diff --git a/apps/resources/base/backend-deployment.yaml b/apps/resources/base/backend-deployment.yaml new file mode 100644 index 0000000..4b763e5 --- /dev/null +++ b/apps/resources/base/backend-deployment.yaml @@ -0,0 +1,116 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: resources + labels: + app: backend +spec: + replicas: 1 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + spec: + volumes: + - name: django-configmap + configMap: + name: django-configmap + items: + - key: production.py + path: production.py + defaultMode: 420 + + containers: + - name: backend + image: cr.yandex/crp3ccidau046kdj8g9q/sarex-resources:prod_d642ef88 + imagePullPolicy: IfNotPresent + + ports: + - name: http + containerPort: 8000 + protocol: TCP + + env: + - name: DJANGO_SETTINGS_MODULE + value: config.settings.production + - name: API_ADDRESS + value: "8000" + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: DATABASE_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: DATABASE_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DATABASE_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: YC_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: username + name: s3-secret + - name: YC_S3_ENDPOINT_URL + valueFrom: + secretKeyRef: + key: host + name: s3-secret + - name: YC_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: password + name: s3-secret + - name: YC_S3_BUCKET_NAME + valueFrom: + secretKeyRef: + key: bucket + name: s3-secret + + + resources: + requests: + cpu: 100m + memory: 100Mi + + volumeMounts: + - name: django-configmap + mountPath: /server/config/settings/production.py + subPath: production.py + + livenessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 10 + periodSeconds: 60 + failureThreshold: 10 + + readinessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 20 + + imagePullSecrets: + - name: regcred \ No newline at end of file diff --git a/apps/resources/base/backend-service.yaml b/apps/resources/base/backend-service.yaml new file mode 100644 index 0000000..1215014 --- /dev/null +++ b/apps/resources/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-service + namespace: resources +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 8000 + targetPort: 8000 + protocol: TCP diff --git a/apps/resources/base/django-configmap.yaml b/apps/resources/base/django-configmap.yaml new file mode 100644 index 0000000..e7b33c9 --- /dev/null +++ b/apps/resources/base/django-configmap.yaml @@ -0,0 +1,93 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: django-configmap + namespace: resources +data: + production.py: | + import os + from .base import * + + # DEBUG SETTINGS + # ----------------------------------------------------------------------------- + DEBUG = False + # ----------------------------------------------------------------------------- + + # ALLOWED HOSTS + # ----------------------------------------------------------------------------- + ALLOWED_HOSTS = ['*'] + # ----------------------------------------------------------------------------- + + # SERVICE ACCOUNTS HOST + # ----------------------------------------------------------------------------- + SERVICE_ACCOUNTS_HOST = os.getenv( + "SERVICE_ACCOUNTS_HOST", + default="http://backend.django.svc.cluster.local:8000/api/core" + ) + # ----------------------------------------------------------------------------- + + # DATABASE CONFIGURATION + # ----------------------------------------------------------------------------- + POSTGRES_DATABASE = os.getenv("DATABASE_NAME") + POSTGRES_USER = os.getenv("DATABASE_USER") + POSTGRES_PASSWORD = os.getenv("DATABASE_PASSWORD") + POSTGRES_HOST = os.getenv("DATABASE_HOST") + POSTGRES_PORT = os.getenv("DATABASE_PORT") + + DATABASES = { + "default": { + "ENGINE": "django.contrib.gis.db.backends.postgis", + "NAME": POSTGRES_DATABASE, + "USER": POSTGRES_USER, + "PASSWORD": POSTGRES_PASSWORD, + "HOST": POSTGRES_HOST, + "PORT": POSTGRES_PORT, + } + } + # ----------------------------------------------------------------------------- + + # CORS SETTINGS + SAREX_ADMIN_USERNAME = "hagen013" + SAREX_ADMIN_PASSWORD = "zealot096" + SAREX_BASE_HOST = "http://backend.django.svc.cluster.local:8000" + # ----------------------------------------------------------------------------- + + CORS_ALLOWED_ORIGINS = [ + "https://localhost:8000", + "https://localhost:8080", + "https://wb.sarex.ru", + "https://wb.sarex.ru.lonsdaleites.ru", + "https://srx.wb.ru", + ] + + CSRF_TRUSTED_ORIGINS = [ + 'https://localhost:8000', + 'https://localhost:8080', + 'https://wb.sarex.ru', + "https://wb.sarex.ru", + ] + + CORS_ALLOW_ALL_ORIGINS = True + + CORS_ALLOW_METHODS = [ + "DELETE", + "GET", + "OPTIONS", + "PATCH", + "POST", + "PUT", + ] + # ----------------------------------------------------------------------------- + + # STATIC FILES + # ----------------------------------------------------------------------------- + STATIC_ROOT = "/static/" + STATIC_URL = "/static/" + STATICFILES_STORAGE = "django.contrib.staticfiles.storage.StaticFilesStorage" + # ----------------------------------------------------------------------------- + + # COOKIE SETTINGS + # ----------------------------------------------------------------------------- + SESSION_COOKIE_NAME = "resource-sessionid" + CSRF_COOKIE_NAME = "resource-csrftoken" + # ----------------------------------------------------------------------------- \ No newline at end of file diff --git a/apps/resources/base/kustomization.yaml b/apps/resources/base/kustomization.yaml new file mode 100644 index 0000000..149f532 --- /dev/null +++ b/apps/resources/base/kustomization.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: resources +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml + - django-configmap.yaml diff --git a/apps/resources/base/namespace.yaml b/apps/resources/base/namespace.yaml new file mode 100644 index 0000000..5c2d001 --- /dev/null +++ b/apps/resources/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: resources + labels: + istio-injection: enabled diff --git a/apps/resources/yc-k8s-test/kustomization.yaml b/apps/resources/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..79e4c45 --- /dev/null +++ b/apps/resources/yc-k8s-test/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: + - path: replicas.yaml + target: + kind: Deployment + name: comparisons diff --git a/apps/resources/yc-k8s-test/postgresql.yaml b/apps/resources/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..432f999 --- /dev/null +++ b/apps/resources/yc-k8s-test/postgresql.yaml @@ -0,0 +1,113 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: resources +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + resources: + requests: + memory: 512Mi + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements,uuid-ossp,ltree,postgis" + databases: + - name: resources_db + user: resources + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" \ No newline at end of file diff --git a/apps/resources/yc-k8s-test/replicas.yaml b/apps/resources/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..14eb0a8 --- /dev/null +++ b/apps/resources/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: resources +spec: + replicas: 1 diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index a6c1325..538e203 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -26,4 +26,5 @@ resources: - ../../apps/pm/yc-k8s-test - ../../apps/faas/yc-k8s-test - ../../apps/stamp-verification/yc-k8s-test - - ../../apps/eav/yc-k8s-test \ No newline at end of file + - ../../apps/eav/yc-k8s-test + - ../../apps/resources/yc-k8s-test \ No newline at end of file