Gitiles
Code Review Sign In
source.supwisdom.com / institute / deploy-authx-service / 901cfd653c8b14d1f98b147a6da45f13c1df4af1 / . / deploy-manifests / k8s-rancher / 1.authx-service / 6.personal-security-center / 0.personal-security-center-base.yaml
blob: 11139b2bb8a28e349fdd245c52ba55ace69b8af6 [file] [log] [blame]
刘洪青47205852020-08-14 13:39:30 +0800[diff] [blame]1# personal-security-center-base.yaml
2
3####################################################
4# supwisdom harbor private docker registry
5####################################################
6---
7apiVersion: v1
8kind: Secret
9type: kubernetes.io/dockerconfigjson
10metadata:
11 namespace: personal-security-center
12 name: harbor-registry
13data:
14 # 修改harbor仓库配置,并使用 base64 工具进行编码
15 # {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
16 .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
17
18
19####################################################
20# redis-server
21####################################################
22
23---
24apiVersion: v1
25kind: Secret
26metadata:
27 labels:
28 app: redis
29 release: redis-server
30 name: redis-server
31 namespace: personal-security-center
32type: Opaque
33data:
34 REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
35
36---
37apiVersion: v1
38kind: Service
39metadata:
40 labels:
41 app: redis
42 release: redis-server
43 name: redis-server
44 namespace: personal-security-center
45spec:
46 ports:
47 - name: redis
48 port: 6379
49 protocol: TCP
50 targetPort: redis
51 selector:
52 app: redis
53 release: redis-server
54 role: master
55 type: ClusterIP
56---
57apiVersion: apps/v1
58kind: StatefulSet
59metadata:
60 labels:
61 app: redis
62 release: redis-server
63 name: redis-server
64 namespace: personal-security-center
65spec:
66 podManagementPolicy: OrderedReady
67 replicas: 1
68 revisionHistoryLimit: 10
69 selector:
70 matchLabels:
71 app: redis
72 release: redis-server
73 role: master
74 serviceName: redis-master
75 template:
76 metadata:
77 labels:
78 app: redis
79 release: redis-server
80 role: master
81 spec:
82 containers:
83 - name: redis-server
84 env:
85 - name: REDIS_DISABLE_COMMANDS
86 value: FLUSHDB,FLUSHALL
87 - name: REDIS_REPLICATION_MODE
88 value: master
89 - name: REDIS_PASSWORD
90 valueFrom:
91 secretKeyRef:
92 name: redis-server
93 key: REDIS_PASSWORD
94 # 若使用了学校搭设的私有仓库,请修改
95 image: bitnami/redis:4.0
96 # 若使用了学校搭设的私有仓库,请修改 为 Always
97 imagePullPolicy: IfNotPresent
98 # imagePullPolicy: Always
99 livenessProbe:
100 exec:
101 command:
102 - redis-cli
103 - ping
104 failureThreshold: 5
105 initialDelaySeconds: 30
106 periodSeconds: 10
107 successThreshold: 1
108 timeoutSeconds: 5
109 ports:
110 - containerPort: 6379
111 name: redis
112 protocol: TCP
113 readinessProbe:
114 exec:
115 command:
116 - redis-cli
117 - ping
118 failureThreshold: 5
119 initialDelaySeconds: 5
120 periodSeconds: 10
121 successThreshold: 1
122 timeoutSeconds: 1
123 volumeMounts:
124 - mountPath: /bitnami/redis/data
125 name: redis-data
126 dnsPolicy: ClusterFirst
127 restartPolicy: Always
128 securityContext:
129 fsGroup: 1001
130 # runAsUser: 1001
131 # https://github.com/bitnami/bitnami-docker-redis/issues/106#issuecomment-388884372
132 runAsUser: 0
133 terminationGracePeriodSeconds: 30
134 volumes:
135 - emptyDir: {}
136 name: redis-data
137 # 若使用了学校搭设的私有仓库,请增加以下配置(取消注释即可)
138 # imagePullSecrets:
139 # - name: harbor-registry
140 updateStrategy:
141 rollingUpdate:
142 partition: 0
143 type: RollingUpdate
144