huojin
/
Cpte-Boot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

no message

main
HUOJIN\92525 2026-03-10 19:23:15 +08:00
parent 1e9854747d
commit fcf486b898
19 changed files with 2307 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

450
k8s/README.md 100644
View File

@ -0,0 +1,450 @@
# WMS 微服务 Kubernetes + KubeSphere 部署文档
## 📋 目录
1. [部署前准备](#部署前准备)
2. [扩展组件选择](#扩展组件选择)
3. [快速部署](#快速部署)
4. [分步部署](#分步部署)
5. [中间件部署](#中间件部署)
6. [验证和测试](#验证和测试)
7. [常见问题](#常见问题)
---
## 部署前准备
### 1. 环境要求
- Kubernetes 1.28.x
- KubeSphere 3.4.x
- Helm 3.x
- kubectl 已配置集群访问
- 存储类StorageClassnfs-sc
### 2. 修改配置文件
#### 2.1 修改 Secretsecrets.yaml
```yaml
# Redis 密码
wms-redis-secret:
password: "修改为强密码"
# MySQL 密码
wms-mysql-secret:
password: "修改为强密码"
# MinIO 密钥
wms-minio-secret:
access-key: "修改为自定义密钥"
secret-key: "修改为强密钥"
# TLS 证书
wms-tls-secret:
tls.crt: "替换为实际证书"
tls.key: "替换为实际私钥"
# 镜像仓库凭证
wms-docker-registry-secret:
password: "修改为仓库密码"
```
#### 2.2 修改 Ingress 域名ingress.yaml
```yaml
# 生产环境
- host: wms.yourcompany.com # 修改为实际域名
# 开发环境
- host: wms-dev.yourcompany.com # 修改为实际域名
```
#### 2.3 修改镜像地址deployments/*.yaml
```yaml
image: registry.yourcompany.com/wms/cpte-wms-basic-service:latest
# 修改为实际的镜像仓库地址
```
---
## 扩展组件选择
### ✅ 必选组件21 个)
在 KubeSphere 扩展组件选择界面,勾选以下组件:
#### 核心组件
- [x] Metrics Server
- [x] KubeSphere 网关
- [x] KubeSphere 网络
- [x] KubeSphere 存储
#### 可观察性
- [x] WizTelemetry 监控
- [x] WizTelemetry 日志
- [x] WizTelemetry 告警
- [x] WizTelemetry 通知
- [x] WizTelemetry 事件
- [x] WizTelemetry 审计
- [x] WizTelemetry 全局监控
- [x] KubeEye 巡检
#### DevOps
- [x] DevOps
- [x] 镜像构建器
#### 安全和集成
- [x] cert-manager
- [x] OAuth2-Proxy
- [x] Gatekeeper
- [x] KubeSphere Spring Cloud
- [x] KEDA for KubeSphere
#### 应用管理
- [x] KubeSphere 应用商店管理
- [x] KubeSphere 应用路由工具
### ❌ 不需要的组件
以下组件**不要勾选**
- 所有 AI/ML 相关算力设备管理、DeepSeek、KAITO、NVIDIA 相关)
- 多集群相关Karmada、联邦集群
- 专用数据库ob-operator、OceanBase
- 服务网格Istio、KubeSphere 服务网格)
---
## 快速部署
### 一键部署
```bash
# 进入 k8s 目录
cd k8s
# 执行部署脚本
chmod +x deploy.sh
./deploy.sh
# 选择选项 1) 完整部署
```
### 部署后验证
```bash
# 查看所有 Pod 状态
kubectl get pods -n wms-system
# 查看服务状态
kubectl get services -n wms-system
# 查看 Ingress
kubectl get ingress -n wms-system
# 查看 HPA
kubectl get hpa -n wms-system
```
---
## 分步部署
### 步骤 1: 创建命名空间
```bash
kubectl apply -f namespace.yaml
```
### 步骤 2: 创建 Secret
```bash
# 先修改 secrets.yaml 中的密码和证书
kubectl apply -f secrets.yaml
```
### 步骤 3: 创建 ConfigMap
```bash
kubectl apply -f configmap.yaml
```
### 步骤 4: 创建存储
```bash
kubectl apply -f pvc.yaml
```
### 步骤 5: 部署中间件
详见 [中间件部署](#中间件部署)
### 步骤 6: 部署微服务
```bash
# 部署所有微服务
kubectl apply -f deployments/
# 或逐个部署
kubectl apply -f deployments/wms-basic-deployment.yaml
kubectl apply -f deployments/wms-inbound-deployment.yaml
kubectl apply -f deployments/wms-outbound-deployment.yaml
kubectl apply -f deployments/wms-inventory-deployment.yaml
kubectl apply -f deployments/wms-schedule-deployment.yaml
```
### 步骤 7: 部署网络和网关
```bash
kubectl apply -f services.yaml
kubectl apply -f ingress.yaml
```
### 步骤 8: 配置自动扩缩容
```bash
kubectl apply -f hpa.yaml
```
---
## 中间件部署
### 方式一Helm 部署(推荐)
```bash
# 添加 Helm Repo
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add minio https://charts.min.io/
helm repo update
# 部署 MySQL
helm install mysql bitnami/mysql \
-f helm/mysql-values.yaml \
-n wms-system
# 部署 Redis
helm install redis bitnami/redis \
-f helm/redis-values.yaml \
-n wms-system
# 部署 MinIO
helm install minio minio/minio \
-f helm/minio-values.yaml \
-n wms-system
```
### 方式二:使用已有中间件
如果已有 MySQL/Redis/MinIO 服务,只需修改 `secrets.yaml` 中的连接信息:
```yaml
# wms-redis-secret
stringData:
host: "已有 Redis 服务地址"
port: "6379"
password: "Redis 密码"
# wms-mysql-secret
stringData:
host: "已有 MySQL 服务地址"
port: "3306"
username: "数据库用户名"
password: "数据库密码"
# wms-minio-secret
stringData:
access-key: "MinIO 访问密钥"
secret-key: "MinIO 密钥"
endpoint: "http://minio 地址9000"
```
---
## 验证和测试
### 1. 检查 Pod 状态
```bash
kubectl get pods -n wms-system -o wide
```
期望输出:
```
NAME READY STATUS RESTARTS AGE
wms-basic-service-xxxxx-xxxxx 1/1 Running 0 5m
wms-inbound-service-xxxxx-xxxxx 1/1 Running 0 5m
wms-outbound-service-xxxxx-xxxxx 1/1 Running 0 5m
wms-inventory-service-xxxxx-xxxxx 1/1 Running 0 5m
wms-schedule-service-xxxxx-xxxxx 1/1 Running 0 5m
```
### 2. 检查服务连接
```bash
# 测试基础服务
kubectl exec -it deployment/wms-basic-service -n wms-system -- \
curl -s http://localhost:8080/actuator/health
# 查看服务日志
kubectl logs -f deployment/wms-basic-service -n wms-system
```
### 3. 访问 API 接口
```bash
# 获取 Ingress 地址
kubectl get ingress -n wms-system
# 测试 API替换为实际域名
curl -k https://wms.yourcompany.com/api/wms/basic/health
curl -k https://wms.yourcompany.com/doc.html
```
### 4. 访问 MinIO 控制台
```bash
# 获取 MinIO 控制台地址
kubectl get ingress -n wms-system | grep minio
# 浏览器访问https://minio-console.yourcompany.com
# 默认账号密码minioadmin / minioadmin123
```
### 5. 测试自动扩缩容
```bash
# 查看 HPA 状态
kubectl get hpa -n wms-system
# 模拟负载测试
kubectl run -i --tty load-tester --image=busybox --rm --restart=Never -- \
while true; do wget -q -O- http://wms-basic-service.wms-system.svc.cluster.local/actuator/health; done
```
---
## 常见问题
### Q1: Pod 无法启动
```bash
# 查看 Pod 详情
kubectl describe pod <pod-name> -n wms-system
# 查看日志
kubectl logs <pod-name> -n wms-system
# 常见问题:
# 1. 镜像拉取失败 -> 检查镜像地址和仓库凭证
# 2. 数据库连接失败 -> 检查 Secret 配置
# 3. 健康检查失败 -> 增加 startupProbe 的 failureThreshold
```
### Q2: 无法访问服务
```bash
# 检查 Ingress Controller
kubectl get pods -n ingress-nginx
# 检查 Ingress 配置
kubectl describe ingress wms-ingress -n wms-system
# 检查 DNS 解析
nslookup wms.yourcompany.com
```
### Q3: HPA 不工作
```bash
# 检查 Metrics Server
kubectl get pods -n kube-system | grep metrics-server
# 查看 HPA 详情
kubectl describe hpa wms-basic-hpa -n wms-system
# 确保 Pod 有 resources 配置
kubectl get deployment wms-basic-service -n wms-system -o yaml
```
### Q4: 存储卷挂载失败
```bash
# 检查 StorageClass
kubectl get sc
# 检查 PVC 状态
kubectl get pvc -n wms-system
# 查看 NFS Provisioner 日志
kubectl logs -n kube-system -l app=nfs-subdir-external-provisioner
```
### Q5: 数据库初始化
```bash
# 连接 MySQL
kubectl run -it --rm --image=mysql:8.0 --restart=Never mysql-client \
-- mysql -h mysql-primary.wms-system.svc.cluster.local -u root -p
# 创建数据库
CREATE DATABASE IF NOT EXISTS `cpte-wms` DEFAULT CHARACTER SET utf8mb4;
```
---
## 监控和运维
### 查看监控指标
1. 登录 KubeSphere 控制台
2. 进入"可观察性" -> "监控"
3. 选择 wms-system 命名空间
### 配置告警
1. 进入"告警管理" -> "告警策略"
2. 创建新的告警规则
3. 配置通知渠道(邮件/钉钉/企业微信)
### 日志查询
1. 进入"可观察性" -> "日志"
2. 选择命名空间wms-system
3. 选择容器进行查询
---
## 升级和回滚
### 升级微服务
```bash
# 更新镜像版本
kubectl set image deployment/wms-basic-service \
wms-basic=registry.yourcompany.com/wms/cpte-wms-basic-service:v3.8.4 \
-n wms-system
# 查看升级状态
kubectl rollout status deployment/wms-basic-service -n wms-system
```
### 回滚
```bash
# 回滚到上一版本
kubectl rollout undo deployment/wms-basic-service -n wms-system
# 回滚到指定版本
kubectl rollout undo deployment/wms-basic-service:2 -n wms-system
```
---
## 联系支持
如有问题,请联系:
- 技术支持cpte@163.com
- 文档http://www.cpte.com/docs

48
k8s/configmap.yaml
View File

@ -7,38 +7,39 @@ metadata:
app: cpte-wms app: cpte-wms
data: data:
APPLICATION_YML: | APPLICATION_YML: |
# 公共配置
spring: spring:
application: application:
name: cpte-wms name: cpte-wms
profiles: profiles:
active: k8s active: k8s
# Jackson 时间格式化
jackson: jackson:
date-format: yyyy-MM-dd HH:mm:ss date-format: yyyy-MM-dd HH:mm:ss
time-zone: GMT+8 time-zone: GMT+8
# 文件上传大小限制
servlet: servlet:
multipart: multipart:
max-file-size: 10MB max-file-size: 10MB
max-request-size: 10MB max-request-size: 10MB
# Redis 配置(从 Secret 读取)
data: data:
redis: redis:
host: ${REDIS_HOST:redis-service} host: ${REDIS_HOST:redis-master.wms-system.svc.cluster.local}
port: ${REDIS_PORT:6379} port: ${REDIS_PORT:6379}
password: ${REDIS_PASSWORD:} password: ${REDIS_PASSWORD:}
database: 0 database: 0
timeout: 5000ms
lettuce:
pool:
max-active: 8
max-idle: 8
min-idle: 0
# 数据源配置(从 Secret 读取)
datasource: datasource:
type: com.alibaba.druid.pool.DruidDataSource type: com.alibaba.druid.pool.DruidDataSource
driver-class-name: com.mysql.cj.jdbc.Driver driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://${MYSQL_HOST:mysql-service}:${MYSQL_PORT:3306}/cpte-wms?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Shanghai&rewriteBatchedStatements=true url: jdbc:mysql://${MYSQL_HOST:mysql-primary.wms-system.svc.cluster.local}:${MYSQL_PORT:3306}/cpte-wms?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Shanghai&rewriteBatchedStatements=true
username: ${MYSQL_USERNAME:root} username: ${MYSQL_USERNAME:wms_user}
password: ${MYSQL_PASSWORD:} password: ${MYSQL_PASSWORD:}
druid: druid:
initial-size: 5 initial-size: 5
@ -58,7 +59,6 @@ data:
slow-sql-millis: 5000 slow-sql-millis: 5000
merge-sql: true merge-sql: true
# MyBatis Plus 配置
mybatis-plus: mybatis-plus:
mapper-locations: classpath*:org/jeecg/**/xml/*Mapper.xml,classpath*:org/cpte/**/xml/*Mapper.xml mapper-locations: classpath*:org/jeecg/**/xml/*Mapper.xml,classpath*:org/cpte/**/xml/*Mapper.xml
global-config: global-config:
@ -69,20 +69,28 @@ data:
configuration: configuration:
call-setters-on-nulls: true call-setters-on-nulls: true
# Jeecg 配置
jeecg: jeecg:
signatureSecret: dd05f1c54d63749eda95f9fa6d49v442a signatureSecret: dd05f1c54d63749eda95f9fa6d49v442a
uploadType: local uploadType: minio
domainUrl:
pc: http://wms-gateway.wms-system.svc.cluster.local
app: http://wms-gateway.wms-system.svc.cluster.local
path: path:
upload: /data/upload upload: /data/upload
webapp: /data/webapp webapp: /data/webapp
minio:
minio_url: ${MINIO_ENDPOINT:http://minio.wms-system.svc.cluster.local:9000}
minio_name: ${MINIO_ACCESS_KEY:minioadmin}
minio_pass: ${MINIO_SECRET_KEY:minioadmin123}
bucketName: wms-files
minidao:
base-package: org.jeecg.modules.jmreport.*,org.jeecg.modules.drag.*
# Knife4j 配置
knife4j: knife4j:
enable: true enable: true
production: false production: false
# 日志配置
logging: logging:
level: level:
root: INFO root: INFO
@ -91,8 +99,12 @@ data:
com.alibaba.druid: DEBUG com.alibaba.druid: DEBUG
pattern: pattern:
console: "%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{50} - %msg%n" console: "%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{50} - %msg%n"
file: "%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{50} - %msg%n"
file:
name: /app/logs/application.log
max-size: 100MB
max-history: 30
# Feign 配置
FEIGN_CONFIG: | FEIGN_CONFIG: |
feign: feign:
client: client:
@ -106,12 +118,9 @@ data:
enabled: true enabled: true
response: response:
enabled: true enabled: true
httpclient:
enabled: false
okhttp: okhttp:
enabled: true enabled: true
# Ribbon 配置(使用 Spring Cloud LoadBalancer
spring: spring:
cloud: cloud:
loadbalancer: loadbalancer:
@ -120,7 +129,6 @@ data:
cache: cache:
ttl: 30000 ttl: 30000
# Actuator 监控配置
ACTUATOR_CONFIG: | ACTUATOR_CONFIG: |
management: management:
endpoints: endpoints:
@ -141,3 +149,7 @@ data:
enabled: true enabled: true
readinessState: readinessState:
enabled: true enabled: true
MINIO_ENDPOINT: "http://minio.wms-system.svc.cluster.local:9000"
WMS_VERSION: "3.8.3"
ENVIRONMENT: "kubernetes"

320
k8s/deploy.sh 100644
View File

@ -0,0 +1,320 @@
#!/bin/bash
###############################################################################
# WMS 微服务 Kubernetes 部署脚本
# 适用于 KubeSphere 3.4.x + Kubernetes 1.28.x
###############################################################################
set -e
# 颜色定义
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# 日志函数
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
log_step() {
echo -e "${BLUE}[STEP]${NC} $1"
}
# 检查 kubectl 连接
check_kubectl() {
log_step "检查 kubectl 连接..."
if ! kubectl cluster-info &> /dev/null; then
log_error "无法连接到 Kubernetes 集群,请检查 kubeconfig 配置"
exit 1
fi
log_info "Kubernetes 集群连接正常"
}
# 创建命名空间和资源配额
create_namespace() {
log_step "创建命名空间和资源配额..."
kubectl apply -f namespace.yaml
log_info "命名空间 wms-system 创建完成"
}
# 创建 Secret
create_secrets() {
log_step "创建 Secret 配置..."
# 提示用户修改敏感信息
log_warn "请确保已修改 secrets.yaml 中的敏感信息(密码、证书等)"
read -p "按回车键继续创建 Secret..."
kubectl apply -f secrets.yaml
log_info "Secret 创建完成"
}
# 创建 ConfigMap
create_configmap() {
log_step "创建 ConfigMap..."
kubectl apply -f configmap.yaml
log_info "ConfigMap 创建完成"
}
# 创建 PVC
create_pvc() {
log_step "创建持久化存储..."
kubectl apply -f pvc.yaml
log_info "PVC 创建完成"
}
# 部署中间件MySQL/Redis/MinIO
deploy_middleware() {
log_step "部署中间件..."
echo "选择部署方式:"
echo "1) 使用 Helm 部署(推荐)"
echo "2) 手动部署(已有中间件)"
echo "3) 跳过中间件部署"
read -p "请选择 [1-3]: " middleware_choice
case $middleware_choice in
1)
log_info "使用 Helm 部署中间件..."
# 添加 Helm Repo
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add minio https://charts.min.io/
helm repo update
# 部署 MySQL
log_step "部署 MySQL..."
helm install mysql bitnami/mysql -f helm/mysql-values.yaml -n wms-system
# 部署 Redis
log_step "部署 Redis..."
helm install redis bitnami/redis -f helm/redis-values.yaml -n wms-system
# 部署 MinIO
log_step "部署 MinIO..."
helm install minio minio/minio -f helm/minio-values.yaml -n wms-system
log_info "等待中间件就绪..."
kubectl rollout status deployment/mysql-primary -n wms-system
kubectl rollout status statefulset/redis-master -n wms-system
kubectl rollout status statefulset/minio -n wms-system
;;
2)
log_warn "请确保已有 MySQL/Redis/MinIO 服务,并修改 secrets.yaml 中的连接信息"
read -p "按回车键继续..."
;;
3)
log_warn "跳过中间件部署"
;;
*)
log_error "无效选择"
exit 1
;;
esac
}
# 部署微服务
deploy_services() {
log_step "部署 WMS 微服务..."
# 应用所有 Deployment
for file in deployments/*.yaml; do
log_info "部署:$file"
kubectl apply -f "$file"
done
log_info "等待 Deployment 就绪..."
kubectl rollout status deployment/wms-basic-service -n wms-system
kubectl rollout status deployment/wms-inbound-service -n wms-system
kubectl rollout status deployment/wms-outbound-service -n wms-system
kubectl rollout status deployment/wms-inventory-service -n wms-system
kubectl rollout status deployment/wms-schedule-service -n wms-system
}
# 部署 Service 和 Ingress
deploy_network() {
log_step "部署 Service 和 Ingress..."
kubectl apply -f services.yaml
kubectl apply -f ingress.yaml
log_info "网络和网关配置完成"
}
# 部署 HPA
deploy_hpa() {
log_step "配置自动扩缩容..."
kubectl apply -f hpa.yaml
log_info "HPA 配置完成"
}
# 检查部署状态
check_status() {
log_step "检查部署状态..."
echo ""
echo "=== Pod 状态 ==="
kubectl get pods -n wms-system
echo ""
echo "=== Service 状态 ==="
kubectl get services -n wms-system
echo ""
echo "=== Ingress 状态 ==="
kubectl get ingress -n wms-system
echo ""
echo "=== HPA 状态 ==="
kubectl get hpa -n wms-system
echo ""
echo "=== PVC 状态 ==="
kubectl get pvc -n wms-system
}
# 查看日志
view_logs() {
echo "选择要查看日志的服务:"
echo "1) wms-basic-service"
echo "2) wms-inbound-service"
echo "3) wms-outbound-service"
echo "4) wms-inventory-service"
echo "5) wms-schedule-service"
echo "6) 全部服务"
read -p "请选择 [1-6]: " log_choice
case $log_choice in
1)
kubectl logs -f deployment/wms-basic-service -n wms-system
;;
2)
kubectl logs -f deployment/wms-inbound-service -n wms-system
;;
3)
kubectl logs -f deployment/wms-outbound-service -n wms-system
;;
4)
kubectl logs -f deployment/wms-inventory-service -n wms-system
;;
5)
kubectl logs -f deployment/wms-schedule-service -n wms-system
;;
6)
kubectl logs -l app.kubernetes.io/part-of=cpte-wms -f -n wms-system
;;
*)
log_error "无效选择"
;;
esac
}
# 卸载部署
uninstall() {
log_warn "此操作将卸载所有 WMS 相关资源!"
read -p "确认继续?[y/N]: " confirm
if [ "$confirm" = "y" ] || [ "$confirm" = "Y" ]; then
log_step "卸载 WMS 微服务..."
kubectl delete -f deployments/ -n wms-system
kubectl delete -f hpa.yaml -n wms-system
kubectl delete -f ingress.yaml -n wms-system
kubectl delete -f services.yaml -n wms-system
kubectl delete -f configmap.yaml -n wms-system
kubectl delete -f secrets.yaml -n wms-system
kubectl delete -f pvc.yaml -n wms-system
kubectl delete -f namespace.yaml
log_info "卸载完成"
else
log_info "取消卸载"
fi
}
# 主菜单
show_menu() {
echo ""
echo "========================================="
echo " WMS 微服务 Kubernetes 部署脚本"
echo "========================================="
echo "1) 完整部署(一键部署所有组件)"
echo "2) 创建命名空间"
echo "3) 创建 Secret 和 ConfigMap"
echo "4) 部署中间件MySQL/Redis/MinIO"
echo "5) 部署微服务"
echo "6) 部署网络和网关"
echo "7) 配置 HPA"
echo "8) 查看部署状态"
echo "9) 查看日志"
echo "10) 卸载部署"
echo "0) 退出"
echo "========================================="
}
# 主函数
main() {
cd "$(dirname "$0")"
while true; do
show_menu
read -p "请选择操作 [0-10]: " choice
case $choice in
1)
check_kubectl
create_namespace
create_secrets
create_configmap
create_pvc
deploy_middleware
deploy_services
deploy_network
deploy_hpa
check_status
log_info "🎉 部署完成!"
;;
2)
create_namespace
;;
3)
create_secrets
create_configmap
;;
4)
deploy_middleware
;;
5)
deploy_services
;;
6)
deploy_network
;;
7)
deploy_hpa
;;
8)
check_status
;;
9)
view_logs
;;
10)
uninstall
;;
0)
log_info "退出"
exit 0
;;
*)
log_error "无效选择,请重新输入"
;;
esac
done
}
# 执行主函数
main

156
k8s/deployments/wms-basic-deployment.yaml 100644
View File

@ -0,0 +1,156 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: wms-basic-service
namespace: wms-system
labels:
app: wms-basic
version: v1
app.kubernetes.io/name: wms-basic
app.kubernetes.io/part-of: cpte-wms
spec:
replicas: 2
selector:
matchLabels:
app: wms-basic
version: v1
template:
metadata:
labels:
app: wms-basic
version: v1
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
prometheus.io/path: "/actuator/prometheus"
spec:
containers:
- name: wms-basic
image: registry.yourcompany.com/wms/cpte-wms-basic-service:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 8080
name: http-metrics
protocol: TCP
env:
- name: SPRING_PROFILES_ACTIVE
value: "k8s"
- name: SERVER_PORT
value: "8080"
- name: REDIS_HOST
valueFrom:
secretKeyRef:
name: wms-redis-secret
key: host
- name: REDIS_PORT
valueFrom:
secretKeyRef:
name: wms-redis-secret
key: port
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: wms-redis-secret
key: password
- name: MYSQL_HOST
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: host
- name: MYSQL_PORT
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: port
- name: MYSQL_USERNAME
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: username
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: password
- name: MINIO_ENDPOINT
valueFrom:
configMapKeyRef:
name: wms-common-config
key: MINIO_ENDPOINT
- name: MINIO_ACCESS_KEY
valueFrom:
secretKeyRef:
name: wms-minio-secret
key: access-key
- name: MINIO_SECRET_KEY
valueFrom:
secretKeyRef:
name: wms-minio-secret
key: secret-key
resources:
requests:
cpu: "500m"
memory: "512Mi"
limits:
cpu: "2"
memory: "4Gi"
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
startupProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 0
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 60
volumeMounts:
- name: upload-volume
mountPath: /data/upload
- name: logs-volume
mountPath: /app/logs
- name: config-volume
mountPath: /app/config
volumes:
- name: upload-volume
persistentVolumeClaim:
claimName: wms-upload-pvc
- name: logs-volume
emptyDir: {}
- name: config-volume
configMap:
name: wms-common-config
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- wms-basic
topologyKey: kubernetes.io/hostname
terminationGracePeriodSeconds: 30
serviceAccountName: default
securityContext:
runAsNonRoot: true
fsGroup: 1000

147
k8s/deployments/wms-inbound-deployment.yaml 100644
View File

@ -0,0 +1,147 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: wms-inbound-service
namespace: wms-system
labels:
app: wms-inbound
version: v1
app.kubernetes.io/name: wms-inbound
app.kubernetes.io/part-of: cpte-wms
spec:
replicas: 2
selector:
matchLabels:
app: wms-inbound
version: v1
template:
metadata:
labels:
app: wms-inbound
version: v1
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
prometheus.io/path: "/actuator/prometheus"
spec:
containers:
- name: wms-inbound
image: registry.yourcompany.com/wms/cpte-wms-inbound-service:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
name: http
protocol: TCP
env:
- name: SPRING_PROFILES_ACTIVE
value: "k8s"
- name: SERVER_PORT
value: "8080"
- name: REDIS_HOST
valueFrom:
secretKeyRef:
name: wms-redis-secret
key: host
- name: REDIS_PORT
valueFrom:
secretKeyRef:
name: wms-redis-secret
key: port
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: wms-redis-secret
key: password
- name: MYSQL_HOST
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: host
- name: MYSQL_PORT
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: port
- name: MYSQL_USERNAME
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: username
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: password
- name: MINIO_ENDPOINT
valueFrom:
configMapKeyRef:
name: wms-common-config
key: MINIO_ENDPOINT
- name: MINIO_ACCESS_KEY
valueFrom:
secretKeyRef:
name: wms-minio-secret
key: access-key
- name: MINIO_SECRET_KEY
valueFrom:
secretKeyRef:
name: wms-minio-secret
key: secret-key
resources:
requests:
cpu: "500m"
memory: "512Mi"
limits:
cpu: "2"
memory: "4Gi"
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
startupProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 0
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 60
volumeMounts:
- name: logs-volume
mountPath: /app/logs
- name: config-volume
mountPath: /app/config
volumes:
- name: logs-volume
emptyDir: {}
- name: config-volume
configMap:
name: wms-common-config
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- wms-inbound
topologyKey: kubernetes.io/hostname
terminationGracePeriodSeconds: 30
securityContext:
runAsNonRoot: true
fsGroup: 1000

147
k8s/deployments/wms-inventory-deployment.yaml 100644
View File

@ -0,0 +1,147 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: wms-inventory-service
namespace: wms-system
labels:
app: wms-inventory
version: v1
app.kubernetes.io/name: wms-inventory
app.kubernetes.io/part-of: cpte-wms
spec:
replicas: 2
selector:
matchLabels:
app: wms-inventory
version: v1
template:
metadata:
labels:
app: wms-inventory
version: v1
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
prometheus.io/path: "/actuator/prometheus"
spec:
containers:
- name: wms-inventory
image: registry.yourcompany.com/wms/cpte-wms-inventory-service:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
name: http
protocol: TCP
env:
- name: SPRING_PROFILES_ACTIVE
value: "k8s"
- name: SERVER_PORT
value: "8080"
- name: REDIS_HOST
valueFrom:
secretKeyRef:
name: wms-redis-secret
key: host
- name: REDIS_PORT
valueFrom:
secretKeyRef:
name: wms-redis-secret
key: port
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: wms-redis-secret
key: password
- name: MYSQL_HOST
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: host
- name: MYSQL_PORT
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: port
- name: MYSQL_USERNAME
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: username
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: password
- name: MINIO_ENDPOINT
valueFrom:
configMapKeyRef:
name: wms-common-config
key: MINIO_ENDPOINT
- name: MINIO_ACCESS_KEY
valueFrom:
secretKeyRef:
name: wms-minio-secret
key: access-key
- name: MINIO_SECRET_KEY
valueFrom:
secretKeyRef:
name: wms-minio-secret
key: secret-key
resources:
requests:
cpu: "500m"
memory: "512Mi"
limits:
cpu: "2"
memory: "4Gi"
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
startupProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 0
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 60
volumeMounts:
- name: logs-volume
mountPath: /app/logs
- name: config-volume
mountPath: /app/config
volumes:
- name: logs-volume
emptyDir: {}
- name: config-volume
configMap:
name: wms-common-config
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- wms-inventory
topologyKey: kubernetes.io/hostname
terminationGracePeriodSeconds: 30
securityContext:
runAsNonRoot: true
fsGroup: 1000

147
k8s/deployments/wms-outbound-deployment.yaml 100644
View File

@ -0,0 +1,147 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: wms-outbound-service
namespace: wms-system
labels:
app: wms-outbound
version: v1
app.kubernetes.io/name: wms-outbound
app.kubernetes.io/part-of: cpte-wms
spec:
replicas: 2
selector:
matchLabels:
app: wms-outbound
version: v1
template:
metadata:
labels:
app: wms-outbound
version: v1
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
prometheus.io/path: "/actuator/prometheus"
spec:
containers:
- name: wms-outbound
image: registry.yourcompany.com/wms/cpte-wms-outbound-service:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
name: http
protocol: TCP
env:
- name: SPRING_PROFILES_ACTIVE
value: "k8s"
- name: SERVER_PORT
value: "8080"
- name: REDIS_HOST
valueFrom:
secretKeyRef:
name: wms-redis-secret
key: host
- name: REDIS_PORT
valueFrom:
secretKeyRef:
name: wms-redis-secret
key: port
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: wms-redis-secret
key: password
- name: MYSQL_HOST
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: host
- name: MYSQL_PORT
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: port
- name: MYSQL_USERNAME
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: username
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: password
- name: MINIO_ENDPOINT
valueFrom:
configMapKeyRef:
name: wms-common-config
key: MINIO_ENDPOINT
- name: MINIO_ACCESS_KEY
valueFrom:
secretKeyRef:
name: wms-minio-secret
key: access-key
- name: MINIO_SECRET_KEY
valueFrom:
secretKeyRef:
name: wms-minio-secret
key: secret-key
resources:
requests:
cpu: "500m"
memory: "512Mi"
limits:
cpu: "2"
memory: "4Gi"
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
startupProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 0
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 60
volumeMounts:
- name: logs-volume
mountPath: /app/logs
- name: config-volume
mountPath: /app/config
volumes:
- name: logs-volume
emptyDir: {}
- name: config-volume
configMap:
name: wms-common-config
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- wms-outbound
topologyKey: kubernetes.io/hostname
terminationGracePeriodSeconds: 30
securityContext:
runAsNonRoot: true
fsGroup: 1000

147
k8s/deployments/wms-schedule-deployment.yaml 100644
View File

@ -0,0 +1,147 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: wms-schedule-service
namespace: wms-system
labels:
app: wms-schedule
version: v1
app.kubernetes.io/name: wms-schedule
app.kubernetes.io/part-of: cpte-wms
spec:
replicas: 2
selector:
matchLabels:
app: wms-schedule
version: v1
template:
metadata:
labels:
app: wms-schedule
version: v1
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
prometheus.io/path: "/actuator/prometheus"
spec:
containers:
- name: wms-schedule
image: registry.yourcompany.com/wms/cpte-wms-schedule-service:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
name: http
protocol: TCP
env:
- name: SPRING_PROFILES_ACTIVE
value: "k8s"
- name: SERVER_PORT
value: "8080"
- name: REDIS_HOST
valueFrom:
secretKeyRef:
name: wms-redis-secret
key: host
- name: REDIS_PORT
valueFrom:
secretKeyRef:
name: wms-redis-secret
key: port
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: wms-redis-secret
key: password
- name: MYSQL_HOST
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: host
- name: MYSQL_PORT
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: port
- name: MYSQL_USERNAME
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: username
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: wms-mysql-secret
key: password
- name: MINIO_ENDPOINT
valueFrom:
configMapKeyRef:
name: wms-common-config
key: MINIO_ENDPOINT
- name: MINIO_ACCESS_KEY
valueFrom:
secretKeyRef:
name: wms-minio-secret
key: access-key
- name: MINIO_SECRET_KEY
valueFrom:
secretKeyRef:
name: wms-minio-secret
key: secret-key
resources:
requests:
cpu: "500m"
memory: "512Mi"
limits:
cpu: "2"
memory: "4Gi"
livenessProbe:
httpGet:
path: /actuator/health/liveness
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /actuator/health/readiness
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
startupProbe:
httpGet:
path: /actuator/health
port: 8080
initialDelaySeconds: 0
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 60
volumeMounts:
- name: logs-volume
mountPath: /app/logs
- name: config-volume
mountPath: /app/config
volumes:
- name: logs-volume
emptyDir: {}
- name: config-volume
configMap:
name: wms-common-config
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- wms-schedule
topologyKey: kubernetes.io/hostname
terminationGracePeriodSeconds: 30
securityContext:
runAsNonRoot: true
fsGroup: 1000

84
k8s/extension-config.yaml 100644
View File

@ -0,0 +1,84 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: extension-configuration
namespace: wms-system
labels:
app: cpte-wms
data:
enabled-extensions: |
{
"core": [
"Metrics Server",
"KubeSphere 网关",
"KubeSphere 网络",
"KubeSphere 存储"
],
"observability": [
"WizTelemetry 监控",
"WizTelemetry 日志",
"WizTelemetry 告警",
"WizTelemetry 通知",
"WizTelemetry 事件",
"WizTelemetry 审计",
"WizTelemetry 全局监控",
"KubeEye 巡检"
],
"devops": [
"DevOps",
"镜像构建器"
],
"security": [
"cert-manager",
"OAuth2-Proxy",
"Gatekeeper"
],
"application": [
"KubeSphere 应用商店管理",
"KubeSphere 应用路由工具"
],
"integration": [
"KubeSphere Spring Cloud",
"KEDA for KubeSphere"
],
"optional": [
"WizTelemetry 链路追踪"
]
}
recommended-for-wms: |
# WMS 微服务推荐启用的扩展组件
## 必需组件 (必须启用)
1. Metrics Server - HPA 自动扩缩容基础
2. KubeSphere 网关 - 服务暴露和路由
3. KubeSphere 网络 - 网络策略管理
4. KubeSphere 存储 - 动态存储卷供应
5. WizTelemetry 监控 - 指标收集和可视化
6. WizTelemetry 日志 - 日志集中管理
7. WizTelemetry 告警 - 告警规则管理
8. WizTelemetry 通知 - 告警通知渠道
9. DevOps - CI/CD流水线
10. 镜像构建器 - 自动构建镜像
## 推荐组件 (强烈建议启用)
11. WizTelemetry 事件 - K8s 事件管理
12. WizTelemetry 审计 - 操作审计
13. WizTelemetry 全局监控 - 全局视图
14. KubeEye 巡检 - 集群健康检查
15. cert-manager - TLS 证书自动管理
16. OAuth2-Proxy - 统一认证代理
17. KubeSphere Spring Cloud - Spring 微服务集成
18. KEDA for KubeSphere - 事件驱动自动扩缩容
## 可选组件 (按需启用)
19. KubeSphere 应用商店管理 - 应用生命周期管理
20. KubeSphere 应用路由工具 - 应用级路由
21. WizTelemetry 链路追踪 - 分布式链路追踪
22. Gatekeeper - 策略管理(生产环境)
## 不需要启用的组件
- 所有 AI/ML 相关组件算力设备管理、DeepSeek、KAITO、NVIDIA 相关)
- 多集群相关组件Karmada、联邦集群
- 专用数据库ob-operator、OceanBase
- 服务网格Istio、KubeSphere 服务网格)- 复杂度高

95
k8s/helm/minio-values.yaml 100644
View File

@ -0,0 +1,95 @@
# MinIO Helm Chart Values for WMS
mode: distributed
replicas: 4
resources:
requests:
cpu: 250m
memory: 1Gi
limits:
cpu: 1
memory: 4Gi
persistence:
enabled: true
size: 100Gi
storageClass: nfs-sc
rootUser: minioadmin
rootPassword: minioadmin123
defaultBucket:
enabled: true
name: wms-files
policy: none
purge: false
buckets:
- name: wms-files
- name: wms-backup
- name: wms-temp
environment:
MINIO_BROWSER: "on"
MINIO_UPDATE: "off"
MINIO_PROMETHEUS_URL: "http://prometheus-k8s.monitoring.svc.cluster.local:9090"
metrics:
serviceMonitor:
enabled: true
namespace: wms-system
interval: 30s
ingress:
enabled: true
ingressClassName: nginx
hosts:
- minio.yourcompany.com
tls: []
console:
enabled: true
servicePort: 9001
ingress:
enabled: true
ingressClassName: nginx
hosts:
- minio-console.yourcompany.com
service:
type: ClusterIP
port: 9000
podSecurityContext:
enabled: true
fsGroup: 1000
runAsUser: 1000
runAsNonRoot: true
containerSecurityContext:
enabled: true
runAsUser: 1000
runAsNonRoot: true
livenessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
startupProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 30

114
k8s/helm/mysql-values.yaml 100644
View File

@ -0,0 +1,114 @@
# MySQL Helm Chart Values for WMS
# 使用 Bitnami MySQL Chart
primary:
persistence:
enabled: true
storageClass: nfs-sc
size: 50Gi
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 2
memory: 4Gi
configuration: |
[mysqld]
default_authentication_plugin=mysql_native_password
skip-name-resolve
explicit_defaults_for_timestamp
basedir=/opt/bitnami/mysql
plugin_dir=/opt/bitnami/mysql/lib/plugin
port=3306
socket=/opt/bitnami/mysql/tmp/mysql.sock
datadir=/bitnami/mysql/data
tmpdir=/opt/bitnami/mysql/tmp
max_allowed_packet=16M
bind-address=*
pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
log-error=/opt/bitnami/mysql/logs/mysqld.log
character-set-server=UTF8
collation-server=utf8_general_ci
[client]
port=3306
socket=/opt/bitnami/mysql/tmp/mysql.sock
default-character-set=UTF8
plugin_dir=/opt/bitnami/mysql/lib/plugin
[manager]
port=3306
socket=/opt/bitnami/mysql/tmp/mysql.sock
pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
mysqlDatabase: cpte-wms
mysqlUser: wms_user
mysqlPassword: cpte@mysql123
mysqlRootPassword: root@mysql123
secondary:
enabled: true
replicas: 1
persistence:
enabled: true
storageClass: nfs-sc
size: 50Gi
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 2
memory: 4Gi
metrics:
enabled: true
serviceMonitor:
enabled: true
namespace: wms-system
interval: 30s
service:
type: ClusterIP
ports:
mysql: 3306
volumePermissions:
enabled: true
podSecurityContext:
enabled: true
fsGroup: 1001
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
livenessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
startupProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 60

126
k8s/helm/redis-values.yaml 100644
View File

@ -0,0 +1,126 @@
# Redis Helm Chart Values for WMS
# 使用 Bitnami Redis Chart
architecture: replication
auth:
enabled: true
sentinel: true
password: cpte@redis123
master:
count: 1
persistence:
enabled: true
storageClass: nfs-sc
size: 10Gi
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: 1
memory: 2Gi
configuration: |
maxmemory 1gb
maxmemory-policy allkeys-lru
appendonly yes
appendfsync everysec
extraFlags:
- --maxmemory-policy allkeys-lru
- --appendonly yes
- --appendfsync everysec
replica:
replicaCount: 2
persistence:
enabled: true
storageClass: nfs-sc
size: 10Gi
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: 1
memory: 2Gi
configuration: |
maxmemory 1gb
maxmemory-policy allkeys-lru
appendonly yes
appendfsync everysec
sentinel:
enabled: true
masterSet: mymaster
initialCheckTimeout: 5
quorum: 2
downAfterMilliseconds: 5000
failoverTimeout: 180000
parallelSyncs: 1
persistence:
enabled: true
storageClass: nfs-sc
size: 1Gi
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 256Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
namespace: wms-system
interval: 30s
service:
type: ClusterIP
tls:
enabled: false
volumePermissions:
enabled: true
podSecurityContext:
enabled: true
fsGroup: 1001
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
livenessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
enabled: true
initialDelaySeconds: 15
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
startupProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 30

47
k8s/ingress.yaml
View File

@ -6,56 +6,35 @@ metadata:
labels: labels:
app: cpte-wms app: cpte-wms
annotations: annotations:
# 使用 Nginx Ingress Controller
kubernetes.io/ingress.class: "nginx" kubernetes.io/ingress.class: "nginx"
# 重写目标路径(根据后端服务需要配置)
nginx.ingress.kubernetes.io/rewrite-target: /$2 nginx.ingress.kubernetes.io/rewrite-target: /$2
# SSL 重定向
nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# 代理配置
nginx.ingress.kubernetes.io/proxy-body-size: "50m" nginx.ingress.kubernetes.io/proxy-body-size: "50m"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "60" nginx.ingress.kubernetes.io/proxy-connect-timeout: "60"
nginx.ingress.kubernetes.io/proxy-send-timeout: "60" nginx.ingress.kubernetes.io/proxy-send-timeout: "60"
nginx.ingress.kubernetes.io/proxy-read-timeout: "60" nginx.ingress.kubernetes.io/proxy-read-timeout: "60"
nginx.ingress.kubernetes.io/proxy-buffer-size: "128k" nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
nginx.ingress.kubernetes.io/proxy-buffers-number: "4" nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
# 限流配置(可选)
# nginx.ingress.kubernetes.io/limit-rps: "100"
# nginx.ingress.kubernetes.io/limit-connections: "10"
# CORS 配置(跨域)
nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "*" nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, DELETE, PATCH, OPTIONS" nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, DELETE, PATCH, OPTIONS"
nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization" nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true" nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/cors-max-age: "1728000" nginx.ingress.kubernetes.io/cors-max-age: "1728000"
# 健康检查
nginx.ingress.kubernetes.io/health-check-path: "/actuator/health" nginx.ingress.kubernetes.io/health-check-path: "/actuator/health"
nginx.ingress.kubernetes.io/health-check-interval: "30s" nginx.ingress.kubernetes.io/health-check-interval: "30s"
nginx.ingress.kubernetes.io/health-check-timeout: "5s" nginx.ingress.kubernetes.io/health-check-timeout: "5s"
# 会话保持(可选)
# nginx.ingress.kubernetes.io/affinity: "cookie"
# nginx.ingress.kubernetes.io/session-cookie-name: "WMSSESSION"
# nginx.ingress.kubernetes.io/session-cookie-hash: "sha1"
spec: spec:
ingressClassName: nginx ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- wms.yourcompany.com - wms.yourcompany.com
secretName: wms-tls-secret # 需要提前创建 TLS Secret secretName: wms-tls-secret
rules: rules:
- host: wms.yourcompany.com - host: wms.yourcompany.com
http: http:
paths: paths:
# 基础服务
- path: /api/wms/basic(/|$)(.*) - path: /api/wms/basic(/|$)(.*)
pathType: Prefix pathType: Prefix
backend: backend:
@ -63,8 +42,6 @@ spec:
name: wms-basic-service name: wms-basic-service
port: port:
number: 80 number: 80
# 入库服务
- path: /api/wms/inbound(/|$)(.*) - path: /api/wms/inbound(/|$)(.*)
pathType: Prefix pathType: Prefix
backend: backend:
@ -72,8 +49,6 @@ spec:
name: wms-inbound-service name: wms-inbound-service
port: port:
number: 80 number: 80
# 出库服务
- path: /api/wms/outbound(/|$)(.*) - path: /api/wms/outbound(/|$)(.*)
pathType: Prefix pathType: Prefix
backend: backend:
@ -81,8 +56,6 @@ spec:
name: wms-outbound-service name: wms-outbound-service
port: port:
number: 80 number: 80
# 库存服务
- path: /api/wms/inventory(/|$)(.*) - path: /api/wms/inventory(/|$)(.*)
pathType: Prefix pathType: Prefix
backend: backend:
@ -90,8 +63,6 @@ spec:
name: wms-inventory-service name: wms-inventory-service
port: port:
number: 80 number: 80
# 调度服务
- path: /api/wms/schedule(/|$)(.*) - path: /api/wms/schedule(/|$)(.*)
pathType: Prefix pathType: Prefix
backend: backend:
@ -99,8 +70,6 @@ spec:
name: wms-schedule-service name: wms-schedule-service
port: port:
number: 80 number: 80
# Swagger/Knife4j 文档
- path: /doc.html - path: /doc.html
pathType: Prefix pathType: Prefix
backend: backend:
@ -108,8 +77,6 @@ spec:
name: wms-inbound-service name: wms-inbound-service
port: port:
number: 80 number: 80
# Actuator 监控端点(建议限制访问 IP
- path: /actuator(/|$)(.*) - path: /actuator(/|$)(.*)
pathType: Prefix pathType: Prefix
backend: backend:
@ -118,7 +85,6 @@ spec:
port: port:
number: 80 number: 80
--- ---
# HTTP 版本(不带 HTTPS用于测试环境
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
@ -139,7 +105,6 @@ spec:
- host: wms-dev.yourcompany.com - host: wms-dev.yourcompany.com
http: http:
paths: paths:
# 基础服务
- path: /api/wms/basic(/|$)(.*) - path: /api/wms/basic(/|$)(.*)
pathType: Prefix pathType: Prefix
backend: backend:
@ -147,8 +112,6 @@ spec:
name: wms-basic-service name: wms-basic-service
port: port:
number: 80 number: 80
# 入库服务
- path: /api/wms/inbound(/|$)(.*) - path: /api/wms/inbound(/|$)(.*)
pathType: Prefix pathType: Prefix
backend: backend:
@ -156,8 +119,6 @@ spec:
name: wms-inbound-service name: wms-inbound-service
port: port:
number: 80 number: 80
# 出库服务
- path: /api/wms/outbound(/|$)(.*) - path: /api/wms/outbound(/|$)(.*)
pathType: Prefix pathType: Prefix
backend: backend:
@ -165,8 +126,6 @@ spec:
name: wms-outbound-service name: wms-outbound-service
port: port:
number: 80 number: 80
# 库存服务
- path: /api/wms/inventory(/|$)(.*) - path: /api/wms/inventory(/|$)(.*)
pathType: Prefix pathType: Prefix
backend: backend:
@ -174,8 +133,6 @@ spec:
name: wms-inventory-service name: wms-inventory-service
port: port:
number: 80 number: 80
# 调度服务
- path: /api/wms/schedule(/|$)(.*) - path: /api/wms/schedule(/|$)(.*)
pathType: Prefix pathType: Prefix
backend: backend:
@ -183,8 +140,6 @@ spec:
name: wms-schedule-service name: wms-schedule-service
port: port:
number: 80 number: 80
# Knife4j 文档
- path: /doc.html - path: /doc.html
pathType: Prefix pathType: Prefix
backend: backend:

84
k8s/kubekey-config-fixed.yaml 100644
View File

@ -0,0 +1,84 @@
apiVersion: kubekey.kubesphere.io/v1
kind: Config
spec:
cni:
calico_version: v3.31.3
cilium_version: 1.18.5
hybridnet_version: 0.6.8
kubeovn_version: v1.15.0
flannel_version: v0.27.4
multus:
image:
tag: v4.3.0
cri:
container_manager: containerd
containerd_version: v1.7.13
crictl_version: v1.33.0
cridockerd_version: v0.3.21
docker_version: 25.0.5
runc_version: v1.1.12
dns:
dns_cache_image:
tag: 1.25.0
dns_image:
tag: v1.12.0
etcd:
etcd_version: v3.5.24
download:
arch:
- amd64
image_registry:
docker_registry_version: 2.8.3
dockercompose_version: v2.20.3
harbor_version: v2.10.2
keepalived_version: 2.0.20
kubernetes:
sandbox_image:
tag: "3.10"
helm_version: v3.18.5
kube_version: v1.33.3
control_plane_endpoint:
kube_vip:
image:
tag: v0.7.2
haproxy:
image:
tag: 2.9.6-alpine
storage_class:
localpv_provisioner_version: 4.4.0
nfs_provisioner_version: 4.0.18
image_manifests:
# kubernetes-v1.33.3
- quay.io/tigera/operator:v1.40.3
- docker.io/calico/apiserver:v3.31.3
- docker.io/calico/cni:v3.31.3
- docker.io/calico/ctl:v3.31.3
- docker.io/calico/csi:v3.31.3
- docker.io/calico/goldmane:v3.31.3
- docker.io/calico/kube-controllers:v3.31.3
- docker.io/calico/node-driver-registrar:v3.31.3
- docker.io/calico/node:v3.31.3
- docker.io/calico/pod2daemon-flexvol:v3.31.3
- docker.io/calico/typha:v3.31.3
- docker.io/calico/whisker-backend:v3.31.3
- docker.io/calico/whisker:v3.31.3
- registry.k8s.io/coredns/coredns:v1.12.0
- registry.k8s.io/dns/k8s-dns-node-cache:1.25.0
- registry.k8s.io/kube-apiserver:v1.33.3
- registry.k8s.io/kube-controller-manager:v1.33.3
- registry.k8s.io/kube-proxy:v1.33.3
- registry.k8s.io/kube-scheduler:v1.33.3
- registry.k8s.io/pause:3.10
- docker.io/openebs/linux-utils:4.3.0
- docker.io/openebs/provisioner-localpv:4.4.0
- docker.io/library/haproxy:2.9.6-alpine
- docker.io/plndr/kube-vip:v0.7.2
# ks-core
- registry.cn-beijing.aliyuncs.com/kse/ks-apiserver:v4.2.1
- registry.cn-beijing.aliyuncs.com/kse/ks-console:v4.2.1
- registry.cn-beijing.aliyuncs.com/kse/ks-controller-manager:v4.2.1
- registry.cn-beijing.aliyuncs.com/kubesphereio/kubectl:v1.33.1
- registry.cn-beijing.aliyuncs.com/kubesphereio/redis:7.2.12-alpine
- registry.cn-beijing.aliyuncs.com/kse/extensions-museum:v11.1.3
- registry.cn-beijing.aliyuncs.com/kse/ks-console-embed:v4.2.1
- registry.cn-beijing.aliyuncs.com/kse/ks-posthog:v2.0.0

123
k8s/kubesphere-config.yaml 100644
View File

@ -0,0 +1,123 @@
apiVersion: installer.kubesphere.io/v1alpha1
kind: ClusterConfiguration
metadata:
name: ks-installer
namespace: kubesphere-system
labels:
version: v3.4.1
spec:
persistence:
storageClass: nfs-sc
authentication:
jwtSecret: ""
regionConfig:
enabled: false
alerting:
enabled: true
thanosRuler:
replicas: 1
resources: {}
auditing:
enabled: true
operator:
replicas: 1
resources: {}
devops:
enabled: true
jenkinsMemoryLim: 2Gi
jenkinsMemoryReq: 1Gi
jenkinsVolumeSize: 8Gi
events:
enabled: true
operator:
replicas: 1
resources: {}
logging:
enabled: true
containerruntime: containerd
logsidecar:
enabled: true
replicas: 2
fluentbit:
enabled: true
monitoring:
enabled: true
storageClass: nfs-sc
kubeRbacEnabled: true
thanosRuler:
replicas: 1
resources: {}
network:
networkpolicy:
enabled: true
ingressNamespace: "kubesphere-contro-ller-namespace"
ingressController:
enabled: true
isDefault: true
ippool:
enabled: true
topology:
enabled: true
notification:
enabled: true
openpitrix:
enabled: true
store:
enabled: true
servicemesh:
enabled: false
istio:
enabled: false
kubesphere:
enabled: true
console:
enableMultiLogin: true
port: 30880
type: NodePort
features:
allowEmptyRequest: true
alerting:
enabled: true
auditing:
enabled: true
devops:
enabled: true
events:
enabled: true
logging:
enabled: true
monitoring:
enabled: true
notification:
enabled: true
openpitrix:
enabled: true
servicemesh:
enabled: false
istio:
enabled: false

33
k8s/namespace.yaml
View File

@ -4,7 +4,7 @@ metadata:
name: wms-system name: wms-system
labels: labels:
name: wms-system name: wms-system
app: cpte-wms kubesphere.io/workspace: wms-workspace
--- ---
apiVersion: v1 apiVersion: v1
kind: ResourceQuota kind: ResourceQuota
@ -13,14 +13,14 @@ metadata:
namespace: wms-system namespace: wms-system
spec: spec:
hard: hard:
requests.cpu: "10" requests.cpu: "20"
requests.memory: 20Gi requests.memory: 40Gi
limits.cpu: "20" limits.cpu: "40"
limits.memory: 40Gi limits.memory: 80Gi
pods: "50" pods: "50"
services: "20" services: "20"
secrets: "20" secrets: "30"
configmaps: "20" configmaps: "30"
--- ---
apiVersion: v1 apiVersion: v1
kind: LimitRange kind: LimitRange
@ -31,14 +31,19 @@ spec:
limits: limits:
- type: Container - type: Container
default: default:
cpu: "500m" cpu: "1"
memory: "512Mi" memory: 1Gi
defaultRequest: defaultRequest:
cpu: "250m" cpu: "500m"
memory: "256Mi" memory: 512Mi
max: max:
cpu: "2" cpu: "4"
memory: "4Gi" memory: 8Gi
min: min:
cpu: "100m" cpu: "100m"
memory: "128Mi" memory: 128Mi
- type: PersistentVolumeClaim
max:
storage: 100Gi
min:
storage: 1Gi

41
k8s/pvc.yaml 100644
View File

@ -0,0 +1,41 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: wms-upload-pvc
namespace: wms-system
labels:
app: cpte-wms
spec:
accessModes:
- ReadWriteMany
storageClassName: nfs-sc
resources:
requests:
storage: 50Gi
---
apiVersion: v1
kind: StorageClass
metadata:
name: nfs-sc
labels:
app: cpte-wms
provisioner: k8s-sigs.io/nfs-subdir-external-provisioner
parameters:
archiveOnDelete: "false"
reclaimPolicy: Delete
volumeBindingMode: Immediate
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: wms-logs-pvc
namespace: wms-system
labels:
app: cpte-wms
spec:
accessModes:
- ReadWriteMany
storageClassName: nfs-sc
resources:
requests:
storage: 20Gi

76
k8s/secrets.yaml 100644
View File

@ -0,0 +1,76 @@
apiVersion: v1
kind: Secret
metadata:
name: wms-redis-secret
namespace: wms-system
labels:
app: cpte-wms
type: Opaque
stringData:
host: "redis-master.wms-system.svc.cluster.local"
port: "6379"
password: "cpte@redis123"
---
apiVersion: v1
kind: Secret
metadata:
name: wms-mysql-secret
namespace: wms-system
labels:
app: cpte-wms
type: Opaque
stringData:
host: "mysql-primary.wms-system.svc.cluster.local"
port: "3306"
username: "wms_user"
password: "cpte@mysql123"
---
apiVersion: v1
kind: Secret
metadata:
name: wms-minio-secret
namespace: wms-system
labels:
app: cpte-wms
type: Opaque
stringData:
access-key: "minioadmin"
secret-key: "minioadmin123"
endpoint: "http://minio.wms-system.svc.cluster.local:9000"
---
apiVersion: v1
kind: Secret
metadata:
name: wms-tls-secret
namespace: wms-system
labels:
app: cpte-wms
type: kubernetes.io/tls
stringData:
tls.crt: |
# 替换为实际的 TLS 证书内容
# 可以使用 cert-manager 自动管理或使用以下命令创建自签名证书:
# kubectl create secret tls wms-tls-secret --cert=path/to/tls.crt --key=path/to/tls.key -n wms-system
PLACEHOLDER_CERTIFICATE
tls.key: |
PLACEHOLDER_KEY
---
apiVersion: v1
kind: Secret
metadata:
name: wms-docker-registry-secret
namespace: wms-system
labels:
app: cpte-wms
type: kubernetes.io/dockerconfigjson
stringData:
.dockerconfigjson: |
{
"auths": {
"registry.yourcompany.com": {
"username": "wms_deployer",
"password": "YOUR_REGISTRY_PASSWORD",
"auth": "BASE64_ENCODED_CREDENTIALS"
}
}
}

20
k8s/services.yaml
View File

@ -17,10 +17,6 @@ spec:
targetPort: 8080 targetPort: 8080
protocol: TCP protocol: TCP
name: http name: http
- port: 8080
targetPort: 8080
protocol: TCP
name: http-metrics
selector: selector:
app: wms-basic app: wms-basic
sessionAffinity: None sessionAffinity: None
@ -44,10 +40,6 @@ spec:
targetPort: 8080 targetPort: 8080
protocol: TCP protocol: TCP
name: http name: http
- port: 8080
targetPort: 8080
protocol: TCP
name: http-metrics
selector: selector:
app: wms-inbound app: wms-inbound
sessionAffinity: None sessionAffinity: None
@ -71,10 +63,6 @@ spec:
targetPort: 8080 targetPort: 8080
protocol: TCP protocol: TCP
name: http name: http
- port: 8080
targetPort: 8080
protocol: TCP
name: http-metrics
selector: selector:
app: wms-outbound app: wms-outbound
sessionAffinity: None sessionAffinity: None
@ -98,10 +86,6 @@ spec:
targetPort: 8080 targetPort: 8080
protocol: TCP protocol: TCP
name: http name: http
- port: 8080
targetPort: 8080
protocol: TCP
name: http-metrics
selector: selector:
app: wms-inventory app: wms-inventory
sessionAffinity: None sessionAffinity: None
@ -125,10 +109,6 @@ spec:
targetPort: 8080 targetPort: 8080
protocol: TCP protocol: TCP
name: http name: http
- port: 8080
targetPort: 8080
protocol: TCP
name: http-metrics
selector: selector:
app: wms-schedule app: wms-schedule
sessionAffinity: None sessionAffinity: None