# ===== 1. Secret - 应用敏感信息 ===== kind: Secret apiVersion: v1 metadata: name: cpte-wms-basic-secret namespace: cpte-wms annotations: kubesphere.io/creator: admin kubesphere.io/description: 基础服务 type: Opaque stringData: MYSQL_HOST: "47.103.100.52" MYSQL_PORT: "53306" MYSQL_DATABASE: "cpte-wms" MYSQL_USERNAME: "root" MYSQL_PASSWORD: "Youchain@56" REDIS_HOST: "redis-service" REDIS_PORT: "6379" REDIS_PASSWORD: "cpte@123" MAIL_HOST: "smtp.163.com" MAIL_USERNAME: "cpteos@163.com" MAIL_PASSWORD: "cpte@123" DRUID_LOGIN_PASSWORD: "cpte@123" SIGNATURE_SECRET: "dd05f1c54d63749eda95f9fa6d49v442a" --- # ===== 2. ConfigMap - 应用配置文件(修复 Shiro 格式)===== kind: ConfigMap apiVersion: v1 metadata: name: cpte-wms-basic-conf namespace: cpte-wms annotations: kubesphere.io/creator: admin kubesphere.io/description: 基础服务配置文件 data: application.yml: | server: port: 8001 tomcat: max-swallow-size: -1 error: include-exception: true include-stacktrace: ALWAYS include-message: ALWAYS servlet: context-path: /cpte-wms-basic compression: enabled: true min-response-size: 1024 mime-types: application/javascript,application/json,application/xml,text/html,text/xml,text/plain,text/css,image/* management: endpoints: web: exposure: include: health,info,prometheus,metrics base-path: /actuator endpoint: health: show-details: when_authorized probes: enabled: true info: enabled: true prometheus: enabled: true security: enabled: false spring: application: name: cpte-wms-basic flyway: enabled: false clean-disabled: true servlet: multipart: max-file-size: 10MB max-request-size: 10MB mail: timeJobSend: false host: ${MAIL_HOST} username: ${MAIL_USERNAME} password: ${MAIL_PASSWORD} properties: mail.smtp.timeout: 10000 mail.smtp.connectiontimeout: 10000 mail.smtp.writetimeout: 10000 mail.smtp.auth: true mail.smtp.ssl.enable: true jackson: date-format: yyyy-MM-dd HH:mm:ss time-zone: GMT+8 jpa: open-in-view: false aop: proxy-target-class: true freemarker: suffix: .ftl content-type: text/html charset: UTF-8 cache: false prefer-file-system-access: false template-loader-path: - classpath:/templates template_update_delay: 0 mvc: static-path-pattern: /** pathmatch: matching-strategy: ant_path_matcher resource: static-locations: classpath:/static/,classpath:/public/ autoconfigure: exclude: - com.alibaba.druid.spring.boot3.autoconfigure.DruidDataSourceAutoConfigure - org.springframework.boot.autoconfigure.flyway.FlywayAutoConfiguration datasource: druid: stat-view-servlet: enabled: true loginUsername: admin loginPassword: ${DRUID_LOGIN_PASSWORD} web-stat-filter: enabled: true dynamic: druid: initial-size: 5 min-idle: 5 maxActive: 1000 maxWait: 60000 timeBetweenEvictionRunsMillis: 60000 minEvictableIdleTimeMillis: 300000 validationQuery: SELECT 1 testWhileIdle: true testOnBorrow: false testOnReturn: false poolPreparedStatements: true maxPoolPreparedStatementPerConnectionSize: 20 filters: stat,slf4j wall: selectWhereAlwayTrueCheck: false stat: slow-sql-millis: 5000 merge-sql: true datasource: master: url: jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT}/${MYSQL_DATABASE}?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Shanghai&rewriteBatchedStatements=true username: ${MYSQL_USERNAME} password: ${MYSQL_PASSWORD} driver-class-name: com.mysql.cj.jdbc.Driver data: redis: database: 0 host: ${REDIS_HOST} port: ${REDIS_PORT} password: ${REDIS_PASSWORD} mybatis-plus: mapper-locations: classpath*:org/jeecg/**/xml/*Mapper.xml,classpath*:org/cpte/**/xml/*Mapper.xml global-config: banner: false db-config: id-type: ASSIGN_ID table-underline: true configuration: log-impl: org.apache.ibatis.logging.stdout.StdOutImpl call-setners-on-nulls: true minidao: base-package: org.jeecg.modules.jmreport.*,org.jeecg.modules.drag.* # ========== 关键修复:Shiro excludeUrls 改为单行 ========== jeecg: firewall: dataSourceSafe: false lowCodeMode: dev signatureSecret: ${SIGNATURE_SECRET} signUrls: /sys/dict/getDictItems/*,/sys/dict/loadDict/*,/sys/dict/loadDictOrderByValue/*,/sys/dict/loadDictItem/*,/sys/dict/loadTreeData,/sys/api/queryTableDictItemsByCode,/sys/api/queryFilterTableDictInfo,/sys/api/queryTableDictByKeys,/sys/api/translateDictFromTable,/sys/api/translateDictFromTableByKeys,/sys/sendChangePwdSms,/sys/user/sendChangePhoneSms,/sys/sms,/desform/api/sendVerifyCode uploadType: local domainUrl: pc: http://101.35.253.46:8001/cpte-wms-basic/sys/common/upload app: http://101.35.253.46:8051 path: upload: /home/wms/upload webapp: /home/wms/webapp shiro: excludeUrls: /test/cpteDemo/demo3,/test/cpteDemo/redisDemo/**,/bigscreen/category/**,/bigscreen/visual/**,/bigscreen/map/**,/jmreport/bigscreen2/**,/cpte-wms-basic/actuator/**,/actuator/** oss: accessKey: ?? secretKey: ?? endpoint: oss-cn-beijing.aliyuncs.com bucketName: cptedev sms-template: signature: templateCode: SMS_175435174: SMS_465391221: SMS_175430166: file-view-domain: http://fileview.cpte.com minio: minio_url: http://minio.cpte.com minio_name: ?? minio_pass: ?? bucketName: otatest jmreport: saasMode: firewall: dataSourceSafe: false lowCodeMode: dev gao-de-api: api-key: ?? secret-key: ?? redisson: address: ${REDIS_HOST}:${REDIS_PORT} password: ${REDIS_PASSWORD} type: STANDALONE enabled: true baidu-api: app-id: ?? api-key: ?? secret-key: ?? cas: prefixUrl: http://cas.example.org:8443/cas logging: level: org.springframework.context.support.PostProcessorRegistrationDelegate: error org.flywaydb: debug org.jeecg.modules.system.mapper: info org.jeecg.modules.demo.test.mapper: info knife4j: enable: true production: false basic: enable: false username: cpte password: cpte1314 justauth: enabled: true type: GITHUB: client-id: ?? client-secret: ?? redirect-uri: http://101.35.253.46:8000/cpte-wms/sys/thirdLogin/github/callback WECHAT_ENTERPRISE: client-id: ?? client-secret: ?? redirect-uri: http://101.35.253.46:8000/cpte-wms/sys/thirdLogin/wechat_enterprise/callback agent-id: ?? DINGTALK: client-id: ?? client-secret: ?? redirect-uri: http://101.35.253.46:8000/cpte-wms/sys/thirdLogin/dingtalk/callback WECHAT_OPEN: client-id: ?? client-secret: ?? redirect-uri: http://101.35.253.46:8000/cpte-wms/sys/thirdLogin/wechat_open/callback cache: type: default prefix: 'demo::' timeout: 1h --- # ===== 3. PersistentVolumeClaim - 文件存储 ===== apiVersion: v1 kind: PersistentVolumeClaim metadata: name: cpte-wms-basic-data namespace: cpte-wms annotations: kubesphere.io/creator: admin kubesphere.io/description: 文件上传存储 spec: accessModes: - ReadWriteOnce storageClassName: local resources: requests: storage: 10Gi --- # ===== 4. Deployment - 系统服务(修复探针路径)===== apiVersion: apps/v1 kind: Deployment metadata: name: cpte-wms-basic namespace: cpte-wms labels: app: cpte-wms-basic version: v1 annotations: kubesphere.io/description: "WMS-基础服务" spec: replicas: 1 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 selector: matchLabels: app: cpte-wms-basic template: metadata: labels: app: cpte-wms-basic version: v1 annotations: prometheus.io/scrape: "true" prometheus.io/port: "8001" prometheus.io/path: "/cpte-wms-basic/actuator/prometheus" spec: containers: - name: cpte-wms-basic image: docker.io/library/cpte-wms-basic:1.0 imagePullPolicy: IfNotPresent ports: - name: http containerPort: 8001 protocol: TCP env: - name: MYSQL_HOST valueFrom: secretKeyRef: name: cpte-wms-basic-secret key: MYSQL_HOST - name: MYSQL_PORT valueFrom: secretKeyRef: name: cpte-wms-basic-secret key: MYSQL_PORT - name: MYSQL_DATABASE valueFrom: secretKeyRef: name: cpte-wms-basic-secret key: MYSQL_DATABASE - name: MYSQL_USERNAME valueFrom: secretKeyRef: name: cpte-wms-basic-secret key: MYSQL_USERNAME - name: MYSQL_PASSWORD valueFrom: secretKeyRef: name: cpte-wms-basic-secret key: MYSQL_PASSWORD - name: REDIS_HOST valueFrom: secretKeyRef: name: cpte-wms-basic-secret key: REDIS_HOST - name: REDIS_PORT valueFrom: secretKeyRef: name: cpte-wms-basic-secret key: REDIS_PORT - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: cpte-wms-basic-secret key: REDIS_PASSWORD - name: MAIL_HOST valueFrom: secretKeyRef: name: cpte-wms-basic-secret key: MAIL_HOST - name: MAIL_USERNAME valueFrom: secretKeyRef: name: cpte-wms-basic-secret key: MAIL_USERNAME - name: MAIL_PASSWORD valueFrom: secretKeyRef: name: cpte-wms-basic-secret key: MAIL_PASSWORD - name: DRUID_LOGIN_PASSWORD valueFrom: secretKeyRef: name: cpte-wms-basic-secret key: DRUID_LOGIN_PASSWORD - name: SIGNATURE_SECRET valueFrom: secretKeyRef: name: cpte-wms-basic-secret key: SIGNATURE_SECRET - name: JAVA_OPTS value: "-Xms512m -Xmx2048m -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/app/logs/heapdump.hprof" resources: requests: cpu: "500m" memory: "1Gi" limits: cpu: "2000m" memory: "2Gi" # ========== 关键修复 3: 探针路径 ========== livenessProbe: httpGet: path: /cpte-wms-basic/actuator/health/liveness # ✅ 包含 context-path port: 8001 initialDelaySeconds: 180 periodSeconds: 20 timeoutSeconds: 10 failureThreshold: 3 readinessProbe: httpGet: path: /cpte-wms-basic/actuator/health/readiness # ✅ 包含 context-path port: 8001 initialDelaySeconds: 120 periodSeconds: 15 timeoutSeconds: 10 failureThreshold: 3 startupProbe: httpGet: path: /cpte-wms-basic/actuator/health/liveness # ✅ 包含 context-path port: 8001 initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 90 volumeMounts: - name: cpte-wms-basic-conf mountPath: /app/application.yml subPath: application.yml readOnly: true - name: cpte-wms-basic-data mountPath: /home/wms - name: host-time mountPath: /etc/localtime readOnly: true securityContext: runAsNonRoot: false volumes: - name: cpte-wms-basic-conf configMap: name: cpte-wms-basic-conf items: - key: application.yml path: application.yml - name: cpte-wms-basic-data persistentVolumeClaim: claimName: cpte-wms-basic-data - name: host-time hostPath: path: /etc/localtime type: File restartPolicy: Always --- # ===== 5. Service - ClusterIP 集群内访问 ===== kind: Service apiVersion: v1 metadata: name: cpte-wms-basic namespace: cpte-wms labels: app: cpte-wms-basic spec: ports: - name: cpte-wms-basic protocol: TCP port: 8001 targetPort: 8001 selector: app: cpte-wms-basic clusterIP: 10.233.42.190 clusterIPs: - 10.233.42.190 type: ClusterIP sessionAffinity: None ipFamilies: - IPv4 ipFamilyPolicy: SingleStack internalTrafficPolicy: Cluster