添加服务配置

添加服务配置

AuctionApp/DEV/AUC/Jenkinsfile

@@ -0,0 +1,29 @@
+node {
+    // Git checkout before load source the file
+    checkout scm
+    // sh '''
+    //     ls -lhrt
+    // '''
+    def base_branch = ref.tokenize('/')[2]
+    def rootDir = pwd()
+    def yaml2Map = load "./sharedLibs/yaml2Map.groovy"
+    def stages = load "./sharedLibs/stages.k8s.groovy"
+    def GLOBAL_CONFIG = yaml2Map.read('global.yaml').project
+    dir("AuctionApp/DEV/AUC") {
+        def PROJECT_CONFIG = yaml2Map.read('cfg.yaml').project
+        def CONFIG = yaml2Map.merge(PROJECT_CONFIG, GLOBAL_CONFIG)
+        CONFIG.docker.image = String.format(CONFIG.docker.image, CONFIG.service.name)
+        println 'configs: ' + CONFIG
+        
+        String[] JAVA_ARGS = ["-Djava.security.egd=file:/dev/./urandom",
+            "-DBuild.number=${BUILD_NUMBER}",
+            "-Xmx1024m",
+            "-Dspring.profiles.active=dev",
+            "-Dserver.port=80",
+            "-jar","/app/target/${CONFIG.service.jar}"]
+
+        stages.execute(CONFIG, base_branch, [
+            'K3SDEPLOY' : {stages.deployWithConfigmapEnvOnly(CONFIG.service, CONFIG.k3s, base_branch, JAVA_ARGS, './configmap-env.ini')}
+        ])
+    }
+}

AuctionApp/DEV/AUC/cfg.yaml

@@ -0,0 +1,12 @@
+project:
+  git:
+    address: http://git.hobbystocks.cn/AHX-Bid/auction.git
+    credentialId: gogs.hobbystocks.cn
+  service:
+    name: auction-auc
+    version: ''
+    jar: auc.jar
+    module: auc
+    health: /actuator/health/readiness
+  k3s:
+    kubeconfig: k3s/k3s-dev6.yaml

AuctionApp/DEV/AUC/configmap-env.ini

@@ -0,0 +1,33 @@
+# SQL
+DB_URL=jdbc:postgresql://192.168.50.8:5432/hobby_auction
+DB_USERNAME=poyee_auction
+DB_PASSWORD=Pass2025
+
+# REDIS
+#spring.redis.database=2
+#spring.redis.password=Pass2010
+#spring.redis.sentinel.master=poyee-master
+#spring.redis.sentinel.nodes=192.168.56.105:26379
+
+# External dependency
+#auc.bidsaveUrl=http://auction-bid/internal/lot/save
+#auc.bidremoveUrl=http://auction-bid/internal/lot/remove
+#auc.crtorderUrl=http://auction-order/order/internal/add
+#auc.rlsdpstUrl=http://auction-deposit/internal/release
+
+# LOGGING
+#logging.fluentd.enabled=true
+#logging.fluentd.host=192.168.56.105
+#logging.fluentd.port=24224
+#logging.console.enabled=true
+
+CONSOLE_ENABLED=false
+# FLUENTD
+FLUENTD_ENABLED=true
+FLUENTD_HOST=fluentd-aggr
+FLUENTD_PORT=24224
+
+# Redis Sentinel
+REDIS_PASSWORD=Pass2010
+SENTINEL_MASTER=poyee-master
+SENTINEL_NODES=192.168.50.8:26379

AuctionApp/DEV/AUC/deployment.yaml

@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: <service_name><service_version>
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: <service_name><service_version>
+  template:
+    metadata:
+      labels:
+        app: <service_name><service_version>
+      annotations:
+        commit-sha: "<COMMIT_SHA>"
+    spec:
+      imagePullSecrets:
+      - name: <imagePullSecret>
+      containers:
+      - name: <service_name>
+        image: <docker_image>
+        command: ["java"]
+        args: <java_args>
+        # readinessProbe:
+        #   httpGet:
+        #     path: <service_health>
+        #     port: 80
+        #   initialDelaySeconds: 15
+        #   periodSeconds: 30
+        #   failureThreshold: 3
+        ports:
+        - name: http
+          containerPort: 80
+        envFrom:
+        - configMapRef:
+            name: <configmap_env_name>

AuctionApp/DEV/AUC/service.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: <service_name><service_version>
+spec:
+  selector:
+    app: <service_name><service_version>
+  ports:
+  - port: 80
+    targetPort: 80

AuctionApp/DEV/BID/Jenkinsfile

@@ -0,0 +1,29 @@
+node {
+    // Git checkout before load source the file
+    checkout scm
+    // sh '''
+    //     ls -lhrt
+    // '''
+    def base_branch = ref.tokenize('/')[2]
+    def rootDir = pwd()
+    def yaml2Map = load "./sharedLibs/yaml2Map.groovy"
+    def stages = load "./sharedLibs/stages.k8s.groovy"
+    def GLOBAL_CONFIG = yaml2Map.read('global.yaml').project
+    dir("AuctionApp/DEV/BID") {
+        def PROJECT_CONFIG = yaml2Map.read('cfg.yaml').project
+        def CONFIG = yaml2Map.merge(PROJECT_CONFIG, GLOBAL_CONFIG)
+        CONFIG.docker.image = String.format(CONFIG.docker.image, CONFIG.service.name)
+        println 'configs: ' + CONFIG
+        
+        String[] JAVA_ARGS = ["-Djava.security.egd=file:/dev/./urandom",
+            "-DBuild.number=${BUILD_NUMBER}",
+            "-Xmx1024m",
+            "-Dspring.profiles.active=dev",
+            "-Dserver.port=80",
+            "-jar","/app/target/${CONFIG.service.jar}"]
+        
+        stages.execute(CONFIG, base_branch, [
+            'K3SDEPLOY' : {stages.deployWithConfigmapEnvOnly(CONFIG.service, CONFIG.k3s, base_branch, JAVA_ARGS, './configmap-env.ini')}
+        ])
+    }
+}

AuctionApp/DEV/BID/cfg.yaml

@@ -0,0 +1,12 @@
+project:
+  git:
+    address: http://git.hobbystocks.cn/AHX-Bid/auction.git
+    credentialId: gogs.hobbystocks.cn
+  service:
+    name: auction-bid
+    version: ''
+    jar: bid.jar
+    module: bid
+    health: /actuator/health/readiness
+  k3s:
+    kubeconfig: k3s/k3s-dev6.yaml

AuctionApp/DEV/BID/configmap-env.ini

@@ -0,0 +1,25 @@
+# SQL
+DB_URL=jdbc:postgresql://192.168.50.8:5432/hobby_auction
+DB_USERNAME=poyee_auction
+DB_PASSWORD=Pass2025
+
+# REDIS
+#spring.redis.database=2
+#spring.redis.password=Pass2010
+#spring.redis.sentinel.master=poyee-master
+#spring.redis.sentinel.nodes=192.168.56.105:26379
+
+# External dependency
+#bid.lotresultUrl=http://auction-auc/internal/lot/updateStatus
+#bid.checkrightUrl=http://auction-deposit/internal/check
+
+CONSOLE_ENABLED=true
+# FLUENTD
+FLUENTD_ENABLED=true
+FLUENTD_HOST=fluentd-aggr
+FLUENTD_PORT=24224
+
+# Redis Sentinel
+REDIS_PASSWORD=Pass2010
+SENTINEL_MASTER=poyee-master
+SENTINEL_NODES=192.168.50.8:26379

AuctionApp/DEV/BID/deployment.yaml

@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: <service_name><service_version>
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: <service_name><service_version>
+  template:
+    metadata:
+      labels:
+        app: <service_name><service_version>
+      annotations:
+        commit-sha: "<COMMIT_SHA>"
+    spec:
+      imagePullSecrets:
+      - name: <imagePullSecret>
+      containers:
+      - name: <service_name>
+        image: <docker_image>
+        command: ["java"]
+        args: <java_args>
+        # readinessProbe:
+        #   httpGet:
+        #     path: <service_health>
+        #     port: 80
+        #   initialDelaySeconds: 15
+        #   periodSeconds: 30
+        #   failureThreshold: 3
+        ports:
+        - name: http
+          containerPort: 80
+        envFrom:
+        - configMapRef:
+            name: <configmap_env_name>
+      

AuctionApp/DEV/BID/service.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: <service_name><service_version>
+spec:
+  selector:
+    app: <service_name><service_version>
+  ports:
+  - port: 80
+    targetPort: 80

AuctionApp/DEV/Deposit/Jenkinsfile

@@ -0,0 +1,30 @@
+node {
+    // Git checkout before load source the file
+    checkout scm
+    // sh '''
+    //     ls -lhrt
+    // '''
+    def base_branch = ref.tokenize('/')[2]
+    def rootDir = pwd()
+    def yaml2Map = load "./sharedLibs/yaml2Map.groovy"
+    def stages = load "./sharedLibs/stages.groovy"
+    def GLOBAL_CONFIG = yaml2Map.read('global.yaml').project
+    dir("AuctionApp/DEV/Deposit") {
+        def PROJECT_CONFIG = yaml2Map.read('cfg.yaml').project
+        def CONFIG = yaml2Map.merge(PROJECT_CONFIG, GLOBAL_CONFIG)
+        CONFIG.docker.image = String.format(CONFIG.docker.image, CONFIG.service.name)
+        println 'configs: ' + CONFIG
+        
+        String[] JAVA_ARGS = ["-Djava.security.egd=file:/dev/./urandom",
+            "-Xmx1024m",
+            "-Dspring.profiles.active=dev",
+            "-Dserver.port=80",
+            "-jar","/app/target/${CONFIG.service.jar}"]
+        stages.execute(CONFIG, base_branch, [
+            'K3SDEPLOY' : {
+                stages.deployWithConfigmapEnvOnly(CONFIG.service, CONFIG.k3s, base_branch, JAVA_ARGS, './configmap-env.ini')
+                stages.applyService(CONFIG.service, CONFIG.k3s, base_branch)
+            }
+        ])
+    }
+}

AuctionApp/DEV/Deposit/cfg.yaml

@@ -0,0 +1,12 @@
+project:
+  git:
+    address: http://git.hobbystocks.cn/auction/auction.git
+    credentialId: gogs.hobbystocks.cn
+  service:
+    name: auction-deposit
+    version: ''
+    jar: txmall-dpst.jar
+    module: txmall-dpst
+    health: /actuator/health/readiness
+  k3s:
+    kubeconfig: k3s/k3s-dev3.yaml

AuctionApp/DEV/Deposit/configmap-env.ini

@@ -0,0 +1,20 @@
+spring.datasource.url=jdbc:mysql://192.168.56.105/auction-dpst?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=false&serverTimezone=GMT%2B8
+spring.datasource.username=auction
+spring.datasource.password=Pass2022
+
+spring.redis.database=2
+spring.redis.password=Pass2010
+spring.redis.sentinel.master=poyee-master
+spring.redis.sentinel.nodes=192.168.56.105:26379
+
+dpst.getlotUrl=http://auction-auc/internal/lot/getDeposit
+dpst.notifyUrl=http://auction-deposit/internal/notify
+dpst.payUrl=http://auction-pay/internal/makeOrder
+dpst.chkPayUrl=http://auction-pay/internal/chkPay
+dpst.refundUrl=http://auction-pay/internal/makeRefund
+dpst.getUserUrl=https://sso.txmall.zcunsoft.com/api/backend/getInfo
+
+logging.fluentd.enabled=true
+logging.fluentd.host=192.168.56.105
+logging.fluentd.port=24224
+logging.console.enabled=true

AuctionApp/DEV/Deposit/deployment.yaml

@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: <service_name><service_version>
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: <service_name><service_version>
+      release: <release>
+  template:
+    metadata:
+      labels:
+        app: <service_name><service_version>
+        release: <release>
+      annotations:
+        commit-sha: "<COMMIT_SHA>"
+    spec:
+      imagePullSecrets:
+      - name: <imagePullSecret>
+      containers:
+      - name: <service_name>
+        image: <docker_image>
+        command: ["java"]
+        args: <java_args>
+        readinessProbe:
+          httpGet:
+            path: <service_health>
+            port: 80
+          initialDelaySeconds: 15
+          periodSeconds: 30
+          failureThreshold: 3
+        ports:
+        - name: http
+          containerPort: 80
+        envFrom:
+        - configMapRef:
+            name: <configmap_env_name>

AuctionApp/DEV/Deposit/service.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: <service_name><service_version>
+spec:
+  selector:
+    app: <service_name><service_version>
+    release: <release>
+  ports:
+  - port: 80
+    targetPort: 80

AuctionApp/DEV/H5-App/Jenkinsfile

@@ -0,0 +1,48 @@
+node {
+    // Git checkout before load source the file
+    checkout scm
+    // sh '''
+    //     ls -lhrt
+    // '''
+    def base_branch = ref.tokenize('/')[2]
+    def rootDir  = pwd()
+    def yaml2Map = load "./sharedLibs/yaml2Map.groovy"
+    def stages   = load "./sharedLibs/stages.nodejs.groovy"
+    def GLOBAL_CONFIG = yaml2Map.read('global.yaml').project
+
+    dir("AuctionApp/DEV/H5-App") {
+        def PROJECT_CONFIG = yaml2Map.read('cfg.yaml').project
+        def CONFIG = yaml2Map.merge(PROJECT_CONFIG, GLOBAL_CONFIG)
+        CONFIG.docker.image = String.format(CONFIG.docker.image, CONFIG.service.name)
+        println 'configs: ' + CONFIG
+        
+        //生成Dockerfile
+        def generateDockerfile = {->
+
+            pathOfDockerfile = 'projdir'
+            def module = CONFIG.service.module == null ? '' : (CONFIG.service.module[-1] == '/' ? CONFIG.service.module : CONFIG.service.module + '/')
+            echo "-----> Generating Dockerfile: ${pathOfDockerfile}/Dockerfile ..."
+            sh """cat > ${pathOfDockerfile}/Dockerfile<<EOF
+FROM node:14-slim as BUILD
+LABEL stage=STATICRES-BUILD
+
+COPY ./ /proj
+WORKDIR /proj
+RUN npm config set registry https://registry.npm.taobao.org && npm install && npm run build
+
+FROM nginx:1.23-alpine as FINAL
+
+# configs for auction-dev.hobbystocks.cn
+COPY ./dockerfiles/auction-h5.conf /etc/nginx/conf.d/default.conf
+COPY ./other /usr/share/nginx
+COPY --from=BUILD /proj/dist /usr/share/nginx/auction
+EOF
+"""
+            return pathOfDockerfile
+        }
+
+        stages.execute(CONFIG, base_branch, [
+            'GENERATEDOCKERFILE': generateDockerfile
+        ])
+    }
+}

AuctionApp/DEV/H5-App/cfg.yaml

@@ -0,0 +1,10 @@
+project:
+  git:
+    #address: http://git.hobbystocks.cn/auction/h5.git
+    address: http://git.hobbystocks.cn/auction/HS-APP-H5.git
+    credentialId: gogs.hobbystocks.cn
+  service:
+    name: auction-h5
+    version: ''
+  k3s:
+    kubeconfig: k3s/k3s-dev2.yaml

AuctionApp/DEV/H5-App/deployment.yaml

@@ -0,0 +1,26 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: <service_name><service_version>
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: <service_name><service_version>
+      release: <release>
+  template:
+    metadata:
+      labels:
+        app: <service_name><service_version>
+        release: <release>
+      annotations:
+        commit-sha: "<COMMIT_SHA>"
+    spec:
+      imagePullSecrets:
+      - name: <imagePullSecret>
+      containers:
+      - name: <service_name>
+        image: <docker_image>
+        ports:
+        - name: http
+          containerPort: 80

AuctionApp/DEV/H5-App/service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: auction-h5
+  namespace: default
+spec:
+  ports:
+  - port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: auction-h5
+  sessionAffinity: None
+  type: ClusterIP

AuctionApp/DEV/H5-Partner/Jenkinsfile

@@ -0,0 +1,47 @@
+node {
+    // Git checkout before load source the file
+    checkout scm
+    // sh '''
+    //     ls -lhrt
+    // '''
+    def base_branch = ref.tokenize('/')[2]
+    def rootDir  = pwd()
+    def yaml2Map = load "./sharedLibs/yaml2Map.groovy"
+    def stages   = load "./sharedLibs/stages.nodejs.groovy"
+    def GLOBAL_CONFIG = yaml2Map.read('global.yaml').project
+
+    dir("AuctionApp/DEV/H5-Partner") {
+        def PROJECT_CONFIG = yaml2Map.read('cfg.yaml').project
+        def CONFIG = yaml2Map.merge(PROJECT_CONFIG, GLOBAL_CONFIG)
+        CONFIG.docker.image = String.format(CONFIG.docker.image, CONFIG.service.name)
+        println 'configs: ' + CONFIG
+        
+        //生成Dockerfile
+        def generateDockerfile = {->
+
+            pathOfDockerfile = 'projdir'
+            def module = CONFIG.service.module == null ? '' : (CONFIG.service.module[-1] == '/' ? CONFIG.service.module : CONFIG.service.module + '/')
+            echo "-----> Generating Dockerfile: ${pathOfDockerfile}/Dockerfile ..."
+            sh """cat > ${pathOfDockerfile}/Dockerfile<<EOF
+FROM node:16-slim as BUILD
+LABEL stage=STATICRES-BUILD
+
+COPY ./ /proj
+WORKDIR /proj
+RUN npm config set registry https://registry.npm.taobao.org && npm install && npm run build:prod
+
+FROM nginx:1.23-alpine as FINAL
+
+# configs for auction-dev.hobbystocks.cn
+COPY ./dockerfiles/auction-h5.conf /etc/nginx/conf.d
+COPY --from=BUILD /proj/dist /usr/share/nginx/auction
+EOF
+"""
+            return pathOfDockerfile
+        }
+
+        stages.execute(CONFIG, base_branch, [
+            'GENERATEDOCKERFILE': generateDockerfile
+        ])
+    }
+}

AuctionApp/DEV/H5-Partner/cfg.yaml

@@ -0,0 +1,9 @@
+project:
+  git:
+    address: http://git.hobbystocks.cn/auction/HS-PARTNER-H5.git
+    credentialId: gogs.hobbystocks.cn
+  service:
+    name: auction-partner-h5
+    version: ''
+  k3s:
+    kubeconfig: k3s/k3s-dev2.yaml

AuctionApp/DEV/H5-Partner/deployment.yaml

@@ -0,0 +1,26 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: <service_name><service_version>
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: <service_name><service_version>
+      release: <release>
+  template:
+    metadata:
+      labels:
+        app: <service_name><service_version>
+        release: <release>
+      annotations:
+        commit-sha: "<COMMIT_SHA>"
+    spec:
+      imagePullSecrets:
+      - name: <imagePullSecret>
+      containers:
+      - name: <service_name>
+        image: <docker_image>
+        ports:
+        - name: http
+          containerPort: 80

AuctionApp/DEV/H5-Partner/service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: auction-partner-h5
+  namespace: default
+spec:
+  ports:
+  - port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: auction-partner-h5
+  sessionAffinity: None
+  type: ClusterIP

AuctionApp/DEV/Order/Jenkinsfile

@@ -0,0 +1,30 @@
+node {
+    // Git checkout before load source the file
+    checkout scm
+    // sh '''
+    //     ls -lhrt
+    // '''
+    def base_branch = ref.tokenize('/')[2]
+    def rootDir = pwd()
+    def yaml2Map = load "./sharedLibs/yaml2Map.groovy"
+    def stages = load "./sharedLibs/stages.groovy"
+    def GLOBAL_CONFIG = yaml2Map.read('global.yaml').project
+    dir("AuctionApp/DEV/Order") {
+        def PROJECT_CONFIG = yaml2Map.read('cfg.yaml').project
+        def CONFIG = yaml2Map.merge(PROJECT_CONFIG, GLOBAL_CONFIG)
+        CONFIG.docker.image = String.format(CONFIG.docker.image, CONFIG.service.name)
+        println 'configs: ' + CONFIG
+        
+        String[] JAVA_ARGS = ["-Djava.security.egd=file:/dev/./urandom",
+            "-Xmx1024m",
+            "-Dspring.profiles.active=dev",
+            "-Dserver.port=80",
+            "-jar","/app/target/${CONFIG.service.jar}"]
+        stages.execute(CONFIG, base_branch, [
+            'K3SDEPLOY' : {
+                stages.deployWithConfigmapEnvOnly(CONFIG.service, CONFIG.k3s, base_branch, JAVA_ARGS, './configmap-env.ini')
+                stages.applyService(CONFIG.service, CONFIG.k3s, base_branch)
+            }
+        ])
+    }
+}

AuctionApp/DEV/Order/cfg.yaml

@@ -0,0 +1,12 @@
+project:
+  git:
+    address: http://git.hobbystocks.cn/auction/auction.git
+    credentialId: gogs.hobbystocks.cn
+  service:
+    name: auction-order
+    version: ''
+    jar: txmall-order.jar
+    module: txmall-order
+    health: /actuator/health/readiness
+  k3s:
+    kubeconfig: k3s/k3s-dev3.yaml

AuctionApp/DEV/Order/configmap-env.ini

@@ -0,0 +1,22 @@
+spring.datasource.url=jdbc:mysql://192.168.56.105:3306/auction-order?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8
+spring.datasource.username=auction
+spring.datasource.password=Pass2022
+
+spring.redis.database=2
+spring.redis.password=Pass2010
+spring.redis.sentinel.master=poyee-master
+spring.redis.sentinel.nodes=192.168.56.105:26379
+
+order.payNotifyUrl=http://auction-order/internal/notify
+order.payUrl=http://auction-pay/internal/makeOrder
+order.chkPayUrl=http://auction-pay/internal/chkPay
+order.aucPaidUrl=http://auction-auc/internal/lot/paid
+order.getLotDepositUrl=http://auction-auc/internal/lot/getDepositForOrder
+order.deductDepositAmountUrl=http://auction-deposit/internal/lot/deduct
+order.getDepositAmountUrl=http://auction-deposit/internal/lot/getAmount
+order.getUserUrl=https://sso.txmall.zcunsoft.com/api/backend/getInfo
+
+logging.fluentd.enabled=true
+logging.fluentd.host=192.168.56.105
+logging.fluentd.port=24224
+logging.console.enabled=true

AuctionApp/DEV/Order/deployment.yaml

@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: <service_name><service_version>
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: <service_name><service_version>
+      release: <release>
+  template:
+    metadata:
+      labels:
+        app: <service_name><service_version>
+        release: <release>
+      annotations:
+        commit-sha: "<COMMIT_SHA>"
+    spec:
+      imagePullSecrets:
+      - name: <imagePullSecret>
+      containers:
+      - name: <service_name>
+        image: <docker_image>
+        command: ["java"]
+        args: <java_args>
+        readinessProbe:
+          httpGet:
+            path: <service_health>
+            port: 80
+          initialDelaySeconds: 15
+          periodSeconds: 30
+          failureThreshold: 3
+        ports:
+        - name: http
+          containerPort: 80
+        envFrom:
+        - configMapRef:
+            name: <configmap_env_name>

AuctionApp/DEV/Order/service.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: <service_name><service_version>
+spec:
+  selector:
+    app: <service_name><service_version>
+    release: <release>
+  ports:
+  - port: 80
+    targetPort: 80

AuctionApp/DEV/PUB/Jenkinsfile

@@ -0,0 +1,30 @@
+node {
+    // Git checkout before load source the file
+    checkout scm
+    // sh '''
+    //     ls -lhrt
+    // '''
+    def base_branch = ref.tokenize('/')[2]
+    def rootDir = pwd()
+    def yaml2Map = load "./sharedLibs/yaml2Map.groovy"
+    def stages = load "./sharedLibs/stages.groovy"
+    def GLOBAL_CONFIG = yaml2Map.read('global.yaml').project
+    dir("AuctionApp/DEV/PUB") {
+        def PROJECT_CONFIG = yaml2Map.read('cfg.yaml').project
+        def CONFIG = yaml2Map.merge(PROJECT_CONFIG, GLOBAL_CONFIG)
+        CONFIG.docker.image = String.format(CONFIG.docker.image, CONFIG.service.name)
+        println 'configs: ' + CONFIG
+        
+        String[] JAVA_ARGS = ["-Djava.security.egd=file:/dev/./urandom",
+            "-Xmx1024m",
+            "-Dspring.profiles.active=dev",
+            "-Dserver.port=80",
+            "-jar","/app/target/${CONFIG.service.jar}"]
+        stages.execute(CONFIG, base_branch, [
+            'K3SDEPLOY' : {
+                stages.deployWithConfigmapEnvOnly(CONFIG.service, CONFIG.k3s, base_branch, JAVA_ARGS, './configmap-env.ini')
+                stages.applyService(CONFIG.service, CONFIG.k3s, base_branch)
+            }
+        ])
+    }
+}

AuctionApp/DEV/PUB/cfg.yaml

@@ -0,0 +1,12 @@
+project:
+  git:
+    address: http://git.hobbystocks.cn/auction/auction.git
+    credentialId: gogs.hobbystocks.cn
+  service:
+    name: auction-pub
+    version: ''
+    jar: txmall-pub.jar
+    module: txmall-pub
+    health: /actuator/health/readiness
+  k3s:
+    kubeconfig: k3s/k3s-dev3.yaml

AuctionApp/DEV/PUB/configmap-env.ini

@@ -0,0 +1,8 @@
+spring.datasource.url=jdbc:mysql://192.168.56.105/auction-auc?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=false&serverTimezone=GMT%2B8
+spring.datasource.username=auction
+spring.datasource.password=Pass2022
+
+logging.fluentd.enabled=true
+logging.fluentd.host=192.168.56.105
+logging.fluentd.port=24224
+logging.console.enabled=true

AuctionApp/DEV/PUB/deployment.yaml

@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: <service_name><service_version>
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: <service_name><service_version>
+      release: <release>
+  template:
+    metadata:
+      labels:
+        app: <service_name><service_version>
+        release: <release>
+      annotations:
+        commit-sha: "<COMMIT_SHA>"
+    spec:
+      imagePullSecrets:
+      - name: <imagePullSecret>
+      containers:
+      - name: <service_name>
+        image: <docker_image>
+        command: ["java"]
+        args: <java_args>
+        readinessProbe:
+          httpGet:
+            path: <service_health>
+            port: 80
+          initialDelaySeconds: 15
+          periodSeconds: 30
+          failureThreshold: 3
+        ports:
+        - name: http
+          containerPort: 80
+        envFrom:
+        - configMapRef:
+            name: <configmap_env_name>

AuctionApp/DEV/PUB/service.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: <service_name><service_version>
+spec:
+  selector:
+    app: <service_name><service_version>
+    release: <release>
+  ports:
+  - port: 80
+    targetPort: 80

AuctionApp/DEV/Pay/Jenkinsfile

@@ -0,0 +1,30 @@
+node {
+    // Git checkout before load source the file
+    checkout scm
+    // sh '''
+    //     ls -lhrt
+    // '''
+    def base_branch = ref.tokenize('/')[2]
+    def rootDir = pwd()
+    def yaml2Map = load "./sharedLibs/yaml2Map.groovy"
+    def stages = load "./sharedLibs/stages.groovy"
+    def GLOBAL_CONFIG = yaml2Map.read('global.yaml').project
+    dir("AuctionApp/DEV/Pay") {
+        def PROJECT_CONFIG = yaml2Map.read('cfg.yaml').project
+        def CONFIG = yaml2Map.merge(PROJECT_CONFIG, GLOBAL_CONFIG)
+        CONFIG.docker.image = String.format(CONFIG.docker.image, CONFIG.service.name)
+        println 'configs: ' + CONFIG
+        
+        String[] JAVA_ARGS = ["-Djava.security.egd=file:/dev/./urandom",
+            "-Xmx1024m",
+            "-Dspring.profiles.active=dev",
+            "-Dserver.port=80",
+            "-jar","/app/target/${CONFIG.service.jar}"]
+        stages.execute(CONFIG, base_branch, [
+            'K3SDEPLOY' : {
+                stages.deployWithConfigmapEnvOnly(CONFIG.service, CONFIG.k3s, base_branch, JAVA_ARGS, './configmap-env.ini')
+                stages.applyService(CONFIG.service, CONFIG.k3s, base_branch)
+            }
+        ])
+    }
+}

AuctionApp/DEV/Pay/cfg.yaml

@@ -0,0 +1,12 @@
+project:
+  git:
+    address: http://git.hobbystocks.cn/auction/auction.git
+    credentialId: gogs.hobbystocks.cn
+  service:
+    name: auction-pay
+    version: ''
+    jar: txmall-pay.jar
+    module: txmall-pay
+    health: /actuator/health/readiness
+  k3s:
+    kubeconfig: k3s/k3s-dev3.yaml

AuctionApp/DEV/Pay/configmap-env.ini

@@ -0,0 +1,22 @@
+spring.datasource.url=jdbc:mysql://192.168.56.105:3306/auction-dpst?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8
+spring.datasource.username=auction
+spring.datasource.password=Pass2022
+
+spring.security.oauth2.resourceserver.jwt.issuer-uri=https://auth.txmall.zcunsoft.com/realms/demo
+
+spring.redis.database=2
+spring.redis.password=Pass2010
+spring.redis.sentinel.master=poyee-master
+spring.redis.sentinel.nodes=192.168.56.105:26379
+
+pay.appId=4001
+pay.secretKey=ea0df9399c2168f9fe1b02afdc7ea51b
+pay.makeOrderUrl=https://pay.test.zcunsoft.com/checkout.counter.api/order/makeOrder
+pay.makeRefundUrl=https://pay.test.zcunsoft.com/checkout.counter.api/order/makeRefund
+pay.queryOrderUrl=https://pay.test.zcunsoft.com/checkout.counter.api/order/queryOrder
+pay.notifyUrl=https://api.txmall.zcunsoft.com/pay/pub/notify
+
+logging.fluentd.enabled=true
+logging.fluentd.host=fluentd-aggr
+logging.fluentd.port=24224
+logging.console.enabled=true

AuctionApp/DEV/Pay/deployment.yaml

@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: <service_name><service_version>
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: <service_name><service_version>
+      release: <release>
+  template:
+    metadata:
+      labels:
+        app: <service_name><service_version>
+        release: <release>
+      annotations:
+        commit-sha: "<COMMIT_SHA>"
+    spec:
+      imagePullSecrets:
+      - name: <imagePullSecret>
+      containers:
+      - name: <service_name>
+        image: <docker_image>
+        command: ["java"]
+        args: <java_args>
+        readinessProbe:
+          httpGet:
+            path: <service_health>
+            port: 80
+          initialDelaySeconds: 15
+          periodSeconds: 30
+          failureThreshold: 3
+        ports:
+        - name: http
+          containerPort: 80
+        envFrom:
+        - configMapRef:
+            name: <configmap_env_name>

AuctionApp/DEV/Pay/service.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: <service_name><service_version>
+spec:
+  selector:
+    app: <service_name><service_version>
+    release: <release>
+  ports:
+  - port: 80
+    targetPort: 80

AuctionApp/DEV/Traefik/Jenkinsfile

@@ -0,0 +1,21 @@
+node {
+    // Git checkout before load source the file
+    checkout scm
+
+    def yaml2Map = load "./sharedLibs/yaml2Map.groovy"
+    def k3sUtils = load "./sharedLibs/k3sUtil.groovy"
+    def GLOBAL_CONFIG = yaml2Map.read('global.yaml').project
+    dir("AuctionApp/DEV/Traefik") {
+
+        def PROJECT_CONFIG = yaml2Map.read('cfg.yaml').project
+        def CONFIG = yaml2Map.merge(PROJECT_CONFIG, GLOBAL_CONFIG)
+        
+        final foundFiles = findFiles(glob: 'k8s/*.yaml')
+        foundFiles.each{ 
+            stage("apply config ${it}") {
+                println "applying ${it}..."
+                k3sUtils.applyService(CONFIG.k3s, "${it}")
+            }
+        }
+    }
+}

AuctionApp/DEV/Traefik/cfg.yaml

@@ -0,0 +1,3 @@
+project:
+  k3s:
+    kubeconfig: k3s/k3s-dev3.yaml

AuctionApp/DEV/Traefik/k8s/1-MiddleWares.yaml

@@ -0,0 +1,26 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: auction-app-strip
+  namespace: default
+spec:
+  stripPrefix:
+    prefixes:
+    - /auc
+    - /bid
+    - /pub
+    - /deposit
+    - /order
+    - /pay
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: jwt-token-validation
+  namespace: default
+spec:
+  forwardAuth:
+    address: http://coresvc/api/auth/v2/verify
+    authResponseHeadersRegex: ^X-
+    trustForwardHeader: true

AuctionApp/DEV/Traefik/k8s/2-TraefikRoutes.yaml

@@ -0,0 +1,175 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: https-auction-auc
+  namespace: default
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - kind: Rule
+    match: Host(`auction-dev.hobbystocks.cn`) && PathPrefix(`/auc/admin`)
+    middlewares:
+    - name: auction-app-strip
+    - name: jwt-token-validation
+    services:
+    - name: auction-auc
+      port: 80
+  - kind: Rule
+    match: Host(`auction-dev.hobbystocks.cn`) && PathPrefix(`/auc`)
+    middlewares:
+    - name: auction-app-strip
+    services:
+    - name: auction-auc
+      port: 80
+  tls:
+    secretName: auction-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: https-auction-bid
+  namespace: default
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - kind: Rule
+    match: Host(`auction-dev.hobbystocks.cn`) && PathPrefix(`/bid/admin`)
+    middlewares:
+    - name: auction-app-strip
+    - name: jwt-token-validation
+    services:
+    - name: auction-bid
+      port: 80
+  - kind: Rule
+    match: Host(`auction-dev.hobbystocks.cn`) && Path(`/bid/pub/myList`,`/bid/pub/add`, `/bid/pub/mine`, `/bid/pub/myLots`, `/bid/pub/testUser`)
+    middlewares:
+    - name: auction-app-strip
+    - name: jwt-token-validation
+    services:
+    - name: auction-bid
+      port: 80
+  - kind: Rule
+    match: Host(`auction-dev.hobbystocks.cn`) && PathPrefix(`/bid`)
+    middlewares:
+    - name: auction-app-strip
+    services:
+    - name: auction-bid
+      port: 80
+  tls:
+    secretName: auction-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: https-auction-deposit
+  namespace: default
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - kind: Rule
+    match: Host(`auction-dev.hobbystocks.cn`) && PathPrefix(`/deposit/admin`,`/deposit/pub`)
+    middlewares:
+    - name: auction-app-strip
+    - name: jwt-token-validation
+    services:
+    - name: auction-deposit
+      port: 80
+  - kind: Rule
+    match: Host(`auction-dev.hobbystocks.cn`) && PathPrefix(`/deposit`)
+    middlewares:
+    - name: auction-app-strip
+    services:
+    - name: auction-deposit
+      port: 80
+  tls:
+    secretName: auction-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: https-auction-pub
+  namespace: default
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - kind: Rule
+    match: Host(`auction-dev.hobbystocks.cn`) && PathPrefix(`/pub/admin`)
+    middlewares:
+    - name: auction-app-strip
+    - name: jwt-token-validation
+    services:
+    - name: auction-pub
+      port: 80
+  - kind: Rule
+    match: Host(`auction-dev.hobbystocks.cn`) && PathPrefix(`/pub`)
+    middlewares:
+    - name: auction-app-strip
+    services:
+    - name: auction-pub
+      port: 80
+  tls:
+    secretName: auction-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: https-auction-order
+  namespace: default
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - kind: Rule
+    match: Host(`auction-dev.hobbystocks.cn`) && PathPrefix(`/order/admin`,`/order/pub`)
+    middlewares:
+    - name: auction-app-strip
+    - name: jwt-token-validation
+    services:
+    - name: auction-order
+      port: 80
+  - kind: Rule
+    match: Host(`auction-dev.hobbystocks.cn`) && PathPrefix(`/order`)
+    middlewares:
+    - name: auction-app-strip
+    services:
+    - name: auction-order
+      port: 80
+  tls:
+    secretName: auction-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: https-auction-pay
+  namespace: default
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - kind: Rule
+    match: Host(`auction-dev.hobbystocks.cn`) && PathPrefix(`/pay/admin`)
+    middlewares:
+    - name: auction-app-strip
+    - name: jwt-token-validation
+    services:
+    - name: auction-pay
+      port: 80
+  - kind: Rule
+    match: Host(`auction-dev.hobbystocks.cn`) && PathPrefix(`/pay`)
+    middlewares:
+    - name: auction-app-strip
+    services:
+    - name: auction-pay
+      port: 80
+  tls:
+    secretName: auction-dev.hobbystocks.cn

AuctionApp/README.md

@@ -0,0 +1,22 @@
+**maven package错误**
+*Could not resolve dependencies for project com.zcunsoft:txmall-pay:jar:0.1.0: Failure to find com.zcunsoft:checkout-counter-entity:jar:1.0.1*
+
+**需要添加settings.xml, 内容如下**
+**并删除缓存repository/com/zcunsoft(如果已经下载失败)**
+```
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0">
+  <servers>
+    <server>
+      <id>paycenter-maven</id>
+      <configuration>
+        <httpHeaders>
+          <property>
+            <name>Deploy-Token</name>
+            <value>tpEf3zbh6yS_v1vRdowd</value>
+          </property>
+        </httpHeaders>
+      </configuration>
+    </server>
+  </servers>
+</settings>
+```

global.yaml

@@ -0,0 +1,13 @@
+project:
+  docker:
+    #registry: registry.azure.hobbystocks.cn
+    #push_credentialId: docker.registry
+    registry: registry.cn-shanghai.aliyuncs.com
+    push_credentialId: docker.registry.aliyuncs
+    image: poyee/%s #append ${project.service.name}
+  k3s:
+    kubeconfig: k3s/k3s-dev2.yaml
+    #pull_secretId: registry.azure.hobbystocks.cn
+    pull_secretId: registry.cn-shanghai.aliyuncs.com
+    cpu_limits: 750m
+    cpu_requests: 250m

k3s-INFRA/DEV/fluent-aggr/Jenkinsfile

@@ -0,0 +1,23 @@
+node {
+    // Git checkout before load source the file
+    checkout scm
+
+    def yaml2Map = load "./sharedLibs/yaml2Map.groovy"
+    def k3sUtils = load "./sharedLibs/k3sUtil.groovy"
+    def GLOBAL_CONFIG = yaml2Map.read('global.yaml').project
+    dir("k3s-INFRA/DEV/fluent-aggr") {
+
+        def PROJECT_CONFIG = yaml2Map.read('cfg.yaml').project
+        def CONFIG = yaml2Map.merge(PROJECT_CONFIG, GLOBAL_CONFIG)
+
+        def configmap_conf_name = k3sUtils.applyConfigMapConfig(CONFIG.service, CONFIG.k3s, './configmap')
+
+        final foundFiles = findFiles(glob: 'k8s/*.yaml')
+        foundFiles.each{
+            stage("apply config: ${it}") {
+                println "applying ${it}..."
+                k3sUtils.applyService(GLOBAL_CONFIG.k3s, "${it}")
+            }
+        }
+    }
+}

k3s-INFRA/DEV/fluent-aggr/cfg.yaml

@@ -0,0 +1,6 @@
+project:
+  service:
+    name: fluent-aggr
+    version: ''
+  k3s:
+    kubeconfig: k3s/k3s-dev6.yaml

k3s-INFRA/DEV/fluent-aggr/configmap/fluentd.conf

@@ -0,0 +1,41 @@
+<source>
+  @type forward
+  port 24224
+  bind 0.0.0.0
+</source>
+
+<filter logback.**>
+    @type record_transformer
+    remove_keys ["caller", "throwable"]
+    <record>
+      fluentd "#{Socket.gethostname}"
+      tag ${tag}
+      application ${tag_parts[1]}
+      hostname ${tag_suffix[2]}
+    </record>
+</filter>
+
+<match **>
+    @type copy
+    //<store>
+    //  @type stdout
+    //</store>
+    <store>
+      @type loki
+      url "http://192.168.56.137:3100"
+      extra_labels {"from":"fluentd-aggr"}
+      <label>
+        application
+        hostname
+      </label>
+      <buffer>
+        flush_thread_count 4
+        chunk_limit_size 8M
+        queue_limit_length 8
+        retry_max_interval 30
+        retry_forever false
+        flush_interval 15s
+        flush_at_shutdown true
+      </buffer>
+    </store>
+</match>

k3s-INFRA/DEV/fluent-aggr/k8s/deployment.yaml

@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fluentd-aggr
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: fluentd-aggr
+  template:
+    metadata:
+      labels:
+        app: fluentd-aggr
+    spec:
+      imagePullSecrets:
+      - name: registry.azure.ipangyou.com
+      containers:
+      - image: registry.azure.ipangyou.com/fluentd:es-mq
+        imagePullPolicy: IfNotPresent
+        name: fluentd-aggr
+        env:
+        - name: TZ
+          value: Asia/Shanghai
+        - name: FLUENTD_CONF
+          value: fluentd.conf
+        ports:
+        - containerPort: 24225
+          name: tcp24225
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /fluentd/etc/
+          name: config-volume
+      volumes:
+      - name: config-volume
+        configMap:
+          defaultMode: 420
+          name: fluent-aggr-config #configmap name

k3s-INFRA/DEV/fluent-aggr/k8s/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: fluent-aggr
+  namespace: default
+spec:
+  ports:
+  - name: tcp24224
+    port: 24224
+    protocol: TCP
+    targetPort: 24224
+  selector:
+    app: fluentd-aggr
+  sessionAffinity: None
+  type: ClusterIP

k3s-INFRA/DEV/traefik-rules/Jenkinsfile

@@ -0,0 +1,31 @@
+node {
+    // Git checkout before load source the file
+    checkout scm
+
+    def yaml2Map = load "./sharedLibs/yaml2Map.groovy"
+    def k3sUtils = load "./sharedLibs/k3sUtil.groovy"
+    def GLOBAL_CONFIG = yaml2Map.read('global.yaml').project
+    dir("k3s-INFRA/DEV/traefik-rules") {
+
+        def PROJECT_CONFIG = yaml2Map.read('cfg.yaml').project
+        def CONFIG = yaml2Map.merge(PROJECT_CONFIG, GLOBAL_CONFIG)
+        
+        services = services.split(',')
+        for(service in services) {
+            stage("Apply service ${service}") {
+                final foundFiles = findFiles(glob: "${service}/*.yaml")
+                foundFiles.each {
+                    println "applying ${it}..."
+                    k3sUtils.applyService(CONFIG.k3s, "${it}")
+                }
+            }
+        }
+        // final foundFiles = findFiles(glob: '*/*.yaml')
+        // foundFiles.each{ 
+        //     stage("apply config ${it}") {
+        //         println "applying ${it}..."
+        //         k3sUtils.applyService(CONFIG.k3s, "${it}")
+        //     }
+        // }
+    }
+}

k3s-INFRA/DEV/traefik-rules/admin/IngressRoute.yaml

@@ -0,0 +1,15 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-admin.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`admin-dev.hobbystocks.cn`)
+      services:
+        - name: poyee-admin
+          port: 80
+  tls:
+    secretName: admin-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/auction-auc/IngressRoute.yaml

@@ -0,0 +1,28 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: auction-auc.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: >-
+        Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/auc`)
+      middlewares:
+        - name: auction-auc-strip
+        - name: auc-cors-header
+        - name: coresvc-jwt-token-v2-verify
+      services:
+        - name: auction-auc
+          port: 80
+    - kind: Rule
+      match: >-
+        Host(`m2-dev.hobbystocks.cn`) && Path(`/auc/auction/admin/shipping/lot/get/act`)
+      middlewares:
+        - name: auction-auc-strip
+      services:
+        - name: auction-auc
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/auction-auc/Middleware.yaml

@@ -0,0 +1,24 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: auction-auc-strip
+spec:
+  stripPrefix:
+    prefixes:
+      - /auc
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: auc-cors-header
+spec:
+  headers:
+    accessControlAllowHeaders:
+      - '*'
+    accessControlAllowMethods:
+      - '*'
+    accessControlAllowOriginList:
+      - '*'
+    accessControlMaxAge: 100
+    addVaryHeader: true

k3s-INFRA/DEV/traefik-rules/auction-bid/IngressRoute.yaml

@@ -0,0 +1,32 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: auction-bid.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && Path(`/bid/bid/bidding/addPrice`)
+      middlewares:
+        - name: auction-bid-strip
+        - name: bid-cors-header
+        - name: coresvc.replay-attack
+        - name: coresvc-jwt-token-v2-verify
+        
+      services:
+        - name: auction-bid
+          port: 80
+  
+    - kind: Rule
+      match: >-
+        Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/bid`)
+      middlewares:
+        - name: auction-bid-strip
+        - name: bid-cors-header
+        - name: coresvc-jwt-token-v2-verify
+      services:
+        - name: auction-bid
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/auction-bid/Middleware.yaml

@@ -0,0 +1,24 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: auction-bid-strip
+spec:
+  stripPrefix:
+    prefixes:
+      - /bid
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: bid-cors-header
+spec:
+  headers:
+    accessControlAllowHeaders:
+      - '*'
+    accessControlAllowMethods:
+      - '*'
+    accessControlAllowOriginList:
+      - '*'
+    accessControlMaxAge: 100
+    addVaryHeader: true

k3s-INFRA/DEV/traefik-rules/authserv/IngressRoute.yaml

@@ -0,0 +1,58 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: oauth2-https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`auth-dev.hobbystocks.cn`)
+      middlewares:
+        - name: authserv-cors-header
+      services:
+        - name: authserv
+          port: 80
+    - kind: Rule
+      match: Host(`auth-dev.hobbystocks.cn`) && Path(`/api/external/user`)
+      middlewares:
+        - name: authserv-token-validation
+        # - name: coresvc-jwt-token-v2.2-verify
+      services:
+        - name: authserv
+          port: 80
+    - kind: Rule
+      match: Host(`m2.hobbystocks.cn`) && Path(`/authserv/api/external/user`)
+      middlewares:
+        - name: authserv-token-validation
+        - name: authserv-strip
+      services:
+        - name: authserv
+          port: 80
+    - kind: Rule
+      match: Host(`auth-dev.hobbystocks.cn`) && Path(`/api/external/util/sysdict`,`/api/external/merchant/totp`,`/api/external/a2/password`,`/api/external/a2/verify`)
+      middlewares:
+        - name: authserv-cors-header
+        - name: authserv-partnertoken-validation
+      services:
+        - name: authserv
+          port: 80
+  tls:
+    secretName: auth-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: oauth2-m2dev-https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2.hobbystocks.cn`) && Path(`/oauth2/token`)
+      services:
+        - name: authserv
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/authserv/Middleware.yaml

@@ -0,0 +1,46 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: authserv-cors-header
+spec:
+  headers:
+    accessControlAllowHeaders:
+      - '*'
+    accessControlAllowMethods:
+      - '*'
+    accessControlAllowOriginList:
+      - '*'
+    accessControlMaxAge: 100
+    addVaryHeader: true
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: authserv-token-validation
+spec:
+  forwardAuth:
+    address: http://authserv/api/internal/verifytoken
+    authResponseHeadersRegex: ^X-
+    trustForwardHeader: true
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: authserv-partnertoken-validation
+spec:
+  forwardAuth:
+    address: http://authserv/api/internal/partner/verifytoken
+    authResponseHeadersRegex: ^X-
+    trustForwardHeader: true
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: authserv-strip
+spec:
+  stripPrefix:
+    prefixes:
+    - /authserv

k3s-INFRA/DEV/traefik-rules/calendar/IngressRoute.yaml

@@ -0,0 +1,35 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: calendar.https
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - kind: Rule
+    match: Host(`m2-dev.hobbystocks.cn`) && (Path(`/calendar/api/calendar/list`) || Path(`/calendar/api/calendar/detail/{id:[0-9]+}`) || Path(`/api/calendar/detail/simple/{id:[0-9]+}`))
+    middlewares:
+    - name: calendar-strip
+    - name: calendar-cors-header
+    services:
+    - name: calendar
+      port: 80
+  - kind: Rule
+    match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/calendar/api/calendar/detail/simple`)
+    middlewares:
+    - name: calendar-strip
+    - name: calendar-cors-header
+    services:
+    - name: calendar
+      port: 80
+  - kind: Rule
+    match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/calendar/`)
+    middlewares:
+    - name: calendar-strip
+    - name: calendar-cors-header
+    - name: coresvc-jwt-token-v3-verify
+    services:
+    - name: calendar
+      port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/calendar/Middleware.yaml

@@ -0,0 +1,24 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: calendar-strip
+spec:
+  stripPrefix:
+    prefixes:
+    - /calendar
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: calendar-cors-header
+spec:
+  headers:
+    accessControlAllowHeaders:
+      - '*'
+    accessControlAllowMethods:
+      - '*'
+    accessControlAllowOriginList:
+      - '*'
+    accessControlMaxAge: 100
+    addVaryHeader: true

k3s-INFRA/DEV/traefik-rules/card-report/IngressRoute.yaml

@@ -0,0 +1,19 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: card-report.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: >-
+        Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/cardreports`)
+      middlewares:
+        - name: card-report-strip
+        - name: cardreport-cors-header
+      services:
+        - name: poyee-card-report
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/card-report/Middleware.yaml

@@ -0,0 +1,24 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: card-report-strip
+spec:
+  stripPrefix:
+    prefixes:
+      - /cardreport
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: cardreport-cors-header
+spec:
+  headers:
+    accessControlAllowHeaders:
+      - '*'
+    accessControlAllowMethods:
+      - '*'
+    accessControlAllowOriginList:
+      - '*'
+    accessControlMaxAge: 100
+    addVaryHeader: true

k3s-INFRA/DEV/traefik-rules/cfg.yaml

@@ -0,0 +1,3 @@
+project:
+  k3s:
+    kubeconfig: k3s/k3s-dev6.yaml

k3s-INFRA/DEV/traefik-rules/checklist-front/IngressRoute.yaml

@@ -0,0 +1,18 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: checklist-front.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: >-
+        Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/checklist-front`)
+      middlewares:
+        - name: checklist-cors-header
+      services:
+        - name: checklist-front
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/checklist-front/Middleware.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: checklist-cors-header
+spec:
+  headers:
+    accessControlAllowHeaders:
+      - '*'
+    accessControlAllowMethods:
+      - '*'
+    accessControlAllowOriginList:
+      - '*'
+    accessControlMaxAge: 100
+    addVaryHeader: true
+

k3s-INFRA/DEV/traefik-rules/community/IngressRoute.yaml

@@ -0,0 +1,60 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: community.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && (Path(`/community/app/discuss`,`/community/app/comment`, `/community/app/user`, `/community/app/discuss/share`, `/community/app/discuss/detail`) || PathPrefix(`/community/app/discuss`))
+      middlewares:
+        - name: community-cors-header
+        - name: community-strip
+        - name: coresvc-jwt-token-v2-verify
+        - name: coresvc-forward-geo
+      services:
+        - name: community
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && (Path(`/community/app/search`, `/community/app/discuss-count`,`/community/app/discuss/update_score`,`/community/app/discuss/audit`, `/community/sys/comment/audit`,`/community/sys/comment/paging`, `/community/app/comment/paging`, `/community/app/user/{ver:info|refresh}`) || PathPrefix(`/community/app/associate_team`, `/community/app/like`,`/community/app/collect`, `/community/app/follow`, `/community/app/tag`, `/community/app/uninterested`))
+      middlewares:
+        - name: community-cors-header
+        - name: community-strip
+        - name: coresvc-jwt-token-v2-verify
+      services:
+        - name: community
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && Path(`/community/app/discuss/paging`,`/community/app/discuss/detail`)
+      middlewares:
+        - name: community-cors-header
+        - name: community-strip
+        - name: coresvc-jwt-token-v2-verify-optional
+      services:
+        - name: community
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && (PathPrefix(`/community/doc`) || PathPrefix(`/community/static`)|| PathPrefix(`/community/webjars/`)|| PathPrefix(`/community/v3/api-docs/`))
+      middlewares:
+        - name: community-strip
+      services:
+        - name: community
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: community.http
+spec:
+  entryPoints:
+    - web
+  routes:
+    - kind: Rule
+      match: Host(`community-dev.local`) && Path(`/player.dic`)
+      services:
+        - name: community
+          port: 80

k3s-INFRA/DEV/traefik-rules/community/Middleware.yaml

@@ -0,0 +1,24 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: community-cors-header
+spec:
+  headers:
+    accessControlAllowHeaders:
+      - '*'
+    accessControlAllowMethods:
+      - '*'
+    accessControlAllowOriginList:
+      - '*'
+    accessControlMaxAge: 100
+    addVaryHeader: true
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: community-strip
+spec:
+  stripPrefix:
+    prefixes:
+      - /community

k3s-INFRA/DEV/traefik-rules/coresvc/IngressRoute.yaml

@@ -0,0 +1,22 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: coresvc.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`coresvc-dev.hobbystocks.cn`)
+      services:
+        - name: coresvc2
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && Path(`/coresvc/api/auth/daily`)
+      middlewares:
+        - name: poyee-app-v2-strip
+      services:
+        - name: coresvc2
+          port: 80
+  tls:
+    secretName: coresvc-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/coresvc/Middleware.yaml

@@ -0,0 +1,91 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: coresvc.replay-attack
+spec:
+  forwardAuth:
+    address: http://coresvc2/api/security/detect/replayAttack
+    authResponseHeadersRegex: ^X-
+    trustForwardHeader: true
+    
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: coresvc-jwt-token-v2.2-verify
+spec:
+  forwardAuth:
+    address: http://coresvc2/api/auth/v2.2/verify
+    authResponseHeadersRegex: ^X-
+    trustForwardHeader: true
+    
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: coresvc-jwt-token-v2.1-verify
+spec:
+  forwardAuth:
+    address: http://coresvc2/api/auth/v2.1/verify
+    authResponseHeadersRegex: ^X-
+    trustForwardHeader: true
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: coresvc-jwt-token-v2-verify
+spec:
+  forwardAuth:
+    address: http://coresvc2/api/auth/v2/verify
+    authResponseHeadersRegex: ^X-
+    trustForwardHeader: true
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: coresvc-jwt-token-v3-verify
+spec:
+  forwardAuth:
+    address: http://coresvc2/api/auth/v3/verify
+    authResponseHeadersRegex: ^X-
+    trustForwardHeader: true
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: coresvc-jwt-token-v2-verify-optional
+spec:
+  forwardAuth:
+    address: http://coresvc2/api/auth/v2/verify/optional
+    authResponseHeadersRegex: ^X-
+    trustForwardHeader: true
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: coresvc-token-validation
+spec:
+  forwardAuth:
+    address: http://coresvc2/api/auth/verify
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: coresvc-forward-geo
+spec:
+  forwardAuth:
+    address: http://coresvc2/api/geo/city/forward
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: coresvc-ratelimit-byuser
+spec:
+  forwardAuth:
+    address: http://coresvc2/api/auth/rateLimitByUser

k3s-INFRA/DEV/traefik-rules/data-hub/ingressRoute.yaml

@@ -0,0 +1,18 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: data-hub.https
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - kind: Rule
+    match: Host(`partner-dev.hobbystocks.cn`) && PathPrefix(`/datahub`)
+    middlewares:
+      - name: coresvc-jwt-token-v2-verify
+      - name: data-hub-strip
+    services:
+      - name: data-hub
+        port: 80
+  tls:
+    secretName: partner-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/data-hub/middleWare.yaml

@@ -0,0 +1,8 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: data-hub-strip
+spec:
+  stripPrefix:
+    prefixes:
+    - /datahub

k3s-INFRA/DEV/traefik-rules/douyin/IngressRoute.yaml

@@ -0,0 +1,15 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: robot-douyin.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/douyin`)
+      services:
+        - name: robot-douyin-server
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/finance/IngressRoute.yaml

@@ -0,0 +1,17 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-finance.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-finance`)
+      middlewares:
+        - name: poyee-finance-strip
+      services:
+        - name: poyee-finance
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/finance/Middleware.yaml

@@ -0,0 +1,8 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: poyee-finance-strip
+spec:
+  stripPrefix:
+    prefixes:
+      - /py-finance

k3s-INFRA/DEV/traefik-rules/group-board/IngressRoute.yaml

@@ -0,0 +1,17 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: group-board.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/group-board`)
+      middlewares:
+        - name: group-board-strip
+      services:
+        - name: poyee-group-board
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/group-board/Middleware.yaml

@@ -0,0 +1,8 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: group-board-strip
+spec:
+  stripPrefix:
+    prefixes:
+      - /group-board

k3s-INFRA/DEV/traefik-rules/group-report/IngressRoute.yaml

@@ -0,0 +1,69 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: group-report.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/group-report/doc.html`)
+      middlewares:
+        - name: group-report-strip
+        - name: group-report-cors-header
+      services:
+        - name: group-report
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/group-report/webjars`)
+      middlewares:
+        - name: group-report-strip
+        - name: group-report-cors-header
+      services:
+        - name: group-report
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/group-report/swagger-resources`)
+      middlewares:
+        - name: group-report-strip
+        - name: group-report-cors-header
+      services:
+        - name: group-report
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/group-report/v2/api-docs`)
+      middlewares:
+        - name: group-report-strip
+        - name: group-report-cors-header
+      services:
+        - name: group-report
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/group-report`)
+      middlewares:
+        - name: group-report-strip
+        - name: group-report-cors-header
+        - name: coresvc-jwt-token-v2-verify
+      services:
+        - name: group-report
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && Path(`/group-report/api/v1/checklistBaseInfo/query`)
+      middlewares:
+        - name: group-report-strip
+        - name: group-report-cors-header
+        - name: coresvc-jwt-token-v2-verify
+      services:
+        - name: group-report
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/group-report/api/i18n`, `/group-report/local`, `/group-report/api/v1/checklist`)
+      middlewares:
+        - name: group-report-strip
+        - name: group-report-cors-header
+        - name: coresvc-jwt-token-v3-verify
+      services:
+        - name: group-report
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/group-report/Middleware.yaml

@@ -0,0 +1,24 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: group-report-strip
+spec:
+  stripPrefix:
+    prefixes:
+    - /group-report
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: group-report-cors-header
+spec:
+  headers:
+    accessControlAllowHeaders:
+      - '*'
+    accessControlAllowMethods:
+      - '*'
+    accessControlAllowOriginList:
+      - '*'
+    accessControlMaxAge: 100
+    addVaryHeader: true
+

k3s-INFRA/DEV/traefik-rules/im/IngressRoute.yaml

@@ -0,0 +1,40 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: im.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`im-dev.hobbystocks.cn`)
+      middlewares:
+        - name: im-cors-header
+        - name: im-headers
+      services:
+        - name: poyee-im
+          port: 80
+    - kind: Rule
+      match: >-
+        Host(`im-dev.hobbystocks.cn`) &&
+        PathPrefix(`/api/chat/prohibition/paging`,`/api/msg`)
+      middlewares:
+        - name: im-cors-header
+        - name: coresvc-jwt-token-v2-verify
+      priority: 200
+      services:
+        - name: poyee-im
+          port: 80
+    - kind: Rule
+      match: >-
+        Host(`im-dev.hobbystocks.cn`) &&
+        (PathPrefix(`/api/livechat`,`/api/chat/p2p`,`/api/chat/relation`,`/api/chat/room`,`/api/chat/prohibition`,`/api/user/identity`)
+        || Path(`/chat/handler`, `/api/user`))
+      middlewares:
+        - name: im-cors-header
+        - name: coresvc-jwt-token-v2-verify
+      services:
+        - name: poyee-im
+          port: 80
+  tls:
+    secretName: im-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/im/Middleware.yaml

@@ -0,0 +1,24 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: im-cors-header
+spec:
+  headers:
+    accessControlAllowHeaders:
+      - '*'
+    accessControlAllowMethods:
+      - '*'
+    accessControlAllowOriginList:
+      - '*'
+    accessControlMaxAge: 100
+    addVaryHeader: true
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: im-headers
+spec:
+  headers:
+    customRequestHeaders:
+      X-Forwarded-Proto: https

k3s-INFRA/DEV/traefik-rules/indexsvc/IngressRoute.yaml

@@ -0,0 +1,28 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: indexsvc.http
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - kind: Rule
+    match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-index/api/ebay/{func:page[0-9a-zA-Z]*}`)
+    middlewares:
+    #- name: coresvc-token-validation
+    #- name: coresvc-ratelimit-byuser
+    - name: indexsvc-strip
+    services:
+    - name: poyee-index
+      port: 80
+  - kind: Rule
+    match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-index/api/cardQuery/{func:[0-9a-zA-Z]*}`)
+    middlewares:
+    #- name: coresvc-token-validation
+    #- name: coresvc-ratelimit-byuser
+    - name: indexsvc-strip
+    services:
+    - name: poyee-index
+      port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/indexsvc/Middleware.yaml

@@ -0,0 +1,8 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: indexsvc-strip
+spec:
+  stripPrefix:
+    prefixes:
+    - /py-index

k3s-INFRA/DEV/traefik-rules/mall/IngressRoute.yaml

@@ -0,0 +1,77 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-mall.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: >-
+        Host(`m2-dev.hobbystocks.cn`) &&
+        Path(`/py-mall/api/live/tencentCallBack`,`/py-mall/api/merchant/mallList`,`/py-mall/api/live/tencent/steamEnd/callback`,`/py-mall/api/live/volc/steamEnd/callback`)
+      middlewares:
+        - name: poyee-mall-and-order-strip
+      priority: 350
+      services:
+        - name: poyee-mall
+          port: 80
+    - kind: Rule
+      match: >-
+        Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-mall/api/merchant`,
+        `/py-mall/api/userFavorite`, `/py-mall/api/live`,
+        `/py-mall/api/userCardRecord`, `/py-mall/api/order`,
+        `/py-mall/api/user`,`/py-mall/api/luckyPoint`,
+        `/py-mall/api/reportInfo`,`/py-mall/api/volunteer`, `/py-mall/api/{ver:v\d+(\.\d+)?}/cart`)
+      middlewares:
+        - name: poyee-mall-and-order-strip
+        - name: coresvc-jwt-token-v2-verify
+      services:
+        - name: poyee-mall
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-mall/api/goods`)
+      middlewares:
+        - name: poyee-mall-and-order-strip
+        - name: coresvc-jwt-token-v2-verify-optional
+      services:
+        - name: poyee-mall
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-mall`)
+      middlewares:
+        - name: poyee-mall-and-order-strip
+      services:
+        - name: poyee-mall
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-order.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-order`)
+      middlewares:
+        - name: poyee-mall-and-order-strip
+        - name: coresvc-jwt-token-v2-verify
+      services:
+        - name: poyee-order
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-order/api/order/async/submit/`)
+      middlewares:
+        - name: poyee-mall-and-order-strip
+        - name: coresvc.replay-attack
+        - name: coresvc-jwt-token-v2-verify
+      services:
+        - name: poyee-order
+          port: 80
+  tls:
+    secretName: partner-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/mall/Middleware.yaml

@@ -0,0 +1,9 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: poyee-mall-and-order-strip
+spec:
+  stripPrefix:
+    prefixes:
+      - /py-mall
+      - /py-order

k3s-INFRA/DEV/traefik-rules/mecharm/IngressRoute.yaml

@@ -0,0 +1,31 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: mecharm.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`service.mecharm.hobbystocks.cn`) && PathPrefix(`/mecharms`)
+      middlewares:
+        - name: mecharm.headers
+      services:
+        - name: mecharm-service
+          port: 80
+    - kind: Rule
+      match: Host(`service.mecharm.hobbystocks.cn`) && PathPrefix(`/group`)
+      middlewares:
+        - name: authserv-partnertoken-validation
+      services:
+        - name: mecharm-service
+          port: 80
+    - kind: Rule
+      match: Host(`service.mecharm.hobbystocks.cn`)
+      middlewares:
+        - name: auth
+      services:
+        - name: mecharm-service
+          port: 80
+  tls:
+    secretName: service.mecharm.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/mecharm/Middleware.yaml

@@ -0,0 +1,8 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: mecharm.headers
+spec:
+  headers:
+    customRequestHeaders:
+      X-Forwarded-Proto: https

k3s-INFRA/DEV/traefik-rules/orderPay/IngressRoute.yaml

@@ -0,0 +1,69 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-order-pay.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: >-
+        Host(`bid-dev.auction.hobbystocks.cn`) &&
+        Path(`/order/v1/checklistBase/searchBaseInfoBySelect`,`/order/v1/api/base/selectData`)
+      middlewares:
+        - name: poyee-order-pay-stripprefix
+        - name: poyee-order-pay-cors-header
+      services:
+        - name: poyee-auction-order
+          port: 80
+    - kind: Rule
+      match: Host(`bid-dev.auction.hobbystocks.cn`) && Path(`/order/v1/api/express/{type:\w+}/notice`)
+      middlewares:
+        - name: poyee-order-pay-stripprefix
+      services:
+        - name: poyee-auction-order
+          port: 80
+    - kind: Rule
+      match: Host(`bid-dev.auction.hobbystocks.cn`) && PathPrefix(`/order/v1`)
+      middlewares:
+        - name: poyee-order-pay-stripprefix
+        - name: poyee-order-pay-cors-header
+        - name: coresvc-jwt-token-v2-verify
+      services:
+        - name: poyee-auction-order
+          port: 80
+    - kind: Rule
+      match: Host(`bid-dev.auction.hobbystocks.cn`) && PathPrefix(`/order`)
+      middlewares:
+        - name: poyee-order-pay-stripprefix
+        - name: poyee-order-pay-cors-header
+      services:
+        - name: poyee-auction-order
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/pay/api/v1/recharge`, `/pay/api/v1/rechargeManager`)
+      middlewares:
+        - name: poyee-order-pay-stripprefix
+        - name: poyee-order-pay-cors-header
+        - name: coresvc-jwt-token-v2-verify
+      services:
+        - name: poyee-auction-pay
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/pay/api/v1/express/qm-auction/paymentBack`)
+      middlewares:
+        - name: poyee-order-pay-stripprefix
+        - name: poyee-order-pay-cors-header
+      services:
+        - name: poyee-auction-pay
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/pay`)
+      middlewares:
+        - name: poyee-order-pay-stripprefix
+        - name: poyee-order-pay-cors-header
+      services:
+        - name: poyee-auction-pay
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/orderPay/Middleware.yaml

@@ -0,0 +1,25 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: poyee-order-pay-stripprefix
+spec:
+  stripPrefix:
+    prefixes:
+      - /order
+      - /pay
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: poyee-order-pay-cors-header
+spec:
+  headers:
+    accessControlAllowHeaders:
+      - '*'
+    accessControlAllowMethods:
+      - '*'
+    accessControlAllowOriginList:
+      - '*'
+    accessControlMaxAge: 100
+    addVaryHeader: true

k3s-INFRA/DEV/traefik-rules/partner/IngressRoute.yaml

@@ -0,0 +1,42 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: api.partner.hobbystocks.cn.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`partner-dev.hobbystocks.cn`)
+      middlewares:
+        - name: partnerapi-cors-header
+        - name: authserv-partnertoken-validation
+      services:
+        - name: poyee-admin
+          port: 80
+    - kind: Rule
+      match: Host(`partner-dev.hobbystocks.cn`) && PathPrefix(`/api/fadada`,`/act/manager/countActPoints`)
+      services:
+        - name: poyee-admin
+          port: 80
+  tls:
+    secretName: partner-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: partner.hobbystocks.cn.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`partner-dev.hobbystocks.cn`) && PathPrefix(`/html`)
+      middlewares:
+        - name: partner-stripprefix
+      services:
+        - name: staticres
+          port: 80
+  tls:
+    secretName: partner-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/partner/Middleware.yaml

@@ -0,0 +1,35 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: authserv-partnertoken-validation
+spec:
+  forwardAuth:
+    address: http://authserv/api/internal/partner/verifytoken
+    authResponseHeadersRegex: ^X-
+    trustForwardHeader: true
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: partner-stripprefix
+spec:
+  stripPrefix:
+    prefixes:
+      - /html
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: partnerapi-cors-header
+spec:
+  headers:
+    accessControlAllowHeaders:
+      - '*'
+    accessControlAllowMethods:
+      - '*'
+    accessControlAllowOriginList:
+      - '*'
+    accessControlMaxAge: 100
+    addVaryHeader: true

k3s-INFRA/DEV/traefik-rules/poyee-app/IngressRoute.yaml

@@ -0,0 +1,569 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-login.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-app/api/login`)
+      middlewares:
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-official-website.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && Path(`/py-app/local/merchant/avatars`, `/py-app/api/v3.7/group/list/search`)
+      middlewares:
+        - name: poyee-app-v2-strip
+        - name: poyee-app-cors-header
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-brand-member.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-app/api/brand/member`)
+      middlewares:
+        - name: poyee-app-v2-strip
+        - name: coresvc-jwt-token-v2-verify
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: m2-poyee-app-goods.https
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - kind: Rule
+    match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-app/api/goods`)
+    middlewares:
+    - name: coresvc-jwt-token-v2-verify
+    - name: poyee-app-v2-strip
+    services:
+    - name: poyee-app
+      port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-marketgroups.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: >-
+        Host(`m2-dev.hobbystocks.cn`) &&
+        PathPrefix(`/py-app/api/group/marketGroups`)
+      middlewares:
+        - name: poyee-app-v2-strip
+        - name: poyee-app-marketgroups-ratelimit-byip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-nontoken-generic.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-app`)
+      middlewares:
+        - name: poyee-app-cors-header
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-nontoken-live.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && (Path(`/py-app/api/{ver:v\d+(\.\d+)?}/live/info`) || Path(`/py-app/api/living/{ver:v\d+(\.\d+)?}/panini/{id:[0-9]+}`))
+      priority: 350
+      middlewares:
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-nontoken-merchant.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: >-
+        Host(`m2-dev.hobbystocks.cn`) && Headers(`User-Agent`, `GuzzleHttp/7`)
+        && Path(`/py-app/api/merchant/getMerchantInfoByType`)
+      priority: 1000
+      services:
+        - name: whoami
+          port: 80
+    - kind: Rule
+      match: >-
+        Host(`m2-dev.hobbystocks.cn`) &&
+        Path(`/py-app/api/{ver:v\d+(\.\d+)?}/merchant/id/user`,`/py-app/api/merchant/checkMechantInfo`,`/py-app/api/merchant/getMerchantInfoByType`,
+        `/py-app/api/{ver:v\d+(\.\d+)?}/merchant/hot`,`/py-app/api/{ver:v\d+(\.\d+)?}/merchant/getMerAppUserId`,`/py-app/api/{ver:v\d+(\.\d+)?}/merchant/detail`,
+        `/py-app/api/{ver:v\d+(\.\d+)?}/merchant/rankings`, `/py-app/api/{ver:v\d+(\.\d+)?}/merchant/popular`)
+      middlewares:
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-sendphonecode.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && Path(`/py-app/api/sendPhoneCode`)
+      middlewares:
+        - name: poyee-app-ratelimit-phonecode-byheader
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+# 生态购
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-token-erp.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-app/api/{ver:v\d+(\.\d+)?}/erpRandomCode`)
+      middlewares:
+        - name: coresvc-jwt-token-v2-verify
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-token-merchant.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-app/api/merchant`,`/py-app/api/{ver:v\d+(\.\d+)?}/merchant`)
+      middlewares:
+        - name: poyee-app-cors-header
+        - name: coresvc-jwt-token-v2-verify
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-token-good-group.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-app/api/{ver:v\d+(\.\d+)?}/good`, `/py-app/api/{ver:v\d+(\.\d+)?}/group`)
+      middlewares:
+        - name: coresvc-jwt-token-v2-verify
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-token-act-live-notify-settled.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-app/api/{ver:v\d+(\.\d+)?}/notify`, `/py-app/api/{ver:v\d+(\.\d+)?}/act`, `/py-app/api/{ver:v\d+(\.\d+)?}/live`, `/py-app/api/settled`, `/py-app/api/expressBase`)
+      middlewares:
+        - name: coresvc-jwt-token-v2-verify
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-nontoken-sku.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && Path(`/py-app/api/{ver:v\d+(\.\d+)?}/sku/getEvalution`)
+      priority: 350
+      middlewares:
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-token-order-sku.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-app/api/{ver:v\d+(\.\d+)?}/order`, `/py-app/api/{ver:v\d+(\.\d+)?}/sku`)
+      middlewares:
+        - name: coresvc-jwt-token-v2-verify
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+    
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-nontoken-group.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && Path(`/py-app/api/{ver:v\d+(\.\d+)?}/act/group/popup`,`/py-app/api/{ver:v\d+(\.\d+)?}/group/info/rank`)
+      priority: 350
+      middlewares:
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-token-merchant-mine-certer-num.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-app/api/{ver:v\d+(\.\d+)?}/mine/merchant/center/num`)
+      priority: 550
+      middlewares:
+        - name: coresvc-jwt-token-v2.2-verify
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-nontoken-mine.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && Path(`/py-app/api/{ver:v\d+(\.\d+)?}/mine/follow/type`)
+      priority: 350
+      middlewares:
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-token-mine.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-app/api/mine/`,`/py-app/api/{ver:v\d+(\.\d+)?}/mine/`)
+      middlewares:
+        - name: coresvc-jwt-token-v2-verify
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-app/api/{ver:v\d+(\.\d+)?}/questionnaire`,`/py-app/api/{ver:v\d+(\.\d+)?}/quiz`, `/py-app/api/{ver:v\d+(\.\d+)?}/recommend`)
+      priority: 350
+      middlewares:
+        - name: poyee-app-v2-strip
+        - name: coresvc-jwt-token-v2-verify
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-token-living.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      priority: 350
+      match: Host(`m2-dev.hobbystocks.cn`) && Path(`/py-app/api/living/{ver:v\d+(\.\d+)?}/like`)
+      middlewares:
+        - name: coresvc.replay-attack
+        - name: coresvc-jwt-token-v2-verify
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-token-live.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-app/api/live`, `/py-app/api/living`)
+      middlewares:
+        - name: coresvc-jwt-token-v2-verify
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-token-lucky-bag.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-app/api/lucky/bag`)
+      middlewares:
+        - name: coresvc-jwt-token-v2-verify
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-token-other.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: >-
+        Host(`m2-dev.hobbystocks.cn`) && Path(`/py-app/holdShippingAddress`,
+        `/py-app/api/group/buy`, `/py-app/api/group/getGroupUsers`,
+        `/py-app/api/wx/authLiveRole`)
+      middlewares:
+        - name: coresvc-jwt-token-v2-verify
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-token-grade.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-app/api/{ver:v\d+(\.\d+)?}/grade`)
+      priority: 350
+      middlewares:
+        - name: coresvc-jwt-token-v2-verify
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-token-optional.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: >-
+        Host(`m2-dev.hobbystocks.cn`) && Path(`/py-app/api/{ver:v\d+(\.\d+)?}/group/list/search`, 
+        `/py-app/api/{ver:v\d+(\.\d+)?}/group/v3/team`, `/py-app/api/group/info`, `/py-app/api/group/{ver:v\d+(\.\d+)?}/info`, `/py-app/api/group/info/test`,
+        `/py-app/api/{ver:v\d+(\.\d+)?}/group/goods`, `/py-app/api/goods/{ver:v\d+(\.\d+)?}/top`)
+      priority: 350
+      middlewares:
+        - name: coresvc-jwt-token-v2-verify-optional
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+    
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-app-no-token-promotion.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-app/api/promotionTask/page`)
+      priority: 350
+      middlewares:
+        - name: poyee-app-v2-strip
+      services:
+        - name: poyee-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: redirect-api-version-le-4.6
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && Path(`/py-app/api/v4.5/act/home/draw`,`/py-app/api/v4.6/act/home/draw`)
+      priority: 550
+      services:
+        - name: noop@internal
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/poyee-app/Middleware.yaml

@@ -0,0 +1,56 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: poyee-app-v2-strip
+spec:
+  stripPrefix:
+    prefixes:
+      - /py-app
+      - /coresvc
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: poyee-app-marketgroups-ratelimit-byip
+spec:
+  forwardAuth:
+    address: http://coresvc2/api/auth/blockByIp
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: poyee-app-ratelimit-phonecode-byheader
+spec:
+  rateLimit:
+    average: 2
+    burst: 2
+    period: 60s
+    sourceCriterion:
+      requestHeaderName: X-Client-ID
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: poyee-app-cors-header
+spec:
+  headers:
+    accessControlAllowHeaders:
+      - '*'
+    accessControlAllowMethods:
+      - '*'
+    accessControlAllowOriginList:
+      - '*'
+    accessControlMaxAge: 100
+    addVaryHeader: true
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: return-404
+spec:
+  errors:
+    status:
+      - "404"  # 对匹配的请求直接返回 404

k3s-INFRA/DEV/traefik-rules/poyee-dashboard-new/IngressRoute.yaml

@@ -0,0 +1,64 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-dashboard-new.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: >-
+        Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/poyee-dashboard-new`)
+      priority: 400
+      middlewares:
+        - name: poyee-dashboard-new-strip
+        - name: poyee-dashboard-new-cors-header
+        - name: coresvc-jwt-token-v3-verify
+      services:
+        - name: poyee-dashboard-new
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-dashboard-new-poyee-swagger.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && (PathPrefix(`/poyee-dashboard-new/doc`) || PathPrefix(`/poyee-dashboard-new/swagger-resources`) || PathPrefix(`/poyee-dashboard-new/static`)|| PathPrefix(`/poyee-dashboard-new/webjars/`)|| PathPrefix(`/poyee-dashboard-new/v2/api-docs`))
+      priority: 500
+      middlewares:
+        - name: poyee-dashboard-new-cors-header
+        - name: poyee-dashboard-new-strip
+      services:
+        - name: poyee-dashboard-new
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-dashboard-new-notoken-spec.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: >-
+        Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/poyee-dashboard-new/p1/paniniChecklist/statistics/top15ByLast7days`)
+      priority: 450
+      middlewares:
+        - name: poyee-dashboard-new-strip
+        - name: poyee-dashboard-new-cors-header
+      services:
+        - name: poyee-dashboard-new
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/poyee-dashboard-new/Middleware.yaml

@@ -0,0 +1,23 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: poyee-dashboard-new-strip
+spec:
+  stripPrefix:
+    prefixes:
+      - /poyee-dashboard-new
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: poyee-dashboard-new-cors-header
+spec:
+  headers:
+    accessControlAllowHeaders:
+      - '*'
+    accessControlAllowMethods:
+      - '*'
+    accessControlAllowOriginList:
+      - '*'
+    accessControlMaxAge: 100
+    addVaryHeader: true

k3s-INFRA/DEV/traefik-rules/poyee-micro/IngressRoute.yaml

@@ -0,0 +1,52 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: micro.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: >-
+        Host(`m2-dev.hobbystocks.cn`) &&
+        PathPrefix(`/py-micro/api/micro`)
+      middlewares:
+        - name: poyee-micro-v2-strip
+        - name: poyee-micro-cors-header
+        - name: coresvc-jwt-token-v2-verify
+      priority: 200
+      services:
+        - name: poyee-micro
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+  
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-micro-swagger.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && (Path(`/py-micro/doc.html`) || Path(`/py-micro/swagger-resources`) || Path(`/py-micro/v2/api-docs`))
+      priority: 500
+      middlewares:
+        - name: poyee-micro-cors-header
+        - name: poyee-micro-strip
+      services:
+        - name: poyee-micro-swagger
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/py-micro/webjars`)
+      priority: 500
+      middlewares:
+        - name: poyee-micro-cors-header
+        - name: poyee-micro-strip
+      services:
+        - name: poyee-micro-swagger
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/poyee-micro/Middleware.yaml

@@ -0,0 +1,46 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: poyee-micro-v2-strip
+spec:
+  stripPrefix:
+    prefixes:
+      - /py-micro
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: poyee-micro-ratelimit-phonecode-byheader
+spec:
+  rateLimit:
+    average: 2
+    burst: 2
+    period: 60s
+    sourceCriterion:
+      requestHeaderName: X-Client-ID
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: poyee-micro-cors-header
+spec:
+  headers:
+    accessControlAllowHeaders:
+      - '*'
+    accessControlAllowMethods:
+      - '*'
+    accessControlAllowOriginList:
+      - '*'
+    accessControlMaxAge: 100
+    addVaryHeader: true
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: return-404
+spec:
+  errors:
+    status:
+      - "404"  # 对匹配的请求直接返回 404

k3s-INFRA/DEV/traefik-rules/promotion-admin/IngressRoute.yaml

@@ -0,0 +1,133 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: product-promotion-admin.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: >-
+        Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/product-promotion-admin/api/sync`)
+      priority: 250
+      middlewares:
+        - name: product-promotion-admin-strip
+      services:
+        - name: poyee-product-promotion-admin
+          port: 80
+  tls:
+    secretName: partner-dev.hobbystocks.cn
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: product-promotion-admin-poyee-swagger.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && (Path(`/product-promotion-admin/doc.html`) || Path(`/product-promotion-admin/swagger-resources`) || Path(`/product-promotion-admin/v2/api-docs`))
+      priority: 500
+      middlewares:
+        - name: promotion-admin-cors-header
+        - name: product-promotion-admin-strip
+      services:
+        - name: poyee-product-promotion-admin
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/product-promotion-admin/webjars`)
+      priority: 500
+      middlewares:
+        - name: promotion-admin-cors-header
+        - name: product-promotion-admin-strip
+      services:
+        - name: poyee-product-promotion-admin
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: product-promotion-admin-poyee.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && (Path(`/product-promotion-admin/poyee/promotionTask/page`) || Path(`/product-promotion-admin/poyee/promotionShareInfo/page`) || Path(`/product-promotion-admin/poyee/promotionOrder/page`))
+      priority: 300
+      middlewares:
+        - name: promotion-admin-cors-header
+        - name: coresvc-jwt-token-v2-verify
+        - name: product-promotion-admin-strip
+        
+      services:
+        - name: poyee-product-promotion-admin
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: product-promotion-admin-token.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/product-promotion-admin`)
+      priority: 150
+      middlewares:
+        - name: promotion-admin-cors-header
+        - name: coresvc-jwt-token-v2-verify
+        - name: product-promotion-admin-strip
+      services:
+        - name: poyee-product-promotion-admin
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: product-promotion-admin-test.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: >- 
+        Host(`m2-dev.hobbystocks.cn`) && Path(`/product-promotion-admin/test`)
+      priority: 200
+      middlewares:
+        - name: product-promotion-admin-strip
+      services:
+        - name: poyee-product-promotion-admin
+          port: 80
+  tls:
+    secretName: partner-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: product-promotion-admin-notoken.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: |-
+        Host(`m2-dev.hobbystocks.cn`) && (Path(`/product-promotion-admin/api/sync/createOrder`) || Path(`/product-promotion-admin/api/sync/orderStatus`) || Path(`/product-promotion-admin/api/sync/productStatus`))
+      priority: 350
+      middlewares:
+        - name: product-promotion-admin-strip
+      services:
+        - name: poyee-product-promotion-admin
+          port: 80
+    
+  tls:
+    secretName: partner-dev.hobbystocks.cn

k3s-INFRA/DEV/traefik-rules/promotion-admin/Middleware.yaml

@@ -0,0 +1,23 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: product-promotion-admin-strip
+spec:
+  stripPrefix:
+    prefixes:
+      - /product-promotion-admin
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: promotion-admin-cors-header
+spec:
+  headers:
+    accessControlAllowHeaders:
+      - '*'
+    accessControlAllowMethods:
+      - '*'
+    accessControlAllowOriginList:
+      - '*'
+    accessControlMaxAge: 100
+    addVaryHeader: true

k3s-INFRA/DEV/traefik-rules/promotion-app/IngressRoute.yaml

@@ -0,0 +1,51 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: product-promotion-app.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: >-
+        Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/product-promotion-app`)
+      priority: 100
+      middlewares:
+        - name: coresvc-jwt-token-v2-verify
+        - name: product-promotion-app-strip
+      services:
+        - name: poyee-product-promotion-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: product-promotion-app-poyee-swagger.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && (Path(`/product-promotion-app/doc.html`) || Path(`/product-promotion-app/swagger-resources`) || Path(`/product-promotion-app/v2/api-docs`))
+      priority: 500
+      middlewares:
+        - name: promotion-app-cors-header
+        - name: product-promotion-app-strip
+      services:
+        - name: poyee-product-promotion-app
+          port: 80
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/product-promotion-app/webjars`)
+      priority: 500
+      middlewares:
+        - name: promotion-app-cors-header
+        - name: product-promotion-app-strip
+      services:
+        - name: poyee-product-promotion-app
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+---

k3s-INFRA/DEV/traefik-rules/promotion-app/Middleware.yaml

@@ -0,0 +1,23 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: product-promotion-app-strip
+spec:
+  stripPrefix:
+    prefixes:
+      - /product-promotion-app
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: promotion-app-cors-header
+spec:
+  headers:
+    accessControlAllowHeaders:
+      - '*'
+    accessControlAllowMethods:
+      - '*'
+    accessControlAllowOriginList:
+      - '*'
+    accessControlMaxAge: 100
+    addVaryHeader: true

k3s-INFRA/DEV/traefik-rules/saas-api/IngressRoute.yaml

@@ -0,0 +1,37 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-saas-token.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/saas-api/api/`)
+      middlewares:
+        - name: poyee-saas-strip
+        - name: coresvc-jwt-token-v2.1-verify
+      services:
+        - name: poyee-api-saas
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: poyee-saas.https
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`m2-dev.hobbystocks.cn`) && PathPrefix(`/saas-api/`)
+      middlewares:
+        - name: poyee-saas-strip
+      services:
+        - name: poyee-api-saas
+          port: 80
+  tls:
+    secretName: m2-dev.hobbystocks.cn