kubernetes/user-management/README.md

# User Management System - Helm Chart

Kubernetes Helm Chart for deploying the User Management System.

## Prerequisites

- Kubernetes 1.19+
- Helm 3.2.0+
- ingress-nginx controller (for Ingress)
- cert-manager (for TLS, optional)

## Installation

```bash
# Add the repository
helm repo add user-management https://charts.example.com
helm repo update

# Install the chart
helm install user-management user-management/user-management \
  --set config.jwtSecret="your-secret-key" \
  --set config.adminEmail="admin@example.com"
```

## Using with Custom Values

```bash
# Create a values file
cat > values.yaml << EOF
replicaCount: 2

config:
  jwtSecret: "your-production-secret-key"
  adminEmail: "admin@example.com"
  logLevel: "warn"

ingress:
  enabled: true
  hosts:
    - host: ums.example.com
      paths:
        - path: /
  tls:
    - secretName: ums-tls
      hosts:
        - ums.example.com

resources:
  limits:
    cpu: 1000m
    memory: 1Gi
EOF

# Install with custom values
helm install user-management user-management/user-management -f values.yaml
```

## Configuration

| Parameter | Description | Default |
|-----------|-------------|---------|
| `replicaCount` | Number of replicas | `1` |
| `image.repository` | Docker image repository | `user-management` |
| `image.tag` | Docker image tag | `latest` |
| `service.type` | Service type | `ClusterIP` |
| `service.port` | Service port | `8080` |
| `ingress.enabled` | Enable Ingress | `true` |
| `ingress.className` | Ingress class | `nginx` |
| `config.jwtSecret` | JWT signing secret (required) | `""` |
| `config.adminEmail` | Admin email | `admin@example.com` |
| `config.logLevel` | Log level | `info` |
| `resources.limits.cpu` | CPU limit | `500m` |
| `resources.limits.memory` | Memory limit | `512Mi` |
| `persistence.enabled` | Enable PVC | `true` |
| `persistence.size` | PVC size | `5Gi` |
| `autoscaling.enabled` | Enable HPA | `false` |
| `autoscaling.minReplicas` | Min replicas | `1` |
| `autoscaling.maxReplicas` | Max replicas | `3` |

## Production Best Practices

### 1. Use TLS

```bash
helm install user-management user-management/user-management \
  --set config.jwtSecret="$(openssl rand -base64 32)" \
  --set ingress.enabled=true \
  --set ingress.tls[0].secretName=ums-tls \
  --set ingress.tls[0].hosts[0]=ums.example.com
```

### 2. Set Resource Limits

```bash
helm install user-management user-management/user-management \
  --set resources.limits.cpu="1000m" \
  --set resources.limits.memory="1Gi" \
  --set resources.requests.cpu="250m" \
  --set resources.requests.memory="512Mi"
```

### 3. Enable Autoscaling

```bash
helm install user-management user-management/user-management \
  --set autoscaling.enabled=true \
  --set autoscaling.minReplicas=2 \
  --set autoscaling.maxReplicas=10 \
  --set autoscaling.targetCPUUtilizationPercentage=70
```

### 4. Use a Strong JWT Secret

```bash
# Generate a secure random secret
JWT_SECRET=$(openssl rand -base64 32 | tr -d '\n')

helm install user-management user-management/user-management \
  --set config.jwtSecret="$JWT_SECRET"
```

## Upgrading

```bash
# Upgrade to a new version
helm upgrade user-management user-management/user-management

# Upgrade with new values
helm upgrade user-management user-management/user-management \
  --set config.logLevel="debug"
```

## Uninstall

```bash
helm uninstall user-management

# Note: PVC data persists by default. To delete all data:
kubectl delete pvc -l app.kubernetes.io/name=user-management
```

## Troubleshooting

### Pod not starting

```bash
# Check pod status
kubectl get pods -l app.kubernetes.io/name=user-management

# View pod logs
kubectl logs -l app.kubernetes.io/name=user-management

# Describe pod for events
kubectl describe pod -l app.kubernetes.io/name=user-management
```

### Ingress not working

```bash
# Check ingress controller
kubectl get pods -n ingress-nginx

# Check ingress resource
kubectl get ingress -l app.kubernetes.io/name=user-management

# Check certificate
kubectl get certificate -l app.kubernetes.io/name=user-management
```

## License

Internal use only.
docs: add runbooks and Kubernetes Helm Chart Add 6 runbook documents: - 服务启动 (Service Startup) - 服务停止 (Service Shutdown) - 配置更新 (Configuration Update) - 日志分析 (Log Analysis) - 备份恢复 (Backup & Recovery) - 安全事件 (Security Incident) Add Kubernetes Helm Chart: - Chart.yaml, values.yaml - Deployment with health checks - Ingress with TLS support - PVC for data persistence - PDB for high availability - HPA for autoscaling - ServiceAccount configuration Add cron-backup.conf for automated backup scheduling. 2026-04-11 22:57:31 +08:00			`# User Management System - Helm Chart`

			`Kubernetes Helm Chart for deploying the User Management System.`

			`## Prerequisites`

			`- Kubernetes 1.19+`
			`- Helm 3.2.0+`
			`- ingress-nginx controller (for Ingress)`
			`- cert-manager (for TLS, optional)`

			`## Installation`

			```bash
			`# Add the repository`
			`helm repo add user-management https://charts.example.com`
			`helm repo update`

			`# Install the chart`
			`helm install user-management user-management/user-management \`
			`--set config.jwtSecret="your-secret-key" \`
			`--set config.adminEmail="admin@example.com"`
			```

			`## Using with Custom Values`

			```bash
			`# Create a values file`
			`cat > values.yaml << EOF`
			`replicaCount: 2`

			`config:`
			`jwtSecret: "your-production-secret-key"`
			`adminEmail: "admin@example.com"`
			`logLevel: "warn"`

			`ingress:`
			`enabled: true`
			`hosts:`
			`- host: ums.example.com`
			`paths:`
			`- path: /`
			`tls:`
			`- secretName: ums-tls`
			`hosts:`
			`- ums.example.com`

			`resources:`
			`limits:`
			`cpu: 1000m`
			`memory: 1Gi`
			`EOF`

			`# Install with custom values`
			`helm install user-management user-management/user-management -f values.yaml`
			```

			`## Configuration`

			`\| Parameter \| Description \| Default \|`
			`\|-----------\|-------------\|---------\|`
			\| `replicaCount` \| Number of replicas \| `1` \|
			\| `image.repository` \| Docker image repository \| `user-management` \|
			\| `image.tag` \| Docker image tag \| `latest` \|
			\| `service.type` \| Service type \| `ClusterIP` \|
			\| `service.port` \| Service port \| `8080` \|
			\| `ingress.enabled` \| Enable Ingress \| `true` \|
			\| `ingress.className` \| Ingress class \| `nginx` \|
			\| `config.jwtSecret` \| JWT signing secret (required) \| `""` \|
			\| `config.adminEmail` \| Admin email \| `admin@example.com` \|
			\| `config.logLevel` \| Log level \| `info` \|
			\| `resources.limits.cpu` \| CPU limit \| `500m` \|
			\| `resources.limits.memory` \| Memory limit \| `512Mi` \|
			\| `persistence.enabled` \| Enable PVC \| `true` \|
			\| `persistence.size` \| PVC size \| `5Gi` \|
			\| `autoscaling.enabled` \| Enable HPA \| `false` \|
			\| `autoscaling.minReplicas` \| Min replicas \| `1` \|
			\| `autoscaling.maxReplicas` \| Max replicas \| `3` \|

			`## Production Best Practices`

			`### 1. Use TLS`

			```bash
			`helm install user-management user-management/user-management \`
			`--set config.jwtSecret="$(openssl rand -base64 32)" \`
			`--set ingress.enabled=true \`
			`--set ingress.tls[0].secretName=ums-tls \`
			`--set ingress.tls[0].hosts[0]=ums.example.com`
			```

			`### 2. Set Resource Limits`

			```bash
			`helm install user-management user-management/user-management \`
			`--set resources.limits.cpu="1000m" \`
			`--set resources.limits.memory="1Gi" \`
			`--set resources.requests.cpu="250m" \`
			`--set resources.requests.memory="512Mi"`
			```

			`### 3. Enable Autoscaling`

			```bash
			`helm install user-management user-management/user-management \`
			`--set autoscaling.enabled=true \`
			`--set autoscaling.minReplicas=2 \`
			`--set autoscaling.maxReplicas=10 \`
			`--set autoscaling.targetCPUUtilizationPercentage=70`
			```

			`### 4. Use a Strong JWT Secret`

			```bash
			`# Generate a secure random secret`
			`JWT_SECRET=$(openssl rand -base64 32 \| tr -d '\n')`

			`helm install user-management user-management/user-management \`
			`--set config.jwtSecret="$JWT_SECRET"`
			```

			`## Upgrading`

			```bash
			`# Upgrade to a new version`
			`helm upgrade user-management user-management/user-management`

			`# Upgrade with new values`
			`helm upgrade user-management user-management/user-management \`
			`--set config.logLevel="debug"`
			```

			`## Uninstall`

			```bash
			`helm uninstall user-management`

			`# Note: PVC data persists by default. To delete all data:`
			`kubectl delete pvc -l app.kubernetes.io/name=user-management`
			```

			`## Troubleshooting`

			`### Pod not starting`

			```bash
			`# Check pod status`
			`kubectl get pods -l app.kubernetes.io/name=user-management`

			`# View pod logs`
			`kubectl logs -l app.kubernetes.io/name=user-management`

			`# Describe pod for events`
			`kubectl describe pod -l app.kubernetes.io/name=user-management`
			```

			`### Ingress not working`

			```bash
			`# Check ingress controller`
			`kubectl get pods -n ingress-nginx`

			`# Check ingress resource`
			`kubectl get ingress -l app.kubernetes.io/name=user-management`

			`# Check certificate`
			`kubectl get certificate -l app.kubernetes.io/name=user-management`
			```

			`## License`

			`Internal use only.`