From 8bb12ff371fbec0e0d71e1754c2eb9bed9aa53ed Mon Sep 17 00:00:00 2001 From: ivan Date: Thu, 16 Apr 2026 18:11:51 +0500 Subject: [PATCH 01/42] ++ --- checklists/base/backend-deployment.yaml | 80 ++++++++++++++++ checklists/base/backend-service.yaml | 15 +++ checklists/base/kustomization.yaml | 8 ++ checklists/base/namespace.yaml | 7 ++ checklists/yc-k8s-test/kustomization.yaml | 7 ++ checklists/yc-k8s-test/postgresql.yaml | 110 ++++++++++++++++++++++ 6 files changed, 227 insertions(+) create mode 100644 checklists/base/backend-deployment.yaml create mode 100644 checklists/base/backend-service.yaml create mode 100644 checklists/base/kustomization.yaml create mode 100644 checklists/base/namespace.yaml create mode 100644 checklists/yc-k8s-test/kustomization.yaml create mode 100644 checklists/yc-k8s-test/postgresql.yaml diff --git a/checklists/base/backend-deployment.yaml b/checklists/base/backend-deployment.yaml new file mode 100644 index 0000000..c9765fe --- /dev/null +++ b/checklists/base/backend-deployment.yaml @@ -0,0 +1,80 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: checklists-backend + namespace: rfi + labels: + app: checklists-backend + service: api +spec: + replicas: 1 + selector: + matchLabels: + app: checklists-backend + template: + metadata: + labels: + app: checklists-backend + service: checklists-backend + spec: + containers: + - name: api + image: cr.yandex/crp3ccidau046kdj8g9q/checklists-backend:production_68f242cd + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: HTTP_APP_HOST + value: 0.0.0.0 + - name: HTTP_APP_PORT + value: "8000" + - name: HTTP_APP_ROOT_PATH + value: /checklists + - name: HTTP_APP_WORKERS + value: "8" + - name: HTTP_APP_ADMIN_ENABLE + value: "true" + - name: JWT_AUTH_ENABLE + value: "true" + - name: DEBUG + value: "false" + - name: DATABASE_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: DATABASE_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: DATABASE_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: JWT_AUTH_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: public-key + name: jwt-secret + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/checklists/base/backend-service.yaml b/checklists/base/backend-service.yaml new file mode 100644 index 0000000..f938e6d --- /dev/null +++ b/checklists/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: rfi-backend-api-svc + namespace: rfi +spec: + type: ClusterIP + selector: + app: rfi-backend-api + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/checklists/base/kustomization.yaml b/checklists/base/kustomization.yaml new file mode 100644 index 0000000..d88ae04 --- /dev/null +++ b/checklists/base/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: checklists +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml diff --git a/checklists/base/namespace.yaml b/checklists/base/namespace.yaml new file mode 100644 index 0000000..0ec7137 --- /dev/null +++ b/checklists/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: checklists + labels: + istio-injection: enabled diff --git a/checklists/yc-k8s-test/kustomization.yaml b/checklists/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/checklists/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/checklists/yc-k8s-test/postgresql.yaml b/checklists/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..2df906f --- /dev/null +++ b/checklists/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: checklists +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: checklists_db + user: checklists + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" From d161b72f32b4d4d2627e2e6f7bb8ed720ffc5974 Mon Sep 17 00:00:00 2001 From: ivan Date: Thu, 16 Apr 2026 18:14:09 +0500 Subject: [PATCH 02/42] ++ --- checklists/base/kustomization.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/checklists/base/kustomization.yaml b/checklists/base/kustomization.yaml index d88ae04..430c968 100644 --- a/checklists/base/kustomization.yaml +++ b/checklists/base/kustomization.yaml @@ -4,5 +4,5 @@ kind: Kustomization namespace: checklists resources: - namespace.yaml - - backend-deployment.yaml - - backend-service.yaml + # - backend-deployment.yaml + # - backend-service.yaml From 392c161ced390e365f56848de694817e69ce8db8 Mon Sep 17 00:00:00 2001 From: ivan Date: Thu, 16 Apr 2026 18:21:29 +0500 Subject: [PATCH 03/42] fix --- checklists/base/kustomization.yaml | 4 ++-- clusters/yc-k8s-test/kustomization.yaml | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/checklists/base/kustomization.yaml b/checklists/base/kustomization.yaml index 430c968..d88ae04 100644 --- a/checklists/base/kustomization.yaml +++ b/checklists/base/kustomization.yaml @@ -4,5 +4,5 @@ kind: Kustomization namespace: checklists resources: - namespace.yaml - # - backend-deployment.yaml - # - backend-service.yaml + - backend-deployment.yaml + - backend-service.yaml diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 571fde1..1c18b86 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -16,4 +16,5 @@ resources: - ../../apps/drawings/yc-k8s-test - ../../apps/comparisons/yc-k8s-test - ../../apps/contracts/yc-k8s-test - - ../../apps/rfi/yc-k8s-test \ No newline at end of file + - ../../apps/rfi/yc-k8s-test + - ../../apps/checklists/yc-k8s-test \ No newline at end of file From 808b2d03d31b3912815931b1705d65da5781591b Mon Sep 17 00:00:00 2001 From: ivan Date: Thu, 16 Apr 2026 18:28:58 +0500 Subject: [PATCH 04/42] fix --- {checklists => apps/checklists}/base/backend-deployment.yaml | 0 {checklists => apps/checklists}/base/backend-service.yaml | 0 {checklists => apps/checklists}/base/kustomization.yaml | 0 {checklists => apps/checklists}/base/namespace.yaml | 0 {checklists => apps/checklists}/yc-k8s-test/kustomization.yaml | 0 {checklists => apps/checklists}/yc-k8s-test/postgresql.yaml | 0 clusters/yc-k8s-test/kustomization.yaml | 2 +- 7 files changed, 1 insertion(+), 1 deletion(-) rename {checklists => apps/checklists}/base/backend-deployment.yaml (100%) rename {checklists => apps/checklists}/base/backend-service.yaml (100%) rename {checklists => apps/checklists}/base/kustomization.yaml (100%) rename {checklists => apps/checklists}/base/namespace.yaml (100%) rename {checklists => apps/checklists}/yc-k8s-test/kustomization.yaml (100%) rename {checklists => apps/checklists}/yc-k8s-test/postgresql.yaml (100%) diff --git a/checklists/base/backend-deployment.yaml b/apps/checklists/base/backend-deployment.yaml similarity index 100% rename from checklists/base/backend-deployment.yaml rename to apps/checklists/base/backend-deployment.yaml diff --git a/checklists/base/backend-service.yaml b/apps/checklists/base/backend-service.yaml similarity index 100% rename from checklists/base/backend-service.yaml rename to apps/checklists/base/backend-service.yaml diff --git a/checklists/base/kustomization.yaml b/apps/checklists/base/kustomization.yaml similarity index 100% rename from checklists/base/kustomization.yaml rename to apps/checklists/base/kustomization.yaml diff --git a/checklists/base/namespace.yaml b/apps/checklists/base/namespace.yaml similarity index 100% rename from checklists/base/namespace.yaml rename to apps/checklists/base/namespace.yaml diff --git a/checklists/yc-k8s-test/kustomization.yaml b/apps/checklists/yc-k8s-test/kustomization.yaml similarity index 100% rename from checklists/yc-k8s-test/kustomization.yaml rename to apps/checklists/yc-k8s-test/kustomization.yaml diff --git a/checklists/yc-k8s-test/postgresql.yaml b/apps/checklists/yc-k8s-test/postgresql.yaml similarity index 100% rename from checklists/yc-k8s-test/postgresql.yaml rename to apps/checklists/yc-k8s-test/postgresql.yaml diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 1c18b86..5edd919 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -17,4 +17,4 @@ resources: - ../../apps/comparisons/yc-k8s-test - ../../apps/contracts/yc-k8s-test - ../../apps/rfi/yc-k8s-test - - ../../apps/checklists/yc-k8s-test \ No newline at end of file + - ../../checklists/yc-k8s-test \ No newline at end of file From 91a483f16183fdb88a1aeafc2991bc4cfd738c7c Mon Sep 17 00:00:00 2001 From: ivan Date: Thu, 16 Apr 2026 18:30:30 +0500 Subject: [PATCH 05/42] fix --- clusters/yc-k8s-test/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 5edd919..e4d9b35 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -17,4 +17,4 @@ resources: - ../../apps/comparisons/yc-k8s-test - ../../apps/contracts/yc-k8s-test - ../../apps/rfi/yc-k8s-test - - ../../checklists/yc-k8s-test \ No newline at end of file + - - ../../apps/checklists/yc-k8s-test \ No newline at end of file From e3be4eb793dfc7847dd1016b1450da7cee95299b Mon Sep 17 00:00:00 2001 From: ivan Date: Thu, 16 Apr 2026 18:30:46 +0500 Subject: [PATCH 06/42] fix --- clusters/yc-k8s-test/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index e4d9b35..1c18b86 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -17,4 +17,4 @@ resources: - ../../apps/comparisons/yc-k8s-test - ../../apps/contracts/yc-k8s-test - ../../apps/rfi/yc-k8s-test - - - ../../apps/checklists/yc-k8s-test \ No newline at end of file + - ../../apps/checklists/yc-k8s-test \ No newline at end of file From a9fc9055fcc0a24f64a1e39178fee1bd442301a0 Mon Sep 17 00:00:00 2001 From: ivan Date: Thu, 16 Apr 2026 18:45:49 +0500 Subject: [PATCH 07/42] ++ --- .../base/backend-deployment.yaml | 94 +++++++++++++++ apps/subscriptions/base/backend-service.yaml | 15 +++ apps/subscriptions/base/kustomization.yaml | 8 ++ apps/subscriptions/base/namespace.yaml | 7 ++ .../yc-k8s-test/kustomization.yaml | 7 ++ .../subscriptions/yc-k8s-test/postgresql.yaml | 110 ++++++++++++++++++ clusters/yc-k8s-test/kustomization.yaml | 3 +- 7 files changed, 243 insertions(+), 1 deletion(-) create mode 100644 apps/subscriptions/base/backend-deployment.yaml create mode 100644 apps/subscriptions/base/backend-service.yaml create mode 100644 apps/subscriptions/base/kustomization.yaml create mode 100644 apps/subscriptions/base/namespace.yaml create mode 100644 apps/subscriptions/yc-k8s-test/kustomization.yaml create mode 100644 apps/subscriptions/yc-k8s-test/postgresql.yaml diff --git a/apps/subscriptions/base/backend-deployment.yaml b/apps/subscriptions/base/backend-deployment.yaml new file mode 100644 index 0000000..e1373ee --- /dev/null +++ b/apps/subscriptions/base/backend-deployment.yaml @@ -0,0 +1,94 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sarex-subscriptions + namespace: subscriptions + labels: + app: sarex-subscriptions +spec: + replicas: 1 + selector: + matchLabels: + app: sarex-subscriptions + template: + metadata: + labels: + app: sarex-subscriptions + spec: + containers: + - name: subscriptions + image: cr.yandex/crp3ccidau046kdj8g9q/subscriptions:prod_a50928e1 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: DATABASE_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: DATABASE_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: DATABASE_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: API_ADDRESS + value: "8000" + - name: SYSTEM_LOG_HOST + value: http://api-service.system-log + - name: USER_SERVICE_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: IS_USE_TELEGRAM + value: "false" + - name: IS_MAILGUN_USE + value: "0" + - name: SMTP_EMAIL_FROM + value: sarex@rwb.ru + - name: SMTP_EMAIL_HOST + value: mail.rwb.ru + - name: SMTP_EMAIL_PORT + value: "465" + - name: YC_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: username + name: s3-secret + - name: YC_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: password + name: s3-secret + - name: YC_S3_BUCKET_NAME + valueFrom: + secretKeyRef: + key: bucket + name: s3-secret + - name: YC_S3_ENDPOINT_URL + valueFrom: + secretKeyRef: + key: host + name: s3-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/subscriptions/base/backend-service.yaml b/apps/subscriptions/base/backend-service.yaml new file mode 100644 index 0000000..f938e6d --- /dev/null +++ b/apps/subscriptions/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: rfi-backend-api-svc + namespace: rfi +spec: + type: ClusterIP + selector: + app: rfi-backend-api + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/subscriptions/base/kustomization.yaml b/apps/subscriptions/base/kustomization.yaml new file mode 100644 index 0000000..5a20e88 --- /dev/null +++ b/apps/subscriptions/base/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: rfi +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml diff --git a/apps/subscriptions/base/namespace.yaml b/apps/subscriptions/base/namespace.yaml new file mode 100644 index 0000000..59eb52d --- /dev/null +++ b/apps/subscriptions/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: subscriptions + labels: + istio-injection: enabled diff --git a/apps/subscriptions/yc-k8s-test/kustomization.yaml b/apps/subscriptions/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/subscriptions/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/subscriptions/yc-k8s-test/postgresql.yaml b/apps/subscriptions/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..afce88b --- /dev/null +++ b/apps/subscriptions/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: subscriptions +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: subscriptions_db + user: subscriptions + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 1c18b86..15e57f9 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -17,4 +17,5 @@ resources: - ../../apps/comparisons/yc-k8s-test - ../../apps/contracts/yc-k8s-test - ../../apps/rfi/yc-k8s-test - - ../../apps/checklists/yc-k8s-test \ No newline at end of file + - ../../apps/checklists/yc-k8s-test + - ../../apps/subscriptions/yc-k8s-test \ No newline at end of file From 6491cada6b97850c46b8b7c8fbf9c92cf397799f Mon Sep 17 00:00:00 2001 From: ivan Date: Thu, 16 Apr 2026 18:49:12 +0500 Subject: [PATCH 08/42] ++ --- apps/checklists/base/backend-deployment.yaml | 2 +- apps/subscriptions/base/kustomization.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/checklists/base/backend-deployment.yaml b/apps/checklists/base/backend-deployment.yaml index c9765fe..44d91b7 100644 --- a/apps/checklists/base/backend-deployment.yaml +++ b/apps/checklists/base/backend-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: checklists-backend - namespace: rfi + namespace: checklists labels: app: checklists-backend service: api diff --git a/apps/subscriptions/base/kustomization.yaml b/apps/subscriptions/base/kustomization.yaml index 5a20e88..7195a48 100644 --- a/apps/subscriptions/base/kustomization.yaml +++ b/apps/subscriptions/base/kustomization.yaml @@ -1,7 +1,7 @@ --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: rfi +namespace: subscriptions resources: - namespace.yaml - backend-deployment.yaml From f234ccbbae21786ea6927b435ce7acfd0f71abc3 Mon Sep 17 00:00:00 2001 From: ivan Date: Thu, 16 Apr 2026 18:55:53 +0500 Subject: [PATCH 09/42] fix --- apps/subscriptions/yc-k8s-test/postgresql.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/subscriptions/yc-k8s-test/postgresql.yaml b/apps/subscriptions/yc-k8s-test/postgresql.yaml index afce88b..543ef06 100644 --- a/apps/subscriptions/yc-k8s-test/postgresql.yaml +++ b/apps/subscriptions/yc-k8s-test/postgresql.yaml @@ -100,7 +100,7 @@ spec: enabled: true adminUser: "" adminPasswordSecretKey: "" - sharedPreloadLibraries: "pg_stat_statements" + sharedPreloadLibraries: "postgis" databases: - name: subscriptions_db user: subscriptions From 7b107a613eb175a0b80a2031b310c007cbe864f2 Mon Sep 17 00:00:00 2001 From: ivan Date: Thu, 16 Apr 2026 19:11:02 +0500 Subject: [PATCH 10/42] fix --- apps/inspections/base/backend-deployment.yaml | 127 ++++++++++++++++++ apps/inspections/base/backend-service.yaml | 15 +++ apps/inspections/base/kustomization.yaml | 8 ++ apps/inspections/base/namespace.yaml | 7 + .../yc-k8s-test/kustomization.yaml | 7 + apps/inspections/yc-k8s-test/postgresql.yaml | 110 +++++++++++++++ clusters/yc-k8s-test/kustomization.yaml | 3 +- 7 files changed, 276 insertions(+), 1 deletion(-) create mode 100644 apps/inspections/base/backend-deployment.yaml create mode 100644 apps/inspections/base/backend-service.yaml create mode 100644 apps/inspections/base/kustomization.yaml create mode 100644 apps/inspections/base/namespace.yaml create mode 100644 apps/inspections/yc-k8s-test/kustomization.yaml create mode 100644 apps/inspections/yc-k8s-test/postgresql.yaml diff --git a/apps/inspections/base/backend-deployment.yaml b/apps/inspections/base/backend-deployment.yaml new file mode 100644 index 0000000..7dc94a0 --- /dev/null +++ b/apps/inspections/base/backend-deployment.yaml @@ -0,0 +1,127 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: inspections-backend + namespace: inspections + labels: + app: inspections-backend +spec: + replicas: 1 + selector: + matchLabels: + app: inspections-backend + template: + metadata: + labels: + app: inspections-backend + spec: + containers: + - name: inspections-backend + image: cr.yandex/crp3ccidau046kdj8g9q/sarex-inspections:production_1a33f6f4 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: DEBUG + value: "false" + - name: SERVICE_URL + value: https://srx.wb.ru + - name: HTTP_APP_HOST + value: 0.0.0.0 + - name: HTTP_APP_PORT + value: "8000" + - name: HTTP_APP_ROOT_PATH + value: /inspections + - name: HTTP_APP_WORKERS + value: "3" + - name: HTTP_APP_ADMIN_ENABLE + value: "true" + - name: KAFKA_SSL_CAFILE + value: /usr/local/share/ca-certificates/Yandex/YandexInternalRootCA.crt + - name: KAFKA_EAV_ASSETS_TOPIC + value: assets_broadcast + - name: JWT_AUTH_ENABLE + value: "true" + - name: NOTIFICATIONS_ENABLE + value: "true" + - name: NOTIFICATIONS_EMAIL_FROM + value: hello@sarex.io + - name: SAREX_BACKEND_URL + value: https://srx.wb.ru + - name: SAREX_BACKEND_TIMEOUT + value: "30" + - name: EAV_URL + value: http://eav-service.eav + - name: EAV_TIMEOUT + value: "30" + - name: WORKFLOWS_URL + value: http://workflows-service.processing-prod + - name: WORKFLOWS_TIMEOUT + value: "30" + - name: WORKFLOWS_EMAIL_DOCKER_IMAGE + value: cr.yandex/crp3ccidau046kdj8g9q/notification:email + - name: MOBILE_APP_CURRENT_VERSION + value: 1.0.0 + - name: MOBILE_APP_RECOMMENDED_VERSION + value: 1.0.0 + - name: MOBILE_APP_REQUIRED_VERSION + value: 1.0.0 + - name: MAILER_URL + value: http://mailer-service.mailer:8000 + - name: MAILER_TIMEOUT + value: "30" + - name: DATABASE_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DATABASE_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: DATABASE_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: KAFKA_HOST + valueFrom: + secretKeyRef: + key: host + name: kafka-secret + - name: KAFKA_USERNAME + valueFrom: + secretKeyRef: + key: username + name: kafka-secret + - name: KAFKA_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: kafka-secret + - name: SAREX_BACKEND_AUTH + valueFrom: + secretKeyRef: + key: key + name: sarex-backend-auth-secret + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/inspections/base/backend-service.yaml b/apps/inspections/base/backend-service.yaml new file mode 100644 index 0000000..f938e6d --- /dev/null +++ b/apps/inspections/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: rfi-backend-api-svc + namespace: rfi +spec: + type: ClusterIP + selector: + app: rfi-backend-api + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/inspections/base/kustomization.yaml b/apps/inspections/base/kustomization.yaml new file mode 100644 index 0000000..7195a48 --- /dev/null +++ b/apps/inspections/base/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: subscriptions +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml diff --git a/apps/inspections/base/namespace.yaml b/apps/inspections/base/namespace.yaml new file mode 100644 index 0000000..1e4be2f --- /dev/null +++ b/apps/inspections/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: inspections + labels: + istio-injection: enabled diff --git a/apps/inspections/yc-k8s-test/kustomization.yaml b/apps/inspections/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/inspections/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/inspections/yc-k8s-test/postgresql.yaml b/apps/inspections/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..218531a --- /dev/null +++ b/apps/inspections/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: inspections +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "postgis" + databases: + - name: inspections_db + user: inspections + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 15e57f9..b4bbaa9 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -18,4 +18,5 @@ resources: - ../../apps/contracts/yc-k8s-test - ../../apps/rfi/yc-k8s-test - ../../apps/checklists/yc-k8s-test - - ../../apps/subscriptions/yc-k8s-test \ No newline at end of file + - ../../apps/subscriptions/yc-k8s-test + - ../../apps/inspections/yc-k8s-test \ No newline at end of file From 9583448beba60cffe599922e3d0aa225b830c568 Mon Sep 17 00:00:00 2001 From: ivan Date: Thu, 16 Apr 2026 19:12:35 +0500 Subject: [PATCH 11/42] fix --- apps/inspections/base/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/inspections/base/kustomization.yaml b/apps/inspections/base/kustomization.yaml index 7195a48..501546d 100644 --- a/apps/inspections/base/kustomization.yaml +++ b/apps/inspections/base/kustomization.yaml @@ -1,7 +1,7 @@ --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: subscriptions +namespace: inspections resources: - namespace.yaml - backend-deployment.yaml From 46e16fc2871876c93742ed82044082933b776890 Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 10:35:52 +0300 Subject: [PATCH 12/42] Uncomment PostgreSQL resource and clean up backend patch configuration in yc-k8s-test kustomization file --- apps/contracts/yc-k8s-test/kustomization.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/apps/contracts/yc-k8s-test/kustomization.yaml b/apps/contracts/yc-k8s-test/kustomization.yaml index da21a4e..ffc9d1c 100644 --- a/apps/contracts/yc-k8s-test/kustomization.yaml +++ b/apps/contracts/yc-k8s-test/kustomization.yaml @@ -3,9 +3,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../base -# - postgresql.yaml -patches: - - path: replicas.yaml - target: - kind: Deployment - name: backend + - postgresql.yaml +patches: [] +# - path: replicas.yaml +# target: +# kind: Deployment +# name: backend From b0243697285fcfedfff2bbb4a162ba79e56232e7 Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 17 Apr 2026 12:39:05 +0500 Subject: [PATCH 13/42] ++ --- apps/system-log/base/backend-deployment.yaml | 111 ++++++++++++++++++ apps/system-log/base/backend-service.yaml | 15 +++ apps/system-log/base/kustomization.yaml | 9 ++ apps/system-log/base/namespace.yaml | 7 ++ apps/system-log/base/worker-deployment.yaml | 91 ++++++++++++++ .../system-log/yc-k8s-test/kustomization.yaml | 7 ++ apps/system-log/yc-k8s-test/postgresql.yaml | 110 +++++++++++++++++ 7 files changed, 350 insertions(+) create mode 100644 apps/system-log/base/backend-deployment.yaml create mode 100644 apps/system-log/base/backend-service.yaml create mode 100644 apps/system-log/base/kustomization.yaml create mode 100644 apps/system-log/base/namespace.yaml create mode 100644 apps/system-log/base/worker-deployment.yaml create mode 100644 apps/system-log/yc-k8s-test/kustomization.yaml create mode 100644 apps/system-log/yc-k8s-test/postgresql.yaml diff --git a/apps/system-log/base/backend-deployment.yaml b/apps/system-log/base/backend-deployment.yaml new file mode 100644 index 0000000..ff19ce0 --- /dev/null +++ b/apps/system-log/base/backend-deployment.yaml @@ -0,0 +1,111 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: api + namespace: system-log + labels: + app: api + service: api +spec: + replicas: 1 + selector: + matchLabels: + app: api + template: + metadata: + labels: + app: api + service: api + spec: + containers: + - name: api + image: cr.yandex/crp3ccidau046kdj8g9q/system-log:prod_6ed1b27e + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - env: + - name: KAFKA_ENABLE + value: "0" + - name: KAFKA_USE_SSL + value: "0" + - name: KAFKA_ENABLE_LOGGING + value: "0" + - name: APP_NAME + value: system_log + - name: APP_VERSION + value: 0.0.1 + - name: LOG_LEVEL + value: INFO + - name: HTTP_HOST + value: 0.0.0.0 + - name: HTTP_PORT + value: "8000" + - name: NAMESPACE + value: system-log + - name: POSTGRES_POOL_SIZE + value: "3" + - name: ENABLE_SSL + value: "0" + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: KAFKA_USERNAME + valueFrom: + secretKeyRef: + key: username + name: kafka-secret + - name: KAFKA_BROKERS + valueFrom: + secretKeyRef: + key: host + name: kafka-secret + - name: KAFKA_TOPIC + valueFrom: + secretKeyRef: + key: topic + name: kafka-secret + - name: KAFKA_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: kafka-secret + - name: KAFKA_PEM_CERT + valueFrom: + secretKeyRef: + key: certificate + name: kafka-certificate + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/system-log/base/backend-service.yaml b/apps/system-log/base/backend-service.yaml new file mode 100644 index 0000000..f938e6d --- /dev/null +++ b/apps/system-log/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: rfi-backend-api-svc + namespace: rfi +spec: + type: ClusterIP + selector: + app: rfi-backend-api + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/system-log/base/kustomization.yaml b/apps/system-log/base/kustomization.yaml new file mode 100644 index 0000000..f69753d --- /dev/null +++ b/apps/system-log/base/kustomization.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: rfi +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml + - worker-deployment.yaml diff --git a/apps/system-log/base/namespace.yaml b/apps/system-log/base/namespace.yaml new file mode 100644 index 0000000..f4d8f44 --- /dev/null +++ b/apps/system-log/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: system-log + labels: + istio-injection: enabled diff --git a/apps/system-log/base/worker-deployment.yaml b/apps/system-log/base/worker-deployment.yaml new file mode 100644 index 0000000..46ffedf --- /dev/null +++ b/apps/system-log/base/worker-deployment.yaml @@ -0,0 +1,91 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: worker + namespace: system-log + labels: + app: worker + service: worker +spec: + replicas: 1 + selector: + matchLabels: + app: worker + template: + metadata: + labels: + app: worker + service: worker + spec: + containers: + - name: worker + image: cr.yandex/crp3ccidau046kdj8g9q/system_log_worker:de6a0147d285afa273e85c0f074c8b6049d03a32 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: APP_NAME + value: system_log + - name: APP_VERSION + value: 0.0.1 + - name: LOG_LEVEL + value: INFO + - name: HTTP_HOST + value: 0.0.0.0 + - name: HTTP_PORT + value: "8000" + - name: NAMESPACE + value: sarex-system-log + - name: DOCUMENTATIONS_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: POSTGRES_POOL_SIZE + value: "3" + - name: ENABLE_SSL + value: "0" + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: SUPER_USERNAME + valueFrom: + secretKeyRef: + key: username + name: superuser + - name: SUPER_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: superuser + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/system-log/yc-k8s-test/kustomization.yaml b/apps/system-log/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/system-log/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/system-log/yc-k8s-test/postgresql.yaml b/apps/system-log/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..d5659e4 --- /dev/null +++ b/apps/system-log/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: system-log +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "ltree,pg_stat_statements,timescaledb" + databases: + - name: system_log_db + user: system_log + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" From d08162fb6dfe6f63aa722714ed380f231609c954 Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 17 Apr 2026 12:40:52 +0500 Subject: [PATCH 14/42] fix --- clusters/yc-k8s-test/kustomization.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index b4bbaa9..8acc4c2 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -19,4 +19,5 @@ resources: - ../../apps/rfi/yc-k8s-test - ../../apps/checklists/yc-k8s-test - ../../apps/subscriptions/yc-k8s-test - - ../../apps/inspections/yc-k8s-test \ No newline at end of file + - ../../apps/inspections/yc-k8s-test + - ../../apps/system-log/yc-k8s-test \ No newline at end of file From 62a4bf085e34e44b184e805ca1801d6b1e9b5c8e Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 17 Apr 2026 12:42:56 +0500 Subject: [PATCH 15/42] fix --- apps/system-log/base/backend-deployment.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/apps/system-log/base/backend-deployment.yaml b/apps/system-log/base/backend-deployment.yaml index ff19ce0..b1f911d 100644 --- a/apps/system-log/base/backend-deployment.yaml +++ b/apps/system-log/base/backend-deployment.yaml @@ -27,7 +27,6 @@ spec: containerPort: 8000 protocol: TCP env: - - env: - name: KAFKA_ENABLE value: "0" - name: KAFKA_USE_SSL From a3f0a049f027cdfc5e74d081a423349e746aa6d4 Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 17 Apr 2026 12:44:31 +0500 Subject: [PATCH 16/42] fix --- apps/system-log/base/backend-service.yaml | 2 +- apps/system-log/base/kustomization.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/system-log/base/backend-service.yaml b/apps/system-log/base/backend-service.yaml index f938e6d..be9ff27 100644 --- a/apps/system-log/base/backend-service.yaml +++ b/apps/system-log/base/backend-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: rfi-backend-api-svc - namespace: rfi + namespace: system-log spec: type: ClusterIP selector: diff --git a/apps/system-log/base/kustomization.yaml b/apps/system-log/base/kustomization.yaml index f69753d..91b2b1b 100644 --- a/apps/system-log/base/kustomization.yaml +++ b/apps/system-log/base/kustomization.yaml @@ -1,7 +1,7 @@ --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: rfi +namespace: system-log resources: - namespace.yaml - backend-deployment.yaml From 88f66df68fb592d20adcb8602d1e44dc31526119 Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 17 Apr 2026 12:51:59 +0500 Subject: [PATCH 17/42] fix --- apps/system-log/base/backend-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/system-log/base/backend-deployment.yaml b/apps/system-log/base/backend-deployment.yaml index b1f911d..e024731 100644 --- a/apps/system-log/base/backend-deployment.yaml +++ b/apps/system-log/base/backend-deployment.yaml @@ -99,8 +99,8 @@ spec: - name: KAFKA_PEM_CERT valueFrom: secretKeyRef: - key: certificate - name: kafka-certificate + key: ca.crt + name: kafka-secret resources: requests: From 4ddaf9c7d976d27e7ce43964cea821adc661e2a6 Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 10:53:38 +0300 Subject: [PATCH 18/42] Uncomment deployment resource in contracts kustomization file --- apps/contracts/base/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/contracts/base/kustomization.yaml b/apps/contracts/base/kustomization.yaml index ec7df6a..3c22a88 100644 --- a/apps/contracts/base/kustomization.yaml +++ b/apps/contracts/base/kustomization.yaml @@ -4,5 +4,5 @@ kind: Kustomization namespace: contracts resources: - namespace.yaml -# - deployment.yaml + - deployment.yaml - service.yaml From 2e7ce311f5195cce1e24375f094de90e680313a2 Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 17 Apr 2026 12:54:05 +0500 Subject: [PATCH 19/42] fix --- apps/system-log/base/backend-deployment.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/apps/system-log/base/backend-deployment.yaml b/apps/system-log/base/backend-deployment.yaml index e024731..f72cce4 100644 --- a/apps/system-log/base/backend-deployment.yaml +++ b/apps/system-log/base/backend-deployment.yaml @@ -49,6 +49,10 @@ spec: value: "3" - name: ENABLE_SSL value: "0" + - name: KAFKA_GROUP + value: system-log-stage + - name: KAFKA_CLIENT_ID + value: system-log-stage - name: DJANGO_HOST value: http://backend.django.svc.cluster.local:8000 - name: POSTGRES_ADDRESS From 35acaa959fc1731a40e873c62dfbd8b49c5e782f Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 10:55:28 +0300 Subject: [PATCH 20/42] Update secret key reference from `db_url` to `url` in contracts deployment configuration --- apps/contracts/base/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/contracts/base/deployment.yaml b/apps/contracts/base/deployment.yaml index 6c1d0cb..52e2c1e 100644 --- a/apps/contracts/base/deployment.yaml +++ b/apps/contracts/base/deployment.yaml @@ -31,7 +31,7 @@ spec: valueFrom: secretKeyRef: name: postgresql-secrets - key: db_url + key: url - name: PUBLIC_KEY valueFrom: secretKeyRef: From b25b61a6cc043cea2a2cdb625d1c41a9159d70ae Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 17 Apr 2026 12:56:31 +0500 Subject: [PATCH 21/42] fix --- apps/system-log/base/backend-deployment.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apps/system-log/base/backend-deployment.yaml b/apps/system-log/base/backend-deployment.yaml index f72cce4..011d128 100644 --- a/apps/system-log/base/backend-deployment.yaml +++ b/apps/system-log/base/backend-deployment.yaml @@ -53,6 +53,8 @@ spec: value: system-log-stage - name: KAFKA_CLIENT_ID value: system-log-stage + - name: KAFKA_PEM_PATH + value: "/tmp" - name: DJANGO_HOST value: http://backend.django.svc.cluster.local:8000 - name: POSTGRES_ADDRESS From 848fad0cdc038f12cf41815e14fad5f90dc8d0f3 Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 17 Apr 2026 13:50:17 +0500 Subject: [PATCH 22/42] ++ --- apps/remarks/base/deployment.yaml | 33 +++++++++++++++++++++ apps/remarks/base/kustomization.yaml | 8 +++++ apps/remarks/base/namespace.yaml | 7 +++++ apps/remarks/base/service.yaml | 15 ++++++++++ apps/remarks/yc-k8s-test/kustomization.yaml | 10 +++++++ apps/remarks/yc-k8s-test/replicas.yaml | 8 +++++ clusters/yc-k8s-test/kustomization.yaml | 3 +- 7 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 apps/remarks/base/deployment.yaml create mode 100644 apps/remarks/base/kustomization.yaml create mode 100644 apps/remarks/base/namespace.yaml create mode 100644 apps/remarks/base/service.yaml create mode 100644 apps/remarks/yc-k8s-test/kustomization.yaml create mode 100644 apps/remarks/yc-k8s-test/replicas.yaml diff --git a/apps/remarks/base/deployment.yaml b/apps/remarks/base/deployment.yaml new file mode 100644 index 0000000..e60b703 --- /dev/null +++ b/apps/remarks/base/deployment.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: remarks + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + version: stable + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/remarks-frontend:wb_002f8896 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/remarks/base/kustomization.yaml b/apps/remarks/base/kustomization.yaml new file mode 100644 index 0000000..0646af2 --- /dev/null +++ b/apps/remarks/base/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: remarks +resources: + - namespace.yaml + - deployment.yaml + - service.yaml diff --git a/apps/remarks/base/namespace.yaml b/apps/remarks/base/namespace.yaml new file mode 100644 index 0000000..b2755bd --- /dev/null +++ b/apps/remarks/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: remarks + labels: + istio-injection: enabled \ No newline at end of file diff --git a/apps/remarks/base/service.yaml b/apps/remarks/base/service.yaml new file mode 100644 index 0000000..3f4cf80 --- /dev/null +++ b/apps/remarks/base/service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: remarks +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/remarks/yc-k8s-test/kustomization.yaml b/apps/remarks/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..85195ca --- /dev/null +++ b/apps/remarks/yc-k8s-test/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +patches: [] +# - path: replicas.yaml +# target: +# kind: Deployment +# name: frontend diff --git a/apps/remarks/yc-k8s-test/replicas.yaml b/apps/remarks/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..7d589d3 --- /dev/null +++ b/apps/remarks/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: remarks +spec: + replicas: 1 diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 8acc4c2..df2ed42 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -20,4 +20,5 @@ resources: - ../../apps/checklists/yc-k8s-test - ../../apps/subscriptions/yc-k8s-test - ../../apps/inspections/yc-k8s-test - - ../../apps/system-log/yc-k8s-test \ No newline at end of file + - ../../apps/system-log/yc-k8s-test + - ../../apps/remarks/yc-k8s-test \ No newline at end of file From 08e8cd9fef5876966966301d136dd1d97511096c Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 11:59:51 +0300 Subject: [PATCH 23/42] Add Notes app with backend, frontend, services, namespace, ConfigMap, and PostgreSQL configuration in yc-k8s-test --- apps/notes/base/backend-deployment.yaml | 102 ++++++++++++++++++++ apps/notes/base/backend-service.yaml | 15 +++ apps/notes/base/frontend-deployment.yaml | 58 ++++++++++++ apps/notes/base/frontend-service.yaml | 15 +++ apps/notes/base/kustomization.yaml | 11 +++ apps/notes/base/namespace.yaml | 7 ++ apps/notes/base/nginx-configmap.yaml | 47 +++++++++ apps/notes/yc-k8s-test/kustomization.yaml | 11 +++ apps/notes/yc-k8s-test/postgresql.yaml | 110 ++++++++++++++++++++++ apps/notes/yc-k8s-test/replicas.yaml | 8 ++ clusters/yc-k8s-test/kustomization.yaml | 3 +- 11 files changed, 386 insertions(+), 1 deletion(-) create mode 100644 apps/notes/base/backend-deployment.yaml create mode 100644 apps/notes/base/backend-service.yaml create mode 100644 apps/notes/base/frontend-deployment.yaml create mode 100644 apps/notes/base/frontend-service.yaml create mode 100644 apps/notes/base/kustomization.yaml create mode 100644 apps/notes/base/namespace.yaml create mode 100644 apps/notes/base/nginx-configmap.yaml create mode 100644 apps/notes/yc-k8s-test/kustomization.yaml create mode 100644 apps/notes/yc-k8s-test/postgresql.yaml create mode 100644 apps/notes/yc-k8s-test/replicas.yaml diff --git a/apps/notes/base/backend-deployment.yaml b/apps/notes/base/backend-deployment.yaml new file mode 100644 index 0000000..5e35478 --- /dev/null +++ b/apps/notes/base/backend-deployment.yaml @@ -0,0 +1,102 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: notes + labels: + app: backend +spec: + replicas: 2 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + service: main + spec: + containers: + - name: main + image: cr.yandex/crp3ccidau046kdj8g9q/notes-backend:production_81366854 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: PG_SSL_MODE + value: verify-full + - name: DJANGO_HOST + value: https://lk.sarex.io + - name: BASE_HOST + value: https://api.sarex.io/notes + - name: TIMEOUT + value: "120" + - name: FAAS_SERVICE + value: https://api.sarex.io/lambdas + - name: WORKSPACE_URL + value: https://api.sarex.io/workspaces/api/v1 + - name: WORKFLOW_HOST + value: https://api.sarex.io/workflows/api/v1 + - name: WORKFLOW_TAG + value: stable + - name: RESOURCE_URL + value: https://api.sarex.io/resources/api/v1 + - name: SYNC_RESOURCE_ID + value: "0" + - name: ENABLE_ND + value: "0" + - name: ATTACHMENT_HOST + value: http://attachments-service.attachments.svc.cluster.local:80/api/v1 + - name: PG_PORT + value: "6432" + - name: PG_DB + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: database + - name: PG_LOGIN + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: username + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: password + - name: PG_HOST + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: host + - name: DJANGO_TOKEN + valueFrom: + secretKeyRef: + name: django-secret + key: token + resources: + limits: + cpu: "2" + memory: 1Gi + requests: + cpu: "1" + memory: 512Mi + livenessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 10 + periodSeconds: 60 + failureThreshold: 10 + readinessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 20 + imagePullSecrets: + - name: regcred diff --git a/apps/notes/base/backend-service.yaml b/apps/notes/base/backend-service.yaml new file mode 100644 index 0000000..7a70542 --- /dev/null +++ b/apps/notes/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-service + namespace: notes +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 8000 + targetPort: 8000 + protocol: TCP diff --git a/apps/notes/base/frontend-deployment.yaml b/apps/notes/base/frontend-deployment.yaml new file mode 100644 index 0000000..301ac8d --- /dev/null +++ b/apps/notes/base/frontend-deployment.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: notes + labels: + app: frontend +spec: + replicas: 2 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + service: frontend + spec: + volumes: + - name: nginx-configmap + configMap: + name: nginx-configmap + items: + - key: nginx.conf + path: nginx.conf + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/notes-frontend:production_0cb0909f + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - name: nginx-configmap + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + livenessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 10 + readinessProbe: + httpGet: + path: /ping + port: 80 + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 20 + imagePullSecrets: + - name: regcred diff --git a/apps/notes/base/frontend-service.yaml b/apps/notes/base/frontend-service.yaml new file mode 100644 index 0000000..4e12102 --- /dev/null +++ b/apps/notes/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: notes +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/notes/base/kustomization.yaml b/apps/notes/base/kustomization.yaml new file mode 100644 index 0000000..a957458 --- /dev/null +++ b/apps/notes/base/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: notes +resources: + - namespace.yaml +# - backend-deployment.yaml + - backend-service.yaml + - frontend-deployment.yaml + - frontend-service.yaml + - nginx-configmap.yaml diff --git a/apps/notes/base/namespace.yaml b/apps/notes/base/namespace.yaml new file mode 100644 index 0000000..72085ff --- /dev/null +++ b/apps/notes/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: notes + labels: + istio-injection: enabled diff --git a/apps/notes/base/nginx-configmap.yaml b/apps/notes/base/nginx-configmap.yaml new file mode 100644 index 0000000..c12bafb --- /dev/null +++ b/apps/notes/base/nginx-configmap.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-configmap + namespace: notes +data: + nginx.conf: | + user nginx; + worker_processes auto; + + error_log stderr warn; + pid /var/run/nginx.pid; + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /dev/stdout main; + + sendfile on; + + keepalive_timeout 65; + + gzip on; + + server { + client_header_buffer_size 16k; + large_client_header_buffers 4 16k; + listen 80; + server_name localhost; + root /dist; + expires off; + + location = /ping { + return 200 '{"result": "ok"}'; + } + } + } diff --git a/apps/notes/yc-k8s-test/kustomization.yaml b/apps/notes/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..ffc9d1c --- /dev/null +++ b/apps/notes/yc-k8s-test/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] +# - path: replicas.yaml +# target: +# kind: Deployment +# name: backend diff --git a/apps/notes/yc-k8s-test/postgresql.yaml b/apps/notes/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..cbf1547 --- /dev/null +++ b/apps/notes/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: notes +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: notes_db + user: notes + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/apps/notes/yc-k8s-test/replicas.yaml b/apps/notes/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..3c20467 --- /dev/null +++ b/apps/notes/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: notes +spec: + replicas: 2 diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index df2ed42..7db396f 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -21,4 +21,5 @@ resources: - ../../apps/subscriptions/yc-k8s-test - ../../apps/inspections/yc-k8s-test - ../../apps/system-log/yc-k8s-test - - ../../apps/remarks/yc-k8s-test \ No newline at end of file + - ../../apps/remarks/yc-k8s-test + - ../../apps/notes/yc-k8s-test \ No newline at end of file From 930fbc5044fb0a58048ad34e0ab1e856fbb4e211 Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 12:01:32 +0300 Subject: [PATCH 24/42] Reduce frontend deployment replicas from 2 to 1 in Notes app configuration --- apps/notes/base/frontend-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/notes/base/frontend-deployment.yaml b/apps/notes/base/frontend-deployment.yaml index 301ac8d..2cd1a60 100644 --- a/apps/notes/base/frontend-deployment.yaml +++ b/apps/notes/base/frontend-deployment.yaml @@ -7,7 +7,7 @@ metadata: labels: app: frontend spec: - replicas: 2 + replicas: 1 selector: matchLabels: app: frontend From 563e8ae54fdc014624957205ceb0e35760c4c50c Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 12:10:34 +0300 Subject: [PATCH 25/42] Add memory resource requests to PostgreSQL configurations and remove resource limits from backend deployment in Notes app --- apps/comparisons/yc-k8s-test/postgresql.yaml | 3 +++ apps/contracts/yc-k8s-test/postgresql.yaml | 3 +++ apps/drawings/yc-k8s-test/postgresql.yaml | 3 +++ apps/notes/base/backend-deployment.yaml | 3 --- apps/notes/yc-k8s-test/postgresql.yaml | 3 +++ 5 files changed, 12 insertions(+), 3 deletions(-) diff --git a/apps/comparisons/yc-k8s-test/postgresql.yaml b/apps/comparisons/yc-k8s-test/postgresql.yaml index f45515d..163ed2f 100644 --- a/apps/comparisons/yc-k8s-test/postgresql.yaml +++ b/apps/comparisons/yc-k8s-test/postgresql.yaml @@ -89,6 +89,9 @@ spec: timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 + resources: + requests: + memory: 512Mi nodeSelector: dedicated: db tolerations: diff --git a/apps/contracts/yc-k8s-test/postgresql.yaml b/apps/contracts/yc-k8s-test/postgresql.yaml index 3ef1876..b04d0dc 100644 --- a/apps/contracts/yc-k8s-test/postgresql.yaml +++ b/apps/contracts/yc-k8s-test/postgresql.yaml @@ -56,6 +56,9 @@ spec: persistence: storageClass: local-path size: 20Gi + resources: + requests: + memory: 512Mi customLivenessProbe: exec: command: diff --git a/apps/drawings/yc-k8s-test/postgresql.yaml b/apps/drawings/yc-k8s-test/postgresql.yaml index 7fbaace..9c84f6b 100644 --- a/apps/drawings/yc-k8s-test/postgresql.yaml +++ b/apps/drawings/yc-k8s-test/postgresql.yaml @@ -89,6 +89,9 @@ spec: timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 + resources: + requests: + memory: 512Mi nodeSelector: dedicated: db tolerations: diff --git a/apps/notes/base/backend-deployment.yaml b/apps/notes/base/backend-deployment.yaml index 5e35478..c337154 100644 --- a/apps/notes/base/backend-deployment.yaml +++ b/apps/notes/base/backend-deployment.yaml @@ -78,9 +78,6 @@ spec: name: django-secret key: token resources: - limits: - cpu: "2" - memory: 1Gi requests: cpu: "1" memory: 512Mi diff --git a/apps/notes/yc-k8s-test/postgresql.yaml b/apps/notes/yc-k8s-test/postgresql.yaml index cbf1547..76ae62d 100644 --- a/apps/notes/yc-k8s-test/postgresql.yaml +++ b/apps/notes/yc-k8s-test/postgresql.yaml @@ -56,6 +56,9 @@ spec: persistence: storageClass: local-path size: 20Gi + resources: + requests: + memory: 512Mi customLivenessProbe: exec: command: From f8dcdfb8103304461af057e58a8430b70c138183 Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 12:12:34 +0300 Subject: [PATCH 26/42] Uncomment backend deployment resource in Notes app kustomization file --- apps/notes/base/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/notes/base/kustomization.yaml b/apps/notes/base/kustomization.yaml index a957458..4758015 100644 --- a/apps/notes/base/kustomization.yaml +++ b/apps/notes/base/kustomization.yaml @@ -4,7 +4,7 @@ kind: Kustomization namespace: notes resources: - namespace.yaml -# - backend-deployment.yaml + - backend-deployment.yaml - backend-service.yaml - frontend-deployment.yaml - frontend-service.yaml From 3a2a76fbfec35a24294e2037ac26acf1b1f73cf0 Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 12:12:51 +0300 Subject: [PATCH 27/42] Scale down backend deployment replicas to 0 in Notes app configuration --- apps/notes/base/backend-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/notes/base/backend-deployment.yaml b/apps/notes/base/backend-deployment.yaml index c337154..2f5f5cf 100644 --- a/apps/notes/base/backend-deployment.yaml +++ b/apps/notes/base/backend-deployment.yaml @@ -7,7 +7,7 @@ metadata: labels: app: backend spec: - replicas: 2 + replicas: 0 selector: matchLabels: app: backend From 1b5763e05435029dd76a4fe839bf35891b9e37e5 Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 12:18:23 +0300 Subject: [PATCH 28/42] Update Notes app backend deployment: scale replicas to 1, disable PG SSL, fix port, and update secret key reference --- apps/notes/base/backend-deployment.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/apps/notes/base/backend-deployment.yaml b/apps/notes/base/backend-deployment.yaml index 2f5f5cf..6403723 100644 --- a/apps/notes/base/backend-deployment.yaml +++ b/apps/notes/base/backend-deployment.yaml @@ -7,7 +7,7 @@ metadata: labels: app: backend spec: - replicas: 0 + replicas: 1 selector: matchLabels: app: backend @@ -27,7 +27,7 @@ spec: protocol: TCP env: - name: PG_SSL_MODE - value: verify-full + value: 'disable' - name: DJANGO_HOST value: https://lk.sarex.io - name: BASE_HOST @@ -51,7 +51,7 @@ spec: - name: ATTACHMENT_HOST value: http://attachments-service.attachments.svc.cluster.local:80/api/v1 - name: PG_PORT - value: "6432" + value: "5432" - name: PG_DB valueFrom: secretKeyRef: @@ -71,7 +71,7 @@ spec: valueFrom: secretKeyRef: name: postgresql-secrets - key: host + key: hostname - name: DJANGO_TOKEN valueFrom: secretKeyRef: From a1072c853888980f6a1a4541ae183349853db39e Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 12:24:18 +0300 Subject: [PATCH 29/42] Comment out `PG_SSL_MODE` environment variable in Notes app backend deployment configuration --- apps/notes/base/backend-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/notes/base/backend-deployment.yaml b/apps/notes/base/backend-deployment.yaml index 6403723..382e5f5 100644 --- a/apps/notes/base/backend-deployment.yaml +++ b/apps/notes/base/backend-deployment.yaml @@ -26,8 +26,8 @@ spec: containerPort: 8000 protocol: TCP env: - - name: PG_SSL_MODE - value: 'disable' +# - name: PG_SSL_MODE +# value: 'disable' - name: DJANGO_HOST value: https://lk.sarex.io - name: BASE_HOST From 2d46a2f1cff86de3d67fcd7dc202b822d67dcb2a Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 12:27:28 +0300 Subject: [PATCH 30/42] Enable `PG_SSL_MODE` with `verify-full` in Notes app backend deployment configuration --- apps/notes/base/backend-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/notes/base/backend-deployment.yaml b/apps/notes/base/backend-deployment.yaml index 382e5f5..5e696a6 100644 --- a/apps/notes/base/backend-deployment.yaml +++ b/apps/notes/base/backend-deployment.yaml @@ -26,8 +26,8 @@ spec: containerPort: 8000 protocol: TCP env: -# - name: PG_SSL_MODE -# value: 'disable' + - name: PG_SSL_MODE + value: verify-full - name: DJANGO_HOST value: https://lk.sarex.io - name: BASE_HOST From af53d99607f47f0cdf1f46a673860920790f1b9c Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 12:37:45 +0300 Subject: [PATCH 31/42] Remove liveness and readiness probes from Notes app backend deployment configuration --- apps/notes/base/backend-deployment.yaml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/apps/notes/base/backend-deployment.yaml b/apps/notes/base/backend-deployment.yaml index 5e696a6..ddf3111 100644 --- a/apps/notes/base/backend-deployment.yaml +++ b/apps/notes/base/backend-deployment.yaml @@ -81,19 +81,5 @@ spec: requests: cpu: "1" memory: 512Mi - livenessProbe: - httpGet: - path: /ping - port: 8000 - initialDelaySeconds: 10 - periodSeconds: 60 - failureThreshold: 10 - readinessProbe: - httpGet: - path: /ping - port: 8000 - initialDelaySeconds: 5 - periodSeconds: 5 - failureThreshold: 20 imagePullSecrets: - name: regcred From c08493c4dff1055aaf333e23edfcd0d5be00821d Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 13:46:18 +0300 Subject: [PATCH 32/42] Add PM app with backend, Celery, services, namespace, ConfigMap, and PostgreSQL configuration in yc-k8s-test --- apps/pm/base/backend-configmap.yaml | 30 +++++++ apps/pm/base/backend-deployment.yaml | 102 +++++++++++++++++++++ apps/pm/base/backend-service.yaml | 15 ++++ apps/pm/base/celery-deployment.yaml | 106 ++++++++++++++++++++++ apps/pm/base/kustomization.yaml | 12 +++ apps/pm/base/namespace.yaml | 7 ++ apps/pm/yc-k8s-test/kustomization.yaml | 7 ++ apps/pm/yc-k8s-test/postgresql.yaml | 113 ++++++++++++++++++++++++ clusters/yc-k8s-test/kustomization.yaml | 3 +- 9 files changed, 394 insertions(+), 1 deletion(-) create mode 100644 apps/pm/base/backend-configmap.yaml create mode 100644 apps/pm/base/backend-deployment.yaml create mode 100644 apps/pm/base/backend-service.yaml create mode 100644 apps/pm/base/celery-deployment.yaml create mode 100644 apps/pm/base/kustomization.yaml create mode 100644 apps/pm/base/namespace.yaml create mode 100644 apps/pm/yc-k8s-test/kustomization.yaml create mode 100644 apps/pm/yc-k8s-test/postgresql.yaml diff --git a/apps/pm/base/backend-configmap.yaml b/apps/pm/base/backend-configmap.yaml new file mode 100644 index 0000000..613257c --- /dev/null +++ b/apps/pm/base/backend-configmap.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: backend-configmap + namespace: pm +data: + uwsgi.ini: | + [uwsgi] + log-format = {"time": "%(time)", "method": "%(method)", "uri": "%(uri)", "status": "%(status)", "size": "%(size)", "addr": "%(addr)", "user": "%(user)", "proto": "%(proto)", "user_agent": "%(uagent)", "referer": "%(referer)", "trace_id": "%(trace_id)", "span_id": "%(span_id)"} + module = config.wsgi:application + DJANGO_SETTINGS_MODULE = config.settings.base + http = 0.0.0.0:8000 + processes = 8 + master = true + vacuum = true + enable-threads = true + buffer-size = 65535 + stats = :3031 + stats-http = true + memory-report = true + lazy-apps = true + listen = 1024 + disable-write-exception= 0 + harakiri = 300 + socket-timeout = 300 + chunked-input-timeout = 300 + http-timeout = 300 + worker-reload-mercy = 240 + mule-reload-mercy = 240 diff --git a/apps/pm/base/backend-deployment.yaml b/apps/pm/base/backend-deployment.yaml new file mode 100644 index 0000000..101bfc7 --- /dev/null +++ b/apps/pm/base/backend-deployment.yaml @@ -0,0 +1,102 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: pm + labels: + app: backend +spec: + replicas: 1 + selector: + matchLabels: + app: backend + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 5 + maxUnavailable: 5 + template: + metadata: + labels: + app: backend + monitoring: prometheus + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - backend + topologyKey: kubernetes.io/hostname + containers: + - name: backend + image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_c54c2123 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: USERS_INTERNAL_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: RESOURCES_INTERNAL_HOST + value: http://resources-service.resources.svc.cluster.local:8000 + - name: EAV_HOST + value: http://eav-service.eav.svc.cluster.local:8000 + - name: EAV_API_PREFIX + value: /api/v0 + - name: EAV_API_PREFIX_V1 + value: /api/v1 + resources: + requests: + cpu: 100m + memory: 256Mi + volumeMounts: + - name: uwsgi-configmap + mountPath: /opt/sarex/uwsgi.ini + subPath: uwsgi.ini + - name: env-file + mountPath: /opt/sarex/.env + subPath: .env + - name: tmp-volume + mountPath: /tmp + - name: kafka-cert-volume + mountPath: /usr/local/share/ca-certificates + livenessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 10 + periodSeconds: 60 + failureThreshold: 10 + readinessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 20 + volumes: + - name: tmp-volume + emptyDir: {} + - name: uwsgi-configmap + configMap: + name: backend-configmap + defaultMode: 420 + items: + - key: uwsgi.ini + path: uwsgi.ini + - name: env-file + secret: + secretName: sarex-env + defaultMode: 420 + - name: kafka-cert-volume + configMap: + name: kafka-cert + defaultMode: 420 + imagePullSecrets: + - name: regcred diff --git a/apps/pm/base/backend-service.yaml b/apps/pm/base/backend-service.yaml new file mode 100644 index 0000000..69f6c27 --- /dev/null +++ b/apps/pm/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-service + namespace: pm +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 8000 + targetPort: 8000 + protocol: TCP diff --git a/apps/pm/base/celery-deployment.yaml b/apps/pm/base/celery-deployment.yaml new file mode 100644 index 0000000..0f20673 --- /dev/null +++ b/apps/pm/base/celery-deployment.yaml @@ -0,0 +1,106 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: celery + namespace: pm + labels: + app: celery +spec: + replicas: 1 + selector: + matchLabels: + app: celery + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 5 + maxUnavailable: 5 + template: + metadata: + labels: + app: celery + monitoring: prometheus + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - backend + topologyKey: kubernetes.io/hostname + containers: + - name: celery + image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_c54c2123 + imagePullPolicy: IfNotPresent + command: + - celery + - -A + - config + - worker + - -B + - -l + - info + - -E + - -Q + - pm + - -n + - default_worker.%h + - --concurrency=2 + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: PLANNING_HOST + value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp + - name: PLANNING_USE + value: "True" + - name: USERS_INTERNAL_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: RESOURCES_INTERNAL_HOST + value: http://resources-service.resources.svc.cluster.local:8000 + - name: EAV_HOST + value: http://eav-service.eav.svc.cluster.local:8000 + - name: EAV_API_PREFIX + value: /api/v0 + - name: EAV_API_PREFIX_V1 + value: /api/v1 + resources: + requests: + cpu: 100m + memory: 256Mi + volumeMounts: + - name: uwsgi-configmap + mountPath: /opt/sarex/uwsgi.ini + subPath: uwsgi.ini + - name: env-file + mountPath: /opt/sarex/.env + subPath: .env + - name: tmp-volume + mountPath: /tmp + - name: kafka-cert-volume + mountPath: /usr/local/share/ca-certificates + volumes: + - name: tmp-volume + emptyDir: {} + - name: uwsgi-configmap + configMap: + name: backend-configmap + defaultMode: 420 + items: + - key: uwsgi.ini + path: uwsgi.ini + - name: env-file + secret: + secretName: sarex-env + defaultMode: 420 + - name: kafka-cert-volume + configMap: + name: kafka-cert + defaultMode: 420 + imagePullSecrets: + - name: regcred diff --git a/apps/pm/base/kustomization.yaml b/apps/pm/base/kustomization.yaml new file mode 100644 index 0000000..0d108dc --- /dev/null +++ b/apps/pm/base/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: pm +resources: + - namespace.yaml +# - backend-deployment.yaml + - backend-service.yaml +# - celery-deployment.yaml +# - redis-deployment.yaml +# - redis-service.yaml + - backend-configmap.yaml diff --git a/apps/pm/base/namespace.yaml b/apps/pm/base/namespace.yaml new file mode 100644 index 0000000..2c1e797 --- /dev/null +++ b/apps/pm/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: pm + labels: + istio-injection: enabled diff --git a/apps/pm/yc-k8s-test/kustomization.yaml b/apps/pm/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..5ee3750 --- /dev/null +++ b/apps/pm/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +# - postgresql.yaml +patches: [] diff --git a/apps/pm/yc-k8s-test/postgresql.yaml b/apps/pm/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..4d670e3 --- /dev/null +++ b/apps/pm/yc-k8s-test/postgresql.yaml @@ -0,0 +1,113 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: pm +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + resources: + requests: + memory: 512Mi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements,ltree" + databases: + - name: pm_db + user: pm + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 7db396f..bd67acc 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -22,4 +22,5 @@ resources: - ../../apps/inspections/yc-k8s-test - ../../apps/system-log/yc-k8s-test - ../../apps/remarks/yc-k8s-test - - ../../apps/notes/yc-k8s-test \ No newline at end of file + - ../../apps/notes/yc-k8s-test + - ../../apps/pm/yc-k8s-test \ No newline at end of file From 5c401a37d13a15d7f4a53a18ce997e7064f222db Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 14:21:20 +0300 Subject: [PATCH 33/42] Update PM app backend and Celery deployments: add environment variables, configure secrets, update resource requests, and modify image version --- apps/pm/base/backend-deployment.yaml | 351 ++++++++++++++++++++++----- apps/pm/base/celery-deployment.yaml | 347 +++++++++++++++++++++----- apps/pm/base/kustomization.yaml | 2 - 3 files changed, 574 insertions(+), 126 deletions(-) diff --git a/apps/pm/base/backend-deployment.yaml b/apps/pm/base/backend-deployment.yaml index 101bfc7..b69d185 100644 --- a/apps/pm/base/backend-deployment.yaml +++ b/apps/pm/base/backend-deployment.yaml @@ -6,97 +6,318 @@ metadata: namespace: pm labels: app: backend + service: api spec: replicas: 1 selector: matchLabels: app: backend - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 5 - maxUnavailable: 5 template: metadata: labels: app: backend - monitoring: prometheus + service: api spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - backend - topologyKey: kubernetes.io/hostname + volumes: + - name: ch-cert + configMap: + name: ch-cert + items: + - key: CA.pem + path: RootCA.crt + defaultMode: 420 containers: - - name: backend - image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_c54c2123 + - name: api + image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_0843a55d imagePullPolicy: IfNotPresent ports: - name: http containerPort: 8000 protocol: TCP env: + - name: K8S_POD_UID + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.uid + - name: K8S_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: K8S_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: OTEL_RESOURCE_ATTRIBUTES + value: >- + k8s.pod.uid=$(K8S_POD_UID),k8s.pod.name=$(K8S_POD_NAME),k8s.namespace.name=$(K8S_NAMESPACE) - name: USERS_INTERNAL_HOST - value: http://backend.django.svc.cluster.local:8000 + value: http://backend-service.sarex.svc.cluster.local:8000 + - name: CELERY_REDIS_HOST + value: redis-service.pm.svc.cluster.local - name: RESOURCES_INTERNAL_HOST - value: http://resources-service.resources.svc.cluster.local:8000 + value: http://sarex-resources-service.resources - name: EAV_HOST - value: http://eav-service.eav.svc.cluster.local:8000 + value: http://eav-service.eav - name: EAV_API_PREFIX value: /api/v0 - name: EAV_API_PREFIX_V1 value: /api/v1 + - name: TRACING_ENDPOINT + value: signoz-otel-collector-external.signoz.svc.cluster.local:4317 + - name: TRACING_INSECURE + value: "True" + - name: SERVER_ENABLE_SYNC_RESOURCES + value: "True" + - name: SERVER_DELETED_TASK_MAX_AGE_DAYS + value: "1" + - name: SERVER_EXPIRED_TASK_NOTIFICATION_HOUR + value: "17" + - name: LANG + value: C.UTF-8 + - name: LC_ALL + value: C.UTF-8 + - name: PYTHONUTF8 + value: "1" + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: password + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: database + - name: DB_HOST + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: port + - name: S3_HOST + valueFrom: + secretKeyRef: + name: ya-s3-secret-pm + key: host + - name: S3_LOGIN + valueFrom: + secretKeyRef: + name: ya-s3-secret-pm + key: login + - name: S3_PASSWORD + valueFrom: + secretKeyRef: + name: ya-s3-secret-pm + key: password + - name: S3_BUCKET + valueFrom: + secretKeyRef: + name: ya-s3-secret-pm + key: bucket + - name: CACHE_HOST + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: host + - name: CACHE_PORT + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: port + - name: CACHE_PASSWORD + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: password + - name: CACHE_SSL + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: ssl + - name: CACHE_SSL_CA_CERTS + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: ssl_ca_certs + - name: CACHE_ENABLE + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: enable + - name: CLICKHOUSE_HOST + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: host + - name: CLICKHOUSE_PORT + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: port + - name: CLICKHOUSE_USER + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: user + - name: CLICKHOUSE_PASSWORD + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: password + - name: CLICKHOUSE_DATABASE + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: database + - name: CLICKHOUSE_TABLE + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: table + - name: CLICKHOUSE_SECURE + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: secure + - name: CLICKHOUSE_VERIFY + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: verify + - name: CLICKHOUSE_CERT + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: cert + - name: CLICKHOUSE_ENABLE + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: enable + - name: KAFKA_ENABLE + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: enable + - name: KAFKA_BOOTSTRAP_SERVERS + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: bootstrap_servers + - name: KAFKA_SECURITY_PROTOCOL + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: security_protocol + - name: KAFKA_SASL_MECHANISM + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: sasl_mechanism + - name: KAFKA_SASL_PLAIN_USERNAME + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: sasl_username + - name: KAFKA_SASL_PLAIN_PASSWORD + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: sasl_password + - name: KAFKA_SSL_CAFILE + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: ssl_cafile + - name: KAFKA_TOPICS + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: topics + - name: CELERY_RABBITMQ_HOST + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: host + - name: CELERY_RABBITMQ_PORT + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: port + - name: CELERY_RABBITMQ_USER + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: user + - name: CELERY_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: password + - name: CELERY_RABBITMQ_VHOST + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: vhost + - name: AUTH_PUBLIC_TOKEN_URL + valueFrom: + secretKeyRef: + name: server-secret-pm + key: auth_public_token_url + - name: SERVER_HOST + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_host + - name: SERVER_API_HOST + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_api_host + - name: SERVER_DEBUG + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_debug + - name: SERVER_ALLOWED_HOSTS + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_allowed_hosts + - name: SERVER_USE_OTEL + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_use_otel + - name: SERVER_VERIFY_SSL + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_verify_ssl + - name: SERVER_LOG_LEVEL + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_log_level resources: requests: - cpu: 100m - memory: 256Mi + cpu: "1" + memory: 1Gi volumeMounts: - - name: uwsgi-configmap - mountPath: /opt/sarex/uwsgi.ini - subPath: uwsgi.ini - - name: env-file - mountPath: /opt/sarex/.env - subPath: .env - - name: tmp-volume - mountPath: /tmp - - name: kafka-cert-volume - mountPath: /usr/local/share/ca-certificates - livenessProbe: - httpGet: - path: /ping - port: 8000 - initialDelaySeconds: 10 - periodSeconds: 60 - failureThreshold: 10 - readinessProbe: - httpGet: - path: /ping - port: 8000 - initialDelaySeconds: 5 - periodSeconds: 5 - failureThreshold: 20 - volumes: - - name: tmp-volume - emptyDir: {} - - name: uwsgi-configmap - configMap: - name: backend-configmap - defaultMode: 420 - items: - - key: uwsgi.ini - path: uwsgi.ini - - name: env-file - secret: - secretName: sarex-env - defaultMode: 420 - - name: kafka-cert-volume - configMap: - name: kafka-cert - defaultMode: 420 + - name: ch-cert + readOnly: true + mountPath: /root/clickhouse imagePullSecrets: - name: regcred diff --git a/apps/pm/base/celery-deployment.yaml b/apps/pm/base/celery-deployment.yaml index 0f20673..51aaeed 100644 --- a/apps/pm/base/celery-deployment.yaml +++ b/apps/pm/base/celery-deployment.yaml @@ -6,101 +6,330 @@ metadata: namespace: pm labels: app: celery + service: celery spec: replicas: 1 selector: matchLabels: app: celery - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 5 - maxUnavailable: 5 template: metadata: labels: app: celery - monitoring: prometheus + service: celery spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - backend - topologyKey: kubernetes.io/hostname + volumes: + - name: ch-cert + configMap: + name: ch-cert + items: + - key: CA.pem + path: RootCA.crt + defaultMode: 420 containers: - name: celery - image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_c54c2123 + image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_0843a55d imagePullPolicy: IfNotPresent command: - celery - - -A + - "-A" - config - worker - - -B - - -l + - "-B" + - "-l" - info - - -E - - -Q + - "-E" + - "-Q" - pm - - -n + - "-n" - default_worker.%h - - --concurrency=2 + - "--concurrency=2" ports: - name: http containerPort: 8000 protocol: TCP env: - - name: PLANNING_HOST - value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp - - name: PLANNING_USE - value: "True" + - name: K8S_POD_UID + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.uid + - name: K8S_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: K8S_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: OTEL_RESOURCE_ATTRIBUTES + value: >- + k8s.pod.uid=$(K8S_POD_UID),k8s.pod.name=$(K8S_POD_NAME),k8s.namespace.name=$(K8S_NAMESPACE) - name: USERS_INTERNAL_HOST - value: http://backend.django.svc.cluster.local:8000 + value: http://backend-service.sarex.svc.cluster.local:8000 + - name: CELERY_REDIS_HOST + value: redis-service.pm.svc.cluster.local - name: RESOURCES_INTERNAL_HOST - value: http://resources-service.resources.svc.cluster.local:8000 + value: http://sarex-resources-service.resources - name: EAV_HOST - value: http://eav-service.eav.svc.cluster.local:8000 + value: http://eav-service.eav - name: EAV_API_PREFIX value: /api/v0 - name: EAV_API_PREFIX_V1 value: /api/v1 + - name: TRACING_ENDPOINT + value: signoz-otel-collector-external.signoz.svc.cluster.local:4317 + - name: TRACING_INSECURE + value: "True" + - name: SERVER_ENABLE_SYNC_RESOURCES + value: "True" + - name: SERVER_DELETED_TASK_MAX_AGE_DAYS + value: "1" + - name: SERVER_EXPIRED_TASK_NOTIFICATION_HOUR + value: "17" + - name: LANG + value: C.UTF-8 + - name: LC_ALL + value: C.UTF-8 + - name: PYTHONUTF8 + value: "1" + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: password + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: database + - name: DB_HOST + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: port + - name: S3_HOST + valueFrom: + secretKeyRef: + name: ya-s3-secret-pm + key: host + - name: S3_LOGIN + valueFrom: + secretKeyRef: + name: ya-s3-secret-pm + key: login + - name: S3_PASSWORD + valueFrom: + secretKeyRef: + name: ya-s3-secret-pm + key: password + - name: S3_BUCKET + valueFrom: + secretKeyRef: + name: ya-s3-secret-pm + key: bucket + - name: CACHE_HOST + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: host + - name: CACHE_PORT + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: port + - name: CACHE_PASSWORD + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: password + - name: CACHE_SSL + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: ssl + - name: CACHE_SSL_CA_CERTS + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: ssl_ca_certs + - name: CACHE_ENABLE + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: enable + - name: CLICKHOUSE_HOST + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: host + - name: CLICKHOUSE_PORT + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: port + - name: CLICKHOUSE_USER + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: user + - name: CLICKHOUSE_PASSWORD + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: password + - name: CLICKHOUSE_DATABASE + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: database + - name: CLICKHOUSE_TABLE + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: table + - name: CLICKHOUSE_SECURE + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: secure + - name: CLICKHOUSE_VERIFY + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: verify + - name: CLICKHOUSE_CERT + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: cert + - name: CLICKHOUSE_ENABLE + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: enable + - name: KAFKA_ENABLE + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: enable + - name: KAFKA_BOOTSTRAP_SERVERS + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: bootstrap_servers + - name: KAFKA_SECURITY_PROTOCOL + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: security_protocol + - name: KAFKA_SASL_MECHANISM + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: sasl_mechanism + - name: KAFKA_SASL_PLAIN_USERNAME + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: sasl_username + - name: KAFKA_SASL_PLAIN_PASSWORD + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: sasl_password + - name: KAFKA_SSL_CAFILE + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: ssl_cafile + - name: KAFKA_TOPICS + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: topics + - name: CELERY_RABBITMQ_HOST + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: host + - name: CELERY_RABBITMQ_PORT + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: port + - name: CELERY_RABBITMQ_USER + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: user + - name: CELERY_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: password + - name: CELERY_RABBITMQ_VHOST + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: vhost + - name: AUTH_PUBLIC_TOKEN_URL + valueFrom: + secretKeyRef: + name: server-secret-pm + key: auth_public_token_url + - name: SERVER_HOST + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_host + - name: SERVER_API_HOST + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_api_host + - name: SERVER_DEBUG + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_debug + - name: SERVER_ALLOWED_HOSTS + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_allowed_hosts + - name: SERVER_USE_OTEL + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_use_otel + - name: SERVER_VERIFY_SSL + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_verify_ssl + - name: SERVER_LOG_LEVEL + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_log_level resources: requests: - cpu: 100m - memory: 256Mi + memory: 1Gi volumeMounts: - - name: uwsgi-configmap - mountPath: /opt/sarex/uwsgi.ini - subPath: uwsgi.ini - - name: env-file - mountPath: /opt/sarex/.env - subPath: .env - name: tmp-volume mountPath: /tmp - - name: kafka-cert-volume - mountPath: /usr/local/share/ca-certificates - volumes: - - name: tmp-volume - emptyDir: {} - - name: uwsgi-configmap - configMap: - name: backend-configmap - defaultMode: 420 - items: - - key: uwsgi.ini - path: uwsgi.ini - - name: env-file - secret: - secretName: sarex-env - defaultMode: 420 - - name: kafka-cert-volume - configMap: - name: kafka-cert - defaultMode: 420 imagePullSecrets: - name: regcred diff --git a/apps/pm/base/kustomization.yaml b/apps/pm/base/kustomization.yaml index 0d108dc..caafb76 100644 --- a/apps/pm/base/kustomization.yaml +++ b/apps/pm/base/kustomization.yaml @@ -7,6 +7,4 @@ resources: # - backend-deployment.yaml - backend-service.yaml # - celery-deployment.yaml -# - redis-deployment.yaml -# - redis-service.yaml - backend-configmap.yaml From 4e50baf4659be68b8783b8775ec3ed93d83e7c8a Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 14:50:41 +0300 Subject: [PATCH 34/42] Enable PostgreSQL configuration in `yc-k8s-test` kustomization and reorder memory resource requests --- apps/pm/yc-k8s-test/kustomization.yaml | 2 +- apps/pm/yc-k8s-test/postgresql.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/apps/pm/yc-k8s-test/kustomization.yaml b/apps/pm/yc-k8s-test/kustomization.yaml index 5ee3750..e601931 100644 --- a/apps/pm/yc-k8s-test/kustomization.yaml +++ b/apps/pm/yc-k8s-test/kustomization.yaml @@ -3,5 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../base -# - postgresql.yaml + - postgresql.yaml patches: [] diff --git a/apps/pm/yc-k8s-test/postgresql.yaml b/apps/pm/yc-k8s-test/postgresql.yaml index 4d670e3..c7ec8be 100644 --- a/apps/pm/yc-k8s-test/postgresql.yaml +++ b/apps/pm/yc-k8s-test/postgresql.yaml @@ -56,9 +56,6 @@ spec: persistence: storageClass: local-path size: 20Gi - resources: - requests: - memory: 512Mi customLivenessProbe: exec: command: @@ -92,6 +89,9 @@ spec: timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 + resources: + requests: + memory: 512Mi nodeSelector: dedicated: db tolerations: From 40fb6272024ac360d3f1cf544bb17cd0fa7b7fe9 Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 15:57:22 +0300 Subject: [PATCH 35/42] Simplify PM app backend and Celery deployments: remove unused environment variables, update secret references, and set default values for configuration. --- apps/pm/base/backend-deployment.yaml | 50 +---------- apps/pm/base/celery-deployment.yaml | 126 ++++----------------------- 2 files changed, 16 insertions(+), 160 deletions(-) diff --git a/apps/pm/base/backend-deployment.yaml b/apps/pm/base/backend-deployment.yaml index b69d185..2353aa3 100644 --- a/apps/pm/base/backend-deployment.yaml +++ b/apps/pm/base/backend-deployment.yaml @@ -156,56 +156,8 @@ spec: secretKeyRef: name: cache-secret-pm key: enable - - name: CLICKHOUSE_HOST - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: host - - name: CLICKHOUSE_PORT - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: port - - name: CLICKHOUSE_USER - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: user - - name: CLICKHOUSE_PASSWORD - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: password - - name: CLICKHOUSE_DATABASE - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: database - - name: CLICKHOUSE_TABLE - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: table - - name: CLICKHOUSE_SECURE - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: secure - - name: CLICKHOUSE_VERIFY - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: verify - - name: CLICKHOUSE_CERT - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: cert - name: CLICKHOUSE_ENABLE - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: enable + value: 'False' - name: KAFKA_ENABLE valueFrom: secretKeyRef: diff --git a/apps/pm/base/celery-deployment.yaml b/apps/pm/base/celery-deployment.yaml index 51aaeed..aee15c0 100644 --- a/apps/pm/base/celery-deployment.yaml +++ b/apps/pm/base/celery-deployment.yaml @@ -49,24 +49,6 @@ spec: containerPort: 8000 protocol: TCP env: - - name: K8S_POD_UID - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.uid - - name: K8S_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: OTEL_RESOURCE_ATTRIBUTES - value: >- - k8s.pod.uid=$(K8S_POD_UID),k8s.pod.name=$(K8S_POD_NAME),k8s.namespace.name=$(K8S_NAMESPACE) - name: USERS_INTERNAL_HOST value: http://backend-service.sarex.svc.cluster.local:8000 - name: CELERY_REDIS_HOST @@ -79,10 +61,8 @@ spec: value: /api/v0 - name: EAV_API_PREFIX_V1 value: /api/v1 - - name: TRACING_ENDPOINT - value: signoz-otel-collector-external.signoz.svc.cluster.local:4317 - name: TRACING_INSECURE - value: "True" + value: "False" - name: SERVER_ENABLE_SYNC_RESOURCES value: "True" - name: SERVER_DELETED_TASK_MAX_AGE_DAYS @@ -114,7 +94,7 @@ spec: valueFrom: secretKeyRef: name: postgresql-secrets - key: host + key: hostname - name: DB_PORT valueFrom: secretKeyRef: @@ -140,6 +120,7 @@ spec: secretKeyRef: name: ya-s3-secret-pm key: bucket + - name: CACHE_HOST valueFrom: secretKeyRef: @@ -156,70 +137,16 @@ spec: name: cache-secret-pm key: password - name: CACHE_SSL - valueFrom: - secretKeyRef: - name: cache-secret-pm - key: ssl + value: "False" - name: CACHE_SSL_CA_CERTS - valueFrom: - secretKeyRef: - name: cache-secret-pm - key: ssl_ca_certs + value: "" - name: CACHE_ENABLE valueFrom: secretKeyRef: name: cache-secret-pm key: enable - - name: CLICKHOUSE_HOST - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: host - - name: CLICKHOUSE_PORT - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: port - - name: CLICKHOUSE_USER - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: user - - name: CLICKHOUSE_PASSWORD - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: password - - name: CLICKHOUSE_DATABASE - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: database - - name: CLICKHOUSE_TABLE - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: table - - name: CLICKHOUSE_SECURE - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: secure - - name: CLICKHOUSE_VERIFY - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: verify - - name: CLICKHOUSE_CERT - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: cert - name: CLICKHOUSE_ENABLE - valueFrom: - secretKeyRef: - name: clickhouse-secret-pm - key: enable + value: 'False' - name: KAFKA_ENABLE valueFrom: secretKeyRef: @@ -260,6 +187,7 @@ spec: secretKeyRef: name: ya-kafka-secret-pm key: topics + - name: CELERY_RABBITMQ_HOST valueFrom: secretKeyRef: @@ -286,45 +214,21 @@ spec: name: rabbit-secret-pm key: vhost - name: AUTH_PUBLIC_TOKEN_URL - valueFrom: - secretKeyRef: - name: server-secret-pm - key: auth_public_token_url + value: "https://lk.sarex.io/api/token/public/" - name: SERVER_HOST - valueFrom: - secretKeyRef: - name: server-secret-pm - key: server_host + value: "https://lk.sarex.io" - name: SERVER_API_HOST - valueFrom: - secretKeyRef: - name: server-secret-pm - key: server_api_host + value: "https://api.sarex.io" - name: SERVER_DEBUG - valueFrom: - secretKeyRef: - name: server-secret-pm - key: server_debug + value: "False" - name: SERVER_ALLOWED_HOSTS - valueFrom: - secretKeyRef: - name: server-secret-pm - key: server_allowed_hosts + value: '["*"]' - name: SERVER_USE_OTEL - valueFrom: - secretKeyRef: - name: server-secret-pm - key: server_use_otel + value: "False" - name: SERVER_VERIFY_SSL - valueFrom: - secretKeyRef: - name: server-secret-pm - key: server_verify_ssl + value: "False" - name: SERVER_LOG_LEVEL - valueFrom: - secretKeyRef: - name: server-secret-pm - key: server_log_level + value: "INFO" resources: requests: memory: 1Gi From addd56ca74c20649c02b347dd12c84934d9bfd23 Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 16:10:24 +0300 Subject: [PATCH 36/42] Update Celery deployment: remove unused ConfigMap volume, set default Kafka configuration, and update RabbitMQ secret references --- apps/pm/base/celery-deployment.yaml | 29 ++++++++--------------------- 1 file changed, 8 insertions(+), 21 deletions(-) diff --git a/apps/pm/base/celery-deployment.yaml b/apps/pm/base/celery-deployment.yaml index aee15c0..b0b1630 100644 --- a/apps/pm/base/celery-deployment.yaml +++ b/apps/pm/base/celery-deployment.yaml @@ -18,14 +18,6 @@ spec: app: celery service: celery spec: - volumes: - - name: ch-cert - configMap: - name: ch-cert - items: - - key: CA.pem - path: RootCA.crt - defaultMode: 420 containers: - name: celery image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_0843a55d @@ -148,10 +140,7 @@ spec: - name: CLICKHOUSE_ENABLE value: 'False' - name: KAFKA_ENABLE - valueFrom: - secretKeyRef: - name: ya-kafka-secret-pm - key: enable + value: 'False' - name: KAFKA_BOOTSTRAP_SERVERS valueFrom: secretKeyRef: @@ -191,28 +180,29 @@ spec: - name: CELERY_RABBITMQ_HOST valueFrom: secretKeyRef: - name: rabbit-secret-pm - key: host + name: rabbitmq-secrets + key: hostname - name: CELERY_RABBITMQ_PORT valueFrom: secretKeyRef: - name: rabbit-secret-pm + name: rabbitmq-secrets key: port - name: CELERY_RABBITMQ_USER valueFrom: secretKeyRef: - name: rabbit-secret-pm - key: user + name: rabbitmq-secrets + key: username - name: CELERY_RABBITMQ_PASSWORD valueFrom: secretKeyRef: - name: rabbit-secret-pm + name: rabbitmq-secrets key: password - name: CELERY_RABBITMQ_VHOST valueFrom: secretKeyRef: name: rabbit-secret-pm key: vhost + - name: AUTH_PUBLIC_TOKEN_URL value: "https://lk.sarex.io/api/token/public/" - name: SERVER_HOST @@ -232,8 +222,5 @@ spec: resources: requests: memory: 1Gi - volumeMounts: - - name: tmp-volume - mountPath: /tmp imagePullSecrets: - name: regcred From 8d2a5e62effbc43346bd6830f8314eb10953603b Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 16:40:38 +0300 Subject: [PATCH 37/42] Simplify PM app backend and Celery deployments: remove unused environment variables, streamline secret references, and set default values for configuration. --- apps/pm/base/backend-deployment.yaml | 209 ++++++++++----------------- apps/pm/base/celery-deployment.yaml | 115 +++++++-------- 2 files changed, 134 insertions(+), 190 deletions(-) diff --git a/apps/pm/base/backend-deployment.yaml b/apps/pm/base/backend-deployment.yaml index 2353aa3..5a70afc 100644 --- a/apps/pm/base/backend-deployment.yaml +++ b/apps/pm/base/backend-deployment.yaml @@ -35,24 +35,6 @@ spec: containerPort: 8000 protocol: TCP env: - - name: K8S_POD_UID - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.uid - - name: K8S_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: OTEL_RESOURCE_ATTRIBUTES - value: >- - k8s.pod.uid=$(K8S_POD_UID),k8s.pod.name=$(K8S_POD_NAME),k8s.namespace.name=$(K8S_NAMESPACE) - name: USERS_INTERNAL_HOST value: http://backend-service.sarex.svc.cluster.local:8000 - name: CELERY_REDIS_HOST @@ -65,10 +47,8 @@ spec: value: /api/v0 - name: EAV_API_PREFIX_V1 value: /api/v1 - - name: TRACING_ENDPOINT - value: signoz-otel-collector-external.signoz.svc.cluster.local:4317 - name: TRACING_INSECURE - value: "True" + value: "False" - name: SERVER_ENABLE_SYNC_RESOURCES value: "True" - name: SERVER_DELETED_TASK_MAX_AGE_DAYS @@ -100,7 +80,7 @@ spec: valueFrom: secretKeyRef: name: postgresql-secrets - key: host + key: hostname - name: DB_PORT valueFrom: secretKeyRef: @@ -109,160 +89,127 @@ spec: - name: S3_HOST valueFrom: secretKeyRef: - name: ya-s3-secret-pm - key: host + name: s3-secrets + key: endpoint - name: S3_LOGIN valueFrom: secretKeyRef: - name: ya-s3-secret-pm + name: s3-secrets key: login - name: S3_PASSWORD valueFrom: secretKeyRef: - name: ya-s3-secret-pm + name: s3-secrets key: password - name: S3_BUCKET valueFrom: secretKeyRef: - name: ya-s3-secret-pm + name: s3-secrets key: bucket - - name: CACHE_HOST - valueFrom: - secretKeyRef: - name: cache-secret-pm - key: host - - name: CACHE_PORT - valueFrom: - secretKeyRef: - name: cache-secret-pm - key: port - - name: CACHE_PASSWORD - valueFrom: - secretKeyRef: - name: cache-secret-pm - key: password + +# - name: CACHE_HOST +# valueFrom: +# secretKeyRef: +# name: cache-secret-pm +# key: host +# - name: CACHE_PORT +# valueFrom: +# secretKeyRef: +# name: cache-secret-pm +# key: port +# - name: CACHE_PASSWORD +# valueFrom: +# secretKeyRef: +# name: cache-secret-pm +# key: password - name: CACHE_SSL - valueFrom: - secretKeyRef: - name: cache-secret-pm - key: ssl + value: "False" - name: CACHE_SSL_CA_CERTS - valueFrom: - secretKeyRef: - name: cache-secret-pm - key: ssl_ca_certs + value: "" - name: CACHE_ENABLE - valueFrom: - secretKeyRef: - name: cache-secret-pm - key: enable + value: "False" - name: CLICKHOUSE_ENABLE value: 'False' - name: KAFKA_ENABLE - valueFrom: - secretKeyRef: - name: ya-kafka-secret-pm - key: enable - - name: KAFKA_BOOTSTRAP_SERVERS - valueFrom: - secretKeyRef: - name: ya-kafka-secret-pm - key: bootstrap_servers - - name: KAFKA_SECURITY_PROTOCOL - valueFrom: - secretKeyRef: - name: ya-kafka-secret-pm - key: security_protocol - - name: KAFKA_SASL_MECHANISM - valueFrom: - secretKeyRef: - name: ya-kafka-secret-pm - key: sasl_mechanism - - name: KAFKA_SASL_PLAIN_USERNAME - valueFrom: - secretKeyRef: - name: ya-kafka-secret-pm - key: sasl_username - - name: KAFKA_SASL_PLAIN_PASSWORD - valueFrom: - secretKeyRef: - name: ya-kafka-secret-pm - key: sasl_password - - name: KAFKA_SSL_CAFILE - valueFrom: - secretKeyRef: - name: ya-kafka-secret-pm - key: ssl_cafile - - name: KAFKA_TOPICS - valueFrom: - secretKeyRef: - name: ya-kafka-secret-pm - key: topics + value: 'False' +# - name: KAFKA_BOOTSTRAP_SERVERS +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: bootstrap_servers +# - name: KAFKA_SECURITY_PROTOCOL +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: security_protocol +# - name: KAFKA_SASL_MECHANISM +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: sasl_mechanism +# - name: KAFKA_SASL_PLAIN_USERNAME +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: sasl_username +# - name: KAFKA_SASL_PLAIN_PASSWORD +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: sasl_password +# - name: KAFKA_SSL_CAFILE +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: ssl_cafile +# - name: KAFKA_TOPICS +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: topics + - name: CELERY_RABBITMQ_HOST valueFrom: secretKeyRef: - name: rabbit-secret-pm - key: host + name: rabbitmq-secrets + key: hostname - name: CELERY_RABBITMQ_PORT valueFrom: secretKeyRef: - name: rabbit-secret-pm + name: rabbitmq-secrets key: port - name: CELERY_RABBITMQ_USER valueFrom: secretKeyRef: - name: rabbit-secret-pm - key: user + name: rabbitmq-secrets + key: username - name: CELERY_RABBITMQ_PASSWORD valueFrom: secretKeyRef: - name: rabbit-secret-pm + name: rabbitmq-secrets key: password - name: CELERY_RABBITMQ_VHOST valueFrom: secretKeyRef: name: rabbit-secret-pm key: vhost + - name: AUTH_PUBLIC_TOKEN_URL - valueFrom: - secretKeyRef: - name: server-secret-pm - key: auth_public_token_url + value: "https://lk.sarex.io/api/token/public/" - name: SERVER_HOST - valueFrom: - secretKeyRef: - name: server-secret-pm - key: server_host + value: "https://lk.sarex.io" - name: SERVER_API_HOST - valueFrom: - secretKeyRef: - name: server-secret-pm - key: server_api_host + value: "https://api.sarex.io" - name: SERVER_DEBUG - valueFrom: - secretKeyRef: - name: server-secret-pm - key: server_debug + value: "False" - name: SERVER_ALLOWED_HOSTS - valueFrom: - secretKeyRef: - name: server-secret-pm - key: server_allowed_hosts + value: '["*"]' - name: SERVER_USE_OTEL - valueFrom: - secretKeyRef: - name: server-secret-pm - key: server_use_otel + value: "False" - name: SERVER_VERIFY_SSL - valueFrom: - secretKeyRef: - name: server-secret-pm - key: server_verify_ssl + value: "False" - name: SERVER_LOG_LEVEL - valueFrom: - secretKeyRef: - name: server-secret-pm - key: server_log_level + value: "INFO" resources: requests: cpu: "1" diff --git a/apps/pm/base/celery-deployment.yaml b/apps/pm/base/celery-deployment.yaml index b0b1630..cbb69e6 100644 --- a/apps/pm/base/celery-deployment.yaml +++ b/apps/pm/base/celery-deployment.yaml @@ -95,87 +95,84 @@ spec: - name: S3_HOST valueFrom: secretKeyRef: - name: ya-s3-secret-pm - key: host + name: s3-secrets + key: endpoint - name: S3_LOGIN valueFrom: secretKeyRef: - name: ya-s3-secret-pm + name: s3-secrets key: login - name: S3_PASSWORD valueFrom: secretKeyRef: - name: ya-s3-secret-pm + name: s3-secrets key: password - name: S3_BUCKET valueFrom: secretKeyRef: - name: ya-s3-secret-pm + name: s3-secrets key: bucket - - name: CACHE_HOST - valueFrom: - secretKeyRef: - name: cache-secret-pm - key: host - - name: CACHE_PORT - valueFrom: - secretKeyRef: - name: cache-secret-pm - key: port - - name: CACHE_PASSWORD - valueFrom: - secretKeyRef: - name: cache-secret-pm - key: password +# - name: CACHE_HOST +# valueFrom: +# secretKeyRef: +# name: cache-secret-pm +# key: host +# - name: CACHE_PORT +# valueFrom: +# secretKeyRef: +# name: cache-secret-pm +# key: port +# - name: CACHE_PASSWORD +# valueFrom: +# secretKeyRef: +# name: cache-secret-pm +# key: password - name: CACHE_SSL value: "False" - name: CACHE_SSL_CA_CERTS value: "" - name: CACHE_ENABLE - valueFrom: - secretKeyRef: - name: cache-secret-pm - key: enable + value: "False" - name: CLICKHOUSE_ENABLE value: 'False' - name: KAFKA_ENABLE value: 'False' - - name: KAFKA_BOOTSTRAP_SERVERS - valueFrom: - secretKeyRef: - name: ya-kafka-secret-pm - key: bootstrap_servers - - name: KAFKA_SECURITY_PROTOCOL - valueFrom: - secretKeyRef: - name: ya-kafka-secret-pm - key: security_protocol - - name: KAFKA_SASL_MECHANISM - valueFrom: - secretKeyRef: - name: ya-kafka-secret-pm - key: sasl_mechanism - - name: KAFKA_SASL_PLAIN_USERNAME - valueFrom: - secretKeyRef: - name: ya-kafka-secret-pm - key: sasl_username - - name: KAFKA_SASL_PLAIN_PASSWORD - valueFrom: - secretKeyRef: - name: ya-kafka-secret-pm - key: sasl_password - - name: KAFKA_SSL_CAFILE - valueFrom: - secretKeyRef: - name: ya-kafka-secret-pm - key: ssl_cafile - - name: KAFKA_TOPICS - valueFrom: - secretKeyRef: - name: ya-kafka-secret-pm - key: topics +# - name: KAFKA_BOOTSTRAP_SERVERS +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: bootstrap_servers +# - name: KAFKA_SECURITY_PROTOCOL +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: security_protocol +# - name: KAFKA_SASL_MECHANISM +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: sasl_mechanism +# - name: KAFKA_SASL_PLAIN_USERNAME +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: sasl_username +# - name: KAFKA_SASL_PLAIN_PASSWORD +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: sasl_password +# - name: KAFKA_SSL_CAFILE +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: ssl_cafile +# - name: KAFKA_TOPICS +# valueFrom: +# secretKeyRef: +# name: ya-kafka-secret-pm +# key: topics - name: CELERY_RABBITMQ_HOST valueFrom: From f04a93fe12ad8ad9d3a7ec6a6ccaf05b8e8879f4 Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 16:46:12 +0300 Subject: [PATCH 38/42] Enable backend and Celery deployments in PM app kustomization configuration --- apps/pm/base/kustomization.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/pm/base/kustomization.yaml b/apps/pm/base/kustomization.yaml index caafb76..9a1ef5b 100644 --- a/apps/pm/base/kustomization.yaml +++ b/apps/pm/base/kustomization.yaml @@ -4,7 +4,7 @@ kind: Kustomization namespace: pm resources: - namespace.yaml -# - backend-deployment.yaml + - backend-deployment.yaml - backend-service.yaml -# - celery-deployment.yaml + - celery-deployment.yaml - backend-configmap.yaml From be5c715b39941f5dc609077d5863af04c246778b Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 16:50:36 +0300 Subject: [PATCH 39/42] Remove unused `ch-cert` volume and related `volumeMounts` from PM backend deployment configuration --- apps/pm/base/backend-deployment.yaml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/apps/pm/base/backend-deployment.yaml b/apps/pm/base/backend-deployment.yaml index 5a70afc..433ba22 100644 --- a/apps/pm/base/backend-deployment.yaml +++ b/apps/pm/base/backend-deployment.yaml @@ -18,14 +18,6 @@ spec: app: backend service: api spec: - volumes: - - name: ch-cert - configMap: - name: ch-cert - items: - - key: CA.pem - path: RootCA.crt - defaultMode: 420 containers: - name: api image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_0843a55d @@ -214,9 +206,5 @@ spec: requests: cpu: "1" memory: 1Gi - volumeMounts: - - name: ch-cert - readOnly: true - mountPath: /root/clickhouse imagePullSecrets: - name: regcred From f817578733234ccf34f90d15e6456b04875f9216 Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 16:51:09 +0300 Subject: [PATCH 40/42] Update Celery deployment: update RabbitMQ secret reference --- apps/pm/base/celery-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/pm/base/celery-deployment.yaml b/apps/pm/base/celery-deployment.yaml index cbb69e6..fc2f4fc 100644 --- a/apps/pm/base/celery-deployment.yaml +++ b/apps/pm/base/celery-deployment.yaml @@ -197,7 +197,7 @@ spec: - name: CELERY_RABBITMQ_VHOST valueFrom: secretKeyRef: - name: rabbit-secret-pm + name: rabbitmq-secrets key: vhost - name: AUTH_PUBLIC_TOKEN_URL From f8200091fbb3f78d132ef758f1485f0b801c3a1c Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 16:51:28 +0300 Subject: [PATCH 41/42] Update PM backend deployment: update RabbitMQ secret reference --- apps/pm/base/backend-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/pm/base/backend-deployment.yaml b/apps/pm/base/backend-deployment.yaml index 433ba22..2fe5c22 100644 --- a/apps/pm/base/backend-deployment.yaml +++ b/apps/pm/base/backend-deployment.yaml @@ -183,7 +183,7 @@ spec: - name: CELERY_RABBITMQ_VHOST valueFrom: secretKeyRef: - name: rabbit-secret-pm + name: rabbitmq-secrets key: vhost - name: AUTH_PUBLIC_TOKEN_URL From d214b3ea8c8f090fe1e04b236bfd2d42b6b300aa Mon Sep 17 00:00:00 2001 From: emelinda Date: Fri, 17 Apr 2026 17:14:42 +0300 Subject: [PATCH 42/42] Add Redis deployment and service to `yc-k8s-test` configuration, update kustomization and environment references. --- apps/pm/base/backend-deployment.yaml | 2 +- apps/pm/base/celery-deployment.yaml | 2 +- apps/pm/yc-k8s-test/kustomization.yaml | 2 ++ apps/pm/yc-k8s-test/redis-deployment.yaml | 27 +++++++++++++++++++++++ apps/pm/yc-k8s-test/redis-service.yaml | 13 +++++++++++ 5 files changed, 44 insertions(+), 2 deletions(-) create mode 100644 apps/pm/yc-k8s-test/redis-deployment.yaml create mode 100644 apps/pm/yc-k8s-test/redis-service.yaml diff --git a/apps/pm/base/backend-deployment.yaml b/apps/pm/base/backend-deployment.yaml index 2fe5c22..19d1e7a 100644 --- a/apps/pm/base/backend-deployment.yaml +++ b/apps/pm/base/backend-deployment.yaml @@ -30,7 +30,7 @@ spec: - name: USERS_INTERNAL_HOST value: http://backend-service.sarex.svc.cluster.local:8000 - name: CELERY_REDIS_HOST - value: redis-service.pm.svc.cluster.local + value: redis.pm.svc.cluster.local - name: RESOURCES_INTERNAL_HOST value: http://sarex-resources-service.resources - name: EAV_HOST diff --git a/apps/pm/base/celery-deployment.yaml b/apps/pm/base/celery-deployment.yaml index fc2f4fc..6226a6d 100644 --- a/apps/pm/base/celery-deployment.yaml +++ b/apps/pm/base/celery-deployment.yaml @@ -44,7 +44,7 @@ spec: - name: USERS_INTERNAL_HOST value: http://backend-service.sarex.svc.cluster.local:8000 - name: CELERY_REDIS_HOST - value: redis-service.pm.svc.cluster.local + value: redis.pm.svc.cluster.local - name: RESOURCES_INTERNAL_HOST value: http://sarex-resources-service.resources - name: EAV_HOST diff --git a/apps/pm/yc-k8s-test/kustomization.yaml b/apps/pm/yc-k8s-test/kustomization.yaml index e601931..c4a2c03 100644 --- a/apps/pm/yc-k8s-test/kustomization.yaml +++ b/apps/pm/yc-k8s-test/kustomization.yaml @@ -4,4 +4,6 @@ kind: Kustomization resources: - ../base - postgresql.yaml + - redis-deployment.yaml + - redis-service.yaml patches: [] diff --git a/apps/pm/yc-k8s-test/redis-deployment.yaml b/apps/pm/yc-k8s-test/redis-deployment.yaml new file mode 100644 index 0000000..4a46b46 --- /dev/null +++ b/apps/pm/yc-k8s-test/redis-deployment.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis + namespace: pm + labels: + app: redis +spec: + replicas: 1 + selector: + matchLabels: + app: redis + template: + metadata: + labels: + app: redis + spec: + containers: + - name: redis + image: cr.yandex/crp3ccidau046kdj8g9q/redis:latest + imagePullPolicy: Always + ports: + - containerPort: 6379 + protocol: TCP + imagePullSecrets: + - name: regcred diff --git a/apps/pm/yc-k8s-test/redis-service.yaml b/apps/pm/yc-k8s-test/redis-service.yaml new file mode 100644 index 0000000..4aab2e7 --- /dev/null +++ b/apps/pm/yc-k8s-test/redis-service.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: redis + namespace: pm +spec: + selector: + app: redis + ports: + - port: 6379 + targetPort: 6379 + protocol: TCP