sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Notes app with backend, frontend, services, namespace, ConfigMap, and PostgreSQL configuration in yc-k8s-test

Browse Source
This commit is contained in:
emelinda 2026-04-17 11:59:51 +03:00
parent 848fad0cdc
commit 08e8cd9fef
11 changed files with 386 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
apps/notes/base/backend-deployment.yaml Normal file
View File

@ -0,0 +1,102 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: notes
labels:
app: backend
spec:
replicas: 2
selector:
matchLabels:
app: backend
template:
metadata:
labels:
app: backend
service: main
spec:
containers:
- name: main
image: cr.yandex/crp3ccidau046kdj8g9q/notes-backend:production_81366854
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: PG_SSL_MODE
value: verify-full
- name: DJANGO_HOST
value: https://lk.sarex.io
- name: BASE_HOST
value: https://api.sarex.io/notes
- name: TIMEOUT
value: "120"
- name: FAAS_SERVICE
value: https://api.sarex.io/lambdas
- name: WORKSPACE_URL
value: https://api.sarex.io/workspaces/api/v1
- name: WORKFLOW_HOST
value: https://api.sarex.io/workflows/api/v1
- name: WORKFLOW_TAG
value: stable
- name: RESOURCE_URL
value: https://api.sarex.io/resources/api/v1
- name: SYNC_RESOURCE_ID
value: "0"
- name: ENABLE_ND
value: "0"
- name: ATTACHMENT_HOST
value: http://attachments-service.attachments.svc.cluster.local:80/api/v1
- name: PG_PORT
value: "6432"
- name: PG_DB
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: database
- name: PG_LOGIN
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: username
- name: PG_PASSWORD
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: password
- name: PG_HOST
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: host
- name: DJANGO_TOKEN
valueFrom:
secretKeyRef:
name: django-secret
key: token
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: "1"
memory: 512Mi
livenessProbe:
httpGet:
path: /ping
port: 8000
initialDelaySeconds: 10
periodSeconds: 60
failureThreshold: 10
readinessProbe:
httpGet:
path: /ping
port: 8000
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 20
imagePullSecrets:
- name: regcred

15
apps/notes/base/backend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: backend-service
namespace: notes
spec:
type: ClusterIP
selector:
app: backend
ports:
- name: http
port: 8000
targetPort: 8000
protocol: TCP

58
apps/notes/base/frontend-deployment.yaml Normal file
View File

@ -0,0 +1,58 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: notes
labels:
app: frontend
spec:
replicas: 2
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
service: frontend
spec:
volumes:
- name: nginx-configmap
configMap:
name: nginx-configmap
items:
- key: nginx.conf
path: nginx.conf
containers:
- name: frontend
image: cr.yandex/crp3ccidau046kdj8g9q/notes-frontend:production_0cb0909f
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- name: nginx-configmap
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
livenessProbe:
httpGet:
path: /ping
port: 80
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 10
readinessProbe:
httpGet:
path: /ping
port: 80
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 20
imagePullSecrets:
- name: regcred

15
apps/notes/base/frontend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: frontend-service
namespace: notes
spec:
type: ClusterIP
selector:
app: frontend
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP

11
apps/notes/base/kustomization.yaml Normal file
View File

@ -0,0 +1,11 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: notes
resources:
- namespace.yaml
# - backend-deployment.yaml
- backend-service.yaml
- frontend-deployment.yaml
- frontend-service.yaml
- nginx-configmap.yaml

7
apps/notes/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: notes
labels:
istio-injection: enabled

47
apps/notes/base/nginx-configmap.yaml Normal file
View File

@ -0,0 +1,47 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-configmap
namespace: notes
data:
nginx.conf: |
user nginx;
worker_processes auto;
error_log stderr warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /dev/stdout main;
sendfile on;
keepalive_timeout 65;
gzip on;
server {
client_header_buffer_size 16k;
large_client_header_buffers 4 16k;
listen 80;
server_name localhost;
root /dist;
expires off;
location = /ping {
return 200 '{"result": "ok"}';
}
}
}

11
apps/notes/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,11 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
- postgresql.yaml
patches: []
# - path: replicas.yaml
# target:
# kind: Deployment
# name: backend

110
apps/notes/yc-k8s-test/postgresql.yaml Normal file
View File

@ -0,0 +1,110 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: notes
spec:
interval: 5m
timeout: 2h
chart:
spec:
chart: postgresql-contour
version: "17.0.2"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
install:
timeout: 2h
remediation:
retries: 3
upgrade:
timeout: 2h
remediation:
retries: 3
values:
global:
security:
allowInsecureImages: true
defaultStorageClass: local-path
postgresql:
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
image:
registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql
tag: 17.0.2
pullPolicy: Always
metrics:
enabled: false
prometheusRule:
enabled: false
primary:
containerSecurityContext:
readOnlyRootFilesystem: false
persistence:
storageClass: local-path
size: 20Gi
customLivenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customReadinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customStartupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
nodeSelector:
dedicated: db
tolerations:
- key: dedicated
operator: Equal
value: db
effect: NoSchedule
contour:
enabled: true
adminUser: ""
adminPasswordSecretKey: ""
sharedPreloadLibraries: "pg_stat_statements"
databases:
- name: notes_db
user: notes
extensions: []
restoreFromDump: false
s3-proxy:
endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"

8
apps/notes/yc-k8s-test/replicas.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: notes
spec:
replicas: 2

1
clusters/yc-k8s-test/kustomization.yaml
View File

@ -22,3 +22,4 @@ resources:
- ../../apps/inspections/yc-k8s-test
- ../../apps/system-log/yc-k8s-test
- ../../apps/remarks/yc-k8s-test
- ../../apps/notes/yc-k8s-test