long-agent
54a73e66f4
Add 6 runbook documents: - 服务启动 (Service Startup) - 服务停止 (Service Shutdown) - 配置更新 (Configuration Update) - 日志分析 (Log Analysis) - 备份恢复 (Backup & Recovery) - 安全事件 (Security Incident) Add Kubernetes Helm Chart: - Chart.yaml, values.yaml - Deployment with health checks - Ingress with TLS support - PVC for data persistence - PDB for high availability - HPA for autoscaling - ServiceAccount configuration Add cron-backup.conf for automated backup scheduling.
113 lines
3.8 KiB
YAML
113 lines
3.8 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ include "user-management.fullname" . }}
|
|
labels:
|
|
{{- include "user-management.labels" . | nindent 4 }}
|
|
spec:
|
|
replicas: {{ .Values.replicaCount }}
|
|
selector:
|
|
matchLabels:
|
|
{{- include "user-management.selectorLabels" . | nindent 6 }}
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{- include "user-management.selectorLabels" . | nindent 8 }}
|
|
annotations:
|
|
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
|
spec:
|
|
{{- with .Values.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
serviceAccountName: {{ include "user-management.serviceAccountName" . }}
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
fsGroup: 1000
|
|
{{- if .Values.podAntiAffinity.enabled }}
|
|
affinity:
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchLabels:
|
|
{{- include "user-management.selectorLabels" . | nindent 12 }}
|
|
topologyKey: {{ .Values.podAntiAffinity.topologyKey }}
|
|
{{- end }}
|
|
containers:
|
|
- name: {{ .Chart.Name }}
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
ports:
|
|
- name: http
|
|
containerPort: 8080
|
|
protocol: TCP
|
|
envFrom:
|
|
- configMapRef:
|
|
name: {{ include "user-management.fullname" . }}-config
|
|
{{- if .Values.livenessProbe.enabled }}
|
|
livenessProbe:
|
|
httpGet:
|
|
path: {{ .Values.livenessProbe.path }}
|
|
port: http
|
|
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
|
|
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
|
|
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
|
|
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
|
|
{{- end }}
|
|
{{- if .Values.readinessProbe.enabled }}
|
|
readinessProbe:
|
|
httpGet:
|
|
path: {{ .Values.readinessProbe.path }}
|
|
port: http
|
|
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
|
|
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
|
|
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
|
|
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
|
|
{{- end }}
|
|
resources:
|
|
{{- toYaml .Values.resources | nindent 12 }}
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /app/data
|
|
- name: config
|
|
mountPath: /app/configs
|
|
readOnly: true
|
|
- name: tmp
|
|
mountPath: /tmp
|
|
volumes:
|
|
- name: data
|
|
{{- if .Values.persistence.enabled }}
|
|
persistentVolumeClaim:
|
|
claimName: {{ include "user-management.fullname" . }}-data
|
|
{{- else }}
|
|
emptyDir: {}
|
|
{{- end }}
|
|
- name: config
|
|
secret:
|
|
secretName: {{ include "user-management.fullname" . }}-config
|
|
- name: tmp
|
|
emptyDir: {}
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: {{ include "user-management.fullname" . }}
|
|
labels:
|
|
{{- include "user-management.labels" . | nindent 4 }}
|
|
spec:
|
|
type: {{ .Values.service.type }}
|
|
ports:
|
|
- port: {{ .Values.service.port }}
|
|
targetPort: http
|
|
protocol: TCP
|
|
name: http
|
|
selector:
|
|
{{- include "user-management.selectorLabels" . | nindent 4 }}
|