# ConfigMap 用于存储非敏感配置 apiVersion: v1 kind: ConfigMap metadata: name: <%= APP_NAME %>-config data: GITEA_API_URL: "http://your-gitea-addr/api/v1" OPENAI_BASE_URL: "{{OPENAI_COMPATIBILITY_URL}}" OPENAI_MODEL: "gpt-4o-mini" PORT: "3000" FEISHU_WEBHOOK_URL: "{{FEISHU_WEBHOOK_URL}}" --- # Secret 用于存储敏感信息 apiVersion: v1 kind: Secret metadata: name: <%= APP_NAME %>-secrets type: Opaque data: # base64 编码的敏感数据 GITEA_ACCESS_TOKEN: "{{GITEA_ACCESS_TOKEN}}" OPENAI_API_KEY: "{{OPENAI_API_KEY}}" WEBHOOK_SECRET: "{{WEBHOOK_SECRET}}" FEISHU_WEBHOOK_SECRET: "{{FEISHU_WEBHOOK_SECRET}}" --- # Deployment 定义应用程序部署 apiVersion: apps/v1 kind: Deployment metadata: name: <%= APP_NAME %> labels: app: <%= APP_NAME %> spec: replicas: 1 selector: matchLabels: app: <%= APP_NAME %> template: metadata: labels: app: <%= APP_NAME %> spec: containers: - name: <%= APP_NAME %> image: <%= IMAGE_FROM %> imagePullPolicy: Always ports: - containerPort: 3000 name: http resources: limits: memory: "512Mi" cpu: "500m" requests: memory: "256Mi" cpu: "100m" livenessProbe: httpGet: path: / port: 3000 initialDelaySeconds: 5 periodSeconds: 30 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: httpGet: path: / port: 3000 initialDelaySeconds: 5 periodSeconds: 10 securityContext: runAsUser: 1001 runAsGroup: 1001 allowPrivilegeEscalation: false envFrom: - configMapRef: name: <%= APP_NAME %>-config - secretRef: name: <%= APP_NAME %>-secrets --- # Service 暴露应用程序 apiVersion: v1 kind: Service metadata: name: <%= APP_NAME %> labels: app: <%= APP_NAME %> spec: selector: app: <%= APP_NAME %> ports: - port: 3000 targetPort: 3000 nodePort: 30300 name: http type: NodePort