From 01b2c743bf7f4842cecaac78d5bc1c71722abbd6 Mon Sep 17 00:00:00 2001 From: ivan Date: Tue, 21 Apr 2026 14:19:44 +0500 Subject: [PATCH] fix --- apps/documentations/base/api-deployment.yaml | 188 ++++++++++++++++++ apps/documentations/base/api-service.yaml | 15 ++ .../base/filestream-deployment.yaml | 188 ++++++++++++++++++ .../base/filestream-service.yaml | 15 ++ .../base/frontend-deployment.yaml | 32 +++ .../documentations/base/frontend-service.yaml | 15 ++ apps/documentations/base/kustomization.yaml | 12 ++ apps/documentations/base/namespace.yaml | 7 + .../yc-k8s-test/kustomization.yaml | 7 + .../yc-k8s-test/postgresql.yaml | 110 ++++++++++ clusters/yc-k8s-test/kustomization.yaml | 3 +- 11 files changed, 591 insertions(+), 1 deletion(-) create mode 100644 apps/documentations/base/api-deployment.yaml create mode 100644 apps/documentations/base/api-service.yaml create mode 100644 apps/documentations/base/filestream-deployment.yaml create mode 100644 apps/documentations/base/filestream-service.yaml create mode 100644 apps/documentations/base/frontend-deployment.yaml create mode 100644 apps/documentations/base/frontend-service.yaml create mode 100644 apps/documentations/base/kustomization.yaml create mode 100644 apps/documentations/base/namespace.yaml create mode 100644 apps/documentations/yc-k8s-test/kustomization.yaml create mode 100644 apps/documentations/yc-k8s-test/postgresql.yaml diff --git a/apps/documentations/base/api-deployment.yaml b/apps/documentations/base/api-deployment.yaml new file mode 100644 index 0000000..7aa3014 --- /dev/null +++ b/apps/documentations/base/api-deployment.yaml @@ -0,0 +1,188 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: documentations-api + namespace: documentations + labels: + app: documentations-api + service: documentations-api +spec: + replicas: 1 + selector: + matchLabels: + app: documentations-api + template: + metadata: + labels: + app: documentations-api + service: documentations-api + spec: + volumes: + - name: documentations-yc-s3-secret + secret: + defaultMode: 420 + secretName: documentations-yc-s3 + - name: zitadel-account + secret: + defaultMode: 420 + secretName: zitadel-account + containers: + - name: documentations-api + image: cr.yandex/crp3ccidau046kdj8g9q/documentations:prod_a9990430 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: PUBLIC_KEY + valueFrom: + secretKeyRef: + key: key + name: public-key + - name: POSTGRES_POOL_SIZE + value: "20" + - name: ZITADEL_ACCOUNT + value: /etc/sarex/zitadel/zitadel-account.json + - name: ZITADEL_DOMAIN + value: zitadel-srx.wb.ru + - name: USE_ZITADEL + value: "1" + - name: FLOWS_URL + value: http://backend-service.flows.svc.cluster.local:8000 + - name: LAST_MASTER_BIM + value: "36311" + - name: API_ADDRESS + value: 0.0.0.0:8080 + - name: API_ADDRESS_FILE + value: 0.0.0.0:8080 + - name: DOCUMENT_PUBLIC_LINK_JWT_SECRET + valueFrom: + secretKeyRef: + key: secret + name: yc-jwt-secret + - name: DOCUMENT_PUBLIC_LINK_JWT_EXPIRATION_MINUTES + value: "5" + - name: ENABLE_SQL_QUERY + value: "0" + - name: ENABLE_SSL + value: "0" + - name: WORKSPACE_V2_EXTERNAL_URL + value: https://srx.wb.ru/workspaces-v2/ + - name: ENABLE_S3 + value: "1" + - name: CONTAINER_REGISTRY + value: cr.yandex/crp3ccidau046kdj8g9q + - name: ENVIRONMENT + value: production + - name: LAST_SLAVE_1_BIM + value: "1000000" + - name: HOST + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: FILE_STREAM_HOST + value: srx.wb.ru + - name: DOCUMENTATION_URL + value: http://documentations-api.documentations.svc.cluster.local:8080/ + - name: WORKFLOW_URL + value: http://workflows-api-service.workflow.svc.cluster.local:8000/ + - name: WORKSPACE_URL + value: http://workspaces-service.workspaces.svc.cluster.local:8000/ + - name: BIM_API_URL + value: http://bim-api-service.bim.svc.cluster.local:8080/ + - name: BIM_API_V2_URL + value: http://backend-service.bim.svc.cluster.local:8000/ + - name: WORKSPACE_BUNDLE_VERSION + value: v1 + - name: SYSTEM_LOG_URL + value: http://api-service.system-log.svc.cluster.local:8000 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: MARKS_PROCESSING_URL + value: http://marks-service:8000 + - name: PUBLIC_LINK_HOST + value: https://document-link-srx.wb.ru + - name: NAMESPACE + value: documentations + - name: DJANGO_ORIGINATOR + value: docs_prod + - name: WORKFLOW_IMAGES_VERSION + value: master + - name: WORKFLOWS_IMAGES_VERSION + value: master + - name: S3_SERVICE_ACCOUNT + value: /etc/sarex/yc-s3-storage/yc-s3-service-account.json + - name: READ_WRITE_TIMEOUT_FILE_STREAM + value: 6h + - name: CACHE_DEFAULT_EXPIRATION + value: 60s + - name: ENABLE_SMTP + value: "True" + - name: ENABLE_MAILGUN + value: "False" + - name: CACHE_CLEANUP_INTERVAL + value: 60s + - name: ENABLE_AUTH_JWT_IN_URL + value: "false" + - name: ENABLE_SIGNATURE_IN_URL + value: "true" + - name: USE_CACHE_IN_FILE_STREAMER + value: "0" + - name: VALKEY_ADDR + value: redis:6379 + - name: VALKEY_HOST + value: redis + - name: VALKEY_PORT + value: "6379" + + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DJANGO_BASIC_AUTH + valueFrom: + secretKeyRef: + key: key + name: django-auth + - name: DJANGO_BASIC_AUTH_FOR_GET_USER + valueFrom: + secretKeyRef: + key: key + name: django-auth + + + resources: + requests: + cpu: "1" + memory: 1Gi + volumeMounts: + - mountPath: /etc/sarex/yc-s3-storage + name: documentations-yc-s3-secret + readOnly: true + - mountPath: /etc/sarex/zitadel + name: zitadel-account + readOnly: true + + imagePullSecrets: + - name: regcred diff --git a/apps/documentations/base/api-service.yaml b/apps/documentations/base/api-service.yaml new file mode 100644 index 0000000..c7d1da1 --- /dev/null +++ b/apps/documentations/base/api-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-api-svc + namespace: documentations +spec: + type: ClusterIP + selector: + app: documentations-api + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/documentations/base/filestream-deployment.yaml b/apps/documentations/base/filestream-deployment.yaml new file mode 100644 index 0000000..13c5b2d --- /dev/null +++ b/apps/documentations/base/filestream-deployment.yaml @@ -0,0 +1,188 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: documentations-filestream + namespace: documentations + labels: + app: documentations-filestream + service: documentations-filestream +spec: + replicas: 1 + selector: + matchLabels: + app: documentations-filestream + template: + metadata: + labels: + app: documentations-filestream + service: documentations-filestream + spec: + volumes: + - name: documentations-yc-s3-secret + secret: + defaultMode: 420 + secretName: documentations-yc-s3 + - name: zitadel-account + secret: + defaultMode: 420 + secretName: zitadel-account + containers: + - name: documentations-filestream + image: cr.yandex/crp3ccidau046kdj8g9q/documentations-api-files:prod_a9990430 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: PUBLIC_KEY + valueFrom: + secretKeyRef: + key: key + name: public-key + - name: POSTGRES_POOL_SIZE + value: "20" + - name: ZITADEL_ACCOUNT + value: /etc/sarex/zitadel/zitadel-account.json + - name: ZITADEL_DOMAIN + value: zitadel-srx.wb.ru + - name: USE_ZITADEL + value: "1" + - name: FLOWS_URL + value: http://backend-service.flows.svc.cluster.local:8000 + - name: LAST_MASTER_BIM + value: "36311" + - name: API_ADDRESS + value: 0.0.0.0:8080 + - name: API_ADDRESS_FILE + value: 0.0.0.0:8080 + - name: DOCUMENT_PUBLIC_LINK_JWT_SECRET + valueFrom: + secretKeyRef: + key: secret + name: yc-jwt-secret + - name: DOCUMENT_PUBLIC_LINK_JWT_EXPIRATION_MINUTES + value: "5" + - name: ENABLE_SQL_QUERY + value: "0" + - name: ENABLE_SSL + value: "0" + - name: WORKSPACE_V2_EXTERNAL_URL + value: https://srx.wb.ru/workspaces-v2/ + - name: ENABLE_S3 + value: "1" + - name: CONTAINER_REGISTRY + value: cr.yandex/crp3ccidau046kdj8g9q + - name: ENVIRONMENT + value: production + - name: LAST_SLAVE_1_BIM + value: "1000000" + - name: HOST + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: FILE_STREAM_HOST + value: srx.wb.ru + - name: DOCUMENTATION_URL + value: http://documentations-api.documentations.svc.cluster.local:8080/ + - name: WORKFLOW_URL + value: http://workflows-api-service.workflow.svc.cluster.local:8000/ + - name: WORKSPACE_URL + value: http://workspaces-service.workspaces.svc.cluster.local:8000/ + - name: BIM_API_URL + value: http://bim-api-service.bim.svc.cluster.local:8080/ + - name: BIM_API_V2_URL + value: http://backend-service.bim.svc.cluster.local:8000/ + - name: WORKSPACE_BUNDLE_VERSION + value: v1 + - name: SYSTEM_LOG_URL + value: http://api-service.system-log.svc.cluster.local:8000 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: MARKS_PROCESSING_URL + value: http://marks-service:8000 + - name: PUBLIC_LINK_HOST + value: https://document-link-srx.wb.ru + - name: NAMESPACE + value: documentations + - name: DJANGO_ORIGINATOR + value: docs_prod + - name: WORKFLOW_IMAGES_VERSION + value: master + - name: WORKFLOWS_IMAGES_VERSION + value: master + - name: S3_SERVICE_ACCOUNT + value: /etc/sarex/yc-s3-storage/yc-s3-service-account.json + - name: READ_WRITE_TIMEOUT_FILE_STREAM + value: 6h + - name: CACHE_DEFAULT_EXPIRATION + value: 60s + - name: ENABLE_SMTP + value: "True" + - name: ENABLE_MAILGUN + value: "False" + - name: CACHE_CLEANUP_INTERVAL + value: 60s + - name: ENABLE_AUTH_JWT_IN_URL + value: "false" + - name: ENABLE_SIGNATURE_IN_URL + value: "true" + - name: USE_CACHE_IN_FILE_STREAMER + value: "0" + - name: VALKEY_ADDR + value: redis:6379 + - name: VALKEY_HOST + value: redis + - name: VALKEY_PORT + value: "6379" + + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DJANGO_BASIC_AUTH + valueFrom: + secretKeyRef: + key: key + name: django-auth + - name: DJANGO_BASIC_AUTH_FOR_GET_USER + valueFrom: + secretKeyRef: + key: key + name: django-auth + + + resources: + requests: + cpu: "1" + memory: 1Gi + volumeMounts: + - mountPath: /etc/sarex/yc-s3-storage + name: documentations-yc-s3-secret + readOnly: true + - mountPath: /etc/sarex/zitadel + name: zitadel-account + readOnly: true + + imagePullSecrets: + - name: regcred diff --git a/apps/documentations/base/filestream-service.yaml b/apps/documentations/base/filestream-service.yaml new file mode 100644 index 0000000..8ec4d34 --- /dev/null +++ b/apps/documentations/base/filestream-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-filestream-svc + namespace: documentations +spec: + type: ClusterIP + selector: + app: documentations-filestream + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/documentations/base/frontend-deployment.yaml b/apps/documentations/base/frontend-deployment.yaml new file mode 100644 index 0000000..c190637 --- /dev/null +++ b/apps/documentations/base/frontend-deployment.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: documentations + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/documentation-frontend-app:brusnika_ce5555d3 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/documentations/base/frontend-service.yaml b/apps/documentations/base/frontend-service.yaml new file mode 100644 index 0000000..f4ad089 --- /dev/null +++ b/apps/documentations/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: documentations +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/documentations/base/kustomization.yaml b/apps/documentations/base/kustomization.yaml new file mode 100644 index 0000000..dc13a96 --- /dev/null +++ b/apps/documentations/base/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: documentations +resources: + - namespace.yaml + - api-deployment.yaml + - filestream-deployment.yaml + - frontend-deployment.yaml + - api-service.yaml + - filestream-service.yaml + - frontend-service.yaml diff --git a/apps/documentations/base/namespace.yaml b/apps/documentations/base/namespace.yaml new file mode 100644 index 0000000..1f0a0fd --- /dev/null +++ b/apps/documentations/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: documentations + labels: + istio-injection: enabled diff --git a/apps/documentations/yc-k8s-test/kustomization.yaml b/apps/documentations/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/documentations/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/documentations/yc-k8s-test/postgresql.yaml b/apps/documentations/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..ec3b708 --- /dev/null +++ b/apps/documentations/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: documentations +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements,ltree,timescaledb,uuid-ossp" + databases: + - name: documentations_db + user: documentations + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 2e74715..87a5fbd 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -30,4 +30,5 @@ resources: - ../../apps/resources/yc-k8s-test - ../../apps/workspaces/yc-k8s-test - ../../apps/cde/yc-k8s-test - - ../../apps/flows/yc-k8s-test \ No newline at end of file + - ../../apps/flows/yc-k8s-test + - ../../apps/documentations/yc-k8s-test \ No newline at end of file