diff --git a/apps/notes/base/backend-deployment.yaml b/apps/notes/base/backend-deployment.yaml new file mode 100644 index 0000000..5e35478 --- /dev/null +++ b/apps/notes/base/backend-deployment.yaml @@ -0,0 +1,102 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: notes + labels: + app: backend +spec: + replicas: 2 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + service: main + spec: + containers: + - name: main + image: cr.yandex/crp3ccidau046kdj8g9q/notes-backend:production_81366854 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: PG_SSL_MODE + value: verify-full + - name: DJANGO_HOST + value: https://lk.sarex.io + - name: BASE_HOST + value: https://api.sarex.io/notes + - name: TIMEOUT + value: "120" + - name: FAAS_SERVICE + value: https://api.sarex.io/lambdas + - name: WORKSPACE_URL + value: https://api.sarex.io/workspaces/api/v1 + - name: WORKFLOW_HOST + value: https://api.sarex.io/workflows/api/v1 + - name: WORKFLOW_TAG + value: stable + - name: RESOURCE_URL + value: https://api.sarex.io/resources/api/v1 + - name: SYNC_RESOURCE_ID + value: "0" + - name: ENABLE_ND + value: "0" + - name: ATTACHMENT_HOST + value: http://attachments-service.attachments.svc.cluster.local:80/api/v1 + - name: PG_PORT + value: "6432" + - name: PG_DB + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: database + - name: PG_LOGIN + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: username + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: password + - name: PG_HOST + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: host + - name: DJANGO_TOKEN + valueFrom: + secretKeyRef: + name: django-secret + key: token + resources: + limits: + cpu: "2" + memory: 1Gi + requests: + cpu: "1" + memory: 512Mi + livenessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 10 + periodSeconds: 60 + failureThreshold: 10 + readinessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 20 + imagePullSecrets: + - name: regcred diff --git a/apps/notes/base/backend-service.yaml b/apps/notes/base/backend-service.yaml new file mode 100644 index 0000000..7a70542 --- /dev/null +++ b/apps/notes/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-service + namespace: notes +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 8000 + targetPort: 8000 + protocol: TCP diff --git a/apps/notes/base/frontend-deployment.yaml b/apps/notes/base/frontend-deployment.yaml new file mode 100644 index 0000000..301ac8d --- /dev/null +++ b/apps/notes/base/frontend-deployment.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: notes + labels: + app: frontend +spec: + replicas: 2 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + service: frontend + spec: + volumes: + - name: nginx-configmap + configMap: + name: nginx-configmap + items: + - key: nginx.conf + path: nginx.conf + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/notes-frontend:production_0cb0909f + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - name: nginx-configmap + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + livenessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 10 + readinessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 20 + imagePullSecrets: + - name: regcred diff --git a/apps/notes/base/frontend-service.yaml b/apps/notes/base/frontend-service.yaml new file mode 100644 index 0000000..4e12102 --- /dev/null +++ b/apps/notes/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: notes +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/notes/base/kustomization.yaml b/apps/notes/base/kustomization.yaml new file mode 100644 index 0000000..a957458 --- /dev/null +++ b/apps/notes/base/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: notes +resources: + - namespace.yaml +# - backend-deployment.yaml + - backend-service.yaml + - frontend-deployment.yaml + - frontend-service.yaml + - nginx-configmap.yaml diff --git a/apps/notes/base/namespace.yaml b/apps/notes/base/namespace.yaml new file mode 100644 index 0000000..72085ff --- /dev/null +++ b/apps/notes/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: notes + labels: + istio-injection: enabled diff --git a/apps/notes/base/nginx-configmap.yaml b/apps/notes/base/nginx-configmap.yaml new file mode 100644 index 0000000..c12bafb --- /dev/null +++ b/apps/notes/base/nginx-configmap.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-configmap + namespace: notes +data: + nginx.conf: | + user nginx; + worker_processes auto; + + error_log stderr warn; + pid /var/run/nginx.pid; + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /dev/stdout main; + + sendfile on; + + keepalive_timeout 65; + + gzip on; + + server { + client_header_buffer_size 16k; + large_client_header_buffers 4 16k; + listen 80; + server_name localhost; + root /dist; + expires off; + + location = /ping { + return 200 '{"result": "ok"}'; + } + } + } diff --git a/apps/notes/yc-k8s-test/kustomization.yaml b/apps/notes/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..ffc9d1c --- /dev/null +++ b/apps/notes/yc-k8s-test/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] +# - path: replicas.yaml +# target: +# kind: Deployment +# name: backend diff --git a/apps/notes/yc-k8s-test/postgresql.yaml b/apps/notes/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..cbf1547 --- /dev/null +++ b/apps/notes/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: notes +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: notes_db + user: notes + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/apps/notes/yc-k8s-test/replicas.yaml b/apps/notes/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..3c20467 --- /dev/null +++ b/apps/notes/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: notes +spec: + replicas: 2 diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index df2ed42..7db396f 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -21,4 +21,5 @@ resources: - ../../apps/subscriptions/yc-k8s-test - ../../apps/inspections/yc-k8s-test - ../../apps/system-log/yc-k8s-test - - ../../apps/remarks/yc-k8s-test \ No newline at end of file + - ../../apps/remarks/yc-k8s-test + - ../../apps/notes/yc-k8s-test \ No newline at end of file