diff --git a/apps/checklists/base/backend-deployment.yaml b/apps/checklists/base/backend-deployment.yaml new file mode 100644 index 0000000..44d91b7 --- /dev/null +++ b/apps/checklists/base/backend-deployment.yaml @@ -0,0 +1,80 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: checklists-backend + namespace: checklists + labels: + app: checklists-backend + service: api +spec: + replicas: 1 + selector: + matchLabels: + app: checklists-backend + template: + metadata: + labels: + app: checklists-backend + service: checklists-backend + spec: + containers: + - name: api + image: cr.yandex/crp3ccidau046kdj8g9q/checklists-backend:production_68f242cd + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: HTTP_APP_HOST + value: 0.0.0.0 + - name: HTTP_APP_PORT + value: "8000" + - name: HTTP_APP_ROOT_PATH + value: /checklists + - name: HTTP_APP_WORKERS + value: "8" + - name: HTTP_APP_ADMIN_ENABLE + value: "true" + - name: JWT_AUTH_ENABLE + value: "true" + - name: DEBUG + value: "false" + - name: DATABASE_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: DATABASE_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: DATABASE_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: JWT_AUTH_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: public-key + name: jwt-secret + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/checklists/base/backend-service.yaml b/apps/checklists/base/backend-service.yaml new file mode 100644 index 0000000..f938e6d --- /dev/null +++ b/apps/checklists/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: rfi-backend-api-svc + namespace: rfi +spec: + type: ClusterIP + selector: + app: rfi-backend-api + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/checklists/base/kustomization.yaml b/apps/checklists/base/kustomization.yaml new file mode 100644 index 0000000..d88ae04 --- /dev/null +++ b/apps/checklists/base/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: checklists +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml diff --git a/apps/checklists/base/namespace.yaml b/apps/checklists/base/namespace.yaml new file mode 100644 index 0000000..0ec7137 --- /dev/null +++ b/apps/checklists/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: checklists + labels: + istio-injection: enabled diff --git a/apps/checklists/yc-k8s-test/kustomization.yaml b/apps/checklists/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/checklists/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/checklists/yc-k8s-test/postgresql.yaml b/apps/checklists/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..2df906f --- /dev/null +++ b/apps/checklists/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: checklists +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: checklists_db + user: checklists + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/apps/comparisons/yc-k8s-test/postgresql.yaml b/apps/comparisons/yc-k8s-test/postgresql.yaml index f45515d..163ed2f 100644 --- a/apps/comparisons/yc-k8s-test/postgresql.yaml +++ b/apps/comparisons/yc-k8s-test/postgresql.yaml @@ -89,6 +89,9 @@ spec: timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 + resources: + requests: + memory: 512Mi nodeSelector: dedicated: db tolerations: diff --git a/apps/contracts/base/deployment.yaml b/apps/contracts/base/deployment.yaml index 6c1d0cb..52e2c1e 100644 --- a/apps/contracts/base/deployment.yaml +++ b/apps/contracts/base/deployment.yaml @@ -31,7 +31,7 @@ spec: valueFrom: secretKeyRef: name: postgresql-secrets - key: db_url + key: url - name: PUBLIC_KEY valueFrom: secretKeyRef: diff --git a/apps/contracts/base/kustomization.yaml b/apps/contracts/base/kustomization.yaml index ec7df6a..3c22a88 100644 --- a/apps/contracts/base/kustomization.yaml +++ b/apps/contracts/base/kustomization.yaml @@ -4,5 +4,5 @@ kind: Kustomization namespace: contracts resources: - namespace.yaml -# - deployment.yaml + - deployment.yaml - service.yaml diff --git a/apps/contracts/yc-k8s-test/kustomization.yaml b/apps/contracts/yc-k8s-test/kustomization.yaml index da21a4e..ffc9d1c 100644 --- a/apps/contracts/yc-k8s-test/kustomization.yaml +++ b/apps/contracts/yc-k8s-test/kustomization.yaml @@ -3,9 +3,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../base -# - postgresql.yaml -patches: - - path: replicas.yaml - target: - kind: Deployment - name: backend + - postgresql.yaml +patches: [] +# - path: replicas.yaml +# target: +# kind: Deployment +# name: backend diff --git a/apps/contracts/yc-k8s-test/postgresql.yaml b/apps/contracts/yc-k8s-test/postgresql.yaml index 3ef1876..b04d0dc 100644 --- a/apps/contracts/yc-k8s-test/postgresql.yaml +++ b/apps/contracts/yc-k8s-test/postgresql.yaml @@ -56,6 +56,9 @@ spec: persistence: storageClass: local-path size: 20Gi + resources: + requests: + memory: 512Mi customLivenessProbe: exec: command: diff --git a/apps/drawings/yc-k8s-test/postgresql.yaml b/apps/drawings/yc-k8s-test/postgresql.yaml index 7fbaace..9c84f6b 100644 --- a/apps/drawings/yc-k8s-test/postgresql.yaml +++ b/apps/drawings/yc-k8s-test/postgresql.yaml @@ -89,6 +89,9 @@ spec: timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 + resources: + requests: + memory: 512Mi nodeSelector: dedicated: db tolerations: diff --git a/apps/inspections/base/backend-deployment.yaml b/apps/inspections/base/backend-deployment.yaml new file mode 100644 index 0000000..7dc94a0 --- /dev/null +++ b/apps/inspections/base/backend-deployment.yaml @@ -0,0 +1,127 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: inspections-backend + namespace: inspections + labels: + app: inspections-backend +spec: + replicas: 1 + selector: + matchLabels: + app: inspections-backend + template: + metadata: + labels: + app: inspections-backend + spec: + containers: + - name: inspections-backend + image: cr.yandex/crp3ccidau046kdj8g9q/sarex-inspections:production_1a33f6f4 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: DEBUG + value: "false" + - name: SERVICE_URL + value: https://srx.wb.ru + - name: HTTP_APP_HOST + value: 0.0.0.0 + - name: HTTP_APP_PORT + value: "8000" + - name: HTTP_APP_ROOT_PATH + value: /inspections + - name: HTTP_APP_WORKERS + value: "3" + - name: HTTP_APP_ADMIN_ENABLE + value: "true" + - name: KAFKA_SSL_CAFILE + value: /usr/local/share/ca-certificates/Yandex/YandexInternalRootCA.crt + - name: KAFKA_EAV_ASSETS_TOPIC + value: assets_broadcast + - name: JWT_AUTH_ENABLE + value: "true" + - name: NOTIFICATIONS_ENABLE + value: "true" + - name: NOTIFICATIONS_EMAIL_FROM + value: hello@sarex.io + - name: SAREX_BACKEND_URL + value: https://srx.wb.ru + - name: SAREX_BACKEND_TIMEOUT + value: "30" + - name: EAV_URL + value: http://eav-service.eav + - name: EAV_TIMEOUT + value: "30" + - name: WORKFLOWS_URL + value: http://workflows-service.processing-prod + - name: WORKFLOWS_TIMEOUT + value: "30" + - name: WORKFLOWS_EMAIL_DOCKER_IMAGE + value: cr.yandex/crp3ccidau046kdj8g9q/notification:email + - name: MOBILE_APP_CURRENT_VERSION + value: 1.0.0 + - name: MOBILE_APP_RECOMMENDED_VERSION + value: 1.0.0 + - name: MOBILE_APP_REQUIRED_VERSION + value: 1.0.0 + - name: MAILER_URL + value: http://mailer-service.mailer:8000 + - name: MAILER_TIMEOUT + value: "30" + - name: DATABASE_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DATABASE_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: DATABASE_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: KAFKA_HOST + valueFrom: + secretKeyRef: + key: host + name: kafka-secret + - name: KAFKA_USERNAME + valueFrom: + secretKeyRef: + key: username + name: kafka-secret + - name: KAFKA_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: kafka-secret + - name: SAREX_BACKEND_AUTH + valueFrom: + secretKeyRef: + key: key + name: sarex-backend-auth-secret + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/inspections/base/backend-service.yaml b/apps/inspections/base/backend-service.yaml new file mode 100644 index 0000000..f938e6d --- /dev/null +++ b/apps/inspections/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: rfi-backend-api-svc + namespace: rfi +spec: + type: ClusterIP + selector: + app: rfi-backend-api + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/inspections/base/kustomization.yaml b/apps/inspections/base/kustomization.yaml new file mode 100644 index 0000000..501546d --- /dev/null +++ b/apps/inspections/base/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: inspections +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml diff --git a/apps/inspections/base/namespace.yaml b/apps/inspections/base/namespace.yaml new file mode 100644 index 0000000..1e4be2f --- /dev/null +++ b/apps/inspections/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: inspections + labels: + istio-injection: enabled diff --git a/apps/inspections/yc-k8s-test/kustomization.yaml b/apps/inspections/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/inspections/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/inspections/yc-k8s-test/postgresql.yaml b/apps/inspections/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..218531a --- /dev/null +++ b/apps/inspections/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: inspections +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "postgis" + databases: + - name: inspections_db + user: inspections + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/apps/notes/base/backend-deployment.yaml b/apps/notes/base/backend-deployment.yaml new file mode 100644 index 0000000..ddf3111 --- /dev/null +++ b/apps/notes/base/backend-deployment.yaml @@ -0,0 +1,85 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: notes + labels: + app: backend +spec: + replicas: 1 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + service: main + spec: + containers: + - name: main + image: cr.yandex/crp3ccidau046kdj8g9q/notes-backend:production_81366854 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: PG_SSL_MODE + value: verify-full + - name: DJANGO_HOST + value: https://lk.sarex.io + - name: BASE_HOST + value: https://api.sarex.io/notes + - name: TIMEOUT + value: "120" + - name: FAAS_SERVICE + value: https://api.sarex.io/lambdas + - name: WORKSPACE_URL + value: https://api.sarex.io/workspaces/api/v1 + - name: WORKFLOW_HOST + value: https://api.sarex.io/workflows/api/v1 + - name: WORKFLOW_TAG + value: stable + - name: RESOURCE_URL + value: https://api.sarex.io/resources/api/v1 + - name: SYNC_RESOURCE_ID + value: "0" + - name: ENABLE_ND + value: "0" + - name: ATTACHMENT_HOST + value: http://attachments-service.attachments.svc.cluster.local:80/api/v1 + - name: PG_PORT + value: "5432" + - name: PG_DB + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: database + - name: PG_LOGIN + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: username + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: password + - name: PG_HOST + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: hostname + - name: DJANGO_TOKEN + valueFrom: + secretKeyRef: + name: django-secret + key: token + resources: + requests: + cpu: "1" + memory: 512Mi + imagePullSecrets: + - name: regcred diff --git a/apps/notes/base/backend-service.yaml b/apps/notes/base/backend-service.yaml new file mode 100644 index 0000000..7a70542 --- /dev/null +++ b/apps/notes/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-service + namespace: notes +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 8000 + targetPort: 8000 + protocol: TCP diff --git a/apps/notes/base/frontend-deployment.yaml b/apps/notes/base/frontend-deployment.yaml new file mode 100644 index 0000000..2cd1a60 --- /dev/null +++ b/apps/notes/base/frontend-deployment.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: notes + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + service: frontend + spec: + volumes: + - name: nginx-configmap + configMap: + name: nginx-configmap + items: + - key: nginx.conf + path: nginx.conf + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/notes-frontend:production_0cb0909f + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - name: nginx-configmap + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + livenessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 10 + readinessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 20 + imagePullSecrets: + - name: regcred diff --git a/apps/notes/base/frontend-service.yaml b/apps/notes/base/frontend-service.yaml new file mode 100644 index 0000000..4e12102 --- /dev/null +++ b/apps/notes/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: notes +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/notes/base/kustomization.yaml b/apps/notes/base/kustomization.yaml new file mode 100644 index 0000000..4758015 --- /dev/null +++ b/apps/notes/base/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: notes +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml + - frontend-deployment.yaml + - frontend-service.yaml + - nginx-configmap.yaml diff --git a/apps/notes/base/namespace.yaml b/apps/notes/base/namespace.yaml new file mode 100644 index 0000000..72085ff --- /dev/null +++ b/apps/notes/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: notes + labels: + istio-injection: enabled diff --git a/apps/notes/base/nginx-configmap.yaml b/apps/notes/base/nginx-configmap.yaml new file mode 100644 index 0000000..c12bafb --- /dev/null +++ b/apps/notes/base/nginx-configmap.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-configmap + namespace: notes +data: + nginx.conf: | + user nginx; + worker_processes auto; + + error_log stderr warn; + pid /var/run/nginx.pid; + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /dev/stdout main; + + sendfile on; + + keepalive_timeout 65; + + gzip on; + + server { + client_header_buffer_size 16k; + large_client_header_buffers 4 16k; + listen 80; + server_name localhost; + root /dist; + expires off; + + location = /ping { + return 200 '{"result": "ok"}'; + } + } + } diff --git a/apps/notes/yc-k8s-test/kustomization.yaml b/apps/notes/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..ffc9d1c --- /dev/null +++ b/apps/notes/yc-k8s-test/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] +# - path: replicas.yaml +# target: +# kind: Deployment +# name: backend diff --git a/apps/notes/yc-k8s-test/postgresql.yaml b/apps/notes/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..76ae62d --- /dev/null +++ b/apps/notes/yc-k8s-test/postgresql.yaml @@ -0,0 +1,113 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: notes +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + resources: + requests: + memory: 512Mi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: notes_db + user: notes + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/apps/notes/yc-k8s-test/replicas.yaml b/apps/notes/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..3c20467 --- /dev/null +++ b/apps/notes/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: notes +spec: + replicas: 2 diff --git a/apps/pm/base/backend-configmap.yaml b/apps/pm/base/backend-configmap.yaml new file mode 100644 index 0000000..613257c --- /dev/null +++ b/apps/pm/base/backend-configmap.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: backend-configmap + namespace: pm +data: + uwsgi.ini: | + [uwsgi] + log-format = {"time": "%(time)", "method": "%(method)", "uri": "%(uri)", "status": "%(status)", "size": "%(size)", "addr": "%(addr)", "user": "%(user)", "proto": "%(proto)", "user_agent": "%(uagent)", "referer": "%(referer)", "trace_id": "%(trace_id)", "span_id": "%(span_id)"} + module = config.wsgi:application + DJANGO_SETTINGS_MODULE = config.settings.base + http = 0.0.0.0:8000 + processes = 8 + master = true + vacuum = true + enable-threads = true + buffer-size = 65535 + stats = :3031 + stats-http = true + memory-report = true + lazy-apps = true + listen = 1024 + disable-write-exception= 0 + harakiri = 300 + socket-timeout = 300 + chunked-input-timeout = 300 + http-timeout = 300 + worker-reload-mercy = 240 + mule-reload-mercy = 240 diff --git a/apps/pm/base/backend-deployment.yaml b/apps/pm/base/backend-deployment.yaml new file mode 100644 index 0000000..19d1e7a --- /dev/null +++ b/apps/pm/base/backend-deployment.yaml @@ -0,0 +1,210 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: pm + labels: + app: backend + service: api +spec: + replicas: 1 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + service: api + spec: + containers: + - name: api + image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_0843a55d + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: USERS_INTERNAL_HOST + value: http://backend-service.sarex.svc.cluster.local:8000 + - name: CELERY_REDIS_HOST + value: redis.pm.svc.cluster.local + - name: RESOURCES_INTERNAL_HOST + value: http://sarex-resources-service.resources + - name: EAV_HOST + value: http://eav-service.eav + - name: EAV_API_PREFIX + value: /api/v0 + - name: EAV_API_PREFIX_V1 + value: /api/v1 + - name: TRACING_INSECURE + value: "False" + - name: SERVER_ENABLE_SYNC_RESOURCES + value: "True" + - name: SERVER_DELETED_TASK_MAX_AGE_DAYS + value: "1" + - name: SERVER_EXPIRED_TASK_NOTIFICATION_HOUR + value: "17" + - name: LANG + value: C.UTF-8 + - name: LC_ALL + value: C.UTF-8 + - name: PYTHONUTF8 + value: "1" + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: password + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: database + - name: DB_HOST + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: hostname + - name: DB_PORT + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: port + - name: S3_HOST + valueFrom: + secretKeyRef: + name: s3-secrets + key: endpoint + - name: S3_LOGIN + valueFrom: + secretKeyRef: + name: s3-secrets + key: login + - name: S3_PASSWORD + valueFrom: + secretKeyRef: + name: s3-secrets + key: password + - name: S3_BUCKET + valueFrom: + secretKeyRef: + name: s3-secrets + key: bucket + +# - name: CACHE_HOST +# valueFrom: +# secretKeyRef: +# name: cache-secret-pm +# key: host +# - name: CACHE_PORT +# valueFrom: +# secretKeyRef: +# name: cache-secret-pm +# key: port +# - name: CACHE_PASSWORD +# valueFrom: +# secretKeyRef: +# name: cache-secret-pm +# key: password + - name: CACHE_SSL + value: "False" + - name: CACHE_SSL_CA_CERTS + value: "" + - name: CACHE_ENABLE + value: "False" + - name: CLICKHOUSE_ENABLE + value: 'False' + - name: KAFKA_ENABLE + value: 'False' +# - name: KAFKA_BOOTSTRAP_SERVERS +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: bootstrap_servers +# - name: KAFKA_SECURITY_PROTOCOL +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: security_protocol +# - name: KAFKA_SASL_MECHANISM +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: sasl_mechanism +# - name: KAFKA_SASL_PLAIN_USERNAME +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: sasl_username +# - name: KAFKA_SASL_PLAIN_PASSWORD +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: sasl_password +# - name: KAFKA_SSL_CAFILE +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: ssl_cafile +# - name: KAFKA_TOPICS +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: topics + + - name: CELERY_RABBITMQ_HOST + valueFrom: + secretKeyRef: + name: rabbitmq-secrets + key: hostname + - name: CELERY_RABBITMQ_PORT + valueFrom: + secretKeyRef: + name: rabbitmq-secrets + key: port + - name: CELERY_RABBITMQ_USER + valueFrom: + secretKeyRef: + name: rabbitmq-secrets + key: username + - name: CELERY_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: rabbitmq-secrets + key: password + - name: CELERY_RABBITMQ_VHOST + valueFrom: + secretKeyRef: + name: rabbitmq-secrets + key: vhost + + - name: AUTH_PUBLIC_TOKEN_URL + value: "https://lk.sarex.io/api/token/public/" + - name: SERVER_HOST + value: "https://lk.sarex.io" + - name: SERVER_API_HOST + value: "https://api.sarex.io" + - name: SERVER_DEBUG + value: "False" + - name: SERVER_ALLOWED_HOSTS + value: '["*"]' + - name: SERVER_USE_OTEL + value: "False" + - name: SERVER_VERIFY_SSL + value: "False" + - name: SERVER_LOG_LEVEL + value: "INFO" + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/pm/base/backend-service.yaml b/apps/pm/base/backend-service.yaml new file mode 100644 index 0000000..69f6c27 --- /dev/null +++ b/apps/pm/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-service + namespace: pm +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 8000 + targetPort: 8000 + protocol: TCP diff --git a/apps/pm/base/celery-deployment.yaml b/apps/pm/base/celery-deployment.yaml new file mode 100644 index 0000000..6226a6d --- /dev/null +++ b/apps/pm/base/celery-deployment.yaml @@ -0,0 +1,223 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: celery + namespace: pm + labels: + app: celery + service: celery +spec: + replicas: 1 + selector: + matchLabels: + app: celery + template: + metadata: + labels: + app: celery + service: celery + spec: + containers: + - name: celery + image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_0843a55d + imagePullPolicy: IfNotPresent + command: + - celery + - "-A" + - config + - worker + - "-B" + - "-l" + - info + - "-E" + - "-Q" + - pm + - "-n" + - default_worker.%h + - "--concurrency=2" + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: USERS_INTERNAL_HOST + value: http://backend-service.sarex.svc.cluster.local:8000 + - name: CELERY_REDIS_HOST + value: redis.pm.svc.cluster.local + - name: RESOURCES_INTERNAL_HOST + value: http://sarex-resources-service.resources + - name: EAV_HOST + value: http://eav-service.eav + - name: EAV_API_PREFIX + value: /api/v0 + - name: EAV_API_PREFIX_V1 + value: /api/v1 + - name: TRACING_INSECURE + value: "False" + - name: SERVER_ENABLE_SYNC_RESOURCES + value: "True" + - name: SERVER_DELETED_TASK_MAX_AGE_DAYS + value: "1" + - name: SERVER_EXPIRED_TASK_NOTIFICATION_HOUR + value: "17" + - name: LANG + value: C.UTF-8 + - name: LC_ALL + value: C.UTF-8 + - name: PYTHONUTF8 + value: "1" + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: password + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: database + - name: DB_HOST + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: hostname + - name: DB_PORT + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: port + - name: S3_HOST + valueFrom: + secretKeyRef: + name: s3-secrets + key: endpoint + - name: S3_LOGIN + valueFrom: + secretKeyRef: + name: s3-secrets + key: login + - name: S3_PASSWORD + valueFrom: + secretKeyRef: + name: s3-secrets + key: password + - name: S3_BUCKET + valueFrom: + secretKeyRef: + name: s3-secrets + key: bucket + +# - name: CACHE_HOST +# valueFrom: +# secretKeyRef: +# name: cache-secret-pm +# key: host +# - name: CACHE_PORT +# valueFrom: +# secretKeyRef: +# name: cache-secret-pm +# key: port +# - name: CACHE_PASSWORD +# valueFrom: +# secretKeyRef: +# name: cache-secret-pm +# key: password + - name: CACHE_SSL + value: "False" + - name: CACHE_SSL_CA_CERTS + value: "" + - name: CACHE_ENABLE + value: "False" + - name: CLICKHOUSE_ENABLE + value: 'False' + - name: KAFKA_ENABLE + value: 'False' +# - name: KAFKA_BOOTSTRAP_SERVERS +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: bootstrap_servers +# - name: KAFKA_SECURITY_PROTOCOL +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: security_protocol +# - name: KAFKA_SASL_MECHANISM +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: sasl_mechanism +# - name: KAFKA_SASL_PLAIN_USERNAME +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: sasl_username +# - name: KAFKA_SASL_PLAIN_PASSWORD +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: sasl_password +# - name: KAFKA_SSL_CAFILE +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: ssl_cafile +# - name: KAFKA_TOPICS +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: topics + + - name: CELERY_RABBITMQ_HOST + valueFrom: + secretKeyRef: + name: rabbitmq-secrets + key: hostname + - name: CELERY_RABBITMQ_PORT + valueFrom: + secretKeyRef: + name: rabbitmq-secrets + key: port + - name: CELERY_RABBITMQ_USER + valueFrom: + secretKeyRef: + name: rabbitmq-secrets + key: username + - name: CELERY_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: rabbitmq-secrets + key: password + - name: CELERY_RABBITMQ_VHOST + valueFrom: + secretKeyRef: + name: rabbitmq-secrets + key: vhost + + - name: AUTH_PUBLIC_TOKEN_URL + value: "https://lk.sarex.io/api/token/public/" + - name: SERVER_HOST + value: "https://lk.sarex.io" + - name: SERVER_API_HOST + value: "https://api.sarex.io" + - name: SERVER_DEBUG + value: "False" + - name: SERVER_ALLOWED_HOSTS + value: '["*"]' + - name: SERVER_USE_OTEL + value: "False" + - name: SERVER_VERIFY_SSL + value: "False" + - name: SERVER_LOG_LEVEL + value: "INFO" + resources: + requests: + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/pm/base/kustomization.yaml b/apps/pm/base/kustomization.yaml new file mode 100644 index 0000000..9a1ef5b --- /dev/null +++ b/apps/pm/base/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: pm +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml + - celery-deployment.yaml + - backend-configmap.yaml diff --git a/apps/pm/base/namespace.yaml b/apps/pm/base/namespace.yaml new file mode 100644 index 0000000..2c1e797 --- /dev/null +++ b/apps/pm/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: pm + labels: + istio-injection: enabled diff --git a/apps/pm/yc-k8s-test/kustomization.yaml b/apps/pm/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..c4a2c03 --- /dev/null +++ b/apps/pm/yc-k8s-test/kustomization.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml + - redis-deployment.yaml + - redis-service.yaml +patches: [] diff --git a/apps/pm/yc-k8s-test/postgresql.yaml b/apps/pm/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..c7ec8be --- /dev/null +++ b/apps/pm/yc-k8s-test/postgresql.yaml @@ -0,0 +1,113 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: pm +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + resources: + requests: + memory: 512Mi + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements,ltree" + databases: + - name: pm_db + user: pm + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/apps/pm/yc-k8s-test/redis-deployment.yaml b/apps/pm/yc-k8s-test/redis-deployment.yaml new file mode 100644 index 0000000..4a46b46 --- /dev/null +++ b/apps/pm/yc-k8s-test/redis-deployment.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis + namespace: pm + labels: + app: redis +spec: + replicas: 1 + selector: + matchLabels: + app: redis + template: + metadata: + labels: + app: redis + spec: + containers: + - name: redis + image: cr.yandex/crp3ccidau046kdj8g9q/redis:latest + imagePullPolicy: Always + ports: + - containerPort: 6379 + protocol: TCP + imagePullSecrets: + - name: regcred diff --git a/apps/pm/yc-k8s-test/redis-service.yaml b/apps/pm/yc-k8s-test/redis-service.yaml new file mode 100644 index 0000000..4aab2e7 --- /dev/null +++ b/apps/pm/yc-k8s-test/redis-service.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: redis + namespace: pm +spec: + selector: + app: redis + ports: + - port: 6379 + targetPort: 6379 + protocol: TCP diff --git a/apps/remarks/base/deployment.yaml b/apps/remarks/base/deployment.yaml new file mode 100644 index 0000000..e60b703 --- /dev/null +++ b/apps/remarks/base/deployment.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: remarks + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + version: stable + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/remarks-frontend:wb_002f8896 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/remarks/base/kustomization.yaml b/apps/remarks/base/kustomization.yaml new file mode 100644 index 0000000..0646af2 --- /dev/null +++ b/apps/remarks/base/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: remarks +resources: + - namespace.yaml + - deployment.yaml + - service.yaml diff --git a/apps/remarks/base/namespace.yaml b/apps/remarks/base/namespace.yaml new file mode 100644 index 0000000..b2755bd --- /dev/null +++ b/apps/remarks/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: remarks + labels: + istio-injection: enabled \ No newline at end of file diff --git a/apps/remarks/base/service.yaml b/apps/remarks/base/service.yaml new file mode 100644 index 0000000..3f4cf80 --- /dev/null +++ b/apps/remarks/base/service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: remarks +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/remarks/yc-k8s-test/kustomization.yaml b/apps/remarks/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..85195ca --- /dev/null +++ b/apps/remarks/yc-k8s-test/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +patches: [] +# - path: replicas.yaml +# target: +# kind: Deployment +# name: frontend diff --git a/apps/remarks/yc-k8s-test/replicas.yaml b/apps/remarks/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..7d589d3 --- /dev/null +++ b/apps/remarks/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: remarks +spec: + replicas: 1 diff --git a/apps/subscriptions/base/backend-deployment.yaml b/apps/subscriptions/base/backend-deployment.yaml new file mode 100644 index 0000000..e1373ee --- /dev/null +++ b/apps/subscriptions/base/backend-deployment.yaml @@ -0,0 +1,94 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sarex-subscriptions + namespace: subscriptions + labels: + app: sarex-subscriptions +spec: + replicas: 1 + selector: + matchLabels: + app: sarex-subscriptions + template: + metadata: + labels: + app: sarex-subscriptions + spec: + containers: + - name: subscriptions + image: cr.yandex/crp3ccidau046kdj8g9q/subscriptions:prod_a50928e1 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: DATABASE_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: DATABASE_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: DATABASE_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: API_ADDRESS + value: "8000" + - name: SYSTEM_LOG_HOST + value: http://api-service.system-log + - name: USER_SERVICE_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: IS_USE_TELEGRAM + value: "false" + - name: IS_MAILGUN_USE + value: "0" + - name: SMTP_EMAIL_FROM + value: sarex@rwb.ru + - name: SMTP_EMAIL_HOST + value: mail.rwb.ru + - name: SMTP_EMAIL_PORT + value: "465" + - name: YC_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: username + name: s3-secret + - name: YC_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: password + name: s3-secret + - name: YC_S3_BUCKET_NAME + valueFrom: + secretKeyRef: + key: bucket + name: s3-secret + - name: YC_S3_ENDPOINT_URL + valueFrom: + secretKeyRef: + key: host + name: s3-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/subscriptions/base/backend-service.yaml b/apps/subscriptions/base/backend-service.yaml new file mode 100644 index 0000000..f938e6d --- /dev/null +++ b/apps/subscriptions/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: rfi-backend-api-svc + namespace: rfi +spec: + type: ClusterIP + selector: + app: rfi-backend-api + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/subscriptions/base/kustomization.yaml b/apps/subscriptions/base/kustomization.yaml new file mode 100644 index 0000000..7195a48 --- /dev/null +++ b/apps/subscriptions/base/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: subscriptions +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml diff --git a/apps/subscriptions/base/namespace.yaml b/apps/subscriptions/base/namespace.yaml new file mode 100644 index 0000000..59eb52d --- /dev/null +++ b/apps/subscriptions/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: subscriptions + labels: + istio-injection: enabled diff --git a/apps/subscriptions/yc-k8s-test/kustomization.yaml b/apps/subscriptions/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/subscriptions/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/subscriptions/yc-k8s-test/postgresql.yaml b/apps/subscriptions/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..543ef06 --- /dev/null +++ b/apps/subscriptions/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: subscriptions +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "postgis" + databases: + - name: subscriptions_db + user: subscriptions + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/apps/system-log/base/backend-deployment.yaml b/apps/system-log/base/backend-deployment.yaml new file mode 100644 index 0000000..011d128 --- /dev/null +++ b/apps/system-log/base/backend-deployment.yaml @@ -0,0 +1,116 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: api + namespace: system-log + labels: + app: api + service: api +spec: + replicas: 1 + selector: + matchLabels: + app: api + template: + metadata: + labels: + app: api + service: api + spec: + containers: + - name: api + image: cr.yandex/crp3ccidau046kdj8g9q/system-log:prod_6ed1b27e + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: KAFKA_ENABLE + value: "0" + - name: KAFKA_USE_SSL + value: "0" + - name: KAFKA_ENABLE_LOGGING + value: "0" + - name: APP_NAME + value: system_log + - name: APP_VERSION + value: 0.0.1 + - name: LOG_LEVEL + value: INFO + - name: HTTP_HOST + value: 0.0.0.0 + - name: HTTP_PORT + value: "8000" + - name: NAMESPACE + value: system-log + - name: POSTGRES_POOL_SIZE + value: "3" + - name: ENABLE_SSL + value: "0" + - name: KAFKA_GROUP + value: system-log-stage + - name: KAFKA_CLIENT_ID + value: system-log-stage + - name: KAFKA_PEM_PATH + value: "/tmp" + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: KAFKA_USERNAME + valueFrom: + secretKeyRef: + key: username + name: kafka-secret + - name: KAFKA_BROKERS + valueFrom: + secretKeyRef: + key: host + name: kafka-secret + - name: KAFKA_TOPIC + valueFrom: + secretKeyRef: + key: topic + name: kafka-secret + - name: KAFKA_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: kafka-secret + - name: KAFKA_PEM_CERT + valueFrom: + secretKeyRef: + key: ca.crt + name: kafka-secret + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/system-log/base/backend-service.yaml b/apps/system-log/base/backend-service.yaml new file mode 100644 index 0000000..be9ff27 --- /dev/null +++ b/apps/system-log/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: rfi-backend-api-svc + namespace: system-log +spec: + type: ClusterIP + selector: + app: rfi-backend-api + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/system-log/base/kustomization.yaml b/apps/system-log/base/kustomization.yaml new file mode 100644 index 0000000..91b2b1b --- /dev/null +++ b/apps/system-log/base/kustomization.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: system-log +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml + - worker-deployment.yaml diff --git a/apps/system-log/base/namespace.yaml b/apps/system-log/base/namespace.yaml new file mode 100644 index 0000000..f4d8f44 --- /dev/null +++ b/apps/system-log/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: system-log + labels: + istio-injection: enabled diff --git a/apps/system-log/base/worker-deployment.yaml b/apps/system-log/base/worker-deployment.yaml new file mode 100644 index 0000000..46ffedf --- /dev/null +++ b/apps/system-log/base/worker-deployment.yaml @@ -0,0 +1,91 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: worker + namespace: system-log + labels: + app: worker + service: worker +spec: + replicas: 1 + selector: + matchLabels: + app: worker + template: + metadata: + labels: + app: worker + service: worker + spec: + containers: + - name: worker + image: cr.yandex/crp3ccidau046kdj8g9q/system_log_worker:de6a0147d285afa273e85c0f074c8b6049d03a32 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: APP_NAME + value: system_log + - name: APP_VERSION + value: 0.0.1 + - name: LOG_LEVEL + value: INFO + - name: HTTP_HOST + value: 0.0.0.0 + - name: HTTP_PORT + value: "8000" + - name: NAMESPACE + value: sarex-system-log + - name: DOCUMENTATIONS_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: POSTGRES_POOL_SIZE + value: "3" + - name: ENABLE_SSL + value: "0" + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: SUPER_USERNAME + valueFrom: + secretKeyRef: + key: username + name: superuser + - name: SUPER_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: superuser + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/system-log/yc-k8s-test/kustomization.yaml b/apps/system-log/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/system-log/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/system-log/yc-k8s-test/postgresql.yaml b/apps/system-log/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..d5659e4 --- /dev/null +++ b/apps/system-log/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: system-log +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "ltree,pg_stat_statements,timescaledb" + databases: + - name: system_log_db + user: system_log + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 571fde1..bd67acc 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -16,4 +16,11 @@ resources: - ../../apps/drawings/yc-k8s-test - ../../apps/comparisons/yc-k8s-test - ../../apps/contracts/yc-k8s-test - - ../../apps/rfi/yc-k8s-test \ No newline at end of file + - ../../apps/rfi/yc-k8s-test + - ../../apps/checklists/yc-k8s-test + - ../../apps/subscriptions/yc-k8s-test + - ../../apps/inspections/yc-k8s-test + - ../../apps/system-log/yc-k8s-test + - ../../apps/remarks/yc-k8s-test + - ../../apps/notes/yc-k8s-test + - ../../apps/pm/yc-k8s-test \ No newline at end of file