diff --git a/apps/pm/base/backend-deployment.yaml b/apps/pm/base/backend-deployment.yaml index 101bfc7..b69d185 100644 --- a/apps/pm/base/backend-deployment.yaml +++ b/apps/pm/base/backend-deployment.yaml @@ -6,97 +6,318 @@ metadata: namespace: pm labels: app: backend + service: api spec: replicas: 1 selector: matchLabels: app: backend - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 5 - maxUnavailable: 5 template: metadata: labels: app: backend - monitoring: prometheus + service: api spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - backend - topologyKey: kubernetes.io/hostname + volumes: + - name: ch-cert + configMap: + name: ch-cert + items: + - key: CA.pem + path: RootCA.crt + defaultMode: 420 containers: - - name: backend - image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_c54c2123 + - name: api + image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_0843a55d imagePullPolicy: IfNotPresent ports: - name: http containerPort: 8000 protocol: TCP env: + - name: K8S_POD_UID + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.uid + - name: K8S_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: K8S_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: OTEL_RESOURCE_ATTRIBUTES + value: >- + k8s.pod.uid=$(K8S_POD_UID),k8s.pod.name=$(K8S_POD_NAME),k8s.namespace.name=$(K8S_NAMESPACE) - name: USERS_INTERNAL_HOST - value: http://backend.django.svc.cluster.local:8000 + value: http://backend-service.sarex.svc.cluster.local:8000 + - name: CELERY_REDIS_HOST + value: redis-service.pm.svc.cluster.local - name: RESOURCES_INTERNAL_HOST - value: http://resources-service.resources.svc.cluster.local:8000 + value: http://sarex-resources-service.resources - name: EAV_HOST - value: http://eav-service.eav.svc.cluster.local:8000 + value: http://eav-service.eav - name: EAV_API_PREFIX value: /api/v0 - name: EAV_API_PREFIX_V1 value: /api/v1 + - name: TRACING_ENDPOINT + value: signoz-otel-collector-external.signoz.svc.cluster.local:4317 + - name: TRACING_INSECURE + value: "True" + - name: SERVER_ENABLE_SYNC_RESOURCES + value: "True" + - name: SERVER_DELETED_TASK_MAX_AGE_DAYS + value: "1" + - name: SERVER_EXPIRED_TASK_NOTIFICATION_HOUR + value: "17" + - name: LANG + value: C.UTF-8 + - name: LC_ALL + value: C.UTF-8 + - name: PYTHONUTF8 + value: "1" + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: password + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: database + - name: DB_HOST + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: port + - name: S3_HOST + valueFrom: + secretKeyRef: + name: ya-s3-secret-pm + key: host + - name: S3_LOGIN + valueFrom: + secretKeyRef: + name: ya-s3-secret-pm + key: login + - name: S3_PASSWORD + valueFrom: + secretKeyRef: + name: ya-s3-secret-pm + key: password + - name: S3_BUCKET + valueFrom: + secretKeyRef: + name: ya-s3-secret-pm + key: bucket + - name: CACHE_HOST + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: host + - name: CACHE_PORT + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: port + - name: CACHE_PASSWORD + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: password + - name: CACHE_SSL + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: ssl + - name: CACHE_SSL_CA_CERTS + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: ssl_ca_certs + - name: CACHE_ENABLE + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: enable + - name: CLICKHOUSE_HOST + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: host + - name: CLICKHOUSE_PORT + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: port + - name: CLICKHOUSE_USER + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: user + - name: CLICKHOUSE_PASSWORD + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: password + - name: CLICKHOUSE_DATABASE + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: database + - name: CLICKHOUSE_TABLE + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: table + - name: CLICKHOUSE_SECURE + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: secure + - name: CLICKHOUSE_VERIFY + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: verify + - name: CLICKHOUSE_CERT + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: cert + - name: CLICKHOUSE_ENABLE + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: enable + - name: KAFKA_ENABLE + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: enable + - name: KAFKA_BOOTSTRAP_SERVERS + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: bootstrap_servers + - name: KAFKA_SECURITY_PROTOCOL + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: security_protocol + - name: KAFKA_SASL_MECHANISM + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: sasl_mechanism + - name: KAFKA_SASL_PLAIN_USERNAME + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: sasl_username + - name: KAFKA_SASL_PLAIN_PASSWORD + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: sasl_password + - name: KAFKA_SSL_CAFILE + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: ssl_cafile + - name: KAFKA_TOPICS + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: topics + - name: CELERY_RABBITMQ_HOST + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: host + - name: CELERY_RABBITMQ_PORT + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: port + - name: CELERY_RABBITMQ_USER + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: user + - name: CELERY_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: password + - name: CELERY_RABBITMQ_VHOST + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: vhost + - name: AUTH_PUBLIC_TOKEN_URL + valueFrom: + secretKeyRef: + name: server-secret-pm + key: auth_public_token_url + - name: SERVER_HOST + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_host + - name: SERVER_API_HOST + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_api_host + - name: SERVER_DEBUG + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_debug + - name: SERVER_ALLOWED_HOSTS + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_allowed_hosts + - name: SERVER_USE_OTEL + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_use_otel + - name: SERVER_VERIFY_SSL + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_verify_ssl + - name: SERVER_LOG_LEVEL + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_log_level resources: requests: - cpu: 100m - memory: 256Mi + cpu: "1" + memory: 1Gi volumeMounts: - - name: uwsgi-configmap - mountPath: /opt/sarex/uwsgi.ini - subPath: uwsgi.ini - - name: env-file - mountPath: /opt/sarex/.env - subPath: .env - - name: tmp-volume - mountPath: /tmp - - name: kafka-cert-volume - mountPath: /usr/local/share/ca-certificates - livenessProbe: - httpGet: - path: /ping - port: 8000 - initialDelaySeconds: 10 - periodSeconds: 60 - failureThreshold: 10 - readinessProbe: - httpGet: - path: /ping - port: 8000 - initialDelaySeconds: 5 - periodSeconds: 5 - failureThreshold: 20 - volumes: - - name: tmp-volume - emptyDir: {} - - name: uwsgi-configmap - configMap: - name: backend-configmap - defaultMode: 420 - items: - - key: uwsgi.ini - path: uwsgi.ini - - name: env-file - secret: - secretName: sarex-env - defaultMode: 420 - - name: kafka-cert-volume - configMap: - name: kafka-cert - defaultMode: 420 + - name: ch-cert + readOnly: true + mountPath: /root/clickhouse imagePullSecrets: - name: regcred diff --git a/apps/pm/base/celery-deployment.yaml b/apps/pm/base/celery-deployment.yaml index 0f20673..51aaeed 100644 --- a/apps/pm/base/celery-deployment.yaml +++ b/apps/pm/base/celery-deployment.yaml @@ -6,101 +6,330 @@ metadata: namespace: pm labels: app: celery + service: celery spec: replicas: 1 selector: matchLabels: app: celery - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 5 - maxUnavailable: 5 template: metadata: labels: app: celery - monitoring: prometheus + service: celery spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - backend - topologyKey: kubernetes.io/hostname + volumes: + - name: ch-cert + configMap: + name: ch-cert + items: + - key: CA.pem + path: RootCA.crt + defaultMode: 420 containers: - name: celery - image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_c54c2123 + image: cr.yandex/crp3ccidau046kdj8g9q/pm-backend:production_0843a55d imagePullPolicy: IfNotPresent command: - celery - - -A + - "-A" - config - worker - - -B - - -l + - "-B" + - "-l" - info - - -E - - -Q + - "-E" + - "-Q" - pm - - -n + - "-n" - default_worker.%h - - --concurrency=2 + - "--concurrency=2" ports: - name: http containerPort: 8000 protocol: TCP env: - - name: PLANNING_HOST - value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp - - name: PLANNING_USE - value: "True" + - name: K8S_POD_UID + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.uid + - name: K8S_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: K8S_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: OTEL_RESOURCE_ATTRIBUTES + value: >- + k8s.pod.uid=$(K8S_POD_UID),k8s.pod.name=$(K8S_POD_NAME),k8s.namespace.name=$(K8S_NAMESPACE) - name: USERS_INTERNAL_HOST - value: http://backend.django.svc.cluster.local:8000 + value: http://backend-service.sarex.svc.cluster.local:8000 + - name: CELERY_REDIS_HOST + value: redis-service.pm.svc.cluster.local - name: RESOURCES_INTERNAL_HOST - value: http://resources-service.resources.svc.cluster.local:8000 + value: http://sarex-resources-service.resources - name: EAV_HOST - value: http://eav-service.eav.svc.cluster.local:8000 + value: http://eav-service.eav - name: EAV_API_PREFIX value: /api/v0 - name: EAV_API_PREFIX_V1 value: /api/v1 + - name: TRACING_ENDPOINT + value: signoz-otel-collector-external.signoz.svc.cluster.local:4317 + - name: TRACING_INSECURE + value: "True" + - name: SERVER_ENABLE_SYNC_RESOURCES + value: "True" + - name: SERVER_DELETED_TASK_MAX_AGE_DAYS + value: "1" + - name: SERVER_EXPIRED_TASK_NOTIFICATION_HOUR + value: "17" + - name: LANG + value: C.UTF-8 + - name: LC_ALL + value: C.UTF-8 + - name: PYTHONUTF8 + value: "1" + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: password + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: database + - name: DB_HOST + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: postgresql-secrets + key: port + - name: S3_HOST + valueFrom: + secretKeyRef: + name: ya-s3-secret-pm + key: host + - name: S3_LOGIN + valueFrom: + secretKeyRef: + name: ya-s3-secret-pm + key: login + - name: S3_PASSWORD + valueFrom: + secretKeyRef: + name: ya-s3-secret-pm + key: password + - name: S3_BUCKET + valueFrom: + secretKeyRef: + name: ya-s3-secret-pm + key: bucket + - name: CACHE_HOST + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: host + - name: CACHE_PORT + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: port + - name: CACHE_PASSWORD + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: password + - name: CACHE_SSL + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: ssl + - name: CACHE_SSL_CA_CERTS + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: ssl_ca_certs + - name: CACHE_ENABLE + valueFrom: + secretKeyRef: + name: cache-secret-pm + key: enable + - name: CLICKHOUSE_HOST + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: host + - name: CLICKHOUSE_PORT + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: port + - name: CLICKHOUSE_USER + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: user + - name: CLICKHOUSE_PASSWORD + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: password + - name: CLICKHOUSE_DATABASE + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: database + - name: CLICKHOUSE_TABLE + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: table + - name: CLICKHOUSE_SECURE + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: secure + - name: CLICKHOUSE_VERIFY + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: verify + - name: CLICKHOUSE_CERT + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: cert + - name: CLICKHOUSE_ENABLE + valueFrom: + secretKeyRef: + name: clickhouse-secret-pm + key: enable + - name: KAFKA_ENABLE + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: enable + - name: KAFKA_BOOTSTRAP_SERVERS + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: bootstrap_servers + - name: KAFKA_SECURITY_PROTOCOL + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: security_protocol + - name: KAFKA_SASL_MECHANISM + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: sasl_mechanism + - name: KAFKA_SASL_PLAIN_USERNAME + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: sasl_username + - name: KAFKA_SASL_PLAIN_PASSWORD + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: sasl_password + - name: KAFKA_SSL_CAFILE + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: ssl_cafile + - name: KAFKA_TOPICS + valueFrom: + secretKeyRef: + name: ya-kafka-secret-pm + key: topics + - name: CELERY_RABBITMQ_HOST + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: host + - name: CELERY_RABBITMQ_PORT + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: port + - name: CELERY_RABBITMQ_USER + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: user + - name: CELERY_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: password + - name: CELERY_RABBITMQ_VHOST + valueFrom: + secretKeyRef: + name: rabbit-secret-pm + key: vhost + - name: AUTH_PUBLIC_TOKEN_URL + valueFrom: + secretKeyRef: + name: server-secret-pm + key: auth_public_token_url + - name: SERVER_HOST + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_host + - name: SERVER_API_HOST + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_api_host + - name: SERVER_DEBUG + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_debug + - name: SERVER_ALLOWED_HOSTS + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_allowed_hosts + - name: SERVER_USE_OTEL + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_use_otel + - name: SERVER_VERIFY_SSL + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_verify_ssl + - name: SERVER_LOG_LEVEL + valueFrom: + secretKeyRef: + name: server-secret-pm + key: server_log_level resources: requests: - cpu: 100m - memory: 256Mi + memory: 1Gi volumeMounts: - - name: uwsgi-configmap - mountPath: /opt/sarex/uwsgi.ini - subPath: uwsgi.ini - - name: env-file - mountPath: /opt/sarex/.env - subPath: .env - name: tmp-volume mountPath: /tmp - - name: kafka-cert-volume - mountPath: /usr/local/share/ca-certificates - volumes: - - name: tmp-volume - emptyDir: {} - - name: uwsgi-configmap - configMap: - name: backend-configmap - defaultMode: 420 - items: - - key: uwsgi.ini - path: uwsgi.ini - - name: env-file - secret: - secretName: sarex-env - defaultMode: 420 - - name: kafka-cert-volume - configMap: - name: kafka-cert - defaultMode: 420 imagePullSecrets: - name: regcred diff --git a/apps/pm/base/kustomization.yaml b/apps/pm/base/kustomization.yaml index 0d108dc..caafb76 100644 --- a/apps/pm/base/kustomization.yaml +++ b/apps/pm/base/kustomization.yaml @@ -7,6 +7,4 @@ resources: # - backend-deployment.yaml - backend-service.yaml # - celery-deployment.yaml -# - redis-deployment.yaml -# - redis-service.yaml - backend-configmap.yaml