long-agent
54a73e66f4
Add 6 runbook documents: - 服务启动 (Service Startup) - 服务停止 (Service Shutdown) - 配置更新 (Configuration Update) - 日志分析 (Log Analysis) - 备份恢复 (Backup & Recovery) - 安全事件 (Security Incident) Add Kubernetes Helm Chart: - Chart.yaml, values.yaml - Deployment with health checks - Ingress with TLS support - PVC for data persistence - PDB for high availability - HPA for autoscaling - ServiceAccount configuration Add cron-backup.conf for automated backup scheduling.
User Management System - Helm Chart
Kubernetes Helm Chart for deploying the User Management System.
Prerequisites
- Kubernetes 1.19+
- Helm 3.2.0+
- ingress-nginx controller (for Ingress)
- cert-manager (for TLS, optional)
Installation
# Add the repository
helm repo add user-management https://charts.example.com
helm repo update
# Install the chart
helm install user-management user-management/user-management \
--set config.jwtSecret="your-secret-key" \
--set config.adminEmail="admin@example.com"
Using with Custom Values
# Create a values file
cat > values.yaml << EOF
replicaCount: 2
config:
jwtSecret: "your-production-secret-key"
adminEmail: "admin@example.com"
logLevel: "warn"
ingress:
enabled: true
hosts:
- host: ums.example.com
paths:
- path: /
tls:
- secretName: ums-tls
hosts:
- ums.example.com
resources:
limits:
cpu: 1000m
memory: 1Gi
EOF
# Install with custom values
helm install user-management user-management/user-management -f values.yaml
Configuration
| Parameter | Description | Default |
|---|---|---|
replicaCount |
Number of replicas | 1 |
image.repository |
Docker image repository | user-management |
image.tag |
Docker image tag | latest |
service.type |
Service type | ClusterIP |
service.port |
Service port | 8080 |
ingress.enabled |
Enable Ingress | true |
ingress.className |
Ingress class | nginx |
config.jwtSecret |
JWT signing secret (required) | "" |
config.adminEmail |
Admin email | admin@example.com |
config.logLevel |
Log level | info |
resources.limits.cpu |
CPU limit | 500m |
resources.limits.memory |
Memory limit | 512Mi |
persistence.enabled |
Enable PVC | true |
persistence.size |
PVC size | 5Gi |
autoscaling.enabled |
Enable HPA | false |
autoscaling.minReplicas |
Min replicas | 1 |
autoscaling.maxReplicas |
Max replicas | 3 |
Production Best Practices
1. Use TLS
helm install user-management user-management/user-management \
--set config.jwtSecret="$(openssl rand -base64 32)" \
--set ingress.enabled=true \
--set ingress.tls[0].secretName=ums-tls \
--set ingress.tls[0].hosts[0]=ums.example.com
2. Set Resource Limits
helm install user-management user-management/user-management \
--set resources.limits.cpu="1000m" \
--set resources.limits.memory="1Gi" \
--set resources.requests.cpu="250m" \
--set resources.requests.memory="512Mi"
3. Enable Autoscaling
helm install user-management user-management/user-management \
--set autoscaling.enabled=true \
--set autoscaling.minReplicas=2 \
--set autoscaling.maxReplicas=10 \
--set autoscaling.targetCPUUtilizationPercentage=70
4. Use a Strong JWT Secret
# Generate a secure random secret
JWT_SECRET=$(openssl rand -base64 32 | tr -d '\n')
helm install user-management user-management/user-management \
--set config.jwtSecret="$JWT_SECRET"
Upgrading
# Upgrade to a new version
helm upgrade user-management user-management/user-management
# Upgrade with new values
helm upgrade user-management user-management/user-management \
--set config.logLevel="debug"
Uninstall
helm uninstall user-management
# Note: PVC data persists by default. To delete all data:
kubectl delete pvc -l app.kubernetes.io/name=user-management
Troubleshooting
Pod not starting
# Check pod status
kubectl get pods -l app.kubernetes.io/name=user-management
# View pod logs
kubectl logs -l app.kubernetes.io/name=user-management
# Describe pod for events
kubectl describe pod -l app.kubernetes.io/name=user-management
Ingress not working
# Check ingress controller
kubectl get pods -n ingress-nginx
# Check ingress resource
kubectl get ingress -l app.kubernetes.io/name=user-management
# Check certificate
kubectl get certificate -l app.kubernetes.io/name=user-management
License
Internal use only.