yujun/goalfylearning-admin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat():learning后台管理项目初始化

Browse Source
This commit is contained in:
yuj
2025-12-04 16:23:46 +08:00
parent 39886d50d2
commit 88e048f4d1
154 changed files with 28966 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

146
k8s/README.md Normal file
View File

@@ -0,0 +1,146 @@
# Goalfymax Admin K8s 部署文档
本目录包含将 Goalfymax Admin 服务部署到 Kubernetes 集群的所有必要文件。
## 文件说明
- `Dockerfile` - Docker 镜像构建文件(位于项目根目录)
- `configmap.yaml` - 应用配置文件 ConfigMap
- `deployment.yaml` - Kubernetes Deployment 部署清单
- `service.yaml` - Kubernetes Service 服务清单ClusterIP供集群内部访问
## 部署步骤
### 1. 构建 Docker 镜像
```bash
# 在项目根目录执行
docker build -t your-registry/goalfymax-admin:latest .
# 推送到镜像仓库
docker push your-registry/goalfymax-admin:latest
```
### 2. 修改配置
在部署前,请根据实际环境修改以下配置:
#### configmap.yaml
- 数据库连接信息 (database.dsn)
- Redis 地址 (redis.addr)
- Gateway URL
- SSO 配置
- OSS 配置
- 其他敏感信息建议使用 Secret 管理
#### deployment.yaml
- 镜像地址 (image)
- 资源限制 (resources)
- 副本数量 (replicas)
- 如使用私有镜像仓库,取消注释 imagePullSecrets
### 3. 部署到 K8s
```bash
# 确保命名空间存在
kubectl create namespace goalfyagent --dry-run=client -o yaml | kubectl apply -f -
# 应用 ConfigMap
kubectl apply -f k8s/configmap.yaml
# 部署应用
kubectl apply -f k8s/deployment.yaml
# 创建 Service
kubectl apply -f k8s/service.yaml
```
### 4. 验证部署
```bash
# 查看 Pod 状态
kubectl get pods -n goalfyagent -l app=goalfymax-admin
# 查看日志
kubectl logs -n goalfyagent -l app=goalfymax-admin -f
# 查看 Service
kubectl get svc -n goalfyagent goalfymax-admin
# 查看详细信息
kubectl describe deployment -n goalfyagent goalfymax-admin
```
## 服务访问
本服务为后端服务,使用 ClusterIP 类型,仅供集群内部访问:
**同命名空间访问:**
```
http://goalfymax-admin:8087
```
**跨命名空间访问:**
```
http://goalfymax-admin.goalfyagent.svc.cluster.local:8087
```
**测试连接:**
```bash
kubectl run -it --rm debug --image=alpine --restart=Never -n goalfyagent -- \
wget -qO- http://goalfymax-admin:8087/health
```
## 健康检查
应用提供 `/health` 端点用于健康检查Deployment 中已配置 liveness 和 readiness 探针会自动使用此端点。
## 安全建议
1. **敏感信息管理**将数据库密码、API 密钥等敏感信息存储在 Kubernetes Secret 中
```bash
kubectl create secret generic goalfymax-admin-secret \
--from-literal=db-password='your-password' \
--from-literal=redis-password='your-redis-password'
```
2. **RBAC 配置**:为应用创建专用的 ServiceAccount 并配置最小权限
3. **网络策略**:使用 NetworkPolicy 限制 Pod 的网络访问
4. **镜像安全**:定期扫描镜像漏洞,使用可信镜像源
## 监控和日志
- 应用日志输出到 stdout可通过 `kubectl logs` 查看
- 建议集成 Prometheus 进行监控
- 建议使用 EFK/ELK 栈收集和分析日志
## 故障排查
```bash
# 查看 Pod 事件
kubectl describe pod <pod-name>
# 查看配置是否正确挂载
kubectl exec <pod-name> -- cat /app/etc/config-prod.yaml
# 查看环境变量
kubectl exec <pod-name> -- env
# 进入容器调试
kubectl exec -it <pod-name> -- sh
```
## 扩缩容
```bash
# 手动扩容
kubectl scale deployment goalfymax-admin --replicas=5
# 配置 HPA需要 metrics-server
kubectl autoscale deployment goalfymax-admin \
--cpu-percent=80 \
--min=2 \
--max=10
```

67
k8s/configmap.yaml Normal file
View File

@@ -0,0 +1,67 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: goalfymax-admin-config
namespace: goalfyagent
data:
config-prod.yaml: |
server:
addr: "0.0.0.0"
port: 8087
database:
# 请根据实际环境配置数据库连接信息
dsn: "goalfymax:m^ZLrwJ9sgWk@tcp(goalfyagent-aurora-mysql-staging.cb2sq6y2mg93.us-west-2.rds.amazonaws.com:3306)/goalfymax?charset=utf8mb4&parseTime=True&loc=Local"
maxIdleConns: 10
maxOpenConns: 100
logLevel: "info"
gateway:
base_url: "http://ai-gateway.goalfymax.svc"
timeout: 30
auth:
login_url: "http://ai-gateway.goalfymax.svc/aigateway-admin/api/login"
key: "Jiahe.123"
sso:
sso_server_url: "https://passport.goalfyai.com"
client_id: "3aU5j4Js89qmWDQjmplSJA"
redirect_uri: "https://goalfymax-admin.goalfyai.com"
scope: "openid profile email"
resource_aud: "api://admin"
timeout: 30s
admin_token: "goalfy_admin_token_1028_v1"
# OSS 对象存储配置
oss:
endpoint: "https://goalfyagent-data-prod.s3.us-west-2.amazonaws.com/"
region: "us-west-2"
access_key_id: "AKIASSWQCE5VWZDYDLMO"
access_key_secret: "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"
bucket: "goalfyagent-data-prod"
assume_role_arn: "arn:aws:iam::177603749739:role/s3-test"
presign_url_expire: 30m
log:
level: "info"
format: "json"
output: "stdout"
message_push:
goalfymax_base_url: "https://goalfymax.goalfyai.com"
timeout: 30
retry_count: 3
retry_interval: 1000
redis:
addr: "redis.middleware.svc.cluster.local:26379" # K8s 集群内 Redis 服务地址
password: "goalfyai_ops"
db: 0
email:
sender: "goalfymax@goalfyai.com"
host: "smtp.mxhichina.com"
port: 465
username: "goalfymax@goalfyai.com"
password: "efRuPRpGKS6gZpuw"
invite_url_prefix: "https://passport.goalfyai.com/invite/"

62
k8s/deployment.yaml Normal file
View File

@@ -0,0 +1,62 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: goalfymax-admin
namespace: goalfyagent
labels:
app: goalfymax-admin
spec:
replicas: 2
selector:
matchLabels:
app: goalfymax-admin
template:
metadata:
labels:
app: goalfymax-admin
spec:
containers:
- name: goalfymax-admin
image: 177603749739.dkr.ecr.us-west-2.amazonaws.com/goalfy/goalfymax-admin:latest
imagePullPolicy: Always
ports:
- containerPort: 8087
name: http
protocol: TCP
args:
- "--config"
- "/app/etc/config-prod.yaml"
- "--env"
- "prod"
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "512Mi"
livenessProbe:
httpGet:
path: /health
port: 8087
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: 8087
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
volumeMounts:
- name: config
mountPath: /app/etc
readOnly: true
volumes:
- name: config
configMap:
name: goalfymax-admin-config
restartPolicy: Always

17
k8s/service.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
name: goalfymax-admin
namespace: goalfyagent
labels:
app: goalfymax-admin
spec:
type: ClusterIP
ports:
- port: 8087
targetPort: 8087
protocol: TCP
name: http
selector:
app: goalfymax-admin