sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of ssh://158-160-253-227.nip.io:2222/infra/iac

Browse Source
This commit is contained in:
Kochetkov S 2026-04-17 17:40:21 +03:00
commit 5606236e01
58 changed files with 2230 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
apps/checklists/base/backend-deployment.yaml Normal file
View File

@ -0,0 +1,80 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: checklists-backend
namespace: checklists
labels:
app: checklists-backend
service: api
spec:
replicas: 1
selector:
matchLabels:
app: checklists-backend
template:
metadata:
labels:
app: checklists-backend
service: checklists-backend
spec:
containers:
- name: api
image: cr.yandex/crp3ccidau046kdj8g9q/checklists-backend:production_68f242cd
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: HTTP_APP_HOST
value: 0.0.0.0
- name: HTTP_APP_PORT
value: "8000"
- name: HTTP_APP_ROOT_PATH
value: /checklists
- name: HTTP_APP_WORKERS
value: "8"
- name: HTTP_APP_ADMIN_ENABLE
value: "true"
- name: JWT_AUTH_ENABLE
value: "true"
- name: DEBUG
value: "false"
- name: DATABASE_USER
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret
- name: DATABASE_NAME
valueFrom:
secretKeyRef:
key: database
name: postgresql-secret
- name: DATABASE_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret
- name: DATABASE_HOST
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret
- name: JWT_AUTH_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: public-key
name: jwt-secret
resources:
requests:
cpu: "1"
memory: 1Gi
imagePullSecrets:
- name: regcred

15
apps/checklists/base/backend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: rfi-backend-api-svc
namespace: rfi
spec:
type: ClusterIP
selector:
app: rfi-backend-api
ports:
- name: http
port: 80
targetPort: 8000
protocol: TCP

8
apps/checklists/base/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: checklists
resources:
- namespace.yaml
- backend-deployment.yaml
- backend-service.yaml

7
apps/checklists/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: checklists
labels:
istio-injection: enabled

7
apps/checklists/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
- postgresql.yaml
patches: []

110
apps/checklists/yc-k8s-test/postgresql.yaml Normal file
View File

@ -0,0 +1,110 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: checklists
spec:
interval: 5m
timeout: 2h
chart:
spec:
chart: postgresql-contour
version: "17.0.2"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
install:
timeout: 2h
remediation:
retries: 3
upgrade:
timeout: 2h
remediation:
retries: 3
values:
global:
security:
allowInsecureImages: true
defaultStorageClass: local-path
postgresql:
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
image:
registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql
tag: 17.0.2
pullPolicy: Always
metrics:
enabled: false
prometheusRule:
enabled: false
primary:
containerSecurityContext:
readOnlyRootFilesystem: false
persistence:
storageClass: local-path
size: 20Gi
customLivenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customReadinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customStartupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
nodeSelector:
dedicated: db
tolerations:
- key: dedicated
operator: Equal
value: db
effect: NoSchedule
contour:
enabled: true
adminUser: ""
adminPasswordSecretKey: ""
sharedPreloadLibraries: "pg_stat_statements"
databases:
- name: checklists_db
user: checklists
extensions: []
restoreFromDump: false
s3-proxy:
endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"

3
apps/comparisons/yc-k8s-test/postgresql.yaml
View File

@ -89,6 +89,9 @@ spec:
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
resources:
requests:
memory: 512Mi
nodeSelector:
dedicated: db
tolerations:

2
apps/contracts/base/deployment.yaml
View File

@ -31,7 +31,7 @@ spec:
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: db_url
key: url
- name: PUBLIC_KEY
valueFrom:
secretKeyRef:

2
apps/contracts/base/kustomization.yaml
View File

@ -4,5 +4,5 @@ kind: Kustomization
namespace: contracts
resources:
- namespace.yaml
# - deployment.yaml
- deployment.yaml
- service.yaml

12
apps/contracts/yc-k8s-test/kustomization.yaml
View File

@ -3,9 +3,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
# - postgresql.yaml
patches:
- path: replicas.yaml
target:
kind: Deployment
name: backend
- postgresql.yaml
patches: []
# - path: replicas.yaml
# target:
# kind: Deployment
# name: backend

3
apps/contracts/yc-k8s-test/postgresql.yaml
View File

@ -56,6 +56,9 @@ spec:
persistence:
storageClass: local-path
size: 20Gi
resources:
requests:
memory: 512Mi
customLivenessProbe:
exec:
command:

3
apps/drawings/yc-k8s-test/postgresql.yaml
View File

@ -89,6 +89,9 @@ spec:
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
resources:
requests:
memory: 512Mi
nodeSelector:
dedicated: db
tolerations:

127
apps/inspections/base/backend-deployment.yaml Normal file
View File

@ -0,0 +1,127 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: inspections-backend
namespace: inspections
labels:
app: inspections-backend
spec:
replicas: 1
selector:
matchLabels:
app: inspections-backend
template:
metadata:
labels:
app: inspections-backend
spec:
containers:
- name: inspections-backend
image: cr.yandex/crp3ccidau046kdj8g9q/sarex-inspections:production_1a33f6f4
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: DEBUG
value: "false"
- name: SERVICE_URL
value: https://srx.wb.ru
- name: HTTP_APP_HOST
value: 0.0.0.0
- name: HTTP_APP_PORT
value: "8000"
- name: HTTP_APP_ROOT_PATH
value: /inspections
- name: HTTP_APP_WORKERS
value: "3"
- name: HTTP_APP_ADMIN_ENABLE
value: "true"
- name: KAFKA_SSL_CAFILE
value: /usr/local/share/ca-certificates/Yandex/YandexInternalRootCA.crt
- name: KAFKA_EAV_ASSETS_TOPIC
value: assets_broadcast
- name: JWT_AUTH_ENABLE
value: "true"
- name: NOTIFICATIONS_ENABLE
value: "true"
- name: NOTIFICATIONS_EMAIL_FROM
value: hello@sarex.io
- name: SAREX_BACKEND_URL
value: https://srx.wb.ru
- name: SAREX_BACKEND_TIMEOUT
value: "30"
- name: EAV_URL
value: http://eav-service.eav
- name: EAV_TIMEOUT
value: "30"
- name: WORKFLOWS_URL
value: http://workflows-service.processing-prod
- name: WORKFLOWS_TIMEOUT
value: "30"
- name: WORKFLOWS_EMAIL_DOCKER_IMAGE
value: cr.yandex/crp3ccidau046kdj8g9q/notification:email
- name: MOBILE_APP_CURRENT_VERSION
value: 1.0.0
- name: MOBILE_APP_RECOMMENDED_VERSION
value: 1.0.0
- name: MOBILE_APP_REQUIRED_VERSION
value: 1.0.0
- name: MAILER_URL
value: http://mailer-service.mailer:8000
- name: MAILER_TIMEOUT
value: "30"
- name: DATABASE_USER
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret
- name: DATABASE_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret
- name: DATABASE_NAME
valueFrom:
secretKeyRef:
key: database
name: postgresql-secret
- name: DATABASE_HOST
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret
- name: KAFKA_HOST
valueFrom:
secretKeyRef:
key: host
name: kafka-secret
- name: KAFKA_USERNAME
valueFrom:
secretKeyRef:
key: username
name: kafka-secret
- name: KAFKA_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: kafka-secret
- name: SAREX_BACKEND_AUTH
valueFrom:
secretKeyRef:
key: key
name: sarex-backend-auth-secret
resources:
requests:
cpu: "1"
memory: 1Gi
imagePullSecrets:
- name: regcred

15
apps/inspections/base/backend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: rfi-backend-api-svc
namespace: rfi
spec:
type: ClusterIP
selector:
app: rfi-backend-api
ports:
- name: http
port: 80
targetPort: 8000
protocol: TCP

8
apps/inspections/base/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: inspections
resources:
- namespace.yaml
- backend-deployment.yaml
- backend-service.yaml

7
apps/inspections/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: inspections
labels:
istio-injection: enabled

7
apps/inspections/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
- postgresql.yaml
patches: []

110
apps/inspections/yc-k8s-test/postgresql.yaml Normal file
View File

@ -0,0 +1,110 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: inspections
spec:
interval: 5m
timeout: 2h
chart:
spec:
chart: postgresql-contour
version: "17.0.2"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
install:
timeout: 2h
remediation:
retries: 3
upgrade:
timeout: 2h
remediation:
retries: 3
values:
global:
security:
allowInsecureImages: true
defaultStorageClass: local-path
postgresql:
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
image:
registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql
tag: 17.0.2
pullPolicy: Always
metrics:
enabled: false
prometheusRule:
enabled: false
primary:
containerSecurityContext:
readOnlyRootFilesystem: false
persistence:
storageClass: local-path
size: 20Gi
customLivenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customReadinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customStartupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
nodeSelector:
dedicated: db
tolerations:
- key: dedicated
operator: Equal
value: db
effect: NoSchedule
contour:
enabled: true
adminUser: ""
adminPasswordSecretKey: ""
sharedPreloadLibraries: "postgis"
databases:
- name: inspections_db
user: inspections
extensions: []
restoreFromDump: false
s3-proxy:
endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"

85
apps/notes/base/backend-deployment.yaml Normal file
View File

@ -0,0 +1,85 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: notes
labels:
app: backend
spec:
replicas: 1
selector:
matchLabels:
app: backend
template:
metadata:
labels:
app: backend
service: main
spec:
containers:
- name: main
image: cr.yandex/crp3ccidau046kdj8g9q/notes-backend:production_81366854
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: PG_SSL_MODE
value: verify-full
- name: DJANGO_HOST
value: https://lk.sarex.io
- name: BASE_HOST
value: https://api.sarex.io/notes
- name: TIMEOUT
value: "120"
- name: FAAS_SERVICE
value: https://api.sarex.io/lambdas
- name: WORKSPACE_URL
value: https://api.sarex.io/workspaces/api/v1
- name: WORKFLOW_HOST
value: https://api.sarex.io/workflows/api/v1
- name: WORKFLOW_TAG
value: stable
- name: RESOURCE_URL
value: https://api.sarex.io/resources/api/v1
- name: SYNC_RESOURCE_ID
value: "0"
- name: ENABLE_ND
value: "0"
- name: ATTACHMENT_HOST
value: http://attachments-service.attachments.svc.cluster.local:80/api/v1
- name: PG_PORT
value: "5432"
- name: PG_DB
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: database
- name: PG_LOGIN
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: username
- name: PG_PASSWORD
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: password
- name: PG_HOST
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: hostname
- name: DJANGO_TOKEN
valueFrom:
secretKeyRef:
name: django-secret
key: token
resources:
requests:
cpu: "1"
memory: 512Mi
imagePullSecrets:
- name: regcred

15
apps/notes/base/backend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: backend-service
namespace: notes
spec:
type: ClusterIP
selector:
app: backend
ports:
- name: http
port: 8000
targetPort: 8000
protocol: TCP

58
apps/notes/base/frontend-deployment.yaml Normal file
View File

@ -0,0 +1,58 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: notes
labels:
app: frontend
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
service: frontend
spec:
volumes:
- name: nginx-configmap
configMap:
name: nginx-configmap
items:
- key: nginx.conf
path: nginx.conf
containers:
- name: frontend
image: cr.yandex/crp3ccidau046kdj8g9q/notes-frontend:production_0cb0909f
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- name: nginx-configmap
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
livenessProbe:
httpGet:
path: /ping
port: 80
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 10
readinessProbe:
httpGet:
path: /ping
port: 80
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 20
imagePullSecrets:
- name: regcred

15
apps/notes/base/frontend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: frontend-service
namespace: notes
spec:
type: ClusterIP
selector:
app: frontend
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP

11
apps/notes/base/kustomization.yaml Normal file
View File

@ -0,0 +1,11 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: notes
resources:
- namespace.yaml
- backend-deployment.yaml
- backend-service.yaml
- frontend-deployment.yaml
- frontend-service.yaml
- nginx-configmap.yaml

7
apps/notes/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: notes
labels:
istio-injection: enabled

47
apps/notes/base/nginx-configmap.yaml Normal file
View File

@ -0,0 +1,47 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-configmap
namespace: notes
data:
nginx.conf: |
user nginx;
worker_processes auto;
error_log stderr warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /dev/stdout main;
sendfile on;
keepalive_timeout 65;
gzip on;
server {
client_header_buffer_size 16k;
large_client_header_buffers 4 16k;
listen 80;
server_name localhost;
root /dist;
expires off;
location = /ping {
return 200 '{"result": "ok"}';
}
}
}

11
apps/notes/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,11 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
- postgresql.yaml
patches: []
# - path: replicas.yaml
# target:
# kind: Deployment
# name: backend

113
apps/notes/yc-k8s-test/postgresql.yaml Normal file
View File

@ -0,0 +1,113 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: notes
spec:
interval: 5m
timeout: 2h
chart:
spec:
chart: postgresql-contour
version: "17.0.2"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
install:
timeout: 2h
remediation:
retries: 3
upgrade:
timeout: 2h
remediation:
retries: 3
values:
global:
security:
allowInsecureImages: true
defaultStorageClass: local-path
postgresql:
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
image:
registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql
tag: 17.0.2
pullPolicy: Always
metrics:
enabled: false
prometheusRule:
enabled: false
primary:
containerSecurityContext:
readOnlyRootFilesystem: false
persistence:
storageClass: local-path
size: 20Gi
resources:
requests:
memory: 512Mi
customLivenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customReadinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customStartupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
nodeSelector:
dedicated: db
tolerations:
- key: dedicated
operator: Equal
value: db
effect: NoSchedule
contour:
enabled: true
adminUser: ""
adminPasswordSecretKey: ""
sharedPreloadLibraries: "pg_stat_statements"
databases:
- name: notes_db
user: notes
extensions: []
restoreFromDump: false
s3-proxy:
endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"

8
apps/notes/yc-k8s-test/replicas.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: notes
spec:
replicas: 2

30
apps/pm/base/backend-configmap.yaml Normal file
View File

@ -0,0 +1,30 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: backend-configmap
namespace: pm
data:
uwsgi.ini: |
[uwsgi]
log-format = {"time": "%(time)", "method": "%(method)", "uri": "%(uri)", "status": "%(status)", "size": "%(size)", "addr": "%(addr)", "user": "%(user)", "proto": "%(proto)", "user_agent": "%(uagent)", "referer": "%(referer)", "trace_id": "%(trace_id)", "span_id": "%(span_id)"}
module = config.wsgi:application
DJANGO_SETTINGS_MODULE = config.settings.base
http = 0.0.0.0:8000
processes = 8
master = true
vacuum = true
enable-threads = true
buffer-size = 65535
stats = :3031
stats-http = true
memory-report = true
lazy-apps = true
listen = 1024
disable-write-exception= 0
harakiri = 300
socket-timeout = 300
chunked-input-timeout = 300
http-timeout = 300
worker-reload-mercy = 240
mule-reload-mercy = 240

210
apps/pm/base/backend-deployment.yaml Normal file
View File

@ -0,0 +1,210 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: pm
labels:
app: backend
service: api
spec:
replicas: 1
selector:
matchLabels:
app: backend
template:
metadata:
labels:
app: backend
service: api
spec:
containers:
- name: api
image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_0843a55d
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: USERS_INTERNAL_HOST
value: http://backend-service.sarex.svc.cluster.local:8000
- name: CELERY_REDIS_HOST
value: redis.pm.svc.cluster.local
- name: RESOURCES_INTERNAL_HOST
value: http://sarex-resources-service.resources
- name: EAV_HOST
value: http://eav-service.eav
- name: EAV_API_PREFIX
value: /api/v0
- name: EAV_API_PREFIX_V1
value: /api/v1
- name: TRACING_INSECURE
value: "False"
- name: SERVER_ENABLE_SYNC_RESOURCES
value: "True"
- name: SERVER_DELETED_TASK_MAX_AGE_DAYS
value: "1"
- name: SERVER_EXPIRED_TASK_NOTIFICATION_HOUR
value: "17"
- name: LANG
value: C.UTF-8
- name: LC_ALL
value: C.UTF-8
- name: PYTHONUTF8
value: "1"
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: password
- name: DB_DATABASE
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: database
- name: DB_HOST
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: hostname
- name: DB_PORT
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: port
- name: S3_HOST
valueFrom:
secretKeyRef:
name: s3-secrets
key: endpoint
- name: S3_LOGIN
valueFrom:
secretKeyRef:
name: s3-secrets
key: login
- name: S3_PASSWORD
valueFrom:
secretKeyRef:
name: s3-secrets
key: password
- name: S3_BUCKET
valueFrom:
secretKeyRef:
name: s3-secrets
key: bucket
# - name: CACHE_HOST
# valueFrom:
# secretKeyRef:
# name: cache-secret-pm
# key: host
# - name: CACHE_PORT
# valueFrom:
# secretKeyRef:
# name: cache-secret-pm
# key: port
# - name: CACHE_PASSWORD
# valueFrom:
# secretKeyRef:
# name: cache-secret-pm
# key: password
- name: CACHE_SSL
value: "False"
- name: CACHE_SSL_CA_CERTS
value: ""
- name: CACHE_ENABLE
value: "False"
- name: CLICKHOUSE_ENABLE
value: 'False'
- name: KAFKA_ENABLE
value: 'False'
# - name: KAFKA_BOOTSTRAP_SERVERS
# valueFrom:
# secretKeyRef:
# name: ya-kafka-secret-pm
# key: bootstrap_servers
# - name: KAFKA_SECURITY_PROTOCOL
# valueFrom:
# secretKeyRef:
# name: ya-kafka-secret-pm
# key: security_protocol
# - name: KAFKA_SASL_MECHANISM
# valueFrom:
# secretKeyRef:
# name: ya-kafka-secret-pm
# key: sasl_mechanism
# - name: KAFKA_SASL_PLAIN_USERNAME
# valueFrom:
# secretKeyRef:
# name: ya-kafka-secret-pm
# key: sasl_username
# - name: KAFKA_SASL_PLAIN_PASSWORD
# valueFrom:
# secretKeyRef:
# name: ya-kafka-secret-pm
# key: sasl_password
# - name: KAFKA_SSL_CAFILE
# valueFrom:
# secretKeyRef:
# name: ya-kafka-secret-pm
# key: ssl_cafile
# - name: KAFKA_TOPICS
# valueFrom:
# secretKeyRef:
# name: ya-kafka-secret-pm
# key: topics
- name: CELERY_RABBITMQ_HOST
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: hostname
- name: CELERY_RABBITMQ_PORT
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: port
- name: CELERY_RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: username
- name: CELERY_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: password
- name: CELERY_RABBITMQ_VHOST
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: vhost
- name: AUTH_PUBLIC_TOKEN_URL
value: "https://lk.sarex.io/api/token/public/"
- name: SERVER_HOST
value: "https://lk.sarex.io"
- name: SERVER_API_HOST
value: "https://api.sarex.io"
- name: SERVER_DEBUG
value: "False"
- name: SERVER_ALLOWED_HOSTS
value: '["*"]'
- name: SERVER_USE_OTEL
value: "False"
- name: SERVER_VERIFY_SSL
value: "False"
- name: SERVER_LOG_LEVEL
value: "INFO"
resources:
requests:
cpu: "1"
memory: 1Gi
imagePullSecrets:
- name: regcred

15
apps/pm/base/backend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: backend-service
namespace: pm
spec:
type: ClusterIP
selector:
app: backend
ports:
- name: http
port: 8000
targetPort: 8000
protocol: TCP

223
apps/pm/base/celery-deployment.yaml Normal file
View File

@ -0,0 +1,223 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: celery
namespace: pm
labels:
app: celery
service: celery
spec:
replicas: 1
selector:
matchLabels:
app: celery
template:
metadata:
labels:
app: celery
service: celery
spec:
containers:
- name: celery
image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_0843a55d
imagePullPolicy: IfNotPresent
command:
- celery
- "-A"
- config
- worker
- "-B"
- "-l"
- info
- "-E"
- "-Q"
- pm
- "-n"
- default_worker.%h
- "--concurrency=2"
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: USERS_INTERNAL_HOST
value: http://backend-service.sarex.svc.cluster.local:8000
- name: CELERY_REDIS_HOST
value: redis.pm.svc.cluster.local
- name: RESOURCES_INTERNAL_HOST
value: http://sarex-resources-service.resources
- name: EAV_HOST
value: http://eav-service.eav
- name: EAV_API_PREFIX
value: /api/v0
- name: EAV_API_PREFIX_V1
value: /api/v1
- name: TRACING_INSECURE
value: "False"
- name: SERVER_ENABLE_SYNC_RESOURCES
value: "True"
- name: SERVER_DELETED_TASK_MAX_AGE_DAYS
value: "1"
- name: SERVER_EXPIRED_TASK_NOTIFICATION_HOUR
value: "17"
- name: LANG
value: C.UTF-8
- name: LC_ALL
value: C.UTF-8
- name: PYTHONUTF8
value: "1"
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: password
- name: DB_DATABASE
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: database
- name: DB_HOST
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: hostname
- name: DB_PORT
valueFrom:
secretKeyRef:
name: postgresql-secrets
key: port
- name: S3_HOST
valueFrom:
secretKeyRef:
name: s3-secrets
key: endpoint
- name: S3_LOGIN
valueFrom:
secretKeyRef:
name: s3-secrets
key: login
- name: S3_PASSWORD
valueFrom:
secretKeyRef:
name: s3-secrets
key: password
- name: S3_BUCKET
valueFrom:
secretKeyRef:
name: s3-secrets
key: bucket
# - name: CACHE_HOST
# valueFrom:
# secretKeyRef:
# name: cache-secret-pm
# key: host
# - name: CACHE_PORT
# valueFrom:
# secretKeyRef:
# name: cache-secret-pm
# key: port
# - name: CACHE_PASSWORD
# valueFrom:
# secretKeyRef:
# name: cache-secret-pm
# key: password
- name: CACHE_SSL
value: "False"
- name: CACHE_SSL_CA_CERTS
value: ""
- name: CACHE_ENABLE
value: "False"
- name: CLICKHOUSE_ENABLE
value: 'False'
- name: KAFKA_ENABLE
value: 'False'
# - name: KAFKA_BOOTSTRAP_SERVERS
# valueFrom:
# secretKeyRef:
# name: ya-kafka-secret-pm
# key: bootstrap_servers
# - name: KAFKA_SECURITY_PROTOCOL
# valueFrom:
# secretKeyRef:
# name: ya-kafka-secret-pm
# key: security_protocol
# - name: KAFKA_SASL_MECHANISM
# valueFrom:
# secretKeyRef:
# name: ya-kafka-secret-pm
# key: sasl_mechanism
# - name: KAFKA_SASL_PLAIN_USERNAME
# valueFrom:
# secretKeyRef:
# name: ya-kafka-secret-pm
# key: sasl_username
# - name: KAFKA_SASL_PLAIN_PASSWORD
# valueFrom:
# secretKeyRef:
# name: ya-kafka-secret-pm
# key: sasl_password
# - name: KAFKA_SSL_CAFILE
# valueFrom:
# secretKeyRef:
# name: ya-kafka-secret-pm
# key: ssl_cafile
# - name: KAFKA_TOPICS
# valueFrom:
# secretKeyRef:
# name: ya-kafka-secret-pm
# key: topics
- name: CELERY_RABBITMQ_HOST
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: hostname
- name: CELERY_RABBITMQ_PORT
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: port
- name: CELERY_RABBITMQ_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: username
- name: CELERY_RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: password
- name: CELERY_RABBITMQ_VHOST
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: vhost
- name: AUTH_PUBLIC_TOKEN_URL
value: "https://lk.sarex.io/api/token/public/"
- name: SERVER_HOST
value: "https://lk.sarex.io"
- name: SERVER_API_HOST
value: "https://api.sarex.io"
- name: SERVER_DEBUG
value: "False"
- name: SERVER_ALLOWED_HOSTS
value: '["*"]'
- name: SERVER_USE_OTEL
value: "False"
- name: SERVER_VERIFY_SSL
value: "False"
- name: SERVER_LOG_LEVEL
value: "INFO"
resources:
requests:
memory: 1Gi
imagePullSecrets:
- name: regcred

10
apps/pm/base/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: pm
resources:
- namespace.yaml
- backend-deployment.yaml
- backend-service.yaml
- celery-deployment.yaml
- backend-configmap.yaml

7
apps/pm/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: pm
labels:
istio-injection: enabled

9
apps/pm/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
- postgresql.yaml
- redis-deployment.yaml
- redis-service.yaml
patches: []

113
apps/pm/yc-k8s-test/postgresql.yaml Normal file
View File

@ -0,0 +1,113 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: pm
spec:
interval: 5m
timeout: 2h
chart:
spec:
chart: postgresql-contour
version: "17.0.2"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
install:
timeout: 2h
remediation:
retries: 3
upgrade:
timeout: 2h
remediation:
retries: 3
values:
global:
security:
allowInsecureImages: true
defaultStorageClass: local-path
postgresql:
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
image:
registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql
tag: 17.0.2
pullPolicy: Always
metrics:
enabled: false
prometheusRule:
enabled: false
primary:
containerSecurityContext:
readOnlyRootFilesystem: false
persistence:
storageClass: local-path
size: 20Gi
customLivenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customReadinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customStartupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
resources:
requests:
memory: 512Mi
nodeSelector:
dedicated: db
tolerations:
- key: dedicated
operator: Equal
value: db
effect: NoSchedule
contour:
enabled: true
adminUser: ""
adminPasswordSecretKey: ""
sharedPreloadLibraries: "pg_stat_statements,ltree"
databases:
- name: pm_db
user: pm
extensions: []
restoreFromDump: false
s3-proxy:
endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"

27
apps/pm/yc-k8s-test/redis-deployment.yaml Normal file
View File

@ -0,0 +1,27 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: pm
labels:
app: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: cr.yandex/crp3ccidau046kdj8g9q/redis:latest
imagePullPolicy: Always
ports:
- containerPort: 6379
protocol: TCP
imagePullSecrets:
- name: regcred

13
apps/pm/yc-k8s-test/redis-service.yaml Normal file
View File

@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: pm
spec:
selector:
app: redis
ports:
- port: 6379
targetPort: 6379
protocol: TCP

33
apps/remarks/base/deployment.yaml Normal file
View File

@ -0,0 +1,33 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: remarks
labels:
app: frontend
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
version: stable
spec:
containers:
- name: frontend
image: cr.yandex/crp3ccidau046kdj8g9q/remarks-frontend:wb_002f8896
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
requests:
cpu: 100m
memory: 100Mi
imagePullSecrets:
- name: regcred

8
apps/remarks/base/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: remarks
resources:
- namespace.yaml
- deployment.yaml
- service.yaml

7
apps/remarks/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: remarks
labels:
istio-injection: enabled

15
apps/remarks/base/service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: frontend-service
namespace: remarks
spec:
type: ClusterIP
selector:
app: frontend
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP

10
apps/remarks/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
patches: []
# - path: replicas.yaml
# target:
# kind: Deployment
# name: frontend

8
apps/remarks/yc-k8s-test/replicas.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: remarks
spec:
replicas: 1

94
apps/subscriptions/base/backend-deployment.yaml Normal file
View File

@ -0,0 +1,94 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sarex-subscriptions
namespace: subscriptions
labels:
app: sarex-subscriptions
spec:
replicas: 1
selector:
matchLabels:
app: sarex-subscriptions
template:
metadata:
labels:
app: sarex-subscriptions
spec:
containers:
- name: subscriptions
image: cr.yandex/crp3ccidau046kdj8g9q/subscriptions:prod_a50928e1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: DATABASE_HOST
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret
- name: DATABASE_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret
- name: DATABASE_NAME
valueFrom:
secretKeyRef:
key: database
name: postgresql-secret
- name: DATABASE_USER
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret
- name: API_ADDRESS
value: "8000"
- name: SYSTEM_LOG_HOST
value: http://api-service.system-log
- name: USER_SERVICE_HOST
value: http://backend.django.svc.cluster.local:8000
- name: IS_USE_TELEGRAM
value: "false"
- name: IS_MAILGUN_USE
value: "0"
- name: SMTP_EMAIL_FROM
value: sarex@rwb.ru
- name: SMTP_EMAIL_HOST
value: mail.rwb.ru
- name: SMTP_EMAIL_PORT
value: "465"
- name: YC_S3_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: username
name: s3-secret
- name: YC_S3_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: password
name: s3-secret
- name: YC_S3_BUCKET_NAME
valueFrom:
secretKeyRef:
key: bucket
name: s3-secret
- name: YC_S3_ENDPOINT_URL
valueFrom:
secretKeyRef:
key: host
name: s3-secret
resources:
requests:
cpu: "1"
memory: 1Gi
imagePullSecrets:
- name: regcred

15
apps/subscriptions/base/backend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: rfi-backend-api-svc
namespace: rfi
spec:
type: ClusterIP
selector:
app: rfi-backend-api
ports:
- name: http
port: 80
targetPort: 8000
protocol: TCP

8
apps/subscriptions/base/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: subscriptions
resources:
- namespace.yaml
- backend-deployment.yaml
- backend-service.yaml

7
apps/subscriptions/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: subscriptions
labels:
istio-injection: enabled

7
apps/subscriptions/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
- postgresql.yaml
patches: []

110
apps/subscriptions/yc-k8s-test/postgresql.yaml Normal file
View File

@ -0,0 +1,110 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: subscriptions
spec:
interval: 5m
timeout: 2h
chart:
spec:
chart: postgresql-contour
version: "17.0.2"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
install:
timeout: 2h
remediation:
retries: 3
upgrade:
timeout: 2h
remediation:
retries: 3
values:
global:
security:
allowInsecureImages: true
defaultStorageClass: local-path
postgresql:
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
image:
registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql
tag: 17.0.2
pullPolicy: Always
metrics:
enabled: false
prometheusRule:
enabled: false
primary:
containerSecurityContext:
readOnlyRootFilesystem: false
persistence:
storageClass: local-path
size: 20Gi
customLivenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customReadinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customStartupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
nodeSelector:
dedicated: db
tolerations:
- key: dedicated
operator: Equal
value: db
effect: NoSchedule
contour:
enabled: true
adminUser: ""
adminPasswordSecretKey: ""
sharedPreloadLibraries: "postgis"
databases:
- name: subscriptions_db
user: subscriptions
extensions: []
restoreFromDump: false
s3-proxy:
endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"

116
apps/system-log/base/backend-deployment.yaml Normal file
View File

@ -0,0 +1,116 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: api
namespace: system-log
labels:
app: api
service: api
spec:
replicas: 1
selector:
matchLabels:
app: api
template:
metadata:
labels:
app: api
service: api
spec:
containers:
- name: api
image: cr.yandex/crp3ccidau046kdj8g9q/system-log:prod_6ed1b27e
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: KAFKA_ENABLE
value: "0"
- name: KAFKA_USE_SSL
value: "0"
- name: KAFKA_ENABLE_LOGGING
value: "0"
- name: APP_NAME
value: system_log
- name: APP_VERSION
value: 0.0.1
- name: LOG_LEVEL
value: INFO
- name: HTTP_HOST
value: 0.0.0.0
- name: HTTP_PORT
value: "8000"
- name: NAMESPACE
value: system-log
- name: POSTGRES_POOL_SIZE
value: "3"
- name: ENABLE_SSL
value: "0"
- name: KAFKA_GROUP
value: system-log-stage
- name: KAFKA_CLIENT_ID
value: system-log-stage
- name: KAFKA_PEM_PATH
value: "/tmp"
- name: DJANGO_HOST
value: http://backend.django.svc.cluster.local:8000
- name: POSTGRES_ADDRESS
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret
- name: POSTGRES_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
key: database
name: postgresql-secret
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret
- name: KAFKA_USERNAME
valueFrom:
secretKeyRef:
key: username
name: kafka-secret
- name: KAFKA_BROKERS
valueFrom:
secretKeyRef:
key: host
name: kafka-secret
- name: KAFKA_TOPIC
valueFrom:
secretKeyRef:
key: topic
name: kafka-secret
- name: KAFKA_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: kafka-secret
- name: KAFKA_PEM_CERT
valueFrom:
secretKeyRef:
key: ca.crt
name: kafka-secret
resources:
requests:
cpu: "1"
memory: 1Gi
imagePullSecrets:
- name: regcred

15
apps/system-log/base/backend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: rfi-backend-api-svc
namespace: system-log
spec:
type: ClusterIP
selector:
app: rfi-backend-api
ports:
- name: http
port: 80
targetPort: 8000
protocol: TCP

9
apps/system-log/base/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: system-log
resources:
- namespace.yaml
- backend-deployment.yaml
- backend-service.yaml
- worker-deployment.yaml

7
apps/system-log/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: system-log
labels:
istio-injection: enabled

91
apps/system-log/base/worker-deployment.yaml Normal file
View File

@ -0,0 +1,91 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: worker
namespace: system-log
labels:
app: worker
service: worker
spec:
replicas: 1
selector:
matchLabels:
app: worker
template:
metadata:
labels:
app: worker
service: worker
spec:
containers:
- name: worker
image: cr.yandex/crp3ccidau046kdj8g9q/system_log_worker:de6a0147d285afa273e85c0f074c8b6049d03a32
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: APP_NAME
value: system_log
- name: APP_VERSION
value: 0.0.1
- name: LOG_LEVEL
value: INFO
- name: HTTP_HOST
value: 0.0.0.0
- name: HTTP_PORT
value: "8000"
- name: NAMESPACE
value: sarex-system-log
- name: DOCUMENTATIONS_URL
value: http://documentations-api.documentations.svc.cluster.local:8080
- name: POSTGRES_POOL_SIZE
value: "3"
- name: ENABLE_SSL
value: "0"
- name: DJANGO_HOST
value: http://backend.django.svc.cluster.local:8000
- name: POSTGRES_ADDRESS
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret
- name: POSTGRES_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
key: database
name: postgresql-secret
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret
- name: SUPER_USERNAME
valueFrom:
secretKeyRef:
key: username
name: superuser
- name: SUPER_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: superuser
resources:
requests:
cpu: "1"
memory: 1Gi
imagePullSecrets:
- name: regcred

7
apps/system-log/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
- postgresql.yaml
patches: []

110
apps/system-log/yc-k8s-test/postgresql.yaml Normal file
View File

@ -0,0 +1,110 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: system-log
spec:
interval: 5m
timeout: 2h
chart:
spec:
chart: postgresql-contour
version: "17.0.2"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
install:
timeout: 2h
remediation:
retries: 3
upgrade:
timeout: 2h
remediation:
retries: 3
values:
global:
security:
allowInsecureImages: true
defaultStorageClass: local-path
postgresql:
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
image:
registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql
tag: 17.0.2
pullPolicy: Always
metrics:
enabled: false
prometheusRule:
enabled: false
primary:
containerSecurityContext:
readOnlyRootFilesystem: false
persistence:
storageClass: local-path
size: 20Gi
customLivenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customReadinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customStartupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
nodeSelector:
dedicated: db
tolerations:
- key: dedicated
operator: Equal
value: db
effect: NoSchedule
contour:
enabled: true
adminUser: ""
adminPasswordSecretKey: ""
sharedPreloadLibraries: "ltree,pg_stat_statements,timescaledb"
databases:
- name: system_log_db
user: system_log
extensions: []
restoreFromDump: false
s3-proxy:
endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"

9
clusters/yc-k8s-test/kustomization.yaml
View File

@ -16,4 +16,11 @@ resources:
- ../../apps/drawings/yc-k8s-test
- ../../apps/comparisons/yc-k8s-test
- ../../apps/contracts/yc-k8s-test
- ../../apps/rfi/yc-k8s-test
- ../../apps/rfi/yc-k8s-test
- ../../apps/checklists/yc-k8s-test
- ../../apps/subscriptions/yc-k8s-test
- ../../apps/inspections/yc-k8s-test
- ../../apps/system-log/yc-k8s-test
- ../../apps/remarks/yc-k8s-test
- ../../apps/notes/yc-k8s-test
- ../../apps/pm/yc-k8s-test