sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

++

Browse Source
This commit is contained in:
ivan 2026-04-20 14:04:20 +05:00
parent 9c36b4caa3
commit 9015487e7f
8 changed files with 466 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
apps/eav/base/backend-deployment.yaml Normal file
View File

@ -0,0 +1,110 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: eav
labels:
app: backend
spec:
replicas: 1
selector:
matchLabels:
app: backend
template:
metadata:
labels:
app: backend
spec:
volumes:
defaultMode: 420
items:
- key: production.py
path: production.py
name: django-configmap
containers:
- name: backend
image: cr.yandex/crp3ccidau046kdj8g9q/eav:prod_0fb73247
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: KAFKA_ENABLED
value: "False"
- name: ASSETS_TOPIC
value: sarex
- name: DJANGO_SETTINGS_MODULE
value: config.settings.production
- name: DJANGO_POSTGRES_DATABASE
value: eav_db
- name: YC_S3_ENDPOINT_URL
value: http://minio-svc.minio.svc.cluster.local:9000
- name: YC_S3_BUCKET_NAME
value: eav
- name: DJANGO_POSTGRES_HOST
valueFrom:
secretKeyRef:
key: hostname
name: postgresql-secret
- name: DJANGO_POSTGRES_USER
valueFrom:
secretKeyRef:
key: username
name: postgresql-secret
- name: DJANGO_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: postgresql-secret
- name: DJANGO_POSTGRES_PORT
valueFrom:
secretKeyRef:
key: port
name: postgresql-secret
- name: JWT_PRIVATE_KEY
valueFrom:
secretKeyRef:
key: ssh_private.key
name: backend-secret
- name: JWT_PUBLIC_KEY
valueFrom:
secretKeyRef:
key: ssh_public.key
name: backend-secret
- name: YC_S3_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: login
name: s3-secret
- name: YC_S3_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: password
name: s3-secret
resources:
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- mountPath: /server/config/settings/production.py
name: django-configmap
subPath: production.py
livenessProbe:
httpGet:
path: /ping
port: 8000
initialDelaySeconds: 10
periodSeconds: 60
failureThreshold: 10
readinessProbe:
httpGet:
path: /ping
port: 8000
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 20
imagePullSecrets:
- name: regcred

15
apps/eav/base/backend-service.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: backend-service
namespace: eav
spec:
type: ClusterIP
selector:
app: backend
ports:
- name: http
port: 8000
targetPort: 8000
protocol: TCP

193
apps/eav/base/django-configmap.yaml Normal file
View File

@ -0,0 +1,193 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: django-configmap
namespace: eav
data:
production.py: |
# production.py
from .base import *
from datetime import timedelta
import os
from django.core.exceptions import ImproperlyConfigured
INSTALLED_APPS.append("corsheaders")
#MIDDLEWARE = ["corsheaders.middleware.CorsMiddleware"] + MIDDLEWARE
# DEBUG SETTINGS START
#
---------------------------------------------------------------------------------------------------------------------
DEBUG = True
ALLOWED_HOSTS = ['*']
#
---------------------------------------------------------------------------------------------------------------------
# DEBUG SETTINGS END
# DATABASE SETTINGS START
#
---------------------------------------------------------------------------------------------------------------------
DATABASES = {
"default": {
"ENGINE": "django.db.backends.postgresql",
"NAME": os.getenv("DJANGO_POSTGRES_DATABASE"),
"USER": os.getenv("DJANGO_POSTGRES_USER"),
"PASSWORD": os.getenv("DJANGO_POSTGRES_PASSWORD"),
"HOST": os.getenv("DJANGO_POSTGRES_HOST"),
"PORT": "5432",
}
}
#
---------------------------------------------------------------------------------------------------------------------
# DATABASE SETTINGS END
# RESPONSE HEADERS START
#
---------------------------------------------------------------------------------------------------------------------
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOWED_ORIGINS = [
"https://srx.wb.ru",
]
CORS_TRUSTED_ORIGINS = [
"https://srx.wb.ru",
]
CSRF_TRUSTED_ORIGINS = [
"https://srx.wb.ru",
]
CORS_ALLOW_METHODS = (
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
)
CORS_ALLOW_HEADERS = (
'accept',
'accept-encoding',
'authorization',
'content-type',
'user-agent',
'x-csrftoken',
'x-requested-with',
'x-token',
'Bearer'
)
#
---------------------------------------------------------------------------------------------------------------------
# RESPONSE HEADERS END
REST_FRAMEWORK = {
"DEFAULT_PAGINATION_CLASS": (
"rest_framework.pagination.LimitOffsetPagination"
),
"DEFAULT_SCHEMA_CLASS": "rest_framework.schemas.coreapi.AutoSchema",
"PAGE_SIZE": 10000,
"DEFAULT_FILTER_BACKENDS": [
"django_filters.rest_framework.DjangoFilterBackend"
],
"DEFAULT_AUTHENTICATION_CLASSES": [
"core.auth.ZitadelJWTAuthentication",
"rest_framework_simplejwt.authentication.JWTAuthentication",
"rest_framework.authentication.SessionAuthentication",
"rest_framework.authentication.BasicAuthentication",
],
"DEFAULT_PERMISSION_CLASSES": [
"rest_framework.permissions.AllowAny",
]
}
# JWT SETTINGS START
#
---------------------------------------------------------------------------------------------------------------------
def get_env_variable(var_name, default=None):
try:
return os.getenv(var_name, default)
except KeyError:
error_msg = f"Set the {var_name} environment variable"
if default:
return default
raise ImproperlyConfigured(error_msg)
SIMPLE_JWT_ISSUER = get_env_variable("SIMPLE_JWT_ISSUER", default="django")
SIMPLE_JWT = {
"ACCESS_TOKEN_LIFETIME": timedelta(minutes=5),
"REFRESH_TOKEN_LIFETIME": timedelta(days=1),
"ROTATE_REFRESH_TOKENS": False,
"UPDATE_LAST_LOGIN": False,
"ALGORITHM": "RS512",
"SIGNING_KEY": get_env_variable("JWT_PRIVATE_KEY").replace("\\\n", "\n"),
"VERIFYING_KEY": get_env_variable("JWT_PUBLIC_KEY").replace("\\\n", "\n"),
"AUDIENCE": None,
"ISSUER": SIMPLE_JWT_ISSUER,
"AUTH_HEADER_TYPES": ("Bearer",),
"AUTH_HEADER_NAME": "HTTP_AUTHORIZATION",
"USER_ID_FIELD": "id",
"USER_ID_CLAIM": "user_id",
"AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",),
"TOKEN_TYPE_CLAIM": "token_type",
"JTI_CLAIM": "jti",
"SLIDING_TOKEN_REFRESH_EXP_CLAIM": "refresh_exp",
"SLIDING_TOKEN_LIFETIME": timedelta(minutes=5),
"SLIDING_TOKEN_REFRESH_LIFETIME": timedelta(days=1),
}
#
---------------------------------------------------------------------------------------------------------------------
# JWT SETTINGS END
STATIC_ROOT = '/static/'
STATIC_URL = '/static/'
STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage'
SESSION_COOKIE_NAME = 'eav-sessionid'
CSRF_COOKIE_NAME = 'eav-csrftoken'

9
apps/eav/base/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: eav
resources:
- namespace.yaml
- backend-deployment.yaml
- backend-service.yaml
- django-configmap.yaml

7
apps/eav/base/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: eav
labels:
istio-injection: enabled

11
apps/eav/yc-k8s-test/kustomization.yaml Normal file
View File

@ -0,0 +1,11 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
- postgresql.yaml
patches:
- path: replicas.yaml
target:
kind: Deployment
name: comparisons

113
apps/eav/yc-k8s-test/postgresql.yaml Normal file
View File

@ -0,0 +1,113 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: postgresql
namespace: eav
spec:
interval: 5m
timeout: 2h
chart:
spec:
chart: postgresql-contour
version: "17.0.2"
sourceRef:
kind: HelmRepository
name: yc-oci-charts
namespace: flux-system
install:
timeout: 2h
remediation:
retries: 3
upgrade:
timeout: 2h
remediation:
retries: 3
values:
global:
security:
allowInsecureImages: true
defaultStorageClass: local-path
postgresql:
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
auth:
username: ""
database: ""
secretKeys:
userPasswordKey: "postgres-password"
image:
registry: cr.yandex/crp3ccidau046kdj8g9q
repository: contour/postgresql
tag: 17.0.2
pullPolicy: Always
metrics:
enabled: false
prometheusRule:
enabled: false
primary:
containerSecurityContext:
readOnlyRootFilesystem: false
persistence:
storageClass: local-path
size: 20Gi
customLivenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customReadinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
customStartupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
resources:
requests:
memory: 512Mi
nodeSelector:
dedicated: db
tolerations:
- key: dedicated
operator: Equal
value: db
effect: NoSchedule
contour:
enabled: true
adminUser: ""
adminPasswordSecretKey: ""
sharedPreloadLibraries: "pg_stat_statements,uuid-ossp,ltree,postgis"
databases:
- name: eav_db
user: eav
extensions: []
restoreFromDump: false
s3-proxy:
endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local"

8
apps/eav/yc-k8s-test/replicas.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: eav
spec:
replicas: 1