diff --git a/apps/inspections/base/backend-deployment.yaml b/apps/inspections/base/backend-deployment.yaml new file mode 100644 index 0000000..7dc94a0 --- /dev/null +++ b/apps/inspections/base/backend-deployment.yaml @@ -0,0 +1,127 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: inspections-backend + namespace: inspections + labels: + app: inspections-backend +spec: + replicas: 1 + selector: + matchLabels: + app: inspections-backend + template: + metadata: + labels: + app: inspections-backend + spec: + containers: + - name: inspections-backend + image: cr.yandex/crp3ccidau046kdj8g9q/sarex-inspections:production_1a33f6f4 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: DEBUG + value: "false" + - name: SERVICE_URL + value: https://srx.wb.ru + - name: HTTP_APP_HOST + value: 0.0.0.0 + - name: HTTP_APP_PORT + value: "8000" + - name: HTTP_APP_ROOT_PATH + value: /inspections + - name: HTTP_APP_WORKERS + value: "3" + - name: HTTP_APP_ADMIN_ENABLE + value: "true" + - name: KAFKA_SSL_CAFILE + value: /usr/local/share/ca-certificates/Yandex/YandexInternalRootCA.crt + - name: KAFKA_EAV_ASSETS_TOPIC + value: assets_broadcast + - name: JWT_AUTH_ENABLE + value: "true" + - name: NOTIFICATIONS_ENABLE + value: "true" + - name: NOTIFICATIONS_EMAIL_FROM + value: hello@sarex.io + - name: SAREX_BACKEND_URL + value: https://srx.wb.ru + - name: SAREX_BACKEND_TIMEOUT + value: "30" + - name: EAV_URL + value: http://eav-service.eav + - name: EAV_TIMEOUT + value: "30" + - name: WORKFLOWS_URL + value: http://workflows-service.processing-prod + - name: WORKFLOWS_TIMEOUT + value: "30" + - name: WORKFLOWS_EMAIL_DOCKER_IMAGE + value: cr.yandex/crp3ccidau046kdj8g9q/notification:email + - name: MOBILE_APP_CURRENT_VERSION + value: 1.0.0 + - name: MOBILE_APP_RECOMMENDED_VERSION + value: 1.0.0 + - name: MOBILE_APP_REQUIRED_VERSION + value: 1.0.0 + - name: MAILER_URL + value: http://mailer-service.mailer:8000 + - name: MAILER_TIMEOUT + value: "30" + - name: DATABASE_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DATABASE_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: DATABASE_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: KAFKA_HOST + valueFrom: + secretKeyRef: + key: host + name: kafka-secret + - name: KAFKA_USERNAME + valueFrom: + secretKeyRef: + key: username + name: kafka-secret + - name: KAFKA_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: kafka-secret + - name: SAREX_BACKEND_AUTH + valueFrom: + secretKeyRef: + key: key + name: sarex-backend-auth-secret + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/inspections/base/backend-service.yaml b/apps/inspections/base/backend-service.yaml new file mode 100644 index 0000000..f938e6d --- /dev/null +++ b/apps/inspections/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: rfi-backend-api-svc + namespace: rfi +spec: + type: ClusterIP + selector: + app: rfi-backend-api + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/inspections/base/kustomization.yaml b/apps/inspections/base/kustomization.yaml new file mode 100644 index 0000000..7195a48 --- /dev/null +++ b/apps/inspections/base/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: subscriptions +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml diff --git a/apps/inspections/base/namespace.yaml b/apps/inspections/base/namespace.yaml new file mode 100644 index 0000000..1e4be2f --- /dev/null +++ b/apps/inspections/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: inspections + labels: + istio-injection: enabled diff --git a/apps/inspections/yc-k8s-test/kustomization.yaml b/apps/inspections/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/inspections/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/inspections/yc-k8s-test/postgresql.yaml b/apps/inspections/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..218531a --- /dev/null +++ b/apps/inspections/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: inspections +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "postgis" + databases: + - name: inspections_db + user: inspections + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 15e57f9..b4bbaa9 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -18,4 +18,5 @@ resources: - ../../apps/contracts/yc-k8s-test - ../../apps/rfi/yc-k8s-test - ../../apps/checklists/yc-k8s-test - - ../../apps/subscriptions/yc-k8s-test \ No newline at end of file + - ../../apps/subscriptions/yc-k8s-test + - ../../apps/inspections/yc-k8s-test \ No newline at end of file