肇新合同

二、容器化部署

基于Kubernetes的合同服务编排方案：

2.1 容器化矩阵

2.2 Helm Chart设计

合同服务Chart结构：

contract-service/
├── Chart.yaml          # 元数据
├── values.yaml         # 默认配置
├── charts/             # 子Chart
├── templates/
│   ├── deployment.yaml # 部署模板
│   ├── service.yaml
│   ├── ingress.yaml
│   └── hpa.yaml        # 自动扩缩容
└── tests/              # 测试用例

# values.yaml关键配置
image:
  repository: registry.example.com/contract
  tag: {{ .Chart.AppVersion }}
  pullPolicy: IfNotPresent

resources:
  limits:
    cpu: 2
    memory: 4Gi
  requests:
    cpu: 1
    memory: 2Gi

autoscaling:
  enabled: true
  minReplicas: 2
  maxReplicas: 10
  targetCPUUtilizationPercentage: 70

config:
  springProfilesActive: "prod"
  redisUrl: "redis-master:6379"

Kustomize多环境覆盖：

# base/kustomization.yaml
resources:
- ../helm/contract-service/templates

# overlays/prod/patches.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: contract-service
spec:
  replicas: 4
  template:
    spec:
      containers:
      - name: app
        resources:
          limits:
            cpu: 4
            memory: 8Gi

# 部署命令
kubectl apply -k overlays/prod

三、灰度发布策略

基于Istio的全链路灰度发布方案：

3.1 发布策略对比

3.2 Istio灰度配置

VirtualService流量切分：

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: contract-vs
spec:
  hosts:
  - contract.example.com
  http:
  - route:
    - destination:
        host: contract-service
        subset: v1
      weight: 90
    - destination:
        host: contract-service
        subset: v2
      weight: 10
    headers:
      match:
        - cookie:
            regex: "^(.*?;)?(canary=true)(;.*)?$"
    rewrite:
      uri: "/v2/api"

---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: contract-dr
spec:
  host: contract-service
  subsets:
  - name: v1
    labels:
      version: v1.3.0
  - name: v2
    labels:
      version: v1.4.0-canary

渐进式发布流程：

1. 1. 初始阶段：5%流量导入金丝雀版本

2. 2. 监控阶段：观察错误率&响应时间（≥15分钟）

3. 3. 推进阶段：错误率<1%时逐步提升流量至50%

4. 4. 全量阶段：验证无误后100%流量切换

四、监控告警体系

基于Prometheus的全栈监控方案：

4.1 监控维度

4.2 告警配置

Prometheus告警规则：

groups:
- name: contract-service
  rules:
  - alert: HighSignErrorRate
    expr: |
      rate(contract_sign_errors_total{job="contract-service"}[1m]) / 
      rate(contract_sign_requests_total{job="contract-service"}[1m]) > 0.05
    for: 5m
    labels:
      severity: critical
    annotations:
      summary: "签署服务高错误率 ({{ $value }})"
      description: "服务{{ $labels.instance }}错误率超过5%"
  
  - alert: SlowDBQuery
    expr: |
      mysql_slow_queries{job="mysql"} > 0
    for: 2m
    labels:
      severity: warning
    annotations:
      summary: "MySQL慢查询 detected"
      description: "实例{{ $labels.instance }}存在慢查询"

# Alertmanager路由配置
route:
  receiver: 'contract-team'
  group_by: ['alertname', 'severity']
  routes:
  - match:
      severity: 'critical'
    receiver: 'oncall-sms'
  - match:
      namespace: 'contract-prod'
    receiver: 'prod-slack'

全链路日志追踪：

# OpenTelemetry配置
@Bean
public OpenTelemetry openTelemetry() {
    return OpenTelemetrySdk.builder()
        .setTracerProvider(
            SdkTracerProvider.builder()
                .addSpanProcessor(
                    BatchSpanProcessor.builder(
                        OtlpGrpcSpanExporter.builder()
                            .setEndpoint("http://jaeger:4317")
                            .build()).build())
                .build())
        .setPropagators(
            ContextPropagators.create(
                W3CTraceContextPropagator.getInstance()))
        .build();
}

# 日志关联TraceID
[%d{yyyy-MM-dd HH:mm:ss}] %-5level [%X{traceId}] %logger{36} - %msg%n

# ELK日志查询语句
{
  "query": {
    "bool": {
      "must": [
        { "match": { "traceId": "a1b2c3d4e5f6" }},
        { "range": { "@timestamp": { "gte": "now-1h" }}}
      ]
    }
  },
  "sort": [ { "@timestamp": "asc" } ]
}

五、DevOps工具包

开箱即用的DevOps资源集合：

5.1 推荐工具集

5.2 开发资源包

▶ 免费获取资源：

关注「DevOps实践指南」公众号领取：
               • 《Kubernetes部署模板》
               • 合同Helm Chart示例
               • 生产监控指标清单