microservice-helm/gateway-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: shop-recycle-gateway
  namespace: default
  labels:
    app: shop-recycle-gateway
    service: gateway
    version: "1.0.0"
spec:
  replicas: 2  # 根据环境调整：dev=1, staging=2, prod=3
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  selector:
    matchLabels:
      app: shop-recycle-gateway
  template:
    metadata:
      labels:
        app: shop-recycle-gateway
        service: gateway
        version: "1.0.0"
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "1211"
        prometheus.io/path: "/actuator/prometheus"
    spec:
      containers:
      - name: shop-recycle-gateway
        image: shop-recycle-gateway:1.0.0  # 使用本地镜像或修改为完整镜像路径
        imagePullPolicy: IfNotPresent
        
        # 端口配置
        ports:
        - name: http
          containerPort: 1211
          protocol: TCP
        - name: sentinel
          containerPort: 8005
          protocol: TCP
        
        # 环境变量
        env:
        - name: JAVA_OPTS
          value: "-Djava.awt.headless=true -Djava.net.preferIPv4Stack=true -Xss256k -XX:+DisableExplicitGC"
        - name: TZ
          value: "Asia/Shanghai"
        
        # Redis 凭证（从 common-redis-credentials Secret）
        - name: REDIS_PASSWORD
          valueFrom:
            secretKeyRef:
              name: common-redis-credentials
              key: redis-password
        - name: REDIS_DATABASE
          valueFrom:
            secretKeyRef:
              name: common-redis-credentials
              key: redis-database
        
        # 挂载配置文件
        volumeMounts:
        - name: config-volume
          mountPath: /app/conf
          readOnly: true
        
        # 资源限制
        resources:
          requests:
            cpu: 250m
            memory: 512Mi
          limits:
            cpu: 1000m
            memory: 1024Mi
        
        # 健康检查 - 就绪检查
        readinessProbe:
          httpGet:
            path: /actuator/health/readiness
            port: http
            scheme: HTTP
          initialDelaySeconds: 30
          periodSeconds: 10
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 3
        
        # 健康检查 - 存活检查
        livenessProbe:
          httpGet:
            path: /actuator/health/liveness
            port: http
            scheme: HTTP
          initialDelaySeconds: 60
          periodSeconds: 15
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 3
        
        # 启动检查（K8S 1.16+）
        startupProbe:
          httpGet:
            path: /actuator/health
            port: http
            scheme: HTTP
          initialDelaySeconds: 0
          periodSeconds: 5
          timeoutSeconds: 3
          successThreshold: 1
          failureThreshold: 30  # 最多等待 30*5=150 秒启动
        
        # 生命周期钩子
        lifecycle:
          preStop:
            exec:
              command: ["/bin/sh", "-c", "sleep 15"]  # 优雅关闭延迟
      
      # 配置卷
      volumes:
      - name: config-volume
        configMap:
          name: shop-recycle-gateway-config
          items:
          - key: application.yml
            path: application.yml
          - key: application.properties
            path: application.properties
      
      # Pod 调度策略
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: app
                  operator: In
                  values:
                  - shop-recycle-gateway
              topologyKey: kubernetes.io/hostname
      
      # 容忍污点
      tolerations:
      - key: "apps"
        operator: "Equal"
        value: "true"
        effect: "NoSchedule"
      
      # 安全上下文
      securityContext:
        runAsNonRoot: false
        runAsUser: 0
      
      # 终止宽限期（等待优雅关闭的时间）
      terminationGracePeriodSeconds: 30