K8s高可用环境搭建和迁移

1
# 在 151 和 152 上都执行
2
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
3
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
4
sudo apt-get update
5
sudo apt-get -y install postgresql-15

1
# 切换到 postgres 用户
2
sudo su - postgres
3

4
# 登录数据库创建 Teable 用户和复制用户
5
psql -c "CREATE USER teable_user WITH PASSWORD 'P@ssw0rd';"
6
psql -c "CREATE DATABASE teable OWNER teable;"
7
psql -c "CREATE ROLE replicator WITH REPLICATION PASSWORD 'P@ssw0rd' LOGIN;"
8
exit
9

10
# 修改配置允许远程连接和复制
11
sudo sed -i "s/#listen_addresses = 'localhost'/listen_addresses = '*'/g" /etc/postgresql/15/main/postgresql.conf
12
sudo sed -i "s/#wal_level = replica/wal_level = replica/g" /etc/postgresql/15/main/postgresql.conf
13

14
# 修改 pg_hba.conf 允许密码登录和从库连接
15
echo "host    all             all             0.0.0.0/0               md5" | sudo tee -a /etc/postgresql/15/main/pg_hba.conf
16
echo "host    replication     replicator      10.135.40.152/32        md5" | sudo tee -a /etc/postgresql/15/main/pg_hba.conf
17

18
# 重启主库
19
sudo systemctl restart postgresql

1
# 停止当前运行的 PG 服务
2
sudo systemctl stop postgresql
3

4
# 清空默认的数据目录
5
sudo rm -rf /var/lib/postgresql/15/main/*
6

7
# 使用 pg_basebackup 从主库同步数据（执行时输入密码 Replicate@123）
8
sudo -u postgres pg_basebackup -h 10.135.40.151 -D /var/lib/postgresql/15/main -U replicator -P -v -R -X stream
9

10
# 启动从库
11
sudo systemctl start postgresql

1
sudo systemctl stop postgresql
2
sudo systemctl disable postgresql
3
# 清空数据目录，Patroni 会帮我们重新初始化并同步
4
sudo rm -rf /var/lib/postgresql/15/main/*

1
# Patroni 需要一个大脑来决定“谁是主库”，防止脑裂。etcd 需要奇数个节点，所以我们部署在 .151, .152, .153 三台机器上。
2
sudo apt-get update
3
sudo apt-get install -y etcd

1
# 在 Node 1 (.151) 修改配置：
2
cat <<EOF | sudo tee /etc/default/etcd
3
ETCD_NAME="node1"
4
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
5
ETCD_LISTEN_PEER_URLS="http://10.135.40.151:2380"
6
ETCD_LISTEN_CLIENT_URLS="http://10.135.40.151:2379,http://127.0.0.1:2379"
7
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.135.40.151:2380"
8
ETCD_INITIAL_CLUSTER="node1=http://10.135.40.151:2380,node2=http://10.135.40.152:2380,node3=http://10.135.40.153:2380"
9
ETCD_INITIAL_CLUSTER_STATE="new"
10
ETCD_INITIAL_CLUSTER_TOKEN="teable-etcd-cluster"
11
ETCD_ADVERTISE_CLIENT_URLS="http://10.135.40.151:2379"
12
EOF
13
sudo systemctl restart etcd
14

15
# 在 Node 2 (.152) 修改配置：
16
cat <<EOF | sudo tee /etc/default/etcd
17
ETCD_NAME="node2"
18
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
19
ETCD_LISTEN_PEER_URLS="http://10.135.40.152:2380"
20
ETCD_LISTEN_CLIENT_URLS="http://10.135.40.152:2379,http://127.0.0.1:2379"
21
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.135.40.152:2380"
22
ETCD_INITIAL_CLUSTER="node1=http://10.135.40.151:2380,node2=http://10.135.40.152:2380,node3=http://10.135.40.153:2380"
23
ETCD_INITIAL_CLUSTER_STATE="new"
24
ETCD_INITIAL_CLUSTER_TOKEN="teable-etcd-cluster"
25
ETCD_ADVERTISE_CLIENT_URLS="http://10.135.40.152:2379"
26
EOF
27
sudo systemctl restart etcd
28

29
# 在 Node 3 (.153) 修改配置：
30
cat <<EOF | sudo tee /etc/default/etcd
31
ETCD_NAME="node3"
32
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
33
ETCD_LISTEN_PEER_URLS="http://10.135.40.153:2380"
34
ETCD_LISTEN_CLIENT_URLS="http://10.135.40.153:2379,http://127.0.0.1:2379"
35
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.135.40.153:2380"
36
ETCD_INITIAL_CLUSTER="node1=http://10.135.40.151:2380,node2=http://10.135.40.152:2380,node3=http://10.135.40.153:2380"
37
ETCD_INITIAL_CLUSTER_STATE="new"
38
ETCD_INITIAL_CLUSTER_TOKEN="teable-etcd-cluster"
39
ETCD_ADVERTISE_CLIENT_URLS="http://10.135.40.153:2379"
40
EOF
41
sudo systemctl restart etcd

1
# 在 .151 和 .152 安装 Patroni：
2
sudo apt-get install -y patroni
3
# 在 Node 1 (.151) 写入配置：
4
cat <<EOF | sudo tee /etc/patroni/config.yml
5
scope: teable-pg-cluster
6
namespace: /db/
7
name: pg-node1
8

9
restapi:
10
  listen: 0.0.0.0:8008
11
  connect_address: 10.135.40.151:8008
12

13
etcd:
14
  hosts: 10.135.40.151:2379,10.135.40.152:2379,10.135.40.153:2379
15

16
bootstrap:
17
  dcs:
18
    ttl: 30
19
    loop_wait: 10
20
    retry_timeout: 10
21
    maximum_lag_on_failover: 1048576
22
    postgresql:
23
      use_pg_rewind: true
24
  initdb:
25
  - auth-host: md5
26
  - auth-local: trust
27
  - encoding: UTF8
28
  - data-checksums
29
  pg_hba:
30
  - host replication replicator 10.135.40.0/24 md5
31
  - host all all 0.0.0.0/0 md5
32
  users:
33
    teable:
34
      password: P@ssw0rd
35
      options:
36
        - createdb
37

38
postgresql:
39
  listen: 0.0.0.0:5432
40
  connect_address: 10.135.40.151:5432
41
  data_dir: /var/lib/postgresql/15/main
42
  bin_dir: /usr/lib/postgresql/15/bin
43
  pgpass: /tmp/pgpass
44
  authentication:
45
    replication:
46
      username: replicator
47
      password: P@ssw0rd
48
    superuser:
49
      username: postgres
50
      password: P@ssw0rd
51
EOF
52
sudo systemctl restart patroni
53

54
# 在 Node 2 (.152) 写入配置：
55
# 配置几乎一样，只需改 name 和 IP
56
cat <<EOF | sudo tee /etc/patroni/config.yml
57
scope: teable-pg-cluster
58
namespace: /db/
59
name: pg-node2
60

61
restapi:
62
  listen: 0.0.0.0:8008
63
  connect_address: 10.135.40.152:8008
64

65
etcd:
66
  hosts: 10.135.40.151:2379,10.135.40.152:2379,10.135.40.153:2379
67

68
bootstrap:
69
  dcs:
70
    ttl: 30
71
    loop_wait: 10
72
    retry_timeout: 10
73
    maximum_lag_on_failover: 1048576
74
    postgresql:
75
      use_pg_rewind: true
76
  initdb:
77
  - auth-host: md5
78
  - auth-local: trust
79
  - encoding: UTF8
80
  - data-checksums
81
  pg_hba:
82
  - host replication replicator 10.135.40.0/24 md5
83
  - host all all 0.0.0.0/0 md5
84
  users:
85
    teable:
86
      password: P@ssw0rd
87
      options:
88
        - createdb
89

90
postgresql:
91
  listen: 0.0.0.0:5432
92
  connect_address: 10.135.40.152:5432
93
  data_dir: /var/lib/postgresql/15/main
94
  bin_dir: /usr/lib/postgresql/15/bin
95
  pgpass: /tmp/pgpass
96
  authentication:
97
    replication:
98
      username: replicator
99
      password: P@ssw0rd
100
    superuser:
101
      username: postgres
102
      password: P@ssw0rd
103
EOF
104
sudo systemctl restart patroni

1
# 成功标志，像这样：
2
+----------+---------------+--------+---------+----+-----------+
3
| Member   | Host          | Role   | State   | TL | Lag in MB |
4
+----------+---------------+--------+---------+----+-----------+
5
| pg-node1 | 10.135.40.151 | Leader | running |  1 |           |
6
+----------+---------------+--------+---------+----+-----------+

1
# 初始化 Teable 数据库（仅在 Leader 节点 .151 执行一次）
2
sudo -u postgres psql -c "CREATE DATABASE teable OWNER teable;"

1
sudo apt-get install -y haproxy
2

3
cat <<EOF | sudo tee /etc/haproxy/haproxy.cfg
4
global
5
    maxconn 1000
6
    daemon
7

8
defaults
9
    log global
10
    mode tcp
11
    retries 2
12
    timeout client 30m
13
    timeout connect 4s
14
    timeout server 30m
15
    timeout check 5s
16

17
listen postgres
18
    bind *:5000
19
    option httpchk GET /master
20
    http-check expect status 200
21
    default-server inter 3s fall 3 rise 2 on-marked-down shutdown-sessions
22
    server pg1 10.135.40.151:5432 maxconn 500 check port 8008
23
    server pg2 10.135.40.152:5432 maxconn 500 check port 8008
24
EOF
25

26
sudo systemctl restart haproxy

1
# 在 **Node 1 (.151)** 和 **Node 2 (.152)** 上安装：
2
sudo apt-get install -y keepalived
3

4
# 在 Node 1 (.151) 配置为 MASTER：
5
cat <<EOF | sudo tee /etc/keepalived/keepalived.conf
6
vrrp_script chk_haproxy {
7
    script "killall -0 haproxy" # 检查 HAProxy 是否活着
8
    interval 2
9
    weight 2
10
}
11

12
vrrp_instance VI_1 {
13
    interface ens16 # 请用 'ip a' 命令确认你的网卡名，有可能是 ens33 或 eth16，必须填对！
14
    state MASTER
15
    virtual_router_id 51
16
    priority 101 # 优先级高
17
    virtual_ipaddress {
18
        10.135.40.160 # 你的虚拟 IP
19
    }
20
    track_script {
21
        chk_haproxy
22
    }
23
}
24
EOF
25
sudo systemctl restart keepalived
26

27
# 在 Node 2 (.152) 配置为 BACKUP：
28
cat <<EOF | sudo tee /etc/keepalived/keepalived.conf
29
vrrp_script chk_haproxy {
30
    script "killall -0 haproxy"
31
    interval 2
32
    weight 2
33
}
34

35
vrrp_instance VI_1 {
36
    interface eth16 # 同样，确保网卡名是对的
37
    state BACKUP
38
    virtual_router_id 51
39
    priority 100 # 优先级略低
40
    virtual_ipaddress {
41
        10.135.40.160 # 同一个虚拟 IP
42
    }
43
    track_script {
44
        chk_haproxy
45
    }
46
}
47
EOF
48
sudo systemctl restart keepalived

1
sudo apt-get update
2
sudo apt-get install -y redis-server
3
# 停止默认服务，我们自己配置
4
sudo systemctl stop redis-server
5
sudo systemctl disable redis-server

1
sudo mkdir -p /etc/redis /var/lib/redis/queue /var/lib/redis/perf
2
sudo chown -R redis:redis /var/lib/redis
3

4
# 创建队列缓存配置 (6379)
5
cat <<EOF | sudo tee /etc/redis/redis-queue.conf
6
port 6379
7
dir /var/lib/redis/queue
8
bind 0.0.0.0
9
protected-mode no
10
requirepass P@ssw0rd
11
masterauth P@ssw0rd
12
daemonize yes
13
pidfile /var/run/redis/redis-queue.pid
14
logfile /var/log/redis/redis-queue.log
15
EOF
16

17
# 创建性能缓存配置 (6380)
18
cat <<EOF | sudo tee /etc/redis/redis-perf.conf
19
port 6380
20
dir /var/lib/redis/perf
21
bind 0.0.0.0
22
protected-mode no
23
requirepass P@ssw0rd
24
masterauth P@ssw0rd
25
daemonize yes
26
pidfile /var/run/redis/redis-perf.pid
27
logfile /var/log/redis/redis-perf.log
28
EOF

1
echo "replicaof 10.135.40.151 6379" | sudo tee -a /etc/redis/redis-queue.conf

1
echo "replicaof 10.135.40.152 6380" | sudo tee -a /etc/redis/redis-perf.conf

1
sudo -u redis redis-server /etc/redis/redis-queue.conf
2
sudo -u redis redis-server /etc/redis/redis-perf.conf

1
# 在 Node 1 (.151) 上验证 6379 是主节点：
2
redis-cli -p 6379 -a P@ssw0rd INFO replication
3
# 在 Node 2 (.152) 上验证 6379 是从节点：
4
redis-cli -p 6379 -a P@ssw0rd INFO replication
5

6
# 在 Node 2 (.152) 上验证 6380 是主节点：
7
redis-cli -p 6380 -a P@ssw0rd INFO replication
8
# 在 Node 3 (.153) 上验证 6380 是从节点：
9
redis-cli -p 6380 -a P@ssw0rd INFO replication

1
测试队列缓存（6379）：
2
# 在 Node 1 (.151) 主节点写入
3
redis-cli -p 6379 -a P@ssw0rd SET test_queue "hello"
4
# 在 Node 2 (.152) 从节点读取
5
redis-cli -p 6379 -a P@ssw0rd GET test_queue
6
# 应该返回 "hello"
7

8
测试性能缓存（6380）
9
# 在 Node 2 (.152) 主节点写入
10
redis-cli -p 6380 -a P@ssw0rd SET test_perf "world"
11
# 在 Node 1 (.151) 从节点读取
12
redis-cli -p 6380 -a P@ssw0rd GET test_perf
13
# 应该返回 "world"

1
# 下载 MinIO 二进制文件
2
wget https://dl.min.io/server/minio/release/linux-amd64/minio
3
chmod +x minio
4
sudo mv minio /usr/local/bin/
5

6
# 创建两个数据目录以满足分布式盘数要求
7
sudo mkdir -p /data/minio/disk1 /data/minio/disk2
8
sudo chown -R $USER:$USER /data/minio

1
cat <<EOF | sudo tee /etc/systemd/system/minio.service
2
[Unit]
3
Description=MinIO
4
Wants=network-online.target
5
After=network-online.target
6

7
[Service]
8
User=root
9
Environment="MINIO_ROOT_USER=admin"
10
Environment="MINIO_ROOT_PASSWORD=P@ssw0rd"
11
Environment="MINIO_CI_CD=1" # 强制使用根分区目录（仅测试环境）
12
ExecStart=/usr/local/bin/minio server http://10.135.40.15{1...3}:9000/data/minio/disk{1...2} --console-address ":9001"
13
Restart=always
14
LimitNOFILE=65536
15

16
[Install]
17
WantedBy=multi-user.target
18
EOF

1
sudo systemctl daemon-reload
2
sudo systemctl enable minio
3
sudo systemctl start minio

1
wget https://dl.min.io/client/mc/release/linux-amd64/mc
2
chmod +x mc
3
sudo mv mc /usr/local/bin/

1
# 使用你的实际域名或 IP
2
mc alias set teable-minio http://10.135.40.151:9000 admin P@ssw0rd
3

4
# 测试连接
5
mc admin info teable-minio

1
# 创建公共桶
2
mc mb --ignore-existing teable-minio/teable-pub
3

4
# 设置公共读取权限
5
mc anonymous set download teable-minio/teable-pub
6

7
# 创建私有桶
8
mc mb --ignore-existing teable-minio/teable-pvt
9

10
# 验证
11
mc ls teable-minio
12

13
# 查看 teable-pub 的权限
14
mc anonymous get teable-minio/teable-pub
15

16
# 查看 teable-pvt 的权限（应该是 private）
17
mc anonymous get teable-minio/teable-pvt

1
# 使用以下命令查看 MinIO 客户端当前配置的所有别名：
2
mc alias list
3

4
teable-minio
5
  URL       : http://10.135.40.151:9000
6
  AccessKey : admin
7
  SecretKey : P@ssw0rd
8
  API       : s3v4
9
  Path      : auto
10
  Src       : /root/.mc/config.json
11

12
# 连接旧的 K8s MinIO
13
mc alias set teable-minio http://10.135.40.150:32000 root 'P@ssw0rd'
14
# 设置成功后，你就可以像之前一样查看文件了：
15
mc ls teable-minio
16

17
# 连接新的物理机 MinIO 集群
18
mc alias set teable-minio http://10.135.40.151:9000 admin 'P@ssw0rd'
19

20
# 详细查看存储桶使用量
21
mc du teable-minio/teable-pvt
22
1.3GiB  965 objects     teable-pvt
23

24
mc du teable-minio/teable-pub
25
87KiB   62 objects      teable-pub
26

27
# 执行复制（镜像）操作
28
mc mirror --preserve source-minio/teable-pub teable-minio/teable-pub
29
mc mirror --preserve source-minio/teable-pvt teable-minio/teable-pvt

1
kubectl exec -it postgres-0 -n teable -- pg_dump -U teable -d teable -O -x -f /tmp/teable_dump.sql

1
kubectl cp teable/postgres-0:/tmp/teable_dump.sql ./teable_dump.sql

1
psql -h 10.135.40.160 -p 5000 -U teable -d teable -f ./teable_dump.sql

1
**最后报错的仅仅是两个高级附加功能**
2

3
1. **`WARNING: wal_level is insufficient`**：Teable 的实时协作功能（多人在同一个表格打字实时同步）依赖 PostgreSQL 的**逻辑复制 (Logical Replication)** 功能，这要求数据库的 `wal_level` 必须设置为 `logical`，而你目前的 Patroni 默认是 `replica`。
4
2. **`ERROR: permission denied to create event trigger`**：Teable 需要在数据库里创建一个“事件触发器”来监听表结构的变化，这在 PostgreSQL 中强制要求执行者必须拥有 **超级用户 (SUPERUSER)** 权限，而你的 `teable` 只是普通用户。
5

6
这两个问题非常容易解决，我们需要在物理机上修改一下配置，然后把最后缺失的触发器补上即可。
7

8
# 提升 teable 为超级用户，在你的 物理机 Node 1 (.151) 上执行以下命令，给业务账号赋权：
9
sudo -u postgres psql -c "ALTER USER teable WITH SUPERUSER;"
10

11
# 修改 Patroni 配置开启逻辑复制
12
#在 物理机 Node 1 (.151) 上，我们需要修改 Patroni 的配置。输入以下命令进入配置编辑模式：
13
sudo patronictl -c /etc/patroni/config.yml edit-config
14
# 找到 postgresql -> parameters 这一层级，在下面添加一行 wal_level: logical。修改后看起来应该是这样的：
15
postgresql:
16
  parameters:
17
    wal_level: logical    # <--- 加上这一行
18
    max_connections: 500  # (原有的其他配置保持不变...)
19

20
# 重启数据库集群使配置生效
21
# 在 Node 2 (.152) 执行：
22
sudo systemctl restart patroni
23
# 等 10 秒后，在 Node 1 (.151) 执行：
24
sudo systemctl restart patroni
25

26
# 回到你的 K8s Master 节点，补齐最后缺失的触发器
27
psql -h 10.135.40.154 -p 5000 -U teable -d teable -f /opt/teable_dump.sql

1
# 报错新数据库里根本没有这个“角色 (Role)，base_schema_table_read_only_role
2

3
psql -h 10.135.40.154 -p 5000 -U teable -d teable -c "
4
DROP ROLE IF EXISTS base_schema_table_read_only_role;
5
CREATE ROLE base_schema_table_read_only_role WITH LOGIN PASSWORD 'P@ssw0rd';
6
GRANT pg_read_all_data TO base_schema_table_read_only_role;"
7
# (执行时输入密码 P@ssw0rd，看到输出 GRANT 即为成功)

1
---
2
# ==========================================
3
# 1. 基础配置层 (ConfigMap)
4
# ==========================================
5
apiVersion: v1
6
kind: ConfigMap
7
metadata:
8
  name: teable-config
9
  namespace: teable
10
data:
11
  # 应用对外访问入口
12
  PUBLIC_ORIGIN: "http://10.135.40.150:30000"
13

14
  PUBLIC_DATABASE_PROXY: "10.135.40.160:5000"
15

16
  # MinIO 存储配置 (全部指向物理机 10.135.40.151)
17
  BACKEND_STORAGE_PROVIDER: "minio"
18
  BACKEND_STORAGE_PUBLIC_BUCKET: "teable-pub"
19
  BACKEND_STORAGE_PRIVATE_BUCKET: "teable-pvt"
20

21
  # 外网端点 (由于是内网环境，内外网端点一致)
22
  BACKEND_STORAGE_MINIO_ENDPOINT: "10.135.40.151"
23
  BACKEND_STORAGE_MINIO_PORT: "9000"
24
  STORAGE_PREFIX: "http://10.135.40.151:9000"
25

26
  # 内网端点 (不再使用 svc.cluster.local，直接写物理机 IP)
27
  BACKEND_STORAGE_MINIO_INTERNAL_ENDPOINT: "10.135.40.151"
28
  BACKEND_STORAGE_MINIO_INTERNAL_PORT: "9000"
29
  BACKEND_STORAGE_MINIO_USE_SSL: "false"
30

31
  # 缓存配置
32
  BACKEND_CACHE_PROVIDER: "redis"
33

34
  # 系统常量
35
  NEXT_ENV_IMAGES_ALL_REMOTE: "true"
36
  PRISMA_ENGINES_CHECKSUM_IGNORE_MISSING: "1"
37
  NODE_TLS_REJECT_UNAUTHORIZED: "0"
38

39
---
40
# ==========================================
41
# 2. 机密信息层 (Secret)
42
# ==========================================
43
apiVersion: v1
44
kind: Secret
45
metadata:
46
  name: teable-secrets
47
  namespace: teable
48
type: Opaque
49
stringData:
50
  # 高可用 PostgreSQL (HAProxy VIP: 10.135.40.154:5000)
51
  # 注意：密码 P@ssw0rd 必须转码为 P%40ssw0rd
52
  PRISMA_DATABASE_URL: "postgresql://teable:P%40ssw0rd@10.135.40.154:5000/teable?schema=public"
53

54
  # 独立 Redis 集群
55
  # 密码 Redis@123 转码为 Redis%40123
56
  BACKEND_CACHE_REDIS_URI: "redis://:P%40ssw0rd@10.135.40.151:6379/0"
57
  BACKEND_PERFORMANCE_CACHE: "redis://:P%40ssw0rd@10.135.40.152:6380/1"
58

59
  # 系统密钥
60
  BACKEND_JWT_SECRET: "teable-prod-jwt-secret-secure-key"
61
  BACKEND_SESSION_SECRET: "teable-prod-session-secret-secure-key"
62

63
  # MinIO 凭证
64
  BACKEND_STORAGE_MINIO_ACCESS_KEY: "admin"
65
  BACKEND_STORAGE_MINIO_SECRET_KEY: "P@ssw0rd"
66

67
---
68
# ==========================================
69
# 3. 业务应用层 (Deployment)
70
# ==========================================
71
apiVersion: apps/v1
72
kind: Deployment
73
metadata:
74
  name: teable
75
  namespace: teable
76
spec:
77
  replicas: 3 # 生产环境推荐 3 副本抗并发
78
  selector:
79
    matchLabels:
80
      app: teable
81
  template:
82
    metadata:
83
      labels:
84
        app: teable
85
    spec:
86
      # 软反亲和性：尽量将 3 个 Pod 调度到不同的 K8s Node 上，防止单台宿主机宕机导致服务全挂
87
      affinity:
88
        podAntiAffinity:
89
          preferredDuringSchedulingIgnoredDuringExecution:
90
          - weight: 100
91
            podAffinityTerm:
92
              labelSelector:
93
                matchExpressions:
94
                - key: app
95
                  operator: In
96
                  values:
97
                  - teable
98
              topologyKey: "kubernetes.io/hostname"
99

100
      # 初始化容器：执行数据库表结构合并与升级
101
      initContainers:
102
        - name: db-migrate
103
          image: registry.cn-shenzhen.aliyuncs.com/teable/teable:latest
104
          args:
105
            - migrate-only
106
          envFrom:
107
            - configMapRef:
108
                name: teable-config
109
            - secretRef:
110
                name: teable-secrets
111
          resources:
112
            requests:
113
              cpu: 100m
114
              memory: 102Mi
115
            limits:
116
              cpu: 1000m
117
              memory: 1024Mi
118

119
      # 主业务容器
120
      containers:
121
        - name: teable
122
          image: registry.cn-shenzhen.aliyuncs.com/teable/teable:latest
123
          args:
124
            - skip-migrate
125
          ports:
126
            - containerPort: 3000
127
          envFrom:
128
            - configMapRef:
129
                name: teable-config
130
            - secretRef:
131
                name: teable-secrets
132
          # 资源配额：针对 50+ 用户的生产标准
133
          resources:
134
            requests:
135
              cpu: 500m
136
              memory: 1Gi
137
            limits:
138
              cpu: 2000m
139
              memory: 4096Mi
140

141
          # 官方推荐的健康检查探针组合
142
          startupProbe:
143
            httpGet:
144
              path: /health
145
              port: 3000
146
            initialDelaySeconds: 10
147
            periodSeconds: 10
148
            timeoutSeconds: 5
149
            failureThreshold: 30 # 给予最多 300 秒的启动时间
150
            successThreshold: 1
151
          livenessProbe:
152
            httpGet:
153
              path: /health
154
              port: 3000
155
            initialDelaySeconds: 30
156
            periodSeconds: 30
157
            timeoutSeconds: 5
158
            failureThreshold: 3
159
            successThreshold: 1
160
          readinessProbe:
161
            httpGet:
162
              path: /health
163
              port: 3000
164
            initialDelaySeconds: 15
165
            periodSeconds: 10
166
            timeoutSeconds: 5
167
            failureThreshold: 3
168
            successThreshold: 1
169

170
---
171
# ==========================================
172
# 4. 服务暴露层 (Service)
173
# ==========================================
174
apiVersion: v1
175
kind: Service
176
metadata:
177
  name: teable
178
  namespace: teable
179
spec:
180
  type: NodePort
181
  ports:
182
    - port: 3000
183
      targetPort: 3000
184
      nodePort: 30000 # 固定外网访问端口，对应 PUBLIC_ORIGIN
185
  selector:
186
    app: teable

1
apiVersion: autoscaling/v2
2
kind: HorizontalPodAutoscaler
3
metadata:
4
  name: teable-hpa
5
  namespace: teable
6
spec:
7
  scaleTargetRef:
8
    apiVersion: apps/v1
9
    kind: Deployment
10
    name: teable    # 关联你 YAML 里的 teable Deployment
11
  minReplicas: 1    # 闲时：最小保留 1 个 Pod（省资源）
12
  maxReplicas: 3   # 忙时：最多扩容到 3 个 Pod
13
  metrics:
14
  - type: Resource
15
    resource:
16
      name: cpu
17
      target:
18
        type: Utilization
19
        averageUtilization: 60  # 当 CPU 使用率达到 requests(200m) 的 60% 时，触发扩容

1
# 应用（创建或更新）配置文件
2
kubectl apply -f teable-config.yaml
3

4
# 实时监控 Pod 的运行状态
5
kubectl get pods -n teable -w
6

7
# 通过标签（Label）批量删除并强制重建 Pod
8
kubectl delete pods -l app=teable -n teable
9

10
# 查看特定 Pod 的详细信息和诊断日志（排错必备）
11
kubectl describe pod teable-<最新Pod> -n teable
12

13
# 平滑（滚动）重启 Deployment
14
kubectl rollout restart deployment teable -n teable