sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of ssh://158-160-253-227.nip.io:2222/infra/iac

Browse Source
This commit is contained in:
Kochetkov S 2026-04-14 11:46:55 +03:00
commit 46bb7f6c81
3 changed files with 117 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
apps/attachments/base/deployment.yaml
View File

@ -40,30 +40,18 @@ spec:
- name: YANDEX_S3_USE_SSL - name: YANDEX_S3_USE_SSL
value: "false" value: "false"
- name: DATABASE_HOST - name: DATABASE_HOST
valueFrom: value: "postgresql.attachments"
secretKeyRef:
name: postgres-secret
key: host
- name: DATABASE_PORT - name: DATABASE_PORT
valueFrom: value: "5432"
secretKeyRef:
name: postgres-secret
key: port
- name: DATABASE_NAME - name: DATABASE_NAME
valueFrom: value: attachments_db
secretKeyRef:
name: postgres-secret
key: database
- name: DATABASE_USER - name: DATABASE_USER
valueFrom: value: attachments
secretKeyRef:
name: postgres-secret
key: username
- name: DATABASE_PASSWORD - name: DATABASE_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: postgres-secret name: postgresql-secret
key: password key: user-password
volumeMounts: volumeMounts:
- mountPath: /etc/sarex/yc-s3-storage - mountPath: /etc/sarex/yc-s3-storage
name: yc-s3 name: yc-s3

1
apps/attachments/yc-k8s-test/kustomization.yaml
View File

@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ../base - ../base
- postgresql.yaml
patches: patches:
- path: replicas.yaml - path: replicas.yaml
target: target:

110
apps/attachments/yc-k8s-test/postgresql.yaml Normal file
View File

@ -0,0 +1,110 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: attachments
spec:
interval: 5m
timeout: 2h
chart:
spec:
chart: postgresql-contour
version: "17.0.2"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
install:
timeout: 2h
remediation:
retries: 3
upgrade:
timeout: 2h
remediation:
retries: 3
values:
global:
security:
allowInsecureImages: true
defaultStorageClass: local-path
postgresql:
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
image:
registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql
tag: 17.0.2
pullPolicy: Always
metrics:
enabled: false
prometheusRule:
enabled: false
primary:
containerSecurityContext:
readOnlyRootFilesystem: false
persistence:
storageClass: local-path
size: 20Gi
customLivenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customReadinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customStartupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
nodeSelector:
dedicated: db
tolerations:
- key: dedicated
operator: Equal
value: db
effect: NoSchedule
contour:
enabled: true
adminUser: ""
adminPasswordSecretKey: ""
sharedPreloadLibraries: "pg_stat_statements"
databases:
- name: attachments_db
user: attachments
extensions: []
restoreFromDump: false
s3-proxy:
endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"