# ============================================================ # 通用 ConfigMap 模板(非敏感配置) # 用于所有 34 个微服务 # ============================================================ # 此模板展示如何为微服务创建 ConfigMap # 将 [SERVICE_NAME] 替换为实际的服务名称(如 shop-recycle-payment) # 将 [PORT] 替换为实际的端口号(从 conf/application.yml 中获取) --- apiVersion: v1 kind: ConfigMap metadata: name: [SERVICE_NAME]-config namespace: default labels: app: [SERVICE_NAME] config-type: public version: "1.0.0" data: # 应用配置文件(非敏感部分) application.yml: | server: port: [PORT] servlet: context-path: [CONTEXT_PATH] # 可选,如 /login-center spring: application: name: [SERVICE_NAME] main: allow-bean-definition-overriding: true cloud: nacos: discovery: server-addr: ${NACOS_SERVER_ADDR:nacos.bak.com}:${NACOS_PORT:8848} service: ${spring.application.name} weight: 1 # 数据库配置(如果需要) # datasource: # type: com.zaxxer.hikari.HikariDataSource # driver-class-name: com.mysql.cj.jdbc.Driver # url: jdbc:mysql://[DB_HOST]:3306/[DATABASE_NAME]?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=CTT&allowMultiQueries=true # username: ${DB_USERNAME} # 从 Secret 注入 # password: ${DB_PASSWORD} # 从 Secret 注入 # hikari: # connection-timeout: 30000 # maximum-pool-size: [POOL_SIZE] # 根据服务调整,通常 10-100 # minimum-idle: 1 # Redis Sentinel 配置 redis: sentinel: master: mymaster nodes: - redis.jxfx1.com:27000 - redis.jxfx2.com:27000 - redis.jxfx3.com:27000 password: ${REDIS_PASSWORD} # 从 Secret 注入 database: ${REDIS_DATABASE:15} # RabbitMQ 配置 rabbitmq: host: mq.bak.com port: 5672 username: ${RABBITMQ_USERNAME} # 从 Secret 注入 password: ${RABBITMQ_PASSWORD} # 从 Secret 注入 virtualHost: [VHOST_NAME] # 如 shop-recycle-msg, shop-recycle-order-image 等 # Logging 配置 logging: level: org.springframework: INFO com.ssm: DEBUG # Dubbo 配置(如果需要) # dubbo: # application: # name: ${spring.application.name} # provider: # registry: # address: nacos://${NACOS_SERVER_ADDR:nacos.bak.com}:${NACOS_PORT:8848} # filter: tracing # protocol: # name: dubbo # port: [DUBBO_PORT] # consumer: # registry: # address: nacos://${NACOS_SERVER_ADDR:nacos.bak.com}:${NACOS_PORT:8848} # MyBatis Plus 配置(如果需要) # mybatis-plus: # mapper-locations: classpath:/mapper/*Mapper.xml # global-config: # id-type: 0 # db-column-underline: true # logic-delete-value: 1 # logic-not-delete-value: 0 # configuration: # map-underscore-to-camel-case: true # cache-enabled: false # MongoDB 配置(如果需要) # data: # mongodb: # database: recycle # host: mg.bak.com # port: 27017 # username: ${MONGODB_USERNAME} # 从 Secret 注入 # password: ${MONGODB_PASSWORD} # 从 Secret 注入 # 业务配置 nacos: service-address: nacos.bak.com port: 8848 # Swagger 配置 swagger: show: false is-reveal-error: true # 应用配置文件(properties 格式) application.properties: | spring.application.name=[SERVICE_NAME] spring.protocol.name=spring server.port=[PORT] --- # ============================================================ # 通用 Deployment 模板 # ============================================================ apiVersion: apps/v1 kind: Deployment metadata: name: [SERVICE_NAME] namespace: default labels: app: [SERVICE_NAME] service-type: [SERVICE_TYPE] # 如:backend, web, gateway version: "1.0.0" spec: replicas: [REPLICAS] # dev=1, staging=2, prod=3 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 selector: matchLabels: app: [SERVICE_NAME] template: metadata: labels: app: [SERVICE_NAME] service-type: [SERVICE_TYPE] version: "1.0.0" annotations: prometheus.io/scrape: "true" prometheus.io/port: "[PORT]" prometheus.io/path: "/actuator/prometheus" spec: containers: - name: [SERVICE_NAME] image: [IMAGE_REGISTRY]/[SERVICE_NAME]:[IMAGE_TAG] imagePullPolicy: IfNotPresent # 端口配置 ports: - name: http containerPort: [PORT] protocol: TCP # 环境变量 - 来自 ConfigMap envFrom: - configMapRef: name: [SERVICE_NAME]-config # 环境变量 - 来自 Secret(敏感信息) env: # JVM 参数 - name: JAVA_OPTS value: "-Djava.awt.headless=true -Djava.net.preferIPv4Stack=true -Xss256k -XX:+DisableExplicitGC" - name: TZ value: "Asia/Shanghai" # 数据库凭证(从 common-db-credentials Secret) - name: DB_USERNAME valueFrom: secretKeyRef: name: common-db-credentials key: db-username - name: DB_PASSWORD valueFrom: secretKeyRef: name: common-db-credentials key: db-password - name: DB_HOST valueFrom: secretKeyRef: name: common-db-credentials key: db-host # Redis 凭证(从 common-redis-credentials Secret) - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: common-redis-credentials key: redis-password - name: REDIS_DATABASE valueFrom: secretKeyRef: name: common-redis-credentials key: redis-database # RabbitMQ 凭证(从 common-rabbitmq-credentials Secret) - name: RABBITMQ_USERNAME valueFrom: secretKeyRef: name: common-rabbitmq-credentials key: rabbitmq-username - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: name: common-rabbitmq-credentials key: rabbitmq-password # 微信凭证(仅 5 个需要微信配置的服务) # - name: WECHAT_STORE_APP_SECRET # valueFrom: # secretKeyRef: # name: wechat-credentials # key: store-app-secret # 挂载 ConfigMap volumeMounts: - name: config-volume mountPath: /app/conf readOnly: true # 资源限制 resources: requests: cpu: [REQUEST_CPU] # 根据服务调整,通常 100m-500m memory: [REQUEST_MEMORY] # 根据服务调整,通常 256Mi-1Gi limits: cpu: [LIMIT_CPU] # 通常为 requests 的 2-4 倍 memory: [LIMIT_MEMORY] # 通常为 requests 的 2 倍 # 健康检查 - 就绪探针 readinessProbe: httpGet: path: /actuator/health/readiness port: http scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 # 健康检查 - 存活探针 livenessProbe: httpGet: path: /actuator/health/liveness port: http scheme: HTTP initialDelaySeconds: 60 periodSeconds: 15 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 # 启动检查 startupProbe: httpGet: path: /actuator/health port: http scheme: HTTP initialDelaySeconds: 0 periodSeconds: 5 timeoutSeconds: 3 successThreshold: 1 failureThreshold: 30 # 优雅关闭 lifecycle: preStop: exec: command: ["/bin/sh", "-c", "sleep 15"] # 卷配置 volumes: - name: config-volume configMap: name: [SERVICE_NAME]-config items: - key: application.yml path: application.yml - key: application.properties path: application.properties # Pod 调度策略 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - [SERVICE_NAME] topologyKey: kubernetes.io/hostname # 容忍污点 tolerations: - key: "apps" operator: "Equal" value: "true" effect: "NoSchedule" # 安全上下文 securityContext: runAsNonRoot: false runAsUser: 0 # 终止宽限期 terminationGracePeriodSeconds: 30 --- # ============================================================ # 通用 Service 模板 # ============================================================ apiVersion: v1 kind: Service metadata: name: [SERVICE_NAME] namespace: default labels: app: [SERVICE_NAME] service-type: [SERVICE_TYPE] annotations: description: "[SERVICE_DESCRIPTION]" spec: type: ClusterIP selector: app: [SERVICE_NAME] ports: - name: http port: [PORT] targetPort: [PORT] protocol: TCP sessionAffinity: ClientIP sessionAffinityConfig: clientIP: timeoutSeconds: 10800