microservice-helm/service-configmap-deployment-template.yaml

# ============================================================
# 通用 ConfigMap 模板（非敏感配置）
# 用于所有 34 个微服务
# ============================================================

# 此模板展示如何为微服务创建 ConfigMap
# 将 [SERVICE_NAME] 替换为实际的服务名称（如 shop-recycle-payment）
# 将 [PORT] 替换为实际的端口号（从 conf/application.yml 中获取）

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: [SERVICE_NAME]-config
  namespace: default
  labels:
    app: [SERVICE_NAME]
    config-type: public
    version: "1.0.0"
data:
  # 应用配置文件（非敏感部分）
  application.yml: |
    server:
      port: [PORT]
      servlet:
        context-path: [CONTEXT_PATH]  # 可选，如 /login-center
    
    spring:
      application:
        name: [SERVICE_NAME]
      main:
        allow-bean-definition-overriding: true
      
      cloud:
        nacos:
          discovery:
            server-addr: ${NACOS_SERVER_ADDR:nacos.bak.com}:${NACOS_PORT:8848}
            service: ${spring.application.name}
            weight: 1
      
      # 数据库配置（如果需要）
      # datasource:
      #   type: com.zaxxer.hikari.HikariDataSource
      #   driver-class-name: com.mysql.cj.jdbc.Driver
      #   url: jdbc:mysql://[DB_HOST]:3306/[DATABASE_NAME]?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=CTT&allowMultiQueries=true
      #   username: ${DB_USERNAME}      # 从 Secret 注入
      #   password: ${DB_PASSWORD}      # 从 Secret 注入
      #   hikari:
      #     connection-timeout: 30000
      #     maximum-pool-size: [POOL_SIZE]  # 根据服务调整，通常 10-100
      #     minimum-idle: 1
      
      # Redis Sentinel 配置
      redis:
        sentinel:
          master: mymaster
          nodes:
            - redis.jxfx1.com:27000
            - redis.jxfx2.com:27000
            - redis.jxfx3.com:27000
        password: ${REDIS_PASSWORD}    # 从 Secret 注入
        database: ${REDIS_DATABASE:15}
      
      # RabbitMQ 配置
      rabbitmq:
        host: mq.bak.com
        port: 5672
        username: ${RABBITMQ_USERNAME}  # 从 Secret 注入
        password: ${RABBITMQ_PASSWORD}  # 从 Secret 注入
        virtualHost: [VHOST_NAME]  # 如 shop-recycle-msg, shop-recycle-order-image 等
    
    # Logging 配置
    logging:
      level:
        org.springframework: INFO
        com.ssm: DEBUG
    
    # Dubbo 配置（如果需要）
    # dubbo:
    #   application:
    #     name: ${spring.application.name}
    #   provider:
    #     registry:
    #       address: nacos://${NACOS_SERVER_ADDR:nacos.bak.com}:${NACOS_PORT:8848}
    #     filter: tracing
    #   protocol:
    #     name: dubbo
    #     port: [DUBBO_PORT]
    #   consumer:
    #     registry:
    #       address: nacos://${NACOS_SERVER_ADDR:nacos.bak.com}:${NACOS_PORT:8848}
    
    # MyBatis Plus 配置（如果需要）
    # mybatis-plus:
    #   mapper-locations: classpath:/mapper/*Mapper.xml
    #   global-config:
    #     id-type: 0
    #     db-column-underline: true
    #     logic-delete-value: 1
    #     logic-not-delete-value: 0
    #   configuration:
    #     map-underscore-to-camel-case: true
    #     cache-enabled: false
    
    # MongoDB 配置（如果需要）
    # data:
    #   mongodb:
    #     database: recycle
    #     host: mg.bak.com
    #     port: 27017
    #     username: ${MONGODB_USERNAME}  # 从 Secret 注入
    #     password: ${MONGODB_PASSWORD}  # 从 Secret 注入
    
    # 业务配置
    nacos:
      service-address: nacos.bak.com
      port: 8848
    
    # Swagger 配置
    swagger:
      show: false
    
    is-reveal-error: true
  
  # 应用配置文件（properties 格式）
  application.properties: |
    spring.application.name=[SERVICE_NAME]
    spring.protocol.name=spring
    server.port=[PORT]

---
# ============================================================
# 通用 Deployment 模板
# ============================================================

apiVersion: apps/v1
kind: Deployment
metadata:
  name: [SERVICE_NAME]
  namespace: default
  labels:
    app: [SERVICE_NAME]
    service-type: [SERVICE_TYPE]  # 如：backend, web, gateway
    version: "1.0.0"
spec:
  replicas: [REPLICAS]  # dev=1, staging=2, prod=3
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  selector:
    matchLabels:
      app: [SERVICE_NAME]
  template:
    metadata:
      labels:
        app: [SERVICE_NAME]
        service-type: [SERVICE_TYPE]
        version: "1.0.0"
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "[PORT]"
        prometheus.io/path: "/actuator/prometheus"
    spec:
      containers:
      - name: [SERVICE_NAME]
        image: [IMAGE_REGISTRY]/[SERVICE_NAME]:[IMAGE_TAG]
        imagePullPolicy: IfNotPresent
        
        # 端口配置
        ports:
        - name: http
          containerPort: [PORT]
          protocol: TCP
        
        # 环境变量 - 来自 ConfigMap
        envFrom:
        - configMapRef:
            name: [SERVICE_NAME]-config
        
        # 环境变量 - 来自 Secret（敏感信息）
        env:
        # JVM 参数
        - name: JAVA_OPTS
          value: "-Djava.awt.headless=true -Djava.net.preferIPv4Stack=true -Xss256k -XX:+DisableExplicitGC"
        - name: TZ
          value: "Asia/Shanghai"
        
        # 数据库凭证（从 common-db-credentials Secret）
        - name: DB_USERNAME
          valueFrom:
            secretKeyRef:
              name: common-db-credentials
              key: db-username
        - name: DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: common-db-credentials
              key: db-password
        - name: DB_HOST
          valueFrom:
            secretKeyRef:
              name: common-db-credentials
              key: db-host
        
        # Redis 凭证（从 common-redis-credentials Secret）
        - name: REDIS_PASSWORD
          valueFrom:
            secretKeyRef:
              name: common-redis-credentials
              key: redis-password
        - name: REDIS_DATABASE
          valueFrom:
            secretKeyRef:
              name: common-redis-credentials
              key: redis-database
        
        # RabbitMQ 凭证（从 common-rabbitmq-credentials Secret）
        - name: RABBITMQ_USERNAME
          valueFrom:
            secretKeyRef:
              name: common-rabbitmq-credentials
              key: rabbitmq-username
        - name: RABBITMQ_PASSWORD
          valueFrom:
            secretKeyRef:
              name: common-rabbitmq-credentials
              key: rabbitmq-password
        
        # 微信凭证（仅 5 个需要微信配置的服务）
        # - name: WECHAT_STORE_APP_SECRET
        #   valueFrom:
        #     secretKeyRef:
        #       name: wechat-credentials
        #       key: store-app-secret
        
        # 挂载 ConfigMap
        volumeMounts:
        - name: config-volume
          mountPath: /app/conf
          readOnly: true
        
        # 资源限制
        resources:
          requests:
            cpu: [REQUEST_CPU]      # 根据服务调整，通常 100m-500m
            memory: [REQUEST_MEMORY] # 根据服务调整，通常 256Mi-1Gi
          limits:
            cpu: [LIMIT_CPU]        # 通常为 requests 的 2-4 倍
            memory: [LIMIT_MEMORY]  # 通常为 requests 的 2 倍
        
        # 健康检查 - 就绪探针
        readinessProbe:
          httpGet:
            path: /actuator/health/readiness
            port: http
            scheme: HTTP
          initialDelaySeconds: 30
          periodSeconds: 10
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 3
        
        # 健康检查 - 存活探针
        livenessProbe:
          httpGet:
            path: /actuator/health/liveness
            port: http
            scheme: HTTP
          initialDelaySeconds: 60
          periodSeconds: 15
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 3
        
        # 启动检查
        startupProbe:
          httpGet:
            path: /actuator/health
            port: http
            scheme: HTTP
          initialDelaySeconds: 0
          periodSeconds: 5
          timeoutSeconds: 3
          successThreshold: 1
          failureThreshold: 30
        
        # 优雅关闭
        lifecycle:
          preStop:
            exec:
              command: ["/bin/sh", "-c", "sleep 15"]
      
      # 卷配置
      volumes:
      - name: config-volume
        configMap:
          name: [SERVICE_NAME]-config
          items:
          - key: application.yml
            path: application.yml
          - key: application.properties
            path: application.properties
      
      # Pod 调度策略
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: app
                  operator: In
                  values:
                  - [SERVICE_NAME]
              topologyKey: kubernetes.io/hostname
      
      # 容忍污点
      tolerations:
      - key: "apps"
        operator: "Equal"
        value: "true"
        effect: "NoSchedule"
      
      # 安全上下文
      securityContext:
        runAsNonRoot: false
        runAsUser: 0
      
      # 终止宽限期
      terminationGracePeriodSeconds: 30

---
# ============================================================
# 通用 Service 模板
# ============================================================

apiVersion: v1
kind: Service
metadata:
  name: [SERVICE_NAME]
  namespace: default
  labels:
    app: [SERVICE_NAME]
    service-type: [SERVICE_TYPE]
  annotations:
    description: "[SERVICE_DESCRIPTION]"
spec:
  type: ClusterIP
  selector:
    app: [SERVICE_NAME]
  ports:
  - name: http
    port: [PORT]
    targetPort: [PORT]
    protocol: TCP
  sessionAffinity: ClientIP
  sessionAffinityConfig:
    clientIP:
      timeoutSeconds: 10800