apiVersion: apps/v1 kind: Deployment metadata: name: hw-ws-service labels: app: hw-ws-service spec: replicas: 2 selector: matchLabels: app: hw-ws-service # WebSocket 连接有状态,滚动更新时使用 Recreate 或 RollingUpdate + 优雅关闭 strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 0 # 始终保持至少 2 个 Pod 可用 maxSurge: 1 template: metadata: labels: app: hw-ws-service spec: # 优雅关闭总时限:90s(服务内部等待 80s,留 10s 缓冲) terminationGracePeriodSeconds: 90 containers: - name: hw-ws-service image: ${CI_REGISTRY_IMAGE}/hw-ws-service:latest imagePullPolicy: Always ports: - name: ws containerPort: 8888 protocol: TCP env: - name: HW_WS_HOST value: "0.0.0.0" - name: HW_WS_PORT value: "8888" - name: HW_RTC_BACKEND_URL # 集群内部直接访问 rtc-backend Service,不走公网 value: "http://rtc-backend:8000" lifecycle: preStop: exec: # 等待 5s 让 LB/Ingress 将流量从本 Pod 摘除,再开始关闭 command: ["/bin/sh", "-c", "sleep 5"] # 就绪探针:TCP 握手成功才接流量 readinessProbe: tcpSocket: port: 8888 initialDelaySeconds: 3 periodSeconds: 5 failureThreshold: 3 # 存活探针:连续失败 3 次才重启(避免短暂抖动误杀) livenessProbe: tcpSocket: port: 8888 initialDelaySeconds: 10 periodSeconds: 15 failureThreshold: 3 # 资源限制(根据实际负载调整) resources: requests: cpu: "100m" memory: "128Mi" limits: cpu: "500m" memory: "512Mi" # 优先调度到不同节点,避免单点故障 topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule labelSelector: matchLabels: app: hw-ws-service