RuoYi前后端分离项目在K8s中的高可用部署实践（附避坑指南）

RuoYi前后端分离项目在Kubernetes中的高可用部署实战当企业级应用需要从单体架构向云原生转型时Kubernetes无疑是最佳选择之一。本文将深入探讨如何在生产环境中实现RuoYi这一流行开源框架的高可用部署涵盖从集群规划到故障恢复的全流程实战经验。1. 环境规划与集群搭建1.1 基础设施准备一个典型的Kubernetes生产环境需要至少三个节点组成控制平面两个工作节点作为计算资源池。以下是推荐的硬件配置节点类型CPU核心数内存容量存储空间网络要求控制平面节点4核8GB100GB1Gbps稳定内网工作节点8核16GB200GB1Gbps高速内网关键配置步骤# 所有节点执行内核参数调整 cat EOF | sudo tee /etc/modules-load.d/k8s.conf overlay br_netfilter EOF modprobe overlay modprobe br_netfilter # 网络参数优化 cat EOF | sudo tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-iptables 1 net.ipv4.ip_forward 1 net.bridge.bridge-nf-call-ip6tables 1 EOF sysctl --system提示生产环境务必关闭swap分区避免kubelet运行异常1.2 容器运行时配置Containerd作为推荐的容器运行时需要特别优化其配置[plugins.io.containerd.grpc.v1.cri.containerd] snapshotter overlayfs default_runtime_name runc [plugins.io.containerd.grpc.v1.cri.containerd.runtimes.runc] runtime_type io.containerd.runc.v2 [plugins.io.containerd.grpc.v1.cri.containerd.runtimes.runc.options] SystemdCgroup true2. 私有镜像仓库建设2.1 Harbor企业级部署相比简单的Docker RegistryHarbor提供了更完善的企业级功能# 下载Harbor离线安装包 wget https://github.com/goharbor/harbor/releases/download/v2.8.2/harbor-offline-installer-v2.8.2.tgz tar xvf harbor-offline-installer-v2.8.2.tgz cd harbor # 修改harbor.yml配置 hostname: registry.yourdomain.com https: port: 443 certificate: /etc/ssl/certs/yourdomain.crt private_key: /etc/ssl/private/yourdomain.key harbor_admin_password: YourStrongPassword # 执行安装 ./install.sh2.2 跨集群镜像同步在多集群环境下可以通过Harbor的复制功能实现镜像同步在Harbor管理界面创建复制规则选择源项目与目标项目配置触发模式手动/事件驱动设置过滤器按标签/名称3. RuoYi应用容器化改造3.1 后端服务优化Java应用的Dockerfile需要特别关注JVM参数优化FROM eclipse-temurin:17-jdk-jammy ENV JAVA_OPTS-XX:UseG1GC \ -XX:MaxRAMPercentage75.0 \ -XX:HeapDumpOnOutOfMemoryError \ -Dfile.encodingUTF-8 COPY target/ruoyi-admin.jar /app/ WORKDIR /app ENTRYPOINT [sh, -c, exec java ${JAVA_OPTS} -jar ruoyi-admin.jar]3.2 前端静态资源处理Nginx配置需要优化缓存策略server { listen 80; server_name ruoyi.example.com; location / { root /usr/share/nginx/html; try_files $uri $uri/ /index.html; # 静态资源缓存配置 location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { expires 365d; add_header Cache-Control public, no-transform; } } location /prod-api/ { proxy_pass http://ruoyi-backend-service:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 连接超时设置 proxy_connect_timeout 60s; proxy_read_timeout 600s; proxy_send_timeout 600s; } }4. Kubernetes资源编排策略4.1 有状态服务部署MySQL和Redis需要采用StatefulSet确保数据持久化apiVersion: apps/v1 kind: StatefulSet metadata: name: mysql spec: serviceName: mysql replicas: 1 selector: matchLabels: app: mysql template: metadata: labels: app: mysql spec: containers: - name: mysql image: mysql:8.0 env: - name: MYSQL_ROOT_PASSWORD value: yoursecurepassword ports: - containerPort: 3306 volumeMounts: - name: mysql-data mountPath: /var/lib/mysql volumeClaimTemplates: - metadata: name: mysql-data spec: accessModes: [ ReadWriteOnce ] storageClassName: ssd resources: requests: storage: 100Gi4.2 应用健康检查配置完善的探针配置是保障高可用的关键livenessProbe: httpGet: path: /actuator/health port: 8080 initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: httpGet: path: /actuator/health port: 8080 initialDelaySeconds: 30 periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 1 startupProbe: httpGet: path: /actuator/health port: 8080 failureThreshold: 30 periodSeconds: 105. 高可用与弹性扩展方案5.1 多副本与反亲和性确保服务实例分散在不同节点affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - ruoyi-backend topologyKey: kubernetes.io/hostname5.2 HPA自动扩缩容基于CPU和内存的自动扩展策略apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: ruoyi-backend-hpa spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: ruoyi-backend minReplicas: 2 maxReplicas: 10 metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 70 - type: Resource resource: name: memory target: type: Utilization averageUtilization: 806. 网络与安全加固6.1 Ingress流量管理使用Nginx Ingress实现高级路由apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ruoyi-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/ssl-redirect: true spec: ingressClassName: nginx tls: - hosts: - ruoyi.example.com secretName: ruoyi-tls rules: - host: ruoyi.example.com http: paths: - path: / pathType: Prefix backend: service: name: ruoyi-frontend port: number: 80 - path: /prod-api pathType: Prefix backend: service: name: ruoyi-backend port: number: 80806.2 网络策略隔离限制不必要的Pod间通信apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: ruoyi-backend-policy spec: podSelector: matchLabels: app: ruoyi-backend policyTypes: - Ingress ingress: - from: - podSelector: matchLabels: app: ruoyi-frontend ports: - protocol: TCP port: 80807. 监控与日志方案7.1 Prometheus监控配置关键指标监控示例apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: ruoyi-monitor spec: selector: matchLabels: app: ruoyi-backend endpoints: - port: http path: /actuator/prometheus interval: 15s scrapeTimeout: 10s7.2 集中式日志收集Fluent Bit配置示例[INPUT] Name tail Path /var/log/containers/*ruoyi*.log Parser docker Tag ruoyi.* Mem_Buf_Limit 5MB Skip_Long_Lines On [OUTPUT] Name es Match * Host elasticsearch Port 9200 Logstash_Format On Replace_Dots On Retry_Limit False8. 常见问题排查指南8.1 镜像拉取失败处理当遇到镜像拉取问题时可按以下步骤排查检查节点到镜像仓库的网络连通性验证Secret配置是否正确查看containerd日志获取详细错误journalctl -u containerd -n 100 -f尝试手动拉取镜像测试crictl pull your-registry/ruoyi-backend:latest8.2 数据库连接问题数据库连接异常的典型排查流程验证Service DNS解析kubectl run -it --rm --imagealpine dns-test -- nslookup ruoyi-mysql-service检查网络策略是否允许流量测试从应用Pod直接连接数据库kubectl exec -it ruoyi-backend-pod -- telnet ruoyi-mysql-service 3306查看数据库日志确认认证问题在真实生产环境中部署RuoYi时我们发现初始化SQL脚本的执行顺序对系统启动至关重要。通过引入Init Container确保依赖服务就绪系统稳定性得到了显著提升。对于前端静态资源采用CDN加速后页面加载时间减少了60%以上。