github.com/qsunny/k8s@v0.0.0-20220101153623-e6dca256d5bf/nacos/openshift/nacos-template.yaml (about) 1 apiVersion: v1 2 kind: Template 3 metadata: 4 name: nacos-template 5 annotations: 6 description: nacos-template 7 parameters: 8 - name: NAMESPACE 9 value: midware 10 - name: STORAGECLASS 11 value: nfs-storage 12 objects: 13 - apiVersion: v1 14 kind: ServiceAccount 15 metadata: 16 namespace: ${NAMESPACE} 17 name: nacos-ipaas 18 annotations: 19 serviceaccounts.openshift.io/oauth-redirectreference.primary: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"nacos-proxy"}}' 20 - apiVersion: v1 21 kind: Route 22 metadata: 23 annotations: 24 service.alpha.openshift.io/serving-cert-secret-name: secret-nacos-ipaas-tls 25 name: nacos-proxy 26 namespace: ${NAMESPACE} 27 spec: 28 to: 29 kind: Service 30 name: nacos-proxy 31 tls: 32 termination: Reencrypt 33 - apiVersion: v1 34 kind: Service 35 metadata: 36 name: nacos-proxy 37 namespace: ${NAMESPACE} 38 annotations: 39 service.alpha.openshift.io/serving-cert-secret-name: secret-nacos-ipaas-tls 40 spec: 41 ports: 42 - name: nacos 43 port: 8443 44 targetPort: 8443 45 selector: 46 app: nacos 47 - apiVersion: apps/v1 48 kind: StatefulSet 49 metadata: 50 name: nacos 51 namespace: ${NAMESPACE} 52 spec: 53 podManagementPolicy: OrderedReady 54 replicas: 3 55 revisionHistoryLimit: 3 56 selector: 57 matchLabels: 58 app: nacos 59 serviceName: nacos-headless 60 template: 61 metadata: 62 annotations: 63 pod.alpha.kubernetes.io/initialized: 'true' 64 creationTimestamp: null 65 labels: 66 app: nacos 67 spec: 68 serviceAccount: nacos-ipaas 69 serviceAccountName: nacos-ipaas 70 71 affinity: 72 podAntiAffinity: 73 requiredDuringSchedulingIgnoredDuringExecution: 74 - labelSelector: 75 matchExpressions: 76 - key: app 77 operator: In 78 values: 79 - nacos 80 topologyKey: kubernetes.io/hostname 81 volumes: 82 - name: secret-nacos-ipaas-tls 83 secret: 84 secretName: secret-nacos-ipaas-tls 85 containers: 86 - args: 87 - '-provider=openshift' 88 - '-https-address=:8443' 89 - '-http-address=' 90 - '-email-domain=*' 91 - '-upstream=http://localhost:8848' 92 - '-openshift-service-account=nacos-ipaas' 93 - '-openshift-sar={"resource": "namespaces", "verb": "get"}' 94 - >- 95 -openshift-delegate-urls={"/": {"resource": "namespaces", "verb": 96 "get"}} 97 - '-tls-cert=/etc/tls/private/tls.crt' 98 - '-tls-key=/etc/tls/private/tls.key' 99 - >- 100 -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token 101 - '-cookie-secret=SECRET' 102 - '-openshift-ca=/etc/pki/tls/cert.pem' 103 - '-openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt' 104 - '-skip-auth-regex=^/metrics' 105 image: 'openshift/origin-oauth-proxy:4.5.0' 106 imagePullPolicy: IfNotPresent 107 name: nacos-ipaas-proxy 108 ports: 109 - containerPort: 8443 110 name: https-8443 111 protocol: TCP 112 - containerPort: 8888 113 name: http-8888 114 protocol: TCP 115 resources: {} 116 terminationMessagePath: /dev/termination-log 117 terminationMessagePolicy: File 118 volumeMounts: 119 - mountPath: /etc/tls/private 120 name: secret-nacos-ipaas-tls 121 - env: 122 - name: NACOS_REPLICAS 123 value: '3' 124 - name: SERVICE_NAME 125 value: nacos-headless 126 - name: DOMAIN_NAME 127 value: cluster.local 128 - name: POD_NAMESPACE 129 valueFrom: 130 fieldRef: 131 apiVersion: v1 132 fieldPath: metadata.namespace 133 - name: MYSQL_SERVICE_DB_NAME 134 value: nacos_devtest 135 - name: MYSQL_SERVICE_PORT 136 value: '3306' 137 - name: MYSQL_SERVICE_USER 138 value: nacos 139 - name: MYSQL_SERVICE_PASSWORD 140 value: nacos 141 - name: NACOS_SERVER_PORT 142 value: '8848' 143 - name: PREFER_HOST_MODE 144 value: hostname 145 image: 'nacos/nacos-server:latest' 146 imagePullPolicy: Always 147 name: nacos 148 149 ports: 150 - containerPort: 8848 151 name: client-port 152 protocol: TCP 153 - containerPort: 9848 154 name: client-rpc 155 protocol: TCP 156 - containerPort: 9849 157 name: raft-rpc 158 protocol: TCP 159 - containerPort: 7848 160 name: old-raft-rpc 161 protocol: TCP 162 resources: 163 requests: 164 cpu: 500m 165 memory: 2Gi 166 limits: 167 cpu: 2 168 memory: 4Gi 169 terminationMessagePath: /dev/termination-log 170 terminationMessagePolicy: File 171 volumeMounts: 172 - mountPath: /home/nacos/plugins/peer-finder 173 name: plugindir 174 - mountPath: /home/nacos/data 175 name: datadir 176 - mountPath: /home/nacos/logs 177 name: logdir 178 dnsPolicy: ClusterFirst 179 180 initContainers: 181 - image: 'nacos/nacos-peer-finder-plugin:1.1' 182 imagePullPolicy: Always 183 name: peer-finder-plugin-install 184 resources: {} 185 terminationMessagePath: /dev/termination-log 186 terminationMessagePolicy: File 187 volumeMounts: 188 - mountPath: /home/nacos/plugins/peer-finder 189 name: plugindir 190 restartPolicy: Always 191 schedulerName: default-scheduler 192 securityContext: {} 193 terminationGracePeriodSeconds: 30 194 updateStrategy: 195 rollingUpdate: 196 partition: 0 197 type: RollingUpdate 198 volumeClaimTemplates: 199 - metadata: 200 annotations: 201 volume.beta.kubernetes.io/storage-class: ${STORAGECLASS} 202 creationTimestamp: null 203 name: plugindir 204 spec: 205 accessModes: 206 - ReadWriteMany 207 resources: 208 requests: 209 storage: 5Gi 210 status: 211 phase: Pending 212 - metadata: 213 annotations: 214 volume.beta.kubernetes.io/storage-class: ${STORAGECLASS} 215 creationTimestamp: null 216 name: datadir 217 spec: 218 accessModes: 219 - ReadWriteMany 220 resources: 221 requests: 222 storage: 5Gi 223 status: 224 phase: Pending 225 - metadata: 226 annotations: 227 volume.beta.kubernetes.io/storage-class: ${STORAGECLASS} 228 creationTimestamp: null 229 name: logdir 230 spec: 231 accessModes: 232 - ReadWriteMany 233 resources: 234 requests: 235 storage: 5Gi 236 status: 237 phase: Pending 238 - apiVersion: apps/v1 239 kind: Deployment 240 metadata: 241 namespace: ${NAMESPACE} 242 annotations: 243 deployment.kubernetes.io/revision: '2' 244 labels: 245 name: mysql 246 name: mysql 247 spec: 248 progressDeadlineSeconds: 600 249 replicas: 1 250 revisionHistoryLimit: 3 251 selector: 252 matchLabels: 253 name: mysql 254 strategy: 255 rollingUpdate: 256 maxSurge: 25% 257 maxUnavailable: 25% 258 type: RollingUpdate 259 template: 260 metadata: 261 creationTimestamp: null 262 labels: 263 name: mysql 264 spec: 265 containers: 266 - env: 267 - name: MYSQL_ROOT_PASSWORD 268 value: root 269 - name: MYSQL_DATABASE 270 value: nacos_devtest 271 - name: MYSQL_USER 272 value: nacos 273 - name: MYSQL_PASSWORD 274 value: nacos 275 image: 'nacos/nacos-mysql:5.7' 276 imagePullPolicy: IfNotPresent 277 name: mysql 278 ports: 279 - containerPort: 3306 280 protocol: TCP 281 resources: {} 282 terminationMessagePath: /dev/termination-log 283 terminationMessagePolicy: File 284 volumeMounts: 285 - mountPath: /var/lib/mysql 286 name: mysql-data 287 subPath: mount 288 dnsPolicy: ClusterFirst 289 restartPolicy: Always 290 schedulerName: default-scheduler 291 securityContext: {} 292 terminationGracePeriodSeconds: 30 293 volumes: 294 - name: mysql-data 295 persistentVolumeClaim: 296 claimName: mysql-data-pvc 297 298 - apiVersion: v1 299 kind: Service 300 metadata: 301 namespace: ${NAMESPACE} 302 303 annotations: 304 service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true' 305 labels: 306 app: nacos 307 name: nacos-headless 308 spec: 309 clusterIP: None 310 ports: 311 - name: server 312 port: 8848 313 protocol: TCP 314 targetPort: 8848 315 - port: 9848 316 name: client-rpc 317 targetPort: 9848 318 - port: 9849 319 name: raft-rpc 320 targetPort: 9849 321 ## 兼容1.4.x版本的选举端口 322 - port: 7848 323 name: old-raft-rpc 324 targetPort: 7848 325 selector: 326 app: nacos 327 sessionAffinity: None 328 type: ClusterIP 329 330 - apiVersion: rbac.authorization.k8s.io/v1 331 kind: ClusterRoleBinding 332 metadata: 333 labels: 334 app: nacos-ipaas 335 name: nacos-ipaas 336 namespace: ${NAMESPACE} 337 roleRef: 338 apiGroup: rbac.authorization.k8s.io 339 kind: ClusterRole 340 name: nacos-ipaas 341 subjects: 342 - kind: ServiceAccount 343 name: nacos-ipaas 344 namespace: ${NAMESPACE} 345 346 347 - apiVersion: rbac.authorization.k8s.io/v1beta1 348 kind: ClusterRole 349 metadata: 350 name: nacos-ipaas 351 rules: 352 - apiGroups: 353 - authorization.k8s.io 354 resources: 355 - subjectaccessreviews 356 verbs: 357 - create 358 - apiGroups: 359 - authentication.k8s.io 360 resources: 361 - tokenreviews 362 verbs: 363 - create 364 365 - apiVersion: v1 366 kind: Service 367 metadata: 368 namespace: ${NAMESPACE} 369 labels: 370 name: mysql 371 name: mysql 372 spec: 373 ports: 374 - port: 3306 375 protocol: TCP 376 targetPort: 3306 377 selector: 378 name: mysql 379 sessionAffinity: None 380 type: ClusterIP 381 status: 382 loadBalancer: {} 383 384 - apiVersion: v1 385 kind: PersistentVolumeClaim 386 metadata: 387 namespace: ${NAMESPACE} 388 name: mysql-data-pvc 389 spec: 390 accessModes: 391 - ReadWriteOnce 392 resources: 393 requests: 394 storage: 20Gi 395 storageClassName: ${STORAGECLASS} 396 397 - allowHostDirVolumePlugin: true 398 allowHostIPC: false 399 allowHostNetwork: false 400 allowHostPID: false 401 allowHostPorts: false 402 allowPrivilegeEscalation: true 403 allowPrivilegedContainer: true 404 allowedCapabilities: null 405 apiVersion: security.openshift.io/v1 406 defaultAddCapabilities: null 407 fsGroup: 408 type: RunAsAny 409 groups: [] 410 kind: SecurityContextConstraints 411 metadata: 412 name: nacos-ipaas 413 priority: null 414 readOnlyRootFilesystem: false 415 requiredDropCapabilities: null 416 runAsUser: 417 type: RunAsAny 418 seLinuxContext: 419 type: RunAsAny 420 supplementalGroups: 421 type: RunAsAny 422 users: 423 - system:serviceaccount:midware:nacos-ipaas 424 volumes: 425 - '*' 426