chore: k8s 部署脚本
diff --git a/deploy-manifests/k8s/sw-backend-admin-bff.yaml b/deploy-manifests/k8s/sw-backend-admin-bff.yaml
new file mode 100644
index 0000000..0a91247
--- /dev/null
+++ b/deploy-manifests/k8s/sw-backend-admin-bff.yaml
@@ -0,0 +1,121 @@
+# sw-backend-admin-bff.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: sw-admin-framework
+ name: sw-backend-admin-bff-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+
+ SW_BACKEND_BASE_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
+ SW_BACKEND_BASE_API_CLIENT_AUTH_ENABLED: "false"
+ #SW_BACKEND_BASE_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #SW_BACKEND_BASE_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+
+ SW_BACKEND_SYSTEM_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
+ SW_BACKEND_SYSTEM_API_CLIENT_AUTH_ENABLED: "false"
+ #SW_BACKEND_SYSTEM_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #SW_BACKEND_SYSTEM_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+
+ SW_BACKEND_BIZ_API_URI: http://sw-backend-biz-sa-svc.sw-admin-framework.svc.cluster.local:8080
+ SW_BACKEND_BIZ_API_CLIENT_AUTH_ENABLED: "false"
+ #SW_BACKEND_BIZ_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #SW_BACKEND_BIZ_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: sw-admin-framework
+ name: sw-backend-admin-bff-env-secret
+type: Opaque
+data:
+ #SSL_KEYSTORE_PASSWORD: ""
+ #SSL_TRUSTSTORE_PASSWORD: ""
+
+ #SW_BACKEND_BASE_API_CLIENT_AUTH_KEY_PASSWORD: ""
+ #SW_BACKEND_BASE_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #SW_BACKEND_BASE_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ #SW_BACKEND_SYSTEM_API_CLIENT_AUTH_KEY_PASSWORD: ""
+ #SW_BACKEND_SYSTEM_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #SW_BACKEND_SYSTEM_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ #SW_BACKEND_BIZ_API_CLIENT_AUTH_KEY_PASSWORD: ""
+ #SW_BACKEND_BIZ_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #SW_BACKEND_BIZ_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: sw-admin-framework
+ name: sw-backend-admin-bff-svc
+ labels:
+ app: sw-backend-admin-bff
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: sw-backend-admin-bff
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: sw-admin-framework
+ name: sw-backend-admin-bff
+spec:
+ selector:
+ matchLabels:
+ app: sw-backend-admin-bff
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: sw-backend-admin-bff
+ spec:
+ containers:
+ - name: sw-backend-admin-bff
+ image: harbor.supwisdom.com/sw-admin-framework/sw-backend-admin-bff:0.0.1-SNAPSHOT
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: sw-backend-admin-bff-env-secret
+ - configMapRef:
+ name: sw-backend-admin-bff-env
+ resources:
+ requests:
+ memory: "400Mi"
+ limits:
+ memory: "400Mi"
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: 8080
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-supwisdom
diff --git a/deploy-manifests/k8s/sw-backend-admin-sa.yaml b/deploy-manifests/k8s/sw-backend-admin-sa.yaml
new file mode 100644
index 0000000..627f5c6
--- /dev/null
+++ b/deploy-manifests/k8s/sw-backend-admin-sa.yaml
@@ -0,0 +1,96 @@
+# sw-backend-admin-sa.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: sw-admin-framework
+ name: sw-backend-admin-sa-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: sw-admin-framework
+ name: sw-backend-admin-sa-env-secret
+type: Opaque
+data:
+ #SSL_KEYSTORE_PASSWORD: ""
+ #SSL_TRUSTSTORE_PASSWORD: ""
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: sw-admin-framework
+ name: sw-backend-admin-sa-svc
+ labels:
+ app: sw-backend-admin-sa
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: sw-backend-admin-sa
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: sw-admin-framework
+ name: sw-backend-admin-sa
+spec:
+ selector:
+ matchLabels:
+ app: sw-backend-admin-sa
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: sw-backend-admin-sa
+ spec:
+ containers:
+ - name: sw-backend-admin-sa
+ image: harbor.supwisdom.com/sw-admin-framework/sw-backend-admin-sa:0.0.1-SNAPSHOT
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: datasource-env-secret
+ - secretRef:
+ name: sw-backend-admin-sa-env-secret
+ - configMapRef:
+ name: sw-backend-admin-sa-env
+ resources:
+ requests:
+ memory: "400Mi"
+ limits:
+ memory: "400Mi"
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: 8080
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-supwisdom
diff --git a/deploy-manifests/k8s/sw-backend-base.yaml b/deploy-manifests/k8s/sw-backend-base.yaml
new file mode 100644
index 0000000..f13a474
--- /dev/null
+++ b/deploy-manifests/k8s/sw-backend-base.yaml
@@ -0,0 +1,52 @@
+# sw-backend-base.yaml
+####################################################
+# namespace
+####################################################
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: sw-admin-framework
+ # labels:
+ # istio-injection: enabled
+
+####################################################
+# supwisdom harbor private docker registry
+####################################################
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+ namespace: sw-admin-framework
+ name: harbor-supwisdom
+data:
+ .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
+
+####################################################
+# mysql-server
+####################################################
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: sw-admin-framework
+ name: mysql-server
+spec:
+ ports:
+ - name: tcp-mysql
+ port: 3306
+ protocol: TCP
+ targetPort: 10021
+---
+kind: Endpoints
+apiVersion: v1
+metadata:
+ namespace: sw-admin-framework
+ name: mysql-server
+subsets:
+ - addresses:
+ - ip: 101.231.81.202
+ ports:
+ - name: tcp-mysql
+ port: 10021
+ protocol: TCP
diff --git a/deploy-manifests/k8s/sw-backend-env.yaml b/deploy-manifests/k8s/sw-backend-env.yaml
new file mode 100644
index 0000000..6c060ff
--- /dev/null
+++ b/deploy-manifests/k8s/sw-backend-env.yaml
@@ -0,0 +1,33 @@
+# sw-backend-env.yaml
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: sw-admin-framework
+ name: jvm-env
+data:
+ MAX_RAM_PERCENTAGE: "75.0"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: sw-admin-framework
+ name: datasource-env-secret
+type: Opaque
+data:
+ JDBC_URL: amRiYzpteXNxbDovL215c3FsLXNlcnZlcjozMzA2L3N3LWFkbWlu
+ JDBC_USERNAME: c3ctYWRtaW4=
+ JDBC_PASSWORD: a2luZ3N0YXI=
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: sw-admin-framework
+ name: redis-env-secret
+type: Opaque
+data:
+ SPRING_REDIS_HOST: cmVkaXMtc2VydmVy
+ SPRING_REDIS_PORT: NjM3OQ==
+ SPRING_REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
diff --git a/deploy-manifests/k8s/sw-backend-gateway.yaml b/deploy-manifests/k8s/sw-backend-gateway.yaml
new file mode 100644
index 0000000..55e4999
--- /dev/null
+++ b/deploy-manifests/k8s/sw-backend-gateway.yaml
@@ -0,0 +1,124 @@
+# sw-backend-gateway.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: sw-admin-framework
+ name: sw-backend-gateway-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+
+ SW_BACKEND_BFF_API_URI: http://sw-backend-admin-bff-svc.sw-admin-framework.svc.cluster.local:8080
+
+ SW_BACKEND_BASE_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
+ SW_BACKEND_SYSTEM_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
+ SW_BACKEND_BIZ_API_URI: http://sw-backend-biz-sa-svc.sw-admin-framework.svc.cluster.local:8080
+
+ INFRAS_SECURITY_BASIC_REACTIVE_ENABLED: "false"
+
+ INFRAS_SECURITY_JWT_REACTIVE_ENABLED: "true"
+
+ INFRAS_SECURITY_CAS_REACTIVE_ENABLED: "false"
+ APP_SERVER_HOST_URL: "https://sw-backend.supwisdom.com"
+ #APP_LOGIN_URL: "/cas/login"
+ #APP_LOGOUT_URL: "/cas/logout"
+ CAS_SERVER_HOST_URL: "https://cas.supwisdom.com/cas"
+
+ #SW_BACKEND_BASE_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
+ SW_BACKEND_BASE_API_CLIENT_AUTH_ENABLED: "false"
+ #SW_BACKEND_BASE_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #SW_BACKEND_BASE_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: sw-admin-framework
+ name: sw-backend-gateway-env-secret
+type: Opaque
+data:
+ #SSL_KEYSTORE_PASSWORD: ""
+ #SSL_TRUSTSTORE_PASSWORD: ""
+
+ INFRAS_SECURITY_JWT_PUBLIC_KEY_PEM: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEMUdmZEo0M0N5N01tandpMUw2VFNMWEx5R0syNVB2c0pXRWVKOXpNNlBXa0hCUytGSmJzL0pkK0lUeUlWdWd3ZWxxNXBGT3JGSmd5WGJoQ2FxaTFCWUlSZ0tKYnJpSzFoS0lhUStWVnVVbVBFaEIweFpydGhsa0NHY1VJVHEyY3J6ZnhwTFFDUzFTZXhzaW5Dd21td09aMlpUeGNTQ1VtcnJXeFlNUDQxUXJ3SURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQ==
+ INFRAS_SECURITY_JWT_PRIVATE_KEY_PEM_PKCS8: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNlQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQW1Jd2dnSmVBZ0VBQW9HQkFQVVo5MG5qY0xMc3lhUENMVXZwTkl0Y3ZJWXJiaysrd2xZUjRuM016bzlhUWNGTDRVbHV6OGwzNGhQSWhXNkRCNldybWtVNnNVbURKZHVFSnFxTFVGZ2hHQW9sdXVJcldFb2hwRDVWVzVTWThTRUhURm11MkdXUUlaeFFoT3JaeXZOL0drdEFKTFZKN0d5S2NMQ2FiQTVuWmxQRnhJSlNhdXRiRmd3L2pWQ3ZBZ01CQUFFQ2dZQXY1NEJPbjdaaU1pZUM2eXZCUDNZMm1zeDZDTGtKdXdYdW5wWSs4aTJaRlJIdS9xNnNsSXptR3BsRU5wZmxycFJyQyt3ZUJjZXF6NGd4ckZXR1ZhNUErV1BFTFJpeU4wNjVQaGRJdm85M2grWkFRODRBcWNQVXJ6WnBIMmROZ0QzSzB6ODlzWithNjBUM3A4aDIwM0k5enMxalpZMFdORC9IVnc3d2twZWVFUUpCQVB2V3R6dnhqVndNSkRqaVk0R012cWtPNEFJSGdtK1lqMW43TEJ6b2ZTQzFlbkRPRU1EM20renJwRXV0eXl6dmtCS1JzenVoRnB5NU0xL2FHbWtpSDVrQ1FRRDVKc0JSclF1QVVHOGZGcWlRMmM1Z0FtTmE5cHRBLzQyUHppSTRXL1N5ZTQ5TXB4RFpTVzJsZzZ2ek5raHJmSUlsMXZZa0FDRmxNTy84T2xWTUNEK0hBa0VBMTRsckJYaTAvV1MrMDVpZWhWQUtGZkxQTWExdnEwY3MyVndvNHd6dm1zRDNhL2hSU25ZaEUyS1NHTnREbXMvbHhKN0NnWFJiUUFNWnZ4MlJvUTA5Y1FKQkFNUkhCK2tRSnVoZDlUeUxrQjRVeUNVUW5JN3ppWmxwK1c2Wm1KSEh0M3pJSkRyaHZqOC9QbmJPeFM1anpDZUpQY3ByanhzTFUwT3hpczJzY3Jma0k0OENRUURYSWVVSVFna2lLenltT2Yxek5uN1ZpL0NQUlJTSzZTdWxrZGhpeURhZ3VtZGRWOS9QbFduakE5amhiczJ5L1AySkxOYUZzV2lNcXh6eGxmK2RLNlFWCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
+
+ #SW_BACKEND_BASE_API_CLIENT_AUTH_KEY_PASSWORD: ""
+ #SW_BACKEND_BASE_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #SW_BACKEND_BASE_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: sw-admin-framework
+ name: sw-backend-gateway-svc
+ labels:
+ app: sw-backend-gateway
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: sw-backend-gateway
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: sw-admin-framework
+ name: sw-backend-gateway
+spec:
+ selector:
+ matchLabels:
+ app: sw-backend-gateway
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: sw-backend-gateway
+ spec:
+ containers:
+ - name: sw-backend-gateway
+ image: harbor.supwisdom.com/sw-admin-framework/sw-backend-gateway:0.0.1-SNAPSHOT
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: redis-env-secret
+ - secretRef:
+ name: sw-backend-gateway-env-secret
+ - configMapRef:
+ name: sw-backend-gateway-env
+ resources:
+ requests:
+ memory: "400Mi"
+ limits:
+ memory: "400Mi"
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: 8080
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-supwisdom
diff --git a/deploy-manifests/k8s/sw-backend-ingresses.yaml b/deploy-manifests/k8s/sw-backend-ingresses.yaml
new file mode 100644
index 0000000..682475d
--- /dev/null
+++ b/deploy-manifests/k8s/sw-backend-ingresses.yaml
@@ -0,0 +1,17 @@
+# sw-backend-ingresses.yaml
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ namespace: sw-admin-framework
+ name: sw-backend-ingress
+spec:
+ rules:
+ - host: sw-backend.supwisdom.com
+ http:
+ paths:
+ - path: /
+ backend:
+ serviceName: sw-backend-gateway-svc
+ servicePort: http