chore: k8s部署脚本
diff --git a/deploy-manifests/k8s/01-sw-backend-base.yaml b/deploy-manifests/k8s/01-sw-backend-base.yaml
index ac92dd7..7993ba3 100644
--- a/deploy-manifests/k8s/01-sw-backend-base.yaml
+++ b/deploy-manifests/k8s/01-sw-backend-base.yaml
@@ -51,3 +51,121 @@
- name: tcp-mysql
port: 10021
protocol: TCP
+
+####################################################
+# redis-server
+####################################################
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: sw-admin-framework
+ name: redis-server
+ labels:
+ app: redis
+ release: redis-server
+type: Opaque
+data:
+ REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: sw-admin-framework
+ name: redis-server
+ labels:
+ app: redis
+ release: redis-server
+spec:
+ ports:
+ - name: redis
+ port: 6379
+ protocol: TCP
+ targetPort: redis
+ selector:
+ app: redis
+ release: redis-server
+ role: master
+ type: ClusterIP
+---
+apiVersion: apps/v1beta2
+kind: StatefulSet
+metadata:
+ namespace: sw-admin-framework
+ name: redis-server
+ labels:
+ app: redis
+ release: redis-server
+spec:
+ podManagementPolicy: OrderedReady
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app: redis
+ release: redis-server
+ role: master
+ serviceName: redis-master
+ template:
+ metadata:
+ labels:
+ app: redis
+ release: redis-server
+ role: master
+ spec:
+ containers:
+ - name: redis-server
+ env:
+ - name: REDIS_DISABLE_COMMANDS
+ value: FLUSHDB,FLUSHALL
+ - name: REDIS_REPLICATION_MODE
+ value: master
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: redis-server
+ key: REDIS_PASSWORD
+ image: bitnami/redis:4.0
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ exec:
+ command:
+ - redis-cli
+ - ping
+ failureThreshold: 5
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ ports:
+ - containerPort: 6379
+ name: redis
+ protocol: TCP
+ readinessProbe:
+ exec:
+ command:
+ - redis-cli
+ - ping
+ failureThreshold: 5
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ volumeMounts:
+ - mountPath: /bitnami/redis/data
+ name: redis-data
+ dnsPolicy: ClusterFirst
+ restartPolicy: Always
+ securityContext:
+ fsGroup: 1001
+ # runAsUser: 1001
+ # https://github.com/bitnami/bitnami-docker-redis/issues/106#issuecomment-388884372
+ runAsUser: 0
+ terminationGracePeriodSeconds: 30
+ volumes:
+ - emptyDir: {}
+ name: redis-data
+ updateStrategy:
+ rollingUpdate:
+ partition: 0
+ type: RollingUpdate
diff --git a/deploy-manifests/k8s/04-1-sw-backend-gateway.yaml b/deploy-manifests/k8s/04-1-sw-backend-gateway.yaml
index e888025..b670d45 100644
--- a/deploy-manifests/k8s/04-1-sw-backend-gateway.yaml
+++ b/deploy-manifests/k8s/04-1-sw-backend-gateway.yaml
@@ -14,7 +14,7 @@
SW_BACKEND_BFF_API_URI: http://sw-backend-admin-bff-svc.sw-admin-framework.svc.cluster.local:8080
- SW_BACKEND_BASE_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
+ #SW_BACKEND_BASE_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
SW_BACKEND_SYSTEM_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
SW_BACKEND_BIZ_API_URI: http://sw-backend-biz-sa-svc.sw-admin-framework.svc.cluster.local:8080
@@ -28,11 +28,16 @@
#APP_LOGOUT_URL: "/cas/logout"
CAS_SERVER_HOST_URL: "https://cas.supwisdom.com/cas"
- #SW_BACKEND_BASE_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
+ SW_BACKEND_BASE_API_URI: http://sw-backend-admin-sa-svc.sw-admin-framework.svc.cluster.local:8080
SW_BACKEND_BASE_API_CLIENT_AUTH_ENABLED: "false"
#SW_BACKEND_BASE_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
#SW_BACKEND_BASE_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ SW_BACKEND_AGENT_POA_URI: http://sw-backend-thirdparty-agent-svc.sw-admin-framework.svc.cluster.local:8080
+ SW_BACKEND_AGENT_POA_CLIENT_AUTH_ENABLED: "false"
+ #SW_BACKEND_AGENT_POA_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #SW_BACKEND_AGENT_POA_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+
---
apiVersion: v1
kind: Secret
@@ -51,6 +56,10 @@
#SW_BACKEND_BASE_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
#SW_BACKEND_BASE_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+ #SW_BACKEND_AGENT_POA_CLIENT_AUTH_KEY_PASSWORD: ""
+ #SW_BACKEND_AGENT_POA_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #SW_BACKEND_AGENT_POA_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
---
apiVersion: v1
kind: Service
@@ -90,7 +99,7 @@
spec:
containers:
- name: sw-backend-gateway
- image: harbor.supwisdom.com/sw-admin-framework/sw-backend-gateway:0.0.1-SNAPSHOT
+ image: harbor.supwisdom.com/sw-admin-framework/sw-backend-gateway:0.0.2-SNAPSHOT
imagePullPolicy: Always
ports:
- containerPort: 8080
diff --git a/deploy-manifests/k8s/04-2-sw-backend-admin-bff.yaml b/deploy-manifests/k8s/04-2-sw-backend-admin-bff.yaml
index 8bb4c60..e95a904 100644
--- a/deploy-manifests/k8s/04-2-sw-backend-admin-bff.yaml
+++ b/deploy-manifests/k8s/04-2-sw-backend-admin-bff.yaml
@@ -89,7 +89,7 @@
spec:
containers:
- name: sw-backend-admin-bff
- image: harbor.supwisdom.com/sw-admin-framework/sw-backend-admin-bff:0.0.1-SNAPSHOT
+ image: harbor.supwisdom.com/sw-admin-framework/sw-backend-admin-bff:0.0.2-SNAPSHOT
imagePullPolicy: Always
ports:
- containerPort: 8080
diff --git a/deploy-manifests/k8s/04-3-sw-backend-admin-sa.yaml b/deploy-manifests/k8s/04-3-sw-backend-admin-sa.yaml
index a03da7b..6d03a9a 100644
--- a/deploy-manifests/k8s/04-3-sw-backend-admin-sa.yaml
+++ b/deploy-manifests/k8s/04-3-sw-backend-admin-sa.yaml
@@ -62,7 +62,7 @@
spec:
containers:
- name: sw-backend-admin-sa
- image: harbor.supwisdom.com/sw-admin-framework/sw-backend-admin-sa:0.0.1-SNAPSHOT
+ image: harbor.supwisdom.com/sw-admin-framework/sw-backend-admin-sa:0.0.2-SNAPSHOT
imagePullPolicy: Always
ports:
- containerPort: 8080
diff --git a/deploy-manifests/k8s/04-4-sw-backend-agent.yaml b/deploy-manifests/k8s/04-4-sw-backend-agent.yaml
new file mode 100644
index 0000000..67dfee5
--- /dev/null
+++ b/deploy-manifests/k8s/04-4-sw-backend-agent.yaml
@@ -0,0 +1,104 @@
+# sw-backend-agent.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: sw-admin-framework
+ name: sw-backend-thirdparty-agent-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+
+ POA_SERVER_URL: https://poa.supwisdom.com
+ POA_SCOPES: user:v1:readUser,user:v1:readOrganization,user:v1:readGroup,user:v1:readLabel,authz:v1:readRole
+
+ USER_AUTHORIZATION_SERVICE_APPLICATION_ID: "2"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: sw-admin-framework
+ name: sw-backend-thirdparty-agent-env-secret
+type: Opaque
+data:
+ #SSL_KEYSTORE_PASSWORD: ""
+ #SSL_TRUSTSTORE_PASSWORD: ""
+
+ POA_CLIENT_ID: blY4VVM5dUFkRlEwb3Z1WXBGT2xvWHRGa01FPQ==
+ POA_CLIENT_SECRET: ZERnWkF6dU5uT2pmc2JtOGlEb2h5VkNYQlUxR3dJbWVNc21rSnpqeUdoOD0=
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: sw-admin-framework
+ name: sw-backend-thirdparty-agent-svc
+ labels:
+ app: sw-backend-thirdparty-agent-svc
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: sw-backend-thirdparty-agent
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: sw-admin-framework
+ name: sw-backend-thirdparty-agent
+spec:
+ selector:
+ matchLabels:
+ app: sw-backend-thirdparty-agent
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: sw-backend-thirdparty-agent
+ spec:
+ containers:
+ - name: sw-backend-thirdparty-agent
+ image: harbor.supwisdom.com/sw-admin-framework/sw-backend-thirdparty-agent:0.0.2-SNAPSHOT
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: redis-env-secret
+ - secretRef:
+ name: sw-backend-thirdparty-agent-env-secret
+ - configMapRef:
+ name: sw-backend-thirdparty-agent-env
+ resources:
+ requests:
+ memory: "400Mi"
+ limits:
+ memory: "400Mi"
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: 8080
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-supwisdom