diff --git a/k8s/README.md b/k8s/README.md new file mode 100644 index 0000000..5455268 --- /dev/null +++ b/k8s/README.md @@ -0,0 +1,450 @@ +# WMS 微服务 Kubernetes + KubeSphere 部署文档 + +## 📋 目录 + +1. [部署前准备](#部署前准备) +2. [扩展组件选择](#扩展组件选择) +3. [快速部署](#快速部署) +4. [分步部署](#分步部署) +5. [中间件部署](#中间件部署) +6. [验证和测试](#验证和测试) +7. [常见问题](#常见问题) + +--- + +## 部署前准备 + +### 1. 环境要求 + +- Kubernetes 1.28.x +- KubeSphere 3.4.x +- Helm 3.x +- kubectl 已配置集群访问 +- 存储类(StorageClass):nfs-sc + +### 2. 修改配置文件 + +#### 2.1 修改 Secret(secrets.yaml) + +```yaml +# Redis 密码 +wms-redis-secret: + password: "修改为强密码" + +# MySQL 密码 +wms-mysql-secret: + password: "修改为强密码" + +# MinIO 密钥 +wms-minio-secret: + access-key: "修改为自定义密钥" + secret-key: "修改为强密钥" + +# TLS 证书 +wms-tls-secret: + tls.crt: "替换为实际证书" + tls.key: "替换为实际私钥" + +# 镜像仓库凭证 +wms-docker-registry-secret: + password: "修改为仓库密码" +``` + +#### 2.2 修改 Ingress 域名(ingress.yaml) + +```yaml +# 生产环境 +- host: wms.yourcompany.com # 修改为实际域名 + +# 开发环境 +- host: wms-dev.yourcompany.com # 修改为实际域名 +``` + +#### 2.3 修改镜像地址(deployments/*.yaml) + +```yaml +image: registry.yourcompany.com/wms/cpte-wms-basic-service:latest +# 修改为实际的镜像仓库地址 +``` + +--- + +## 扩展组件选择 + +### ✅ 必选组件(21 个) + +在 KubeSphere 扩展组件选择界面,勾选以下组件: + +#### 核心组件 +- [x] Metrics Server +- [x] KubeSphere 网关 +- [x] KubeSphere 网络 +- [x] KubeSphere 存储 + +#### 可观察性 +- [x] WizTelemetry 监控 +- [x] WizTelemetry 日志 +- [x] WizTelemetry 告警 +- [x] WizTelemetry 通知 +- [x] WizTelemetry 事件 +- [x] WizTelemetry 审计 +- [x] WizTelemetry 全局监控 +- [x] KubeEye 巡检 + +#### DevOps +- [x] DevOps +- [x] 镜像构建器 + +#### 安全和集成 +- [x] cert-manager +- [x] OAuth2-Proxy +- [x] Gatekeeper +- [x] KubeSphere Spring Cloud +- [x] KEDA for KubeSphere + +#### 应用管理 +- [x] KubeSphere 应用商店管理 +- [x] KubeSphere 应用路由工具 + +### ❌ 不需要的组件 + +以下组件**不要勾选**: + +- 所有 AI/ML 相关(算力设备管理、DeepSeek、KAITO、NVIDIA 相关) +- 多集群相关(Karmada、联邦集群) +- 专用数据库(ob-operator、OceanBase) +- 服务网格(Istio、KubeSphere 服务网格) + +--- + +## 快速部署 + +### 一键部署 + +```bash +# 进入 k8s 目录 +cd k8s + +# 执行部署脚本 +chmod +x deploy.sh +./deploy.sh + +# 选择选项 1) 完整部署 +``` + +### 部署后验证 + +```bash +# 查看所有 Pod 状态 +kubectl get pods -n wms-system + +# 查看服务状态 +kubectl get services -n wms-system + +# 查看 Ingress +kubectl get ingress -n wms-system + +# 查看 HPA +kubectl get hpa -n wms-system +``` + +--- + +## 分步部署 + +### 步骤 1: 创建命名空间 + +```bash +kubectl apply -f namespace.yaml +``` + +### 步骤 2: 创建 Secret + +```bash +# 先修改 secrets.yaml 中的密码和证书 +kubectl apply -f secrets.yaml +``` + +### 步骤 3: 创建 ConfigMap + +```bash +kubectl apply -f configmap.yaml +``` + +### 步骤 4: 创建存储 + +```bash +kubectl apply -f pvc.yaml +``` + +### 步骤 5: 部署中间件 + +详见 [中间件部署](#中间件部署) + +### 步骤 6: 部署微服务 + +```bash +# 部署所有微服务 +kubectl apply -f deployments/ + +# 或逐个部署 +kubectl apply -f deployments/wms-basic-deployment.yaml +kubectl apply -f deployments/wms-inbound-deployment.yaml +kubectl apply -f deployments/wms-outbound-deployment.yaml +kubectl apply -f deployments/wms-inventory-deployment.yaml +kubectl apply -f deployments/wms-schedule-deployment.yaml +``` + +### 步骤 7: 部署网络和网关 + +```bash +kubectl apply -f services.yaml +kubectl apply -f ingress.yaml +``` + +### 步骤 8: 配置自动扩缩容 + +```bash +kubectl apply -f hpa.yaml +``` + +--- + +## 中间件部署 + +### 方式一:Helm 部署(推荐) + +```bash +# 添加 Helm Repo +helm repo add bitnami https://charts.bitnami.com/bitnami +helm repo add minio https://charts.min.io/ +helm repo update + +# 部署 MySQL +helm install mysql bitnami/mysql \ + -f helm/mysql-values.yaml \ + -n wms-system + +# 部署 Redis +helm install redis bitnami/redis \ + -f helm/redis-values.yaml \ + -n wms-system + +# 部署 MinIO +helm install minio minio/minio \ + -f helm/minio-values.yaml \ + -n wms-system +``` + +### 方式二:使用已有中间件 + +如果已有 MySQL/Redis/MinIO 服务,只需修改 `secrets.yaml` 中的连接信息: + +```yaml +# wms-redis-secret +stringData: + host: "已有 Redis 服务地址" + port: "6379" + password: "Redis 密码" + +# wms-mysql-secret +stringData: + host: "已有 MySQL 服务地址" + port: "3306" + username: "数据库用户名" + password: "数据库密码" + +# wms-minio-secret +stringData: + access-key: "MinIO 访问密钥" + secret-key: "MinIO 密钥" + endpoint: "http://minio 地址:9000" +``` + +--- + +## 验证和测试 + +### 1. 检查 Pod 状态 + +```bash +kubectl get pods -n wms-system -o wide +``` + +期望输出: +``` +NAME READY STATUS RESTARTS AGE +wms-basic-service-xxxxx-xxxxx 1/1 Running 0 5m +wms-inbound-service-xxxxx-xxxxx 1/1 Running 0 5m +wms-outbound-service-xxxxx-xxxxx 1/1 Running 0 5m +wms-inventory-service-xxxxx-xxxxx 1/1 Running 0 5m +wms-schedule-service-xxxxx-xxxxx 1/1 Running 0 5m +``` + +### 2. 检查服务连接 + +```bash +# 测试基础服务 +kubectl exec -it deployment/wms-basic-service -n wms-system -- \ + curl -s http://localhost:8080/actuator/health + +# 查看服务日志 +kubectl logs -f deployment/wms-basic-service -n wms-system +``` + +### 3. 访问 API 接口 + +```bash +# 获取 Ingress 地址 +kubectl get ingress -n wms-system + +# 测试 API(替换为实际域名) +curl -k https://wms.yourcompany.com/api/wms/basic/health +curl -k https://wms.yourcompany.com/doc.html +``` + +### 4. 访问 MinIO 控制台 + +```bash +# 获取 MinIO 控制台地址 +kubectl get ingress -n wms-system | grep minio + +# 浏览器访问:https://minio-console.yourcompany.com +# 默认账号密码:minioadmin / minioadmin123 +``` + +### 5. 测试自动扩缩容 + +```bash +# 查看 HPA 状态 +kubectl get hpa -n wms-system + +# 模拟负载测试 +kubectl run -i --tty load-tester --image=busybox --rm --restart=Never -- \ + while true; do wget -q -O- http://wms-basic-service.wms-system.svc.cluster.local/actuator/health; done +``` + +--- + +## 常见问题 + +### Q1: Pod 无法启动 + +```bash +# 查看 Pod 详情 +kubectl describe pod -n wms-system + +# 查看日志 +kubectl logs -n wms-system + +# 常见问题: +# 1. 镜像拉取失败 -> 检查镜像地址和仓库凭证 +# 2. 数据库连接失败 -> 检查 Secret 配置 +# 3. 健康检查失败 -> 增加 startupProbe 的 failureThreshold +``` + +### Q2: 无法访问服务 + +```bash +# 检查 Ingress Controller +kubectl get pods -n ingress-nginx + +# 检查 Ingress 配置 +kubectl describe ingress wms-ingress -n wms-system + +# 检查 DNS 解析 +nslookup wms.yourcompany.com +``` + +### Q3: HPA 不工作 + +```bash +# 检查 Metrics Server +kubectl get pods -n kube-system | grep metrics-server + +# 查看 HPA 详情 +kubectl describe hpa wms-basic-hpa -n wms-system + +# 确保 Pod 有 resources 配置 +kubectl get deployment wms-basic-service -n wms-system -o yaml +``` + +### Q4: 存储卷挂载失败 + +```bash +# 检查 StorageClass +kubectl get sc + +# 检查 PVC 状态 +kubectl get pvc -n wms-system + +# 查看 NFS Provisioner 日志 +kubectl logs -n kube-system -l app=nfs-subdir-external-provisioner +``` + +### Q5: 数据库初始化 + +```bash +# 连接 MySQL +kubectl run -it --rm --image=mysql:8.0 --restart=Never mysql-client \ + -- mysql -h mysql-primary.wms-system.svc.cluster.local -u root -p + +# 创建数据库 +CREATE DATABASE IF NOT EXISTS `cpte-wms` DEFAULT CHARACTER SET utf8mb4; +``` + +--- + +## 监控和运维 + +### 查看监控指标 + +1. 登录 KubeSphere 控制台 +2. 进入"可观察性" -> "监控" +3. 选择 wms-system 命名空间 + +### 配置告警 + +1. 进入"告警管理" -> "告警策略" +2. 创建新的告警规则 +3. 配置通知渠道(邮件/钉钉/企业微信) + +### 日志查询 + +1. 进入"可观察性" -> "日志" +2. 选择命名空间:wms-system +3. 选择容器进行查询 + +--- + +## 升级和回滚 + +### 升级微服务 + +```bash +# 更新镜像版本 +kubectl set image deployment/wms-basic-service \ + wms-basic=registry.yourcompany.com/wms/cpte-wms-basic-service:v3.8.4 \ + -n wms-system + +# 查看升级状态 +kubectl rollout status deployment/wms-basic-service -n wms-system +``` + +### 回滚 + +```bash +# 回滚到上一版本 +kubectl rollout undo deployment/wms-basic-service -n wms-system + +# 回滚到指定版本 +kubectl rollout undo deployment/wms-basic-service:2 -n wms-system +``` + +--- + +## 联系支持 + +如有问题,请联系: +- 技术支持:cpte@163.com +- 文档:http://www.cpte.com/docs diff --git a/k8s/configmap.yaml b/k8s/configmap.yaml index c86e5b0..445e308 100644 --- a/k8s/configmap.yaml +++ b/k8s/configmap.yaml @@ -7,38 +7,39 @@ metadata: app: cpte-wms data: APPLICATION_YML: | - # 公共配置 spring: application: name: cpte-wms profiles: active: k8s - # Jackson 时间格式化 jackson: date-format: yyyy-MM-dd HH:mm:ss time-zone: GMT+8 - # 文件上传大小限制 servlet: multipart: max-file-size: 10MB max-request-size: 10MB - # Redis 配置(从 Secret 读取) data: redis: - host: ${REDIS_HOST:redis-service} + host: ${REDIS_HOST:redis-master.wms-system.svc.cluster.local} port: ${REDIS_PORT:6379} password: ${REDIS_PASSWORD:} database: 0 + timeout: 5000ms + lettuce: + pool: + max-active: 8 + max-idle: 8 + min-idle: 0 - # 数据源配置(从 Secret 读取) datasource: type: com.alibaba.druid.pool.DruidDataSource driver-class-name: com.mysql.cj.jdbc.Driver - url: jdbc:mysql://${MYSQL_HOST:mysql-service}:${MYSQL_PORT:3306}/cpte-wms?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Shanghai&rewriteBatchedStatements=true - username: ${MYSQL_USERNAME:root} + url: jdbc:mysql://${MYSQL_HOST:mysql-primary.wms-system.svc.cluster.local}:${MYSQL_PORT:3306}/cpte-wms?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Shanghai&rewriteBatchedStatements=true + username: ${MYSQL_USERNAME:wms_user} password: ${MYSQL_PASSWORD:} druid: initial-size: 5 @@ -58,7 +59,6 @@ data: slow-sql-millis: 5000 merge-sql: true - # MyBatis Plus 配置 mybatis-plus: mapper-locations: classpath*:org/jeecg/**/xml/*Mapper.xml,classpath*:org/cpte/**/xml/*Mapper.xml global-config: @@ -69,20 +69,28 @@ data: configuration: call-setters-on-nulls: true - # Jeecg 配置 jeecg: signatureSecret: dd05f1c54d63749eda95f9fa6d49v442a - uploadType: local + uploadType: minio + domainUrl: + pc: http://wms-gateway.wms-system.svc.cluster.local + app: http://wms-gateway.wms-system.svc.cluster.local path: upload: /data/upload webapp: /data/webapp + minio: + minio_url: ${MINIO_ENDPOINT:http://minio.wms-system.svc.cluster.local:9000} + minio_name: ${MINIO_ACCESS_KEY:minioadmin} + minio_pass: ${MINIO_SECRET_KEY:minioadmin123} + bucketName: wms-files + + minidao: + base-package: org.jeecg.modules.jmreport.*,org.jeecg.modules.drag.* - # Knife4j 配置 knife4j: enable: true production: false - # 日志配置 logging: level: root: INFO @@ -91,8 +99,12 @@ data: com.alibaba.druid: DEBUG pattern: console: "%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{50} - %msg%n" + file: "%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{50} - %msg%n" + file: + name: /app/logs/application.log + max-size: 100MB + max-history: 30 - # Feign 配置 FEIGN_CONFIG: | feign: client: @@ -106,12 +118,9 @@ data: enabled: true response: enabled: true - httpclient: - enabled: false okhttp: enabled: true - # Ribbon 配置(使用 Spring Cloud LoadBalancer) spring: cloud: loadbalancer: @@ -120,7 +129,6 @@ data: cache: ttl: 30000 - # Actuator 监控配置 ACTUATOR_CONFIG: | management: endpoints: @@ -141,3 +149,7 @@ data: enabled: true readinessState: enabled: true + + MINIO_ENDPOINT: "http://minio.wms-system.svc.cluster.local:9000" + WMS_VERSION: "3.8.3" + ENVIRONMENT: "kubernetes" diff --git a/k8s/deploy.sh b/k8s/deploy.sh new file mode 100644 index 0000000..2c1665e --- /dev/null +++ b/k8s/deploy.sh @@ -0,0 +1,320 @@ +#!/bin/bash + +############################################################################### +# WMS 微服务 Kubernetes 部署脚本 +# 适用于 KubeSphere 3.4.x + Kubernetes 1.28.x +############################################################################### + +set -e + +# 颜色定义 +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# 日志函数 +log_info() { + echo -e "${GREEN}[INFO]${NC} $1" +} + +log_warn() { + echo -e "${YELLOW}[WARN]${NC} $1" +} + +log_error() { + echo -e "${RED}[ERROR]${NC} $1" +} + +log_step() { + echo -e "${BLUE}[STEP]${NC} $1" +} + +# 检查 kubectl 连接 +check_kubectl() { + log_step "检查 kubectl 连接..." + if ! kubectl cluster-info &> /dev/null; then + log_error "无法连接到 Kubernetes 集群,请检查 kubeconfig 配置" + exit 1 + fi + log_info "Kubernetes 集群连接正常" +} + +# 创建命名空间和资源配额 +create_namespace() { + log_step "创建命名空间和资源配额..." + kubectl apply -f namespace.yaml + log_info "命名空间 wms-system 创建完成" +} + +# 创建 Secret +create_secrets() { + log_step "创建 Secret 配置..." + + # 提示用户修改敏感信息 + log_warn "请确保已修改 secrets.yaml 中的敏感信息(密码、证书等)" + read -p "按回车键继续创建 Secret..." + + kubectl apply -f secrets.yaml + log_info "Secret 创建完成" +} + +# 创建 ConfigMap +create_configmap() { + log_step "创建 ConfigMap..." + kubectl apply -f configmap.yaml + log_info "ConfigMap 创建完成" +} + +# 创建 PVC +create_pvc() { + log_step "创建持久化存储..." + kubectl apply -f pvc.yaml + log_info "PVC 创建完成" +} + +# 部署中间件(MySQL/Redis/MinIO) +deploy_middleware() { + log_step "部署中间件..." + + echo "选择部署方式:" + echo "1) 使用 Helm 部署(推荐)" + echo "2) 手动部署(已有中间件)" + echo "3) 跳过中间件部署" + read -p "请选择 [1-3]: " middleware_choice + + case $middleware_choice in + 1) + log_info "使用 Helm 部署中间件..." + + # 添加 Helm Repo + helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo add minio https://charts.min.io/ + helm repo update + + # 部署 MySQL + log_step "部署 MySQL..." + helm install mysql bitnami/mysql -f helm/mysql-values.yaml -n wms-system + + # 部署 Redis + log_step "部署 Redis..." + helm install redis bitnami/redis -f helm/redis-values.yaml -n wms-system + + # 部署 MinIO + log_step "部署 MinIO..." + helm install minio minio/minio -f helm/minio-values.yaml -n wms-system + + log_info "等待中间件就绪..." + kubectl rollout status deployment/mysql-primary -n wms-system + kubectl rollout status statefulset/redis-master -n wms-system + kubectl rollout status statefulset/minio -n wms-system + ;; + 2) + log_warn "请确保已有 MySQL/Redis/MinIO 服务,并修改 secrets.yaml 中的连接信息" + read -p "按回车键继续..." + ;; + 3) + log_warn "跳过中间件部署" + ;; + *) + log_error "无效选择" + exit 1 + ;; + esac +} + +# 部署微服务 +deploy_services() { + log_step "部署 WMS 微服务..." + + # 应用所有 Deployment + for file in deployments/*.yaml; do + log_info "部署:$file" + kubectl apply -f "$file" + done + + log_info "等待 Deployment 就绪..." + kubectl rollout status deployment/wms-basic-service -n wms-system + kubectl rollout status deployment/wms-inbound-service -n wms-system + kubectl rollout status deployment/wms-outbound-service -n wms-system + kubectl rollout status deployment/wms-inventory-service -n wms-system + kubectl rollout status deployment/wms-schedule-service -n wms-system +} + +# 部署 Service 和 Ingress +deploy_network() { + log_step "部署 Service 和 Ingress..." + kubectl apply -f services.yaml + kubectl apply -f ingress.yaml + log_info "网络和网关配置完成" +} + +# 部署 HPA +deploy_hpa() { + log_step "配置自动扩缩容..." + kubectl apply -f hpa.yaml + log_info "HPA 配置完成" +} + +# 检查部署状态 +check_status() { + log_step "检查部署状态..." + echo "" + echo "=== Pod 状态 ===" + kubectl get pods -n wms-system + echo "" + echo "=== Service 状态 ===" + kubectl get services -n wms-system + echo "" + echo "=== Ingress 状态 ===" + kubectl get ingress -n wms-system + echo "" + echo "=== HPA 状态 ===" + kubectl get hpa -n wms-system + echo "" + echo "=== PVC 状态 ===" + kubectl get pvc -n wms-system +} + +# 查看日志 +view_logs() { + echo "选择要查看日志的服务:" + echo "1) wms-basic-service" + echo "2) wms-inbound-service" + echo "3) wms-outbound-service" + echo "4) wms-inventory-service" + echo "5) wms-schedule-service" + echo "6) 全部服务" + read -p "请选择 [1-6]: " log_choice + + case $log_choice in + 1) + kubectl logs -f deployment/wms-basic-service -n wms-system + ;; + 2) + kubectl logs -f deployment/wms-inbound-service -n wms-system + ;; + 3) + kubectl logs -f deployment/wms-outbound-service -n wms-system + ;; + 4) + kubectl logs -f deployment/wms-inventory-service -n wms-system + ;; + 5) + kubectl logs -f deployment/wms-schedule-service -n wms-system + ;; + 6) + kubectl logs -l app.kubernetes.io/part-of=cpte-wms -f -n wms-system + ;; + *) + log_error "无效选择" + ;; + esac +} + +# 卸载部署 +uninstall() { + log_warn "此操作将卸载所有 WMS 相关资源!" + read -p "确认继续?[y/N]: " confirm + + if [ "$confirm" = "y" ] || [ "$confirm" = "Y" ]; then + log_step "卸载 WMS 微服务..." + kubectl delete -f deployments/ -n wms-system + kubectl delete -f hpa.yaml -n wms-system + kubectl delete -f ingress.yaml -n wms-system + kubectl delete -f services.yaml -n wms-system + kubectl delete -f configmap.yaml -n wms-system + kubectl delete -f secrets.yaml -n wms-system + kubectl delete -f pvc.yaml -n wms-system + kubectl delete -f namespace.yaml + + log_info "卸载完成" + else + log_info "取消卸载" + fi +} + +# 主菜单 +show_menu() { + echo "" + echo "=========================================" + echo " WMS 微服务 Kubernetes 部署脚本" + echo "=========================================" + echo "1) 完整部署(一键部署所有组件)" + echo "2) 创建命名空间" + echo "3) 创建 Secret 和 ConfigMap" + echo "4) 部署中间件(MySQL/Redis/MinIO)" + echo "5) 部署微服务" + echo "6) 部署网络和网关" + echo "7) 配置 HPA" + echo "8) 查看部署状态" + echo "9) 查看日志" + echo "10) 卸载部署" + echo "0) 退出" + echo "=========================================" +} + +# 主函数 +main() { + cd "$(dirname "$0")" + + while true; do + show_menu + read -p "请选择操作 [0-10]: " choice + + case $choice in + 1) + check_kubectl + create_namespace + create_secrets + create_configmap + create_pvc + deploy_middleware + deploy_services + deploy_network + deploy_hpa + check_status + log_info "🎉 部署完成!" + ;; + 2) + create_namespace + ;; + 3) + create_secrets + create_configmap + ;; + 4) + deploy_middleware + ;; + 5) + deploy_services + ;; + 6) + deploy_network + ;; + 7) + deploy_hpa + ;; + 8) + check_status + ;; + 9) + view_logs + ;; + 10) + uninstall + ;; + 0) + log_info "退出" + exit 0 + ;; + *) + log_error "无效选择,请重新输入" + ;; + esac + done +} + +# 执行主函数 +main diff --git a/k8s/deployments/wms-basic-deployment.yaml b/k8s/deployments/wms-basic-deployment.yaml new file mode 100644 index 0000000..1af3d69 --- /dev/null +++ b/k8s/deployments/wms-basic-deployment.yaml @@ -0,0 +1,156 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wms-basic-service + namespace: wms-system + labels: + app: wms-basic + version: v1 + app.kubernetes.io/name: wms-basic + app.kubernetes.io/part-of: cpte-wms +spec: + replicas: 2 + selector: + matchLabels: + app: wms-basic + version: v1 + template: + metadata: + labels: + app: wms-basic + version: v1 + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8080" + prometheus.io/path: "/actuator/prometheus" + spec: + containers: + - name: wms-basic + image: registry.yourcompany.com/wms/cpte-wms-basic-service:latest + imagePullPolicy: Always + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8080 + name: http-metrics + protocol: TCP + env: + - name: SPRING_PROFILES_ACTIVE + value: "k8s" + - name: SERVER_PORT + value: "8080" + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: wms-redis-secret + key: host + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: wms-redis-secret + key: port + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: wms-redis-secret + key: password + - name: MYSQL_HOST + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: host + - name: MYSQL_PORT + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: port + - name: MYSQL_USERNAME + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: username + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: password + - name: MINIO_ENDPOINT + valueFrom: + configMapKeyRef: + name: wms-common-config + key: MINIO_ENDPOINT + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: wms-minio-secret + key: access-key + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: wms-minio-secret + key: secret-key + resources: + requests: + cpu: "500m" + memory: "512Mi" + limits: + cpu: "2" + memory: "4Gi" + livenessProbe: + httpGet: + path: /actuator/health/liveness + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /actuator/health/readiness + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + startupProbe: + httpGet: + path: /actuator/health + port: 8080 + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 60 + volumeMounts: + - name: upload-volume + mountPath: /data/upload + - name: logs-volume + mountPath: /app/logs + - name: config-volume + mountPath: /app/config + volumes: + - name: upload-volume + persistentVolumeClaim: + claimName: wms-upload-pvc + - name: logs-volume + emptyDir: {} + - name: config-volume + configMap: + name: wms-common-config + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - wms-basic + topologyKey: kubernetes.io/hostname + terminationGracePeriodSeconds: 30 + serviceAccountName: default + securityContext: + runAsNonRoot: true + fsGroup: 1000 diff --git a/k8s/deployments/wms-inbound-deployment.yaml b/k8s/deployments/wms-inbound-deployment.yaml new file mode 100644 index 0000000..9f55ed5 --- /dev/null +++ b/k8s/deployments/wms-inbound-deployment.yaml @@ -0,0 +1,147 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wms-inbound-service + namespace: wms-system + labels: + app: wms-inbound + version: v1 + app.kubernetes.io/name: wms-inbound + app.kubernetes.io/part-of: cpte-wms +spec: + replicas: 2 + selector: + matchLabels: + app: wms-inbound + version: v1 + template: + metadata: + labels: + app: wms-inbound + version: v1 + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8080" + prometheus.io/path: "/actuator/prometheus" + spec: + containers: + - name: wms-inbound + image: registry.yourcompany.com/wms/cpte-wms-inbound-service:latest + imagePullPolicy: Always + ports: + - containerPort: 8080 + name: http + protocol: TCP + env: + - name: SPRING_PROFILES_ACTIVE + value: "k8s" + - name: SERVER_PORT + value: "8080" + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: wms-redis-secret + key: host + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: wms-redis-secret + key: port + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: wms-redis-secret + key: password + - name: MYSQL_HOST + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: host + - name: MYSQL_PORT + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: port + - name: MYSQL_USERNAME + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: username + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: password + - name: MINIO_ENDPOINT + valueFrom: + configMapKeyRef: + name: wms-common-config + key: MINIO_ENDPOINT + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: wms-minio-secret + key: access-key + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: wms-minio-secret + key: secret-key + resources: + requests: + cpu: "500m" + memory: "512Mi" + limits: + cpu: "2" + memory: "4Gi" + livenessProbe: + httpGet: + path: /actuator/health/liveness + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /actuator/health/readiness + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + startupProbe: + httpGet: + path: /actuator/health + port: 8080 + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 60 + volumeMounts: + - name: logs-volume + mountPath: /app/logs + - name: config-volume + mountPath: /app/config + volumes: + - name: logs-volume + emptyDir: {} + - name: config-volume + configMap: + name: wms-common-config + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - wms-inbound + topologyKey: kubernetes.io/hostname + terminationGracePeriodSeconds: 30 + securityContext: + runAsNonRoot: true + fsGroup: 1000 diff --git a/k8s/deployments/wms-inventory-deployment.yaml b/k8s/deployments/wms-inventory-deployment.yaml new file mode 100644 index 0000000..8499145 --- /dev/null +++ b/k8s/deployments/wms-inventory-deployment.yaml @@ -0,0 +1,147 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wms-inventory-service + namespace: wms-system + labels: + app: wms-inventory + version: v1 + app.kubernetes.io/name: wms-inventory + app.kubernetes.io/part-of: cpte-wms +spec: + replicas: 2 + selector: + matchLabels: + app: wms-inventory + version: v1 + template: + metadata: + labels: + app: wms-inventory + version: v1 + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8080" + prometheus.io/path: "/actuator/prometheus" + spec: + containers: + - name: wms-inventory + image: registry.yourcompany.com/wms/cpte-wms-inventory-service:latest + imagePullPolicy: Always + ports: + - containerPort: 8080 + name: http + protocol: TCP + env: + - name: SPRING_PROFILES_ACTIVE + value: "k8s" + - name: SERVER_PORT + value: "8080" + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: wms-redis-secret + key: host + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: wms-redis-secret + key: port + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: wms-redis-secret + key: password + - name: MYSQL_HOST + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: host + - name: MYSQL_PORT + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: port + - name: MYSQL_USERNAME + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: username + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: password + - name: MINIO_ENDPOINT + valueFrom: + configMapKeyRef: + name: wms-common-config + key: MINIO_ENDPOINT + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: wms-minio-secret + key: access-key + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: wms-minio-secret + key: secret-key + resources: + requests: + cpu: "500m" + memory: "512Mi" + limits: + cpu: "2" + memory: "4Gi" + livenessProbe: + httpGet: + path: /actuator/health/liveness + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /actuator/health/readiness + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + startupProbe: + httpGet: + path: /actuator/health + port: 8080 + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 60 + volumeMounts: + - name: logs-volume + mountPath: /app/logs + - name: config-volume + mountPath: /app/config + volumes: + - name: logs-volume + emptyDir: {} + - name: config-volume + configMap: + name: wms-common-config + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - wms-inventory + topologyKey: kubernetes.io/hostname + terminationGracePeriodSeconds: 30 + securityContext: + runAsNonRoot: true + fsGroup: 1000 diff --git a/k8s/deployments/wms-outbound-deployment.yaml b/k8s/deployments/wms-outbound-deployment.yaml new file mode 100644 index 0000000..115c681 --- /dev/null +++ b/k8s/deployments/wms-outbound-deployment.yaml @@ -0,0 +1,147 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wms-outbound-service + namespace: wms-system + labels: + app: wms-outbound + version: v1 + app.kubernetes.io/name: wms-outbound + app.kubernetes.io/part-of: cpte-wms +spec: + replicas: 2 + selector: + matchLabels: + app: wms-outbound + version: v1 + template: + metadata: + labels: + app: wms-outbound + version: v1 + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8080" + prometheus.io/path: "/actuator/prometheus" + spec: + containers: + - name: wms-outbound + image: registry.yourcompany.com/wms/cpte-wms-outbound-service:latest + imagePullPolicy: Always + ports: + - containerPort: 8080 + name: http + protocol: TCP + env: + - name: SPRING_PROFILES_ACTIVE + value: "k8s" + - name: SERVER_PORT + value: "8080" + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: wms-redis-secret + key: host + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: wms-redis-secret + key: port + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: wms-redis-secret + key: password + - name: MYSQL_HOST + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: host + - name: MYSQL_PORT + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: port + - name: MYSQL_USERNAME + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: username + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: password + - name: MINIO_ENDPOINT + valueFrom: + configMapKeyRef: + name: wms-common-config + key: MINIO_ENDPOINT + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: wms-minio-secret + key: access-key + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: wms-minio-secret + key: secret-key + resources: + requests: + cpu: "500m" + memory: "512Mi" + limits: + cpu: "2" + memory: "4Gi" + livenessProbe: + httpGet: + path: /actuator/health/liveness + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /actuator/health/readiness + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + startupProbe: + httpGet: + path: /actuator/health + port: 8080 + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 60 + volumeMounts: + - name: logs-volume + mountPath: /app/logs + - name: config-volume + mountPath: /app/config + volumes: + - name: logs-volume + emptyDir: {} + - name: config-volume + configMap: + name: wms-common-config + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - wms-outbound + topologyKey: kubernetes.io/hostname + terminationGracePeriodSeconds: 30 + securityContext: + runAsNonRoot: true + fsGroup: 1000 diff --git a/k8s/deployments/wms-schedule-deployment.yaml b/k8s/deployments/wms-schedule-deployment.yaml new file mode 100644 index 0000000..462febb --- /dev/null +++ b/k8s/deployments/wms-schedule-deployment.yaml @@ -0,0 +1,147 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wms-schedule-service + namespace: wms-system + labels: + app: wms-schedule + version: v1 + app.kubernetes.io/name: wms-schedule + app.kubernetes.io/part-of: cpte-wms +spec: + replicas: 2 + selector: + matchLabels: + app: wms-schedule + version: v1 + template: + metadata: + labels: + app: wms-schedule + version: v1 + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8080" + prometheus.io/path: "/actuator/prometheus" + spec: + containers: + - name: wms-schedule + image: registry.yourcompany.com/wms/cpte-wms-schedule-service:latest + imagePullPolicy: Always + ports: + - containerPort: 8080 + name: http + protocol: TCP + env: + - name: SPRING_PROFILES_ACTIVE + value: "k8s" + - name: SERVER_PORT + value: "8080" + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: wms-redis-secret + key: host + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: wms-redis-secret + key: port + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: wms-redis-secret + key: password + - name: MYSQL_HOST + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: host + - name: MYSQL_PORT + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: port + - name: MYSQL_USERNAME + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: username + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: wms-mysql-secret + key: password + - name: MINIO_ENDPOINT + valueFrom: + configMapKeyRef: + name: wms-common-config + key: MINIO_ENDPOINT + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: wms-minio-secret + key: access-key + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: wms-minio-secret + key: secret-key + resources: + requests: + cpu: "500m" + memory: "512Mi" + limits: + cpu: "2" + memory: "4Gi" + livenessProbe: + httpGet: + path: /actuator/health/liveness + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /actuator/health/readiness + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + startupProbe: + httpGet: + path: /actuator/health + port: 8080 + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 60 + volumeMounts: + - name: logs-volume + mountPath: /app/logs + - name: config-volume + mountPath: /app/config + volumes: + - name: logs-volume + emptyDir: {} + - name: config-volume + configMap: + name: wms-common-config + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - wms-schedule + topologyKey: kubernetes.io/hostname + terminationGracePeriodSeconds: 30 + securityContext: + runAsNonRoot: true + fsGroup: 1000 diff --git a/k8s/extension-config.yaml b/k8s/extension-config.yaml new file mode 100644 index 0000000..371f89c --- /dev/null +++ b/k8s/extension-config.yaml @@ -0,0 +1,84 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: extension-configuration + namespace: wms-system + labels: + app: cpte-wms +data: + enabled-extensions: | + { + "core": [ + "Metrics Server", + "KubeSphere 网关", + "KubeSphere 网络", + "KubeSphere 存储" + ], + "observability": [ + "WizTelemetry 监控", + "WizTelemetry 日志", + "WizTelemetry 告警", + "WizTelemetry 通知", + "WizTelemetry 事件", + "WizTelemetry 审计", + "WizTelemetry 全局监控", + "KubeEye 巡检" + ], + "devops": [ + "DevOps", + "镜像构建器" + ], + "security": [ + "cert-manager", + "OAuth2-Proxy", + "Gatekeeper" + ], + "application": [ + "KubeSphere 应用商店管理", + "KubeSphere 应用路由工具" + ], + "integration": [ + "KubeSphere Spring Cloud", + "KEDA for KubeSphere" + ], + "optional": [ + "WizTelemetry 链路追踪" + ] + } + + recommended-for-wms: | + # WMS 微服务推荐启用的扩展组件 + + ## 必需组件 (必须启用) + 1. Metrics Server - HPA 自动扩缩容基础 + 2. KubeSphere 网关 - 服务暴露和路由 + 3. KubeSphere 网络 - 网络策略管理 + 4. KubeSphere 存储 - 动态存储卷供应 + 5. WizTelemetry 监控 - 指标收集和可视化 + 6. WizTelemetry 日志 - 日志集中管理 + 7. WizTelemetry 告警 - 告警规则管理 + 8. WizTelemetry 通知 - 告警通知渠道 + 9. DevOps - CI/CD流水线 + 10. 镜像构建器 - 自动构建镜像 + + ## 推荐组件 (强烈建议启用) + 11. WizTelemetry 事件 - K8s 事件管理 + 12. WizTelemetry 审计 - 操作审计 + 13. WizTelemetry 全局监控 - 全局视图 + 14. KubeEye 巡检 - 集群健康检查 + 15. cert-manager - TLS 证书自动管理 + 16. OAuth2-Proxy - 统一认证代理 + 17. KubeSphere Spring Cloud - Spring 微服务集成 + 18. KEDA for KubeSphere - 事件驱动自动扩缩容 + + ## 可选组件 (按需启用) + 19. KubeSphere 应用商店管理 - 应用生命周期管理 + 20. KubeSphere 应用路由工具 - 应用级路由 + 21. WizTelemetry 链路追踪 - 分布式链路追踪 + 22. Gatekeeper - 策略管理(生产环境) + + ## 不需要启用的组件 + - 所有 AI/ML 相关组件(算力设备管理、DeepSeek、KAITO、NVIDIA 相关) + - 多集群相关组件(Karmada、联邦集群) + - 专用数据库(ob-operator、OceanBase) + - 服务网格(Istio、KubeSphere 服务网格)- 复杂度高 diff --git a/k8s/helm/minio-values.yaml b/k8s/helm/minio-values.yaml new file mode 100644 index 0000000..f70ca51 --- /dev/null +++ b/k8s/helm/minio-values.yaml @@ -0,0 +1,95 @@ +# MinIO Helm Chart Values for WMS + +mode: distributed + +replicas: 4 + +resources: + requests: + cpu: 250m + memory: 1Gi + limits: + cpu: 1 + memory: 4Gi + +persistence: + enabled: true + size: 100Gi + storageClass: nfs-sc + +rootUser: minioadmin +rootPassword: minioadmin123 + +defaultBucket: + enabled: true + name: wms-files + policy: none + purge: false + +buckets: + - name: wms-files + - name: wms-backup + - name: wms-temp + +environment: + MINIO_BROWSER: "on" + MINIO_UPDATE: "off" + MINIO_PROMETHEUS_URL: "http://prometheus-k8s.monitoring.svc.cluster.local:9090" + +metrics: + serviceMonitor: + enabled: true + namespace: wms-system + interval: 30s + +ingress: + enabled: true + ingressClassName: nginx + hosts: + - minio.yourcompany.com + tls: [] + +console: + enabled: true + servicePort: 9001 + ingress: + enabled: true + ingressClassName: nginx + hosts: + - minio-console.yourcompany.com + +service: + type: ClusterIP + port: 9000 + +podSecurityContext: + enabled: true + fsGroup: 1000 + runAsUser: 1000 + runAsNonRoot: true + +containerSecurityContext: + enabled: true + runAsUser: 1000 + runAsNonRoot: true + +livenessProbe: + enabled: true + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + +readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + +startupProbe: + enabled: true + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 30 diff --git a/k8s/helm/mysql-values.yaml b/k8s/helm/mysql-values.yaml new file mode 100644 index 0000000..9995ee9 --- /dev/null +++ b/k8s/helm/mysql-values.yaml @@ -0,0 +1,114 @@ +# MySQL Helm Chart Values for WMS +# 使用 Bitnami MySQL Chart + +primary: + persistence: + enabled: true + storageClass: nfs-sc + size: 50Gi + + resources: + requests: + cpu: 500m + memory: 1Gi + limits: + cpu: 2 + memory: 4Gi + + configuration: | + [mysqld] + default_authentication_plugin=mysql_native_password + skip-name-resolve + explicit_defaults_for_timestamp + basedir=/opt/bitnami/mysql + plugin_dir=/opt/bitnami/mysql/lib/plugin + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + datadir=/bitnami/mysql/data + tmpdir=/opt/bitnami/mysql/tmp + max_allowed_packet=16M + bind-address=* + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid + log-error=/opt/bitnami/mysql/logs/mysqld.log + character-set-server=UTF8 + collation-server=utf8_general_ci + + [client] + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + default-character-set=UTF8 + plugin_dir=/opt/bitnami/mysql/lib/plugin + + [manager] + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid + + mysqlDatabase: cpte-wms + mysqlUser: wms_user + mysqlPassword: cpte@mysql123 + mysqlRootPassword: root@mysql123 + +secondary: + enabled: true + replicas: 1 + + persistence: + enabled: true + storageClass: nfs-sc + size: 50Gi + + resources: + requests: + cpu: 500m + memory: 1Gi + limits: + cpu: 2 + memory: 4Gi + +metrics: + enabled: true + serviceMonitor: + enabled: true + namespace: wms-system + interval: 30s + +service: + type: ClusterIP + ports: + mysql: 3306 + +volumePermissions: + enabled: true + +podSecurityContext: + enabled: true + fsGroup: 1001 + +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + +livenessProbe: + enabled: true + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + +startupProbe: + enabled: true + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 60 diff --git a/k8s/helm/redis-values.yaml b/k8s/helm/redis-values.yaml new file mode 100644 index 0000000..a14f94a --- /dev/null +++ b/k8s/helm/redis-values.yaml @@ -0,0 +1,126 @@ +# Redis Helm Chart Values for WMS +# 使用 Bitnami Redis Chart + +architecture: replication + +auth: + enabled: true + sentinel: true + password: cpte@redis123 + +master: + count: 1 + + persistence: + enabled: true + storageClass: nfs-sc + size: 10Gi + + resources: + requests: + cpu: 250m + memory: 512Mi + limits: + cpu: 1 + memory: 2Gi + + configuration: | + maxmemory 1gb + maxmemory-policy allkeys-lru + appendonly yes + appendfsync everysec + + extraFlags: + - --maxmemory-policy allkeys-lru + - --appendonly yes + - --appendfsync everysec + +replica: + replicaCount: 2 + + persistence: + enabled: true + storageClass: nfs-sc + size: 10Gi + + resources: + requests: + cpu: 250m + memory: 512Mi + limits: + cpu: 1 + memory: 2Gi + + configuration: | + maxmemory 1gb + maxmemory-policy allkeys-lru + appendonly yes + appendfsync everysec + +sentinel: + enabled: true + masterSet: mymaster + initialCheckTimeout: 5 + quorum: 2 + downAfterMilliseconds: 5000 + failoverTimeout: 180000 + parallelSyncs: 1 + + persistence: + enabled: true + storageClass: nfs-sc + size: 1Gi + + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 256Mi + +metrics: + enabled: true + serviceMonitor: + enabled: true + namespace: wms-system + interval: 30s + +service: + type: ClusterIP + +tls: + enabled: false + +volumePermissions: + enabled: true + +podSecurityContext: + enabled: true + fsGroup: 1001 + +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + +readinessProbe: + enabled: true + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + +startupProbe: + enabled: true + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 30 diff --git a/k8s/ingress.yaml b/k8s/ingress.yaml index 4309a67..382cb6c 100644 --- a/k8s/ingress.yaml +++ b/k8s/ingress.yaml @@ -6,56 +6,35 @@ metadata: labels: app: cpte-wms annotations: - # 使用 Nginx Ingress Controller kubernetes.io/ingress.class: "nginx" - - # 重写目标路径(根据后端服务需要配置) nginx.ingress.kubernetes.io/rewrite-target: /$2 - - # SSL 重定向 nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - - # 代理配置 nginx.ingress.kubernetes.io/proxy-body-size: "50m" nginx.ingress.kubernetes.io/proxy-connect-timeout: "60" nginx.ingress.kubernetes.io/proxy-send-timeout: "60" nginx.ingress.kubernetes.io/proxy-read-timeout: "60" nginx.ingress.kubernetes.io/proxy-buffer-size: "128k" nginx.ingress.kubernetes.io/proxy-buffers-number: "4" - - # 限流配置(可选) - # nginx.ingress.kubernetes.io/limit-rps: "100" - # nginx.ingress.kubernetes.io/limit-connections: "10" - - # CORS 配置(跨域) nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-origin: "*" nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, DELETE, PATCH, OPTIONS" nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization" nginx.ingress.kubernetes.io/cors-allow-credentials: "true" nginx.ingress.kubernetes.io/cors-max-age: "1728000" - - # 健康检查 nginx.ingress.kubernetes.io/health-check-path: "/actuator/health" nginx.ingress.kubernetes.io/health-check-interval: "30s" nginx.ingress.kubernetes.io/health-check-timeout: "5s" - - # 会话保持(可选) - # nginx.ingress.kubernetes.io/affinity: "cookie" - # nginx.ingress.kubernetes.io/session-cookie-name: "WMSSESSION" - # nginx.ingress.kubernetes.io/session-cookie-hash: "sha1" spec: ingressClassName: nginx tls: - hosts: - wms.yourcompany.com - secretName: wms-tls-secret # 需要提前创建 TLS Secret + secretName: wms-tls-secret rules: - host: wms.yourcompany.com http: paths: - # 基础服务 - path: /api/wms/basic(/|$)(.*) pathType: Prefix backend: @@ -63,8 +42,6 @@ spec: name: wms-basic-service port: number: 80 - - # 入库服务 - path: /api/wms/inbound(/|$)(.*) pathType: Prefix backend: @@ -72,8 +49,6 @@ spec: name: wms-inbound-service port: number: 80 - - # 出库服务 - path: /api/wms/outbound(/|$)(.*) pathType: Prefix backend: @@ -81,8 +56,6 @@ spec: name: wms-outbound-service port: number: 80 - - # 库存服务 - path: /api/wms/inventory(/|$)(.*) pathType: Prefix backend: @@ -90,8 +63,6 @@ spec: name: wms-inventory-service port: number: 80 - - # 调度服务 - path: /api/wms/schedule(/|$)(.*) pathType: Prefix backend: @@ -99,8 +70,6 @@ spec: name: wms-schedule-service port: number: 80 - - # Swagger/Knife4j 文档 - path: /doc.html pathType: Prefix backend: @@ -108,8 +77,6 @@ spec: name: wms-inbound-service port: number: 80 - - # Actuator 监控端点(建议限制访问 IP) - path: /actuator(/|$)(.*) pathType: Prefix backend: @@ -118,7 +85,6 @@ spec: port: number: 80 --- -# HTTP 版本(不带 HTTPS,用于测试环境) apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -139,7 +105,6 @@ spec: - host: wms-dev.yourcompany.com http: paths: - # 基础服务 - path: /api/wms/basic(/|$)(.*) pathType: Prefix backend: @@ -147,8 +112,6 @@ spec: name: wms-basic-service port: number: 80 - - # 入库服务 - path: /api/wms/inbound(/|$)(.*) pathType: Prefix backend: @@ -156,8 +119,6 @@ spec: name: wms-inbound-service port: number: 80 - - # 出库服务 - path: /api/wms/outbound(/|$)(.*) pathType: Prefix backend: @@ -165,8 +126,6 @@ spec: name: wms-outbound-service port: number: 80 - - # 库存服务 - path: /api/wms/inventory(/|$)(.*) pathType: Prefix backend: @@ -174,8 +133,6 @@ spec: name: wms-inventory-service port: number: 80 - - # 调度服务 - path: /api/wms/schedule(/|$)(.*) pathType: Prefix backend: @@ -183,8 +140,6 @@ spec: name: wms-schedule-service port: number: 80 - - # Knife4j 文档 - path: /doc.html pathType: Prefix backend: diff --git a/k8s/kubekey-config-fixed.yaml b/k8s/kubekey-config-fixed.yaml new file mode 100644 index 0000000..d50ef4f --- /dev/null +++ b/k8s/kubekey-config-fixed.yaml @@ -0,0 +1,84 @@ +apiVersion: kubekey.kubesphere.io/v1 +kind: Config +spec: + cni: + calico_version: v3.31.3 + cilium_version: 1.18.5 + hybridnet_version: 0.6.8 + kubeovn_version: v1.15.0 + flannel_version: v0.27.4 + multus: + image: + tag: v4.3.0 + cri: + container_manager: containerd + containerd_version: v1.7.13 + crictl_version: v1.33.0 + cridockerd_version: v0.3.21 + docker_version: 25.0.5 + runc_version: v1.1.12 + dns: + dns_cache_image: + tag: 1.25.0 + dns_image: + tag: v1.12.0 + etcd: + etcd_version: v3.5.24 + download: + arch: + - amd64 + image_registry: + docker_registry_version: 2.8.3 + dockercompose_version: v2.20.3 + harbor_version: v2.10.2 + keepalived_version: 2.0.20 + kubernetes: + sandbox_image: + tag: "3.10" + helm_version: v3.18.5 + kube_version: v1.33.3 + control_plane_endpoint: + kube_vip: + image: + tag: v0.7.2 + haproxy: + image: + tag: 2.9.6-alpine + storage_class: + localpv_provisioner_version: 4.4.0 + nfs_provisioner_version: 4.0.18 + image_manifests: + # kubernetes-v1.33.3 + - quay.io/tigera/operator:v1.40.3 + - docker.io/calico/apiserver:v3.31.3 + - docker.io/calico/cni:v3.31.3 + - docker.io/calico/ctl:v3.31.3 + - docker.io/calico/csi:v3.31.3 + - docker.io/calico/goldmane:v3.31.3 + - docker.io/calico/kube-controllers:v3.31.3 + - docker.io/calico/node-driver-registrar:v3.31.3 + - docker.io/calico/node:v3.31.3 + - docker.io/calico/pod2daemon-flexvol:v3.31.3 + - docker.io/calico/typha:v3.31.3 + - docker.io/calico/whisker-backend:v3.31.3 + - docker.io/calico/whisker:v3.31.3 + - registry.k8s.io/coredns/coredns:v1.12.0 + - registry.k8s.io/dns/k8s-dns-node-cache:1.25.0 + - registry.k8s.io/kube-apiserver:v1.33.3 + - registry.k8s.io/kube-controller-manager:v1.33.3 + - registry.k8s.io/kube-proxy:v1.33.3 + - registry.k8s.io/kube-scheduler:v1.33.3 + - registry.k8s.io/pause:3.10 + - docker.io/openebs/linux-utils:4.3.0 + - docker.io/openebs/provisioner-localpv:4.4.0 + - docker.io/library/haproxy:2.9.6-alpine + - docker.io/plndr/kube-vip:v0.7.2 + # ks-core + - registry.cn-beijing.aliyuncs.com/kse/ks-apiserver:v4.2.1 + - registry.cn-beijing.aliyuncs.com/kse/ks-console:v4.2.1 + - registry.cn-beijing.aliyuncs.com/kse/ks-controller-manager:v4.2.1 + - registry.cn-beijing.aliyuncs.com/kubesphereio/kubectl:v1.33.1 + - registry.cn-beijing.aliyuncs.com/kubesphereio/redis:7.2.12-alpine + - registry.cn-beijing.aliyuncs.com/kse/extensions-museum:v11.1.3 + - registry.cn-beijing.aliyuncs.com/kse/ks-console-embed:v4.2.1 + - registry.cn-beijing.aliyuncs.com/kse/ks-posthog:v2.0.0 diff --git a/k8s/kubesphere-config.yaml b/k8s/kubesphere-config.yaml new file mode 100644 index 0000000..cfc9ef0 --- /dev/null +++ b/k8s/kubesphere-config.yaml @@ -0,0 +1,123 @@ +apiVersion: installer.kubesphere.io/v1alpha1 +kind: ClusterConfiguration +metadata: + name: ks-installer + namespace: kubesphere-system + labels: + version: v3.4.1 +spec: + persistence: + storageClass: nfs-sc + + authentication: + jwtSecret: "" + + regionConfig: + enabled: false + + alerting: + enabled: true + thanosRuler: + replicas: 1 + resources: {} + + auditing: + enabled: true + operator: + replicas: 1 + resources: {} + + devops: + enabled: true + jenkinsMemoryLim: 2Gi + jenkinsMemoryReq: 1Gi + jenkinsVolumeSize: 8Gi + + events: + enabled: true + operator: + replicas: 1 + resources: {} + + logging: + enabled: true + containerruntime: containerd + logsidecar: + enabled: true + replicas: 2 + fluentbit: + enabled: true + + monitoring: + enabled: true + storageClass: nfs-sc + kubeRbacEnabled: true + thanosRuler: + replicas: 1 + resources: {} + + network: + networkpolicy: + enabled: true + ingressNamespace: "kubesphere-contro-ller-namespace" + ingressController: + enabled: true + isDefault: true + ippool: + enabled: true + topology: + enabled: true + + notification: + enabled: true + + openpitrix: + enabled: true + store: + enabled: true + + servicemesh: + enabled: false + + istio: + enabled: false + + kubesphere: + enabled: true + console: + enableMultiLogin: true + port: 30880 + type: NodePort + + features: + allowEmptyRequest: true + + alerting: + enabled: true + + auditing: + enabled: true + + devops: + enabled: true + + events: + enabled: true + + logging: + enabled: true + + monitoring: + enabled: true + + notification: + enabled: true + + openpitrix: + enabled: true + + servicemesh: + enabled: false + + istio: + enabled: false diff --git a/k8s/namespace.yaml b/k8s/namespace.yaml index 863b19f..e065a32 100644 --- a/k8s/namespace.yaml +++ b/k8s/namespace.yaml @@ -4,7 +4,7 @@ metadata: name: wms-system labels: name: wms-system - app: cpte-wms + kubesphere.io/workspace: wms-workspace --- apiVersion: v1 kind: ResourceQuota @@ -13,14 +13,14 @@ metadata: namespace: wms-system spec: hard: - requests.cpu: "10" - requests.memory: 20Gi - limits.cpu: "20" - limits.memory: 40Gi + requests.cpu: "20" + requests.memory: 40Gi + limits.cpu: "40" + limits.memory: 80Gi pods: "50" services: "20" - secrets: "20" - configmaps: "20" + secrets: "30" + configmaps: "30" --- apiVersion: v1 kind: LimitRange @@ -31,14 +31,19 @@ spec: limits: - type: Container default: - cpu: "500m" - memory: "512Mi" + cpu: "1" + memory: 1Gi defaultRequest: - cpu: "250m" - memory: "256Mi" + cpu: "500m" + memory: 512Mi max: - cpu: "2" - memory: "4Gi" + cpu: "4" + memory: 8Gi min: cpu: "100m" - memory: "128Mi" + memory: 128Mi + - type: PersistentVolumeClaim + max: + storage: 100Gi + min: + storage: 1Gi diff --git a/k8s/pvc.yaml b/k8s/pvc.yaml new file mode 100644 index 0000000..f72ad38 --- /dev/null +++ b/k8s/pvc.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: wms-upload-pvc + namespace: wms-system + labels: + app: cpte-wms +spec: + accessModes: + - ReadWriteMany + storageClassName: nfs-sc + resources: + requests: + storage: 50Gi +--- +apiVersion: v1 +kind: StorageClass +metadata: + name: nfs-sc + labels: + app: cpte-wms +provisioner: k8s-sigs.io/nfs-subdir-external-provisioner +parameters: + archiveOnDelete: "false" +reclaimPolicy: Delete +volumeBindingMode: Immediate +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: wms-logs-pvc + namespace: wms-system + labels: + app: cpte-wms +spec: + accessModes: + - ReadWriteMany + storageClassName: nfs-sc + resources: + requests: + storage: 20Gi diff --git a/k8s/secrets.yaml b/k8s/secrets.yaml new file mode 100644 index 0000000..aa5a39c --- /dev/null +++ b/k8s/secrets.yaml @@ -0,0 +1,76 @@ +apiVersion: v1 +kind: Secret +metadata: + name: wms-redis-secret + namespace: wms-system + labels: + app: cpte-wms +type: Opaque +stringData: + host: "redis-master.wms-system.svc.cluster.local" + port: "6379" + password: "cpte@redis123" +--- +apiVersion: v1 +kind: Secret +metadata: + name: wms-mysql-secret + namespace: wms-system + labels: + app: cpte-wms +type: Opaque +stringData: + host: "mysql-primary.wms-system.svc.cluster.local" + port: "3306" + username: "wms_user" + password: "cpte@mysql123" +--- +apiVersion: v1 +kind: Secret +metadata: + name: wms-minio-secret + namespace: wms-system + labels: + app: cpte-wms +type: Opaque +stringData: + access-key: "minioadmin" + secret-key: "minioadmin123" + endpoint: "http://minio.wms-system.svc.cluster.local:9000" +--- +apiVersion: v1 +kind: Secret +metadata: + name: wms-tls-secret + namespace: wms-system + labels: + app: cpte-wms +type: kubernetes.io/tls +stringData: + tls.crt: | + # 替换为实际的 TLS 证书内容 + # 可以使用 cert-manager 自动管理或使用以下命令创建自签名证书: + # kubectl create secret tls wms-tls-secret --cert=path/to/tls.crt --key=path/to/tls.key -n wms-system + PLACEHOLDER_CERTIFICATE + tls.key: | + PLACEHOLDER_KEY +--- +apiVersion: v1 +kind: Secret +metadata: + name: wms-docker-registry-secret + namespace: wms-system + labels: + app: cpte-wms +type: kubernetes.io/dockerconfigjson +stringData: + .dockerconfigjson: | + { + "auths": { + "registry.yourcompany.com": { + "username": "wms_deployer", + "password": "YOUR_REGISTRY_PASSWORD", + "auth": "BASE64_ENCODED_CREDENTIALS" + } + } + } diff --git a/k8s/services.yaml b/k8s/services.yaml index 9d8c80a..215b20e 100644 --- a/k8s/services.yaml +++ b/k8s/services.yaml @@ -17,10 +17,6 @@ spec: targetPort: 8080 protocol: TCP name: http - - port: 8080 - targetPort: 8080 - protocol: TCP - name: http-metrics selector: app: wms-basic sessionAffinity: None @@ -44,10 +40,6 @@ spec: targetPort: 8080 protocol: TCP name: http - - port: 8080 - targetPort: 8080 - protocol: TCP - name: http-metrics selector: app: wms-inbound sessionAffinity: None @@ -71,10 +63,6 @@ spec: targetPort: 8080 protocol: TCP name: http - - port: 8080 - targetPort: 8080 - protocol: TCP - name: http-metrics selector: app: wms-outbound sessionAffinity: None @@ -98,10 +86,6 @@ spec: targetPort: 8080 protocol: TCP name: http - - port: 8080 - targetPort: 8080 - protocol: TCP - name: http-metrics selector: app: wms-inventory sessionAffinity: None @@ -125,10 +109,6 @@ spec: targetPort: 8080 protocol: TCP name: http - - port: 8080 - targetPort: 8080 - protocol: TCP - name: http-metrics selector: app: wms-schedule sessionAffinity: None