diff --git a/apps/transmittal/base/backend-deployment.yaml b/apps/transmittal/base/backend-deployment.yaml new file mode 100644 index 0000000..e966c08 --- /dev/null +++ b/apps/transmittal/base/backend-deployment.yaml @@ -0,0 +1,215 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: transmittal + labels: + app: backend + service: backend +spec: + replicas: 1 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + service: backend + + spec: + containers: + - name: backend + image: cr.yandex/crp3ccidau046kdj8g9q/transmittal-api:prod_a9d879ae + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: TRANSMITTAL_SERVICE_APP__NAME + value: Transmittal Service + - name: TRANSMITTAL_SERVICE_APP__LOG_LEVEL + value: ERROR + - name: TRANSMITTAL_SERVICE_FLOWS_REPOSITORY__BASE_URL + value: http://backend-service.flows.svc.cluster.local:8000 + - name: TRANSMITTAL_SERVICE_FLOWS_REPOSITORY__MAX_CONNECTIONS + value: "10" + - name: TRANSMITTAL_SERVICE_FLOWS_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS + value: "5" + - name: TRANSMITTAL_SERVICE_FLOWS_REPOSITORY__TIMEOUT + value: "30" + - name: TRANSMITTAL_SERVICE_APP__HOST + value: https://lk.srx.wb.ru:30443/transmittal + - name: TRANSMITTAL_SERVICE_APP__ENVIRONMENT + value: prod + - name: TRANSMITTAL_SERVICE_CORS__ALLOW_ORIGINS + value: '["*"]' + - name: TRANSMITTAL_SERVICE_CORS__ALLOW_METHODS + value: '["*"]' + - name: TRANSMITTAL_SERVICE_CORS__ALLOW_HEADERS + value: '["*"]' + - name: TRANSMITTAL_SERVICE_CORS__ALLOW_CREDENTIALS + value: "true" + - name: TRANSMITTAL_SERVICE_UVICORN__HOST + value: 0.0.0.0 + - name: TRANSMITTAL_SERVICE_UVICORN__PORT + value: "8000" + - name: TRANSMITTAL_SERVICE_UVICORN__ENABLE_AUTO_RELOAD + value: "false" + - name: TRANSMITTAL_SERVICE_OTEL__ENABLE + value: "false" + - name: TRANSMITTAL_SERVICE_OTEL__HOST + value: http://signoz-otel-collector-external.signoz.svc.cluster.local:4317 + - name: TRANSMITTAL_SERVICE_OTEL__SERVICE_NAME + value: backend.transmittals-prod + - name: TRANSMITTAL_SERVICE_OTEL__INSECURE + value: "false" + - name: TRANSMITTAL_SERVICE_DATABASE__SSL_MODE + value: verify-full + - name: TRANSMITTAL_SERVICE_DATABASE__SSL_ROOT_CERT_PATH + value: /opt/.postgresql/root.crt + - name: TRANSMITTAL_SERVICE_UVICORN__LOG_LEVEL + value: info + - name: TRANSMITTAL_SERVICE_UVICORN__NUM_WORKERS + value: "2" + - name: TRANSMITTAL_SERVICE_UVICORN__ROOT_PATH + - name: TRANSMITTAL_SERVICE_DATABASE__HOST + value: sarex-vpsql-01.xc.wb.ru + - name: TRANSMITTAL_SERVICE_DATABASE__PORT + value: "5432" + - name: TRANSMITTAL_SERVICE_DATABASE__NAME + value: transmittal_db + - name: TRANSMITTAL_SERVICE_DATABASE__ENABLE_SSL + value: "false" + - name: TRANSMITTAL_SERVICE_RABBITMQ__VHOST + value: transmitalls + - name: TRANSMITTAL_SERVICE_RABBITMQ__HOST + value: rabbitmq.rabbitmq.svc.cluster.local + - name: TRANSMITTAL_SERVICE_RABBITMQ__PORT + value: "5672" + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__BASE_URL + value: http://backend.django.svc.cluster.local:8000 + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__MAX_CONNECTIONS + value: "10" + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS + value: "5" + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__TIMEOUT + value: "15" + - name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__BASE_URL + value: http://resources-service.resources.svc.cluster.local:8000 + - name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__MAX_CONNECTIONS + value: "10" + - name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS + value: "5" + - name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__TIMEOUT + value: "15" + - name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__BASE_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__MAX_CONNECTIONS + value: "10" + - name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS + value: "5" + - name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__TIMEOUT + value: "15" + - name: TRANSMITTAL_SERVICE_S3_CLIENT__MAX_POOL_CONNECTIONS + value: "10" + - name: TRANSMITTAL_SERVICE_S3_CLIENT__CONNECT_TIMEOUT + value: "10" + - name: TRANSMITTAL_SERVICE_S3_CLIENT__READ_TIMEOUT + value: "50" + - name: TRANSMITTAL_SERVICE_S3_CLIENT__REGION_NAME + value: ru-central1 + - name: TRANSMITTAL_SERVICE_S3_CLIENT__VERIFY + value: "true" + - name: TRANSMITTAL_SERVICE_S3_CLIENT__DEFAULT_BUCKET + value: transmittal-storage + - name: TRANSMITTAL_SERVICE_S3_CLIENT__ENDPOINT + value: 10.49.10.90:9000 + - name: TRANSMITTAL_SERVICE_S3_CLIENT__USE_SSL + value: "false" + - name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__BASE_URL + value: http://export-project-service.django.svc.cluster.local:8000 + - name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__MAX_CONNECTIONS + value: "10" + - name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__MAX_KEEPALIVE_CONNECTIONS + value: "5" + - name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__TIMEOUT + value: "50" + - name: TRANSMITTAL_SERVICE_MARKINGS__BASE_URL + value: http://marks-service.documentations.svc.cluster.local:8000 + - name: TRANSMITTAL_SERVICE_MARKINGS__MAX_CONNECTIONS + value: "10" + - name: TRANSMITTAL_SERVICE_MARKINGS__MAX_KEEPALIVE_CONNECTIONS + value: "5" + - name: TRANSMITTAL_SERVICE_MARKINGS__TIMEOUT + value: "50" + - name: TRANSMITTAL_SERVICE_MAILGUN__BASE_URL + value: https://api.mailgun.net/v3/mg.sarex.io + - name: TRANSMITTAL_SERVICE_MAILGUN__MAX_CONNECTIONS + value: "10" + - name: TRANSMITTAL_SERVICE_MAILGUN__MAX_KEEPALIVE_CONNECTIONS + value: "5" + - name: TRANSMITTAL_SERVICE_MAILGUN__TIMEOUT + value: "15" + - name: TRANSMITTAL_SERVICE_MAILGUN__EMAIL + value: hello@wb.io + - name: TRANSMITTAL_SERVICE_DATABASE__USER + valueFrom: + secretKeyRef: + key: username + name: postgres-secret + - name: TRANSMITTAL_SERVICE_DATABASE__PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgres-secret + - name: YC-PG-CERTIFICATE + valueFrom: + secretKeyRef: + key: certificate + name: postgres-secret + - name: TRANSMITTAL_SERVICE_AUTH__PUBLIC_KEY + valueFrom: + secretKeyRef: + key: key + name: public-key + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__BASIC_AUTH_ENCODED + valueFrom: + secretKeyRef: + key: key + name: django-auth + - name: TRANSMITTAL_SERVICE_S3_CLIENT__ACCESS_KEY + valueFrom: + secretKeyRef: + key: access_key + name: s3-secret + - name: TRANSMITTAL_SERVICE_S3_CLIENT__SECRET_KEY + valueFrom: + secretKeyRef: + key: secret_key + name: s3-secret + - name: TRANSMITTAL_SERVICE_RABBITMQ__USER + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-cred + - name: TRANSMITTAL_SERVICE_RABBITMQ__PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-cred + - name: TRANSMITTAL_SERVICE_MAILGUN__API_KEY + valueFrom: + secretKeyRef: + key: api_key + name: mailgun-cred + + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/transmittal/base/backend-service.yaml b/apps/transmittal/base/backend-service.yaml new file mode 100644 index 0000000..47f7a8d --- /dev/null +++ b/apps/transmittal/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-svc + namespace: transmittal +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/transmittal/base/frontend-deployment.yaml b/apps/transmittal/base/frontend-deployment.yaml new file mode 100644 index 0000000..74d7021 --- /dev/null +++ b/apps/transmittal/base/frontend-deployment.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend + namespace: transmittal + labels: + app: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: cr.yandex/crp3ccidau046kdj8g9q/transmittal-frontend:wb_39cc8f57 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 100Mi + imagePullSecrets: + - name: regcred diff --git a/apps/transmittal/base/frontend-service.yaml b/apps/transmittal/base/frontend-service.yaml new file mode 100644 index 0000000..9bdeadb --- /dev/null +++ b/apps/transmittal/base/frontend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend-svc + namespace: transmittal +spec: + type: ClusterIP + selector: + app: frontend + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP diff --git a/apps/transmittal/base/kustomization.yaml b/apps/transmittal/base/kustomization.yaml new file mode 100644 index 0000000..44a8cfe --- /dev/null +++ b/apps/transmittal/base/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: transmittal +resources: + - namespace.yaml + - backend-deployment.yaml + - celery-deployment.yaml + - frontend-deployment.yaml + - backend-service.yaml + - frontend-service.yaml diff --git a/apps/transmittal/base/namespace.yaml b/apps/transmittal/base/namespace.yaml new file mode 100644 index 0000000..206f50d --- /dev/null +++ b/apps/transmittal/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: transmittal + labels: + istio-injection: enabled diff --git a/apps/transmittal/base/worker-deployment.yaml b/apps/transmittal/base/worker-deployment.yaml new file mode 100644 index 0000000..e3a451e --- /dev/null +++ b/apps/transmittal/base/worker-deployment.yaml @@ -0,0 +1,221 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: worker + namespace: transmittal + labels: + app: worker + service: worker +spec: + replicas: 1 + selector: + matchLabels: + app: worker + template: + metadata: + labels: + app: worker + service: worker + spec: + containers: + - name: worker + image: cr.yandex/crp3ccidau046kdj8g9q/transmittal-api:prod_a9d879ae + imagePullPolicy: IfNotPresent + command: + - taskiq + - worker + - --no-parse + - transmittal_service.tasks.broker:broker + - transmittal_service.tasks.transmittal.tasks + - transmittal_service.tasks.email.tasks + + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: TRANSMITTAL_SERVICE_FLOWS_REPOSITORY__BASE_URL + value: http://backend-svc.flows.svc.cluster.local:8000 + - name: TRANSMITTAL_SERVICE_FLOWS_REPOSITORY__MAX_CONNECTIONS + value: "10" + - name: TRANSMITTAL_SERVICE_FLOWS_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS + value: "5" + - name: TRANSMITTAL_SERVICE_FLOWS_REPOSITORY__TIMEOUT + value: "30" + - name: TRANSMITTAL_SERVICE_APP__NAME + value: Transmittal Service + - name: TRANSMITTAL_SERVICE_APP__LOG_LEVEL + value: ERROR + - name: TRANSMITTAL_SERVICE_APP__HOST + value: https://lk.srx.wb.ru:30443/transmittal + - name: TRANSMITTAL_SERVICE_APP__ENVIRONMENT + value: prod + - name: TRANSMITTAL_SERVICE_CORS__ALLOW_ORIGINS + value: '["*"]' + - name: TRANSMITTAL_SERVICE_CORS__ALLOW_METHODS + value: '["*"]' + - name: TRANSMITTAL_SERVICE_CORS__ALLOW_HEADERS + value: '["*"]' + - name: TRANSMITTAL_SERVICE_CORS__ALLOW_CREDENTIALS + value: "true" + - name: TRANSMITTAL_SERVICE_UVICORN__HOST + value: 0.0.0.0 + - name: TRANSMITTAL_SERVICE_UVICORN__PORT + value: "8000" + - name: TRANSMITTAL_SERVICE_UVICORN__ENABLE_AUTO_RELOAD + value: "false" + - name: TRANSMITTAL_SERVICE_OTEL__ENABLE + value: "false" + - name: TRANSMITTAL_SERVICE_OTEL__HOST + value: http://signoz-otel-collector-external.signoz.svc.cluster.local:4317 + - name: TRANSMITTAL_SERVICE_OTEL__SERVICE_NAME + value: backend.transmittals-prod + - name: TRANSMITTAL_SERVICE_OTEL__INSECURE + value: "false" + - name: TRANSMITTAL_SERVICE_DATABASE__SSL_MODE + value: verify-full + - name: TRANSMITTAL_SERVICE_DATABASE__SSL_ROOT_CERT_PATH + value: /opt/.postgresql/root.crt + - name: TRANSMITTAL_SERVICE_UVICORN__LOG_LEVEL + value: info + - name: TRANSMITTAL_SERVICE_UVICORN__NUM_WORKERS + value: "2" + - name: TRANSMITTAL_SERVICE_UVICORN__ROOT_PATH + - name: TRANSMITTAL_SERVICE_DATABASE__HOST + value: sarex-vpsql-01.xc.wb.ru + - name: TRANSMITTAL_SERVICE_DATABASE__PORT + value: "5432" + - name: TRANSMITTAL_SERVICE_DATABASE__NAME + value: transmittal_db + - name: TRANSMITTAL_SERVICE_DATABASE__ENABLE_SSL + value: "false" + - name: TRANSMITTAL_SERVICE_RABBITMQ__VHOST + value: transmitalls + - name: TRANSMITTAL_SERVICE_RABBITMQ__HOST + value: rabbitmq.rabbitmq.svc.cluster.local + - name: TRANSMITTAL_SERVICE_RABBITMQ__PORT + value: "5672" + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__BASE_URL + value: http://backend.django.svc.cluster.local:8000 + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__MAX_CONNECTIONS + value: "10" + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS + value: "5" + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__TIMEOUT + value: "15" + - name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__BASE_URL + value: http://resources-service.resources.svc.cluster.local:8000 + - name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__MAX_CONNECTIONS + value: "10" + - name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS + value: "5" + - name: TRANSMITTAL_SERVICE_RESOURCE_REPOSITORY__TIMEOUT + value: "15" + - name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__BASE_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__MAX_CONNECTIONS + value: "10" + - name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__MAX_KEEPALIVE_CONNECTIONS + value: "5" + - name: TRANSMITTAL_SERVICE_DOCUMENTATIONS_REPOSITORY__TIMEOUT + value: "15" + - name: TRANSMITTAL_SERVICE_S3_CLIENT__MAX_POOL_CONNECTIONS + value: "10" + - name: TRANSMITTAL_SERVICE_S3_CLIENT__CONNECT_TIMEOUT + value: "10" + - name: TRANSMITTAL_SERVICE_S3_CLIENT__READ_TIMEOUT + value: "50" + - name: TRANSMITTAL_SERVICE_S3_CLIENT__REGION_NAME + value: ru-central1 + - name: TRANSMITTAL_SERVICE_S3_CLIENT__VERIFY + value: "true" + - name: TRANSMITTAL_SERVICE_S3_CLIENT__DEFAULT_BUCKET + value: transmittal-storage + - name: TRANSMITTAL_SERVICE_S3_CLIENT__ENDPOINT + value: 10.49.10.90:9000 + - name: TRANSMITTAL_SERVICE_S3_CLIENT__USE_SSL + value: "false" + - name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__BASE_URL + value: http://export-project-service.django.svc.cluster.local:8000 + - name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__MAX_CONNECTIONS + value: "10" + - name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__MAX_KEEPALIVE_CONNECTIONS + value: "5" + - name: TRANSMITTAL_SERVICE_HTML_TO_PDF_CONVERTER__TIMEOUT + value: "50" + - name: TRANSMITTAL_SERVICE_MARKINGS__BASE_URL + value: http://marks-service.documentations.svc.cluster.local:8000 + - name: TRANSMITTAL_SERVICE_MARKINGS__MAX_CONNECTIONS + value: "10" + - name: TRANSMITTAL_SERVICE_MARKINGS__MAX_KEEPALIVE_CONNECTIONS + value: "5" + - name: TRANSMITTAL_SERVICE_MARKINGS__TIMEOUT + value: "50" + - name: TRANSMITTAL_SERVICE_MAILGUN__BASE_URL + value: https://api.mailgun.net/v3/mg.sarex.io + - name: TRANSMITTAL_SERVICE_MAILGUN__MAX_CONNECTIONS + value: "10" + - name: TRANSMITTAL_SERVICE_MAILGUN__MAX_KEEPALIVE_CONNECTIONS + value: "5" + - name: TRANSMITTAL_SERVICE_MAILGUN__TIMEOUT + value: "15" + - name: TRANSMITTAL_SERVICE_MAILGUN__EMAIL + value: hello@wb.io + - name: TRANSMITTAL_SERVICE_DATABASE__USER + valueFrom: + secretKeyRef: + key: username + name: postgres-secret + - name: TRANSMITTAL_SERVICE_DATABASE__PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgres-secret + - name: YC-PG-CERTIFICATE + valueFrom: + secretKeyRef: + key: certificate + name: postgres-secret + - name: TRANSMITTAL_SERVICE_AUTH__PUBLIC_KEY + valueFrom: + secretKeyRef: + key: key + name: public-key + - name: TRANSMITTAL_SERVICE_SAREX_BACKEND_REPOSITORY__BASIC_AUTH_ENCODED + valueFrom: + secretKeyRef: + key: key + name: django-auth + - name: TRANSMITTAL_SERVICE_S3_CLIENT__ACCESS_KEY + valueFrom: + secretKeyRef: + key: access_key + name: s3-secret + - name: TRANSMITTAL_SERVICE_S3_CLIENT__SECRET_KEY + valueFrom: + secretKeyRef: + key: secret_key + name: s3-secret + - name: TRANSMITTAL_SERVICE_RABBITMQ__USER + valueFrom: + secretKeyRef: + key: username + name: rabbitmq-cred + - name: TRANSMITTAL_SERVICE_RABBITMQ__PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rabbitmq-cred + - name: TRANSMITTAL_SERVICE_MAILGUN__API_KEY + valueFrom: + secretKeyRef: + key: api_key + name: mailgun-cred + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/transmittal/yc-k8s-test/kustomization.yaml b/apps/transmittal/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/transmittal/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/transmittal/yc-k8s-test/postgresql.yaml b/apps/transmittal/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..108809f --- /dev/null +++ b/apps/transmittal/yc-k8s-test/postgresql.yaml @@ -0,0 +1,126 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: issues +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.7" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.7 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "postgres" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "postgres" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "postgres" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + resources: + requests: + memory: 512Mi + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "postgres" + sharedPreloadLibraries: "pg_stat_statements,uuid-ossp,ltree,postgis" + vault: + enabled: true + role: postgresql + authPath: auth/kubernetes + secretPath: secrets/data/postgresql/admin + secretKey: postgres-password + usersSecretPath: secrets/data/postgresql/users + databases: + - name: issues_db + user: issues + passwordKey: issues + extensions: + - ltree + - pg_stat_statements + - pg_trgm + - postgis + - timescaledb + - uuid-ossp + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index 6d472fe..f4d7836 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -36,4 +36,5 @@ resources: - ../../apps/bim/yc-k8s-test - ../../apps/django/yc-k8s-test - ../../apps/processing/yc-k8s-test - - ../../apps/message-hub/yc-k8s-test \ No newline at end of file + - ../../apps/message-hub/yc-k8s-test + - ../../apps/transmittal/yc-k8s-test \ No newline at end of file