huojin
/
Cpte-Boot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Cpte-Boot/k8s/services/system-service.yaml

503 lines
15 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# ===== 1. Secret - 应用敏感信息 =====
kind: Secret
apiVersion: v1
metadata:
name: cpte-wms-system-secret
namespace: cpte-wms
annotations:
kubesphere.io/creator: admin
kubesphere.io/description: 系统服务
type: Opaque
stringData:
MYSQL_HOST: "47.103.100.52"
MYSQL_PORT: "53306"
MYSQL_DATABASE: "cpte-wms"
MYSQL_USERNAME: "root"
MYSQL_PASSWORD: "Youchain@56"
REDIS_HOST: "redis-service"
REDIS_PORT: "6379"
REDIS_PASSWORD: "cpte@123"
MAIL_HOST: "smtp.163.com"
MAIL_USERNAME: "cpteos@163.com"
MAIL_PASSWORD: "cpte@123"
DRUID_LOGIN_PASSWORD: "cpte@123"
SIGNATURE_SECRET: "dd05f1c54d63749eda95f9fa6d49v442a"
---
# ===== 2. ConfigMap - 应用配置文件(修复 Shiro 格式)=====
kind: ConfigMap
apiVersion: v1
metadata:
name: cpte-wms-system-conf
namespace: cpte-wms
annotations:
kubesphere.io/creator: admin
kubesphere.io/description: 系统服务配置文件
data:
application.yml: |
server:
port: 8000
tomcat:
max-swallow-size: -1
error:
include-exception: true
include-stacktrace: ALWAYS
include-message: ALWAYS
servlet:
context-path: /cpte-wms
compression:
enabled: true
min-response-size: 1024
mime-types: application/javascript,application/json,application/xml,text/html,text/xml,text/plain,text/css,image/*
management:
endpoints:
web:
exposure:
include: health,info,prometheus,metrics
base-path: /actuator
endpoint:
health:
show-details: when_authorized
probes:
enabled: true
info:
enabled: true
prometheus:
enabled: true
security:
enabled: false
spring:
application:
name: cpte-wms-system
flyway:
enabled: false
clean-disabled: true
servlet:
multipart:
max-file-size: 10MB
max-request-size: 10MB
mail:
timeJobSend: false
host: ${MAIL_HOST}
username: ${MAIL_USERNAME}
password: ${MAIL_PASSWORD}
properties:
mail.smtp.timeout: 10000
mail.smtp.connectiontimeout: 10000
mail.smtp.writetimeout: 10000
mail.smtp.auth: true
mail.smtp.ssl.enable: true
quartz:
job-store-type: jdbc
jdbc:
initialize-schema: embedded
auto-startup: true
startup-delay: 1s
overwrite-existing-jobs: true
properties:
org:
quartz:
scheduler:
instanceName: MyScheduler
instanceId: AUTO
jobStore:
class: org.springframework.scheduling.quartz.LocalDataSourceJobStore
driverDelegateClass: org.quartz.impl.jdbcjobstore.StdJDBCDelegate
tablePrefix: QRTZ_
isClustered: true
misfireThreshold: 12000
clusterCheckinInterval: 15000
threadPool:
class: org.quartz.simpl.SimpleThreadPool
threadCount: 10
threadPriority: 5
threadsInheritContextClassLoaderOfInitializingThread: true
jackson:
date-format: yyyy-MM-dd HH:mm:ss
time-zone: GMT+8
jpa:
open-in-view: false
aop:
proxy-target-class: true
freemarker:
suffix: .ftl
content-type: text/html
charset: UTF-8
cache: false
prefer-file-system-access: false
template-loader-path:
- classpath:/templates
template_update_delay: 0
mvc:
static-path-pattern: /**
pathmatch:
matching-strategy: ant_path_matcher
resource:
static-locations: classpath:/static/,classpath:/public/
autoconfigure:
exclude:
- com.alibaba.druid.spring.boot3.autoconfigure.DruidDataSourceAutoConfigure
- org.springframework.boot.autoconfigure.flyway.FlywayAutoConfiguration
datasource:
druid:
stat-view-servlet:
enabled: true
loginUsername: admin
loginPassword: ${DRUID_LOGIN_PASSWORD}
web-stat-filter:
enabled: true
dynamic:
druid:
initial-size: 5
min-idle: 5
maxActive: 1000
maxWait: 60000
timeBetweenEvictionRunsMillis: 60000
minEvictableIdleTimeMillis: 300000
validationQuery: SELECT 1
testWhileIdle: true
testOnBorrow: false
testOnReturn: false
poolPreparedStatements: true
maxPoolPreparedStatementPerConnectionSize: 20
filters: stat,slf4j
wall:
selectWhereAlwayTrueCheck: false
stat:
slow-sql-millis: 5000
merge-sql: true
datasource:
master:
url: jdbc:mysql://${MYSQL_HOST}:${MYSQL_PORT}/${MYSQL_DATABASE}?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Shanghai&rewriteBatchedStatements=true
username: ${MYSQL_USERNAME}
password: ${MYSQL_PASSWORD}
driver-class-name: com.mysql.cj.jdbc.Driver
data:
redis:
database: 0
host: ${REDIS_HOST}
port: ${REDIS_PORT}
password: ${REDIS_PASSWORD}
mybatis-plus:
mapper-locations: classpath*:org/jeecg/**/xml/*Mapper.xml,classpath*:org/cpte/**/xml/*Mapper.xml
global-config:
banner: false
db-config:
id-type: ASSIGN_ID
table-underline: true
configuration:
log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
call-setners-on-nulls: true
minidao:
base-package: org.jeecg.modules.jmreport.*,org.jeecg.modules.drag.*
# ========== 关键修复Shiro excludeUrls 改为单行 ==========
jeecg:
firewall:
dataSourceSafe: false
lowCodeMode: dev
signatureSecret: ${SIGNATURE_SECRET}
signUrls: /sys/dict/getDictItems/*,/sys/dict/loadDict/*,/sys/dict/loadDictOrderByValue/*,/sys/dict/loadDictItem/*,/sys/dict/loadTreeData,/sys/api/queryTableDictItemsByCode,/sys/api/queryFilterTableDictInfo,/sys/api/queryTableDictByKeys,/sys/api/translateDictFromTable,/sys/api/translateDictFromTableByKeys,/sys/sendChangePwdSms,/sys/user/sendChangePhoneSms,/sys/sms,/desform/api/sendVerifyCode
uploadType: local
domainUrl:
pc: http://101.35.253.46:8000/cpte-wms/sys/common/upload
app: http://101.35.253.46:8051
path:
upload: /home/wms/upload
webapp: /home/wms/webapp
shiro:
excludeUrls: /test/cpteDemo/demo3,/test/cpteDemo/redisDemo/**,/bigscreen/category/**,/bigscreen/visual/**,/bigscreen/map/**,/jmreport/bigscreen2/**,/cpte-wms/actuator/**,/actuator/**
oss:
accessKey: ??
secretKey: ??
endpoint: oss-cn-beijing.aliyuncs.com
bucketName: cptedev
sms-template:
signature:
templateCode:
SMS_175435174:
SMS_465391221:
SMS_175430166:
file-view-domain: http://fileview.cpte.com
minio:
minio_url: http://minio.cpte.com
minio_name: ??
minio_pass: ??
bucketName: otatest
jmreport:
saasMode:
firewall:
dataSourceSafe: false
lowCodeMode: dev
gao-de-api:
api-key: ??
secret-key: ??
redisson:
address: ${REDIS_HOST}:${REDIS_PORT}
password: ${REDIS_PASSWORD}
type: STANDALONE
enabled: true
baidu-api:
app-id: ??
api-key: ??
secret-key: ??
cas:
prefixUrl: http://cas.example.org:8443/cas
logging:
level:
org.springframework.context.support.PostProcessorRegistrationDelegate: error
org.flywaydb: debug
org.jeecg.modules.system.mapper: info
org.jeecg.modules.demo.test.mapper: info
knife4j:
enable: true
production: false
basic:
enable: false
username: cpte
password: cpte1314
justauth:
enabled: true
type:
GITHUB:
client-id: ??
client-secret: ??
redirect-uri: http://101.35.253.46:8000/cpte-wms/sys/thirdLogin/github/callback
WECHAT_ENTERPRISE:
client-id: ??
client-secret: ??
redirect-uri: http://101.35.253.46:8000/cpte-wms/sys/thirdLogin/wechat_enterprise/callback
agent-id: ??
DINGTALK:
client-id: ??
client-secret: ??
redirect-uri: http://101.35.253.46:8000/cpte-wms/sys/thirdLogin/dingtalk/callback
WECHAT_OPEN:
client-id: ??
client-secret: ??
redirect-uri: http://101.35.253.46:8000/cpte-wms/sys/thirdLogin/wechat_open/callback
cache:
type: default
prefix: 'demo::'
timeout: 1h
---
# ===== 3. PersistentVolumeClaim - 文件存储 =====
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: cpte-wms-system-data
namespace: cpte-wms
annotations:
kubesphere.io/creator: admin
kubesphere.io/description: 文件上传存储
spec:
accessModes:
- ReadWriteOnce
storageClassName: local
resources:
requests:
storage: 10Gi
---
# ===== 4. Deployment - 系统服务(修复探针路径)=====
apiVersion: apps/v1
kind: Deployment
metadata:
name: cpte-wms-system
namespace: cpte-wms
labels:
app: cpte-wms-system
version: v1
annotations:
kubesphere.io/description: "WMS-系统服务"
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
app: cpte-wms-system
template:
metadata:
labels:
app: cpte-wms-system
version: v1
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8000"
prometheus.io/path: "/cpte-wms/actuator/prometheus"
spec:
containers:
- name: cpte-wms-system
image: docker.io/library/cpte-wms-system:1.0
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: MYSQL_HOST
valueFrom:
secretKeyRef:
name: cpte-wms-system-secret
key: MYSQL_HOST
- name: MYSQL_PORT
valueFrom:
secretKeyRef:
name: cpte-wms-system-secret
key: MYSQL_PORT
- name: MYSQL_DATABASE
valueFrom:
secretKeyRef:
name: cpte-wms-system-secret
key: MYSQL_DATABASE
- name: MYSQL_USERNAME
valueFrom:
secretKeyRef:
name: cpte-wms-system-secret
key: MYSQL_USERNAME
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: cpte-wms-system-secret
key: MYSQL_PASSWORD
- name: REDIS_HOST
valueFrom:
secretKeyRef:
name: cpte-wms-system-secret
key: REDIS_HOST
- name: REDIS_PORT
valueFrom:
secretKeyRef:
name: cpte-wms-system-secret
key: REDIS_PORT
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: cpte-wms-system-secret
key: REDIS_PASSWORD
- name: MAIL_HOST
valueFrom:
secretKeyRef:
name: cpte-wms-system-secret
key: MAIL_HOST
- name: MAIL_USERNAME
valueFrom:
secretKeyRef:
name: cpte-wms-system-secret
key: MAIL_USERNAME
- name: MAIL_PASSWORD
valueFrom:
secretKeyRef:
name: cpte-wms-system-secret
key: MAIL_PASSWORD
- name: DRUID_LOGIN_PASSWORD
valueFrom:
secretKeyRef:
name: cpte-wms-system-secret
key: DRUID_LOGIN_PASSWORD
- name: SIGNATURE_SECRET
valueFrom:
secretKeyRef:
name: cpte-wms-system-secret
key: SIGNATURE_SECRET
- name: JAVA_OPTS
value: "-Xms512m -Xmx2048m -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/app/logs/heapdump.hprof"
resources:
requests:
cpu: "500m"
memory: "1Gi"
limits:
cpu: "2000m"
memory: "2Gi"
# ========== 关键修复 3: 探针路径 ==========
livenessProbe:
httpGet:
path: /cpte-wms/actuator/health/liveness # ✅ 包含 context-path
port: 8000
initialDelaySeconds: 180
periodSeconds: 20
timeoutSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /cpte-wms/actuator/health/readiness # ✅ 包含 context-path
port: 8000
initialDelaySeconds: 120
periodSeconds: 15
timeoutSeconds: 10
failureThreshold: 3
startupProbe:
httpGet:
path: /cpte-wms/actuator/health/liveness # ✅ 包含 context-path
port: 8000
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 90
volumeMounts:
- name: cpte-wms-system-conf
mountPath: /app/application.yml
subPath: application.yml
readOnly: true
- name: cpte-wms-system-data
mountPath: /home/wms
- name: host-time
mountPath: /etc/localtime
readOnly: true
securityContext:
runAsNonRoot: false
volumes:
- name: cpte-wms-system-conf
configMap:
name: cpte-wms-system-conf
items:
- key: application.yml
path: application.yml
- name: cpte-wms-system-data
persistentVolumeClaim:
claimName: cpte-wms-system-data
- name: host-time
hostPath:
path: /etc/localtime
type: File
restartPolicy: Always
---
# ===== 5. Service - ClusterIP 集群内访问 =====
kind: Service
apiVersion: v1
metadata:
name: cpte-wms-system
namespace: cpte-wms
labels:
app: cpte-wms-system
spec:
ports:
- name: http
protocol: TCP
port: 8000
targetPort: 8000
selector:
app: cpte-wms-system
clusterIP: 10.233.44.59
clusterIPs:
- 10.233.44.59
type: ClusterIP
sessionAffinity: None
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
internalTrafficPolicy: Cluster
Reference in New Issue View Git Blame Copy Permalink