: Z3Vlc3Q= |
| RABBITMQ_PASSWORD: Z3Vlc3Q= |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| namespace: authx-service |
| name: rabbitmq-server |
| labels: |
| app: rabbitmq-server |
| spec: |
| ports: |
| - port: 5672 |
| targetPort: tcp-1 |
| protocol: TCP |
| name: tcp-1 |
| - port: 15672 |
| targetPort: tcp-2 |
| protocol: TCP |
| name: tcp-2 |
| selector: |
| app: rabbitmq-server |
| --- |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| namespace: authx-service |
| name: rabbitmq-server |
| spec: |
| selector: |
| matchLabels: |
| app: rabbitmq-server |
| replicas: 1 |
| template: |
| metadata: |
| labels: |
| app: rabbitmq-server |
| annotations: |
| sidecar.istio.io/inject: "false" |
| spec: |
| # 若使用了学校搭设的私有仓库,请增加以下配置(取消注释即可,注意对齐、缩进) |
| # imagePullSecrets: |
| # - name: harbor-registry |
| containers: |
| - name: rabbitmq-server |
| # 若使用了学校搭设的私有仓库,请修改 |
| image: paas.harbor.nwpu.edu.cn/library/rabbitmq:management |
| # 若使用了学校搭设的私有仓库,请修改 为 Always |
| imagePullPolicy: IfNotPresent |
| # imagePullPolicy: Always |
| ports: |
| - containerPort: 5672 |
| name: tcp-1 |
| - containerPort: 15672 |
| name: tcp-2 |
| resources: |
| requests: |
| memory: "1024Mi" |
| limits: |
| memory: "1024Mi" |