From 787f950359493c3567f85a854815917c00e42142 Mon Sep 17 00:00:00 2001 From: ivan Date: Tue, 21 Apr 2026 13:48:42 +0500 Subject: [PATCH] fix --- apps/flows/base/backend-deployment.yaml | 188 +++++++++++++++++++++ apps/flows/base/backend-service.yaml | 15 ++ apps/flows/base/celery-deployment.yaml | 197 ++++++++++++++++++++++ apps/flows/base/frontend-deployment.yaml | 32 ++++ apps/flows/base/frontend-service.yaml | 15 ++ apps/flows/base/kustomization.yaml | 11 ++ apps/flows/base/namespace.yaml | 7 + apps/flows/yc-k8s-test/kustomization.yaml | 7 + apps/flows/yc-k8s-test/postgresql.yaml | 110 ++++++++++++ clusters/yc-k8s-test/kustomization.yaml | 3 +- 10 files changed, 584 insertions(+), 1 deletion(-) create mode 100644 apps/flows/base/backend-deployment.yaml create mode 100644 apps/flows/base/backend-service.yaml create mode 100644 apps/flows/base/celery-deployment.yaml create mode 100644 apps/flows/base/frontend-deployment.yaml create mode 100644 apps/flows/base/frontend-service.yaml create mode 100644 apps/flows/base/kustomization.yaml create mode 100644 apps/flows/base/namespace.yaml create mode 100644 apps/flows/yc-k8s-test/kustomization.yaml create mode 100644 apps/flows/yc-k8s-test/postgresql.yaml diff --git a/apps/flows/base/backend-deployment.yaml b/apps/flows/base/backend-deployment.yaml new file mode 100644 index 0000000..267789a --- /dev/null +++ b/apps/flows/base/backend-deployment.yaml @@ -0,0 +1,188 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: flows + labels: + app: backend + service: backend +spec: + replicas: 1 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + service: backend + spec: + containers: + - name: backend + image: cr.yandex/crp3ccidau046kdj8g9q/flows-backend:production_2a439111 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: ADMIN_PANEL_SECRET_KEY + valueFrom: + secretKeyRef: + key: key + name: admin-secret + - name: JWT_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: public_key + name: jwt-secret + - name: LOG_LEVEL + value: DEBUG + - name: BASE_HOST + value: https://srx.wb.ru + - name: CELERY_QUEUE + value: flow + - name: EAV_HOST + value: http://eav-service.eav.svc.cluster.local:8000 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000/api + - name: PLANNING_HOST + value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp + - name: PLANNING_USE + value: "True" + - name: DOCUMENTATION_HOST + value: http://documentations-api.documentations.svc.cluster.local:8080/internal/v1 + - name: DOCUMENTATION_EXTERNAL_HOST + value: http://documentations-api.documentations.svc.cluster.local:8080/api/v1 + - name: ENABLE_ANALYTICS + value: "1" + - name: ENABLE_CELERY + value: "1" + - name: ENABLE_MAILGUN + value: "0" + - name: ENABLE_METRICS + value: "0" + - name: FROM_EMAIL + value: sarex@rwb.ru + - name: GATEWAY_URL + value: http://pdm-api.documentations.svc.cluster.local:8080 + - name: RESOURCE_URL + value: http://resources-service.resources.svc.cluster.local:8000 + - name: SERVICE_HOST + value: https://srx.wb.ru/flows/api/v1 + - name: SMTP_HOST + value: mail.rwb.ru + + - name: PG_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: PG_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + + - name: DOCUMENTATION_PG_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_DATABASE + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_USERNAME + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret-documentations + - name: CHECKLIST_HOST + value: http://checklists-backend-service.checklists.svc.cluster.local:80 + - name: SMTP_PORT + value: "465" + - name: SYNC_RESOURCE_ID + value: "1" + - name: TIMEOUT + value: "120" + - name: WORKFLOWS_HOST + value: http://workflows-api-service.workflow.svc.cluster.local:8000/api/v1 + - name: WORKFLOWS_TIMEOUT + value: "60" + - name: DOCUMENTATION_TIMEOUT + value: "60" + - name: DJANGO_TOKEN + valueFrom: + secretKeyRef: + key: token + name: django-secret + - name: PG_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: PG_LOGIN + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: PG_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: PG_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: RABBITMQ_VHOST + valueFrom: + secretKeyRef: + key: vhost + name: rabbitmq-secret + - name: RABBITMQ_HOST + valueFrom: + secretKeyRef: + key: hostname + name: rabbitmq-secret + - name: RABBITMQ_PORT + valueFrom: + secretKeyRef: + key: port + name: rabbitmq-secret + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/flows/base/backend-service.yaml b/apps/flows/base/backend-service.yaml new file mode 100644 index 0000000..7a8d196 --- /dev/null +++ b/apps/flows/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-svc + namespace: flows +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/flows/base/celery-deployment.yaml b/apps/flows/base/celery-deployment.yaml new file mode 100644 index 0000000..6961f48 --- /dev/null +++ b/apps/flows/base/celery-deployment.yaml @@ -0,0 +1,197 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: celery + namespace: flows + labels: + app: celery + service: celery +spec: + replicas: 1 + selector: + matchLabels: + app: celery + template: + metadata: + labels: + app: celery + service: celery + spec: + containers: + - name: celery + image: cr.yandex/crp3ccidau046kdj8g9q/flows-backend_worker:production_2a439111 + imagePullPolicy: IfNotPresent + command: + - uv + args: + - run + - celery + - -A + - config + - worker + - -l + - info + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: ADMIN_PANEL_SECRET_KEY + valueFrom: + secretKeyRef: + key: key + name: admin-secret + - name: JWT_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: public_key + name: jwt-secret + - name: LOG_LEVEL + value: DEBUG + - name: BASE_HOST + value: https://srx.wb.ru + - name: CELERY_QUEUE + value: flow + - name: EAV_HOST + value: http://eav-service.eav.svc.cluster.local:8000 + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000/api + - name: PLANNING_HOST + value: http://backend-service.pm.svc.cluster.local:8000/api/pm/msp + - name: PLANNING_USE + value: "True" + - name: DOCUMENTATION_HOST + value: http://documentations-api.documentations.svc.cluster.local:8080/internal/v1 + - name: DOCUMENTATION_EXTERNAL_HOST + value: http://documentations-api.documentations.svc.cluster.local:8080/api/v1 + - name: ENABLE_ANALYTICS + value: "1" + - name: ENABLE_CELERY + value: "1" + - name: ENABLE_MAILGUN + value: "0" + - name: ENABLE_METRICS + value: "0" + - name: FROM_EMAIL + value: sarex@rwb.ru + - name: GATEWAY_URL + value: http://pdm-api.documentations.svc.cluster.local:8080 + - name: RESOURCE_URL + value: http://resources-service.resources.svc.cluster.local:8000 + - name: SERVICE_HOST + value: https://srx.wb.ru/flows/api/v1 + - name: SMTP_HOST + value: mail.rwb.ru + + - name: PG_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: PG_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + + - name: DOCUMENTATION_PG_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_DATABASE + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_USERNAME + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret-documentations + - name: DOCUMENTATION_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret-documentations + - name: CHECKLIST_HOST + value: http://checklists-backend-service.checklists.svc.cluster.local:80 + - name: SMTP_PORT + value: "465" + - name: SYNC_RESOURCE_ID + value: "1" + - name: TIMEOUT + value: "120" + - name: WORKFLOWS_HOST + value: http://workflows-api-service.workflow.svc.cluster.local:8000/api/v1 + - name: WORKFLOWS_TIMEOUT + value: "60" + - name: DOCUMENTATION_TIMEOUT + value: "60" + - name: DJANGO_TOKEN + valueFrom: + secretKeyRef: + key: token + name: django-secret + - name: PG_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: PG_LOGIN + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: PG_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: PG_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-secret + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-secret + - name: RABBITMQ_VHOST + valueFrom: + secretKeyRef: + key: vhost + name: rabbitmq-secret + - name: RABBITMQ_HOST + valueFrom: + secretKeyRef: + key: hostname + name: rabbitmq-secret + - name: RABBITMQ_PORT + valueFrom: + secretKeyRef: + key: port + name: rabbitmq-secret + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/flows/base/frontend-deployment.yaml b/apps/flows/base/frontend-deployment.yaml new file mode 100644 index 0000000..d9b357f --- /dev/null +++ b/apps/flows/base/frontend-deployment.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: flows + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/flows-frontend:contour_5b2bd144 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/flows/base/frontend-service.yaml b/apps/flows/base/frontend-service.yaml new file mode 100644 index 0000000..3157655 --- /dev/null +++ b/apps/flows/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-service + namespace: flows +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/flows/base/kustomization.yaml b/apps/flows/base/kustomization.yaml new file mode 100644 index 0000000..e197b54 --- /dev/null +++ b/apps/flows/base/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: flows +resources: + - namespace.yaml + - backend-deployment.yaml + - celery-deployment.yaml + - frontend-deployment.yaml + - backend-service.yaml + - frontend-service.yaml diff --git a/apps/flows/base/namespace.yaml b/apps/flows/base/namespace.yaml new file mode 100644 index 0000000..e3a5b8a --- /dev/null +++ b/apps/flows/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: flows + labels: + istio-injection: enabled diff --git a/apps/flows/yc-k8s-test/kustomization.yaml b/apps/flows/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/flows/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/flows/yc-k8s-test/postgresql.yaml b/apps/flows/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..b47f5c9 --- /dev/null +++ b/apps/flows/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: flows +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements" + databases: + - name: flows_db + user: flows + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 26a1925..2e74715 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -29,4 +29,5 @@ resources: - ../../apps/eav/yc-k8s-test - ../../apps/resources/yc-k8s-test - ../../apps/workspaces/yc-k8s-test - - ../../apps/cde/yc-k8s-test \ No newline at end of file + - ../../apps/cde/yc-k8s-test + - ../../apps/flows/yc-k8s-test \ No newline at end of file