From c20b36373a3b00adf1a35960cb322e07ce6edc7c Mon Sep 17 00:00:00 2001 From: douxu Date: Thu, 11 Jun 2026 16:20:39 +0800 Subject: [PATCH] feat: add MongoDB K8s deployment manifests and expand deploy guide - add mongodb StatefulSet, Service, PVC, and Secret manifests for Minikube - restructure deploy.md MongoDB section into Docker (1.1) and K8s (1.2) paths - add connection verification, cleanup, and teardown sections to deploy guide - document local go build/run workflow (section 5.2-5.4) - reference eventrt-certs-secret.sh helper and Pod readiness waits - fix MongoDB password env var name in docs (INITDB_ROOT_PASSWORD) - set imagePullPolicy IfNotPresent on rabbitmq deployment for local images --- deploy/deploy.md | 224 ++++++++++++++++++++++++++-- deploy/k8s/mongodb-pvc.yaml | 10 ++ deploy/k8s/mongodb-secret.yaml | 8 + deploy/k8s/mongodb-service.yaml | 15 ++ deploy/k8s/mongodb-statefulset.yaml | 61 ++++++++ deploy/mq/rabbitmq-deployment.yaml | 1 + 6 files changed, 310 insertions(+), 9 deletions(-) create mode 100644 deploy/k8s/mongodb-pvc.yaml create mode 100644 deploy/k8s/mongodb-secret.yaml create mode 100644 deploy/k8s/mongodb-service.yaml create mode 100644 deploy/k8s/mongodb-statefulset.yaml diff --git a/deploy/deploy.md b/deploy/deploy.md index ebe44ef..119116d 100644 --- a/deploy/deploy.md +++ b/deploy/deploy.md @@ -10,11 +10,15 @@ --- -### 1\. 部署 MongoDB 数据库(Docker) +### 1\. 部署 MongoDB 数据库 + +EventRT 支持两种 MongoDB 部署方式,根据场景二选一:**Docker**(本地开发 / Ubuntu 宿主机直跑)或 **K8s**(Minikube 环境)。 + +#### 1.1 Docker 部署(本地开发) 使用官方 `mongo:7.0` 镜像,在 Ubuntu 宿主机(`192.168.1.101`)上以 Docker 容器运行。 -#### 1.1 部署命令 +##### 1.1.1 部署命令 ```bash docker run --name mongodb \ @@ -24,7 +28,7 @@ docker run --name mongodb \ -d mongo:7.0 ``` -#### 1.2 连接信息 +##### 1.1.2 连接信息 | 参数 | 值 | 说明 | | :--- | :--- | :--- | @@ -32,11 +36,11 @@ docker run --name mongodb \ | **镜像版本** | `mongo:7.0` | MongoDB 7.0 | | **主机端口** | `27017` | 外部应用连接端口 | | **用户名** | `coslight` | Root 管理员 | -| **密码** | `coslight@tj` | 启动时通过 `MONGO_INITDB_ROOT_USERNAME` 设置 | +| **密码** | `coslight@tj` | 启动时通过 `MONGO_INITDB_ROOT_PASSWORD` 设置 | | **鉴权数据库** | `admin` | `auth_db` | | **业务数据库** | `eventdb` | EventRT 事件存储库 | -#### 1.3 状态检查 +##### 1.1.3 状态检查 ```bash # 检查容器启动状态 @@ -45,13 +49,29 @@ docker ps -a | grep mongodb docker logs mongodb ``` -#### 1.4 初始化 eventdb 数据库 +> **注意:** 密码当前以明文形式写在 `docker run` 命令中,生产环境应通过 Docker Secret 或环境变量文件(`--env-file`)传入,避免在 Shell 历史记录中留存明文密码。 + +##### 1.1.4 连接验证 + +```bash +# 快速检查 MongoDB 是否接受连接 +docker exec -it mongodb mongosh \ + -u coslight -p "coslight@tj" --authenticationDatabase admin \ + --eval "db.adminCommand({ ping: 1 })" + +# 列出所有数据库(确认服务正常) +docker exec -it mongodb mongosh \ + -u coslight -p "coslight@tj" --authenticationDatabase admin \ + --eval "show dbs" +``` + +##### 1.1.5 初始化 eventdb 数据库 MongoDB 启动后进入容器,为 `eventdb` 库授权: ```bash docker exec -it mongodb mongosh \ - -u coslight -p coslight@tj --authenticationDatabase admin + -u coslight -p "coslight@tj" --authenticationDatabase admin ``` 在 `mongosh` 中执行: @@ -68,6 +88,69 @@ db.createUser({ }) ``` +#### 1.2 K8s 部署(Minikube) + +YAML 文件位于 `deploy/k8s/`(从 modelrt 仓库迁移而来,需确认文件已拷贝至本项目)。 + +```bash +kubectl apply -f deploy/k8s/mongodb-secret.yaml +kubectl apply -f deploy/k8s/mongodb-pvc.yaml +kubectl apply -f deploy/k8s/mongodb-statefulset.yaml +kubectl apply -f deploy/k8s/mongodb-service.yaml +``` + +| 参数 | 值 | 说明 | +| :--- | :--- | :--- | +| **镜像** | `mongo:7.0` | MongoDB 7.0 | +| **NodePort** | `30017` | 集群外访问端口 | +| **用户名** | `admin` | Root 管理员(Secret `mongodb-secret`) | +| **密码** | `coslight` | Secret `mongodb-secret` 中配置,生产环境请替换强密码 | +| **存储** | `2Gi` | PVC `mongodb-data` | +| **CPU** | `100m` 请求 / `500m` 上限 | StatefulSet `resources` 字段 | +| **内存** | `256Mi` 请求 / `512Mi` 上限 | StatefulSet `resources` 字段 | + +> **注意:** 密码存储在 `mongodb-secret.yaml` 的 `stringData` 中,生产环境应替换为强密码,并避免将明文密码提交至版本库。 + +##### 1.2.1 等待 Pod 就绪 + +```bash +kubectl wait --for=condition=ready pod -l app=mongodb --timeout=120s +``` + +##### 1.2.2 连接验证 + +```bash +kubectl exec -it $(kubectl get pod -l app=mongodb -o jsonpath='{.items[0].metadata.name}') \ + -- mongosh -u admin -p coslight --authenticationDatabase admin \ + --eval "db.adminCommand({ ping: 1 })" +``` + +##### 1.2.3 初始化 eventdb 数据库 + +```bash +kubectl exec -it $(kubectl get pod -l app=mongodb -o jsonpath='{.items[0].metadata.name}') \ + -- mongosh -u admin -p coslight --authenticationDatabase admin +``` + +在 `mongosh` 中执行: + +```javascript +use eventdb + +db.createUser({ + user: "coslight", + pwd: "coslight@tj", + roles: [{ role: "readWrite", db: "eventdb" }] +}) +``` + +##### 1.2.4 状态检查 + +```bash +kubectl get pods -l app=mongodb +kubectl logs -l app=mongodb --tail=30 +``` + --- ### 2\. 部署 RabbitMQ(Kubernetes) @@ -282,6 +365,12 @@ docker run --rm \ 在 RabbitMQ TLS 证书生成完成后(见 2.1),进入证书文件所在目录执行: +```bash +sh deploy/k8s/eventrt-certs-secret.sh +``` + +该脚本等价于: + ```bash kubectl create secret generic eventrt-certs \ --from-file=ca_certificate.pem=./ca_certificate.pem \ @@ -298,6 +387,12 @@ kubectl apply -f deploy/k8s/eventrt-deployment.yaml kubectl apply -f deploy/k8s/eventrt-service.yaml ``` +等待 Pod 就绪: + +```bash +kubectl wait --for=condition=ready pod -l app=eventrt --timeout=120s +``` + #### 3.4 配置说明 | 配置项 | 方式 | 说明 | @@ -398,11 +493,13 @@ kill --- -### 5\. 本地开发配置(config.yaml) +### 5\. 本地运行(go run / 二进制) + +#### 5.1 配置服务配置文件 将 `configs/config.example.yaml` 复制为 `configs/config.yaml` 并按以下说明调整: -#### 5.1 配置参数说明 +##### 5.1.1 配置参数说明 | 类别 | 参数名 | 作用描述 | 示例值 | | :--- | :--- | :--- | :--- | @@ -434,6 +531,22 @@ kill | **OTel** | `endpoint` | OTLP HTTP 上报地址(不含协议前缀) | `"localhost:4318"` | | | `insecure` | 是否不启用 TLS | `true` | +#### 5.2 编译 EventRT 服务 + +```bash +go build -o eventrt main.go +``` + +#### 5.3 启动服务 + +```bash +./eventrt +``` + +#### 5.4 检测服务启动日志 + +控制台输出 `starting EventRT server` 后即代表服务启动成功。 + --- ### 6\. 排查手册 @@ -481,3 +594,96 @@ mongosh "mongodb://coslight:coslight@tj@localhost:27017/eventdb?authSource=admin ``` 预期进入 `mongosh` 提示符,执行 `show collections` 无报错。 + +--- + +### 7\. 后续操作(停止与清理) + +#### 7.1 本地 Docker 部署清理 + +适用于第 1 节使用 `docker run` 启动的 MongoDB 容器。 + +```bash +# 停止容器 +docker stop mongodb + +# 删除容器(容器内数据将同步丢失) +docker rm mongodb +``` + +#### 7.2 本地 go run 运行清理 + +适用于第 5 节以 `go run` 或编译后二进制方式在本地启动的 EventRT 服务。 + +前台运行时直接 `Ctrl+C` 终止;后台运行时查找并终止进程: + +```bash +# 终止 go run 启动的进程 +pkill -f "go run main.go" + +# 或终止编译后的二进制进程 +pkill eventrt +``` + +#### 7.3 K8s(Minikube) 部署清理 + +适用于第 1.2、2、3 节在 Minikube 中部署的所有资源。 + +##### 7.3.1 分服务清理 + +**仅停止(缩容至 0,PVC 数据与 Secret 保留)** + +将所有 Deployment 和 StatefulSet 缩容至 0 副本,Pod 停止运行但持久卷数据不删除,之后可直接缩容回 1 恢复服务。 + +```bash +# 停止所有 Deployment(EventRT / RabbitMQ) +kubectl scale deployment eventrt rabbitmq --replicas=0 + +# 停止 MongoDB StatefulSet(PVC 数据保留) +kubectl scale statefulset mongodb --replicas=0 +``` + +恢复时: + +```bash +kubectl scale deployment eventrt rabbitmq --replicas=1 +kubectl scale statefulset mongodb --replicas=1 +``` + +--- + +**永久清理(删除所有资源,数据不可恢复)** + +按部署顺序反向删除各服务资源: + +```bash +# EventRT 应用 +kubectl delete -f deploy/k8s/eventrt-service.yaml \ + -f deploy/k8s/eventrt-deployment.yaml \ + -f deploy/k8s/eventrt-configmap.yaml \ + -f deploy/k8s/eventrt-secret.yaml +kubectl delete secret eventrt-certs + +# MongoDB +kubectl delete -f deploy/k8s/mongodb-service.yaml \ + -f deploy/k8s/mongodb-statefulset.yaml \ + -f deploy/k8s/mongodb-pvc.yaml \ + -f deploy/k8s/mongodb-secret.yaml + +# RabbitMQ +kubectl delete -f deploy/mq/rabbitmq-service.yaml \ + -f deploy/mq/rabbitmq-deployment.yaml \ + -f deploy/mq/rabbitmq-users-config.yaml \ + -f deploy/mq/rabbitmq-config.yaml \ + -f deploy/mq/rabbitmq-secret.yaml +kubectl delete secret rabbitmq-certs +``` + +##### 7.3.2 一键清理 + +> **注意:** 此操作会删除 `deploy/k8s/` 和 `deploy/mq/` 下所有 YAML 对应的 K8s 资源,请确认后执行。 + +```bash +kubectl delete -f deploy/k8s/ -f deploy/mq/ +kubectl delete secret eventrt-certs rabbitmq-certs +``` diff --git a/deploy/k8s/mongodb-pvc.yaml b/deploy/k8s/mongodb-pvc.yaml new file mode 100644 index 0000000..d009b0a --- /dev/null +++ b/deploy/k8s/mongodb-pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mongodb-data +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi diff --git a/deploy/k8s/mongodb-secret.yaml b/deploy/k8s/mongodb-secret.yaml new file mode 100644 index 0000000..53363f2 --- /dev/null +++ b/deploy/k8s/mongodb-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mongodb-secret +type: Opaque +stringData: + MONGO_INITDB_ROOT_USERNAME: admin + MONGO_INITDB_ROOT_PASSWORD: coslight diff --git a/deploy/k8s/mongodb-service.yaml b/deploy/k8s/mongodb-service.yaml new file mode 100644 index 0000000..8345287 --- /dev/null +++ b/deploy/k8s/mongodb-service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: mongodb-service + labels: + app: mongodb +spec: + type: NodePort + selector: + app: mongodb + ports: + - name: mongodb + port: 27017 + targetPort: 27017 + nodePort: 30017 diff --git a/deploy/k8s/mongodb-statefulset.yaml b/deploy/k8s/mongodb-statefulset.yaml new file mode 100644 index 0000000..708caa6 --- /dev/null +++ b/deploy/k8s/mongodb-statefulset.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mongodb + labels: + app: mongodb +spec: + serviceName: mongodb + replicas: 1 + selector: + matchLabels: + app: mongodb + template: + metadata: + labels: + app: mongodb + spec: + containers: + - name: mongodb + image: mongo:7.0 + imagePullPolicy: IfNotPresent + ports: + - name: mongodb + containerPort: 27017 + envFrom: + - secretRef: + name: mongodb-secret + volumeMounts: + - name: mongodb-data + mountPath: /data/db + readinessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 10 + failureThreshold: 12 + livenessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 30 + failureThreshold: 5 + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + volumes: + - name: mongodb-data + persistentVolumeClaim: + claimName: mongodb-data diff --git a/deploy/mq/rabbitmq-deployment.yaml b/deploy/mq/rabbitmq-deployment.yaml index 4e2708f..2b741bd 100644 --- a/deploy/mq/rabbitmq-deployment.yaml +++ b/deploy/mq/rabbitmq-deployment.yaml @@ -15,6 +15,7 @@ spec: containers: - name: rabbitmq image: rabbitmq:4.1.1-management-alpine + imagePullPolicy: IfNotPresent ports: - containerPort: 4369 - containerPort: 5671