From 9015487e7f0ca2b8c85c1839782aa76e4ae0e0fd Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 20 Apr 2026 14:04:20 +0500 Subject: [PATCH] ++ --- apps/eav/base/backend-deployment.yaml | 110 ++++++++++++++ apps/eav/base/backend-service.yaml | 15 ++ apps/eav/base/django-configmap.yaml | 193 ++++++++++++++++++++++++ apps/eav/base/kustomization.yaml | 9 ++ apps/eav/base/namespace.yaml | 7 + apps/eav/yc-k8s-test/kustomization.yaml | 11 ++ apps/eav/yc-k8s-test/postgresql.yaml | 113 ++++++++++++++ apps/eav/yc-k8s-test/replicas.yaml | 8 + 8 files changed, 466 insertions(+) create mode 100644 apps/eav/base/backend-deployment.yaml create mode 100644 apps/eav/base/backend-service.yaml create mode 100644 apps/eav/base/django-configmap.yaml create mode 100644 apps/eav/base/kustomization.yaml create mode 100644 apps/eav/base/namespace.yaml create mode 100644 apps/eav/yc-k8s-test/kustomization.yaml create mode 100644 apps/eav/yc-k8s-test/postgresql.yaml create mode 100644 apps/eav/yc-k8s-test/replicas.yaml diff --git a/apps/eav/base/backend-deployment.yaml b/apps/eav/base/backend-deployment.yaml new file mode 100644 index 0000000..ff0a324 --- /dev/null +++ b/apps/eav/base/backend-deployment.yaml @@ -0,0 +1,110 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: eav + labels: + app: backend +spec: + replicas: 1 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + spec: + volumes: + defaultMode: 420 + items: + - key: production.py + path: production.py + name: django-configmap + containers: + - name: backend + image: cr.yandex/crp3ccidau046kdj8g9q/eav:prod_0fb73247 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: KAFKA_ENABLED + value: "False" + - name: ASSETS_TOPIC + value: sarex + - name: DJANGO_SETTINGS_MODULE + value: config.settings.production + - name: DJANGO_POSTGRES_DATABASE + value: eav_db + - name: YC_S3_ENDPOINT_URL + value: http://minio-svc.minio.svc.cluster.local:9000 + - name: YC_S3_BUCKET_NAME + value: eav + - name: DJANGO_POSTGRES_HOST + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: DJANGO_POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: DJANGO_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: DJANGO_POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: JWT_PRIVATE_KEY + valueFrom: + secretKeyRef: + key: ssh_private.key + name: backend-secret + - name: JWT_PUBLIC_KEY + valueFrom: + secretKeyRef: + key: ssh_public.key + name: backend-secret + - name: YC_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: login + name: s3-secret + - name: YC_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: password + name: s3-secret + resources: + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - mountPath: /server/config/settings/production.py + name: django-configmap + subPath: production.py + + livenessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 10 + periodSeconds: 60 + failureThreshold: 10 + readinessProbe: + httpGet: + path: /ping + port: 8000 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 20 + imagePullSecrets: + - name: regcred diff --git a/apps/eav/base/backend-service.yaml b/apps/eav/base/backend-service.yaml new file mode 100644 index 0000000..963c3f4 --- /dev/null +++ b/apps/eav/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: backend-service + namespace: eav +spec: + type: ClusterIP + selector: + app: backend + ports: + - name: http + port: 8000 + targetPort: 8000 + protocol: TCP diff --git a/apps/eav/base/django-configmap.yaml b/apps/eav/base/django-configmap.yaml new file mode 100644 index 0000000..c67bc9d --- /dev/null +++ b/apps/eav/base/django-configmap.yaml @@ -0,0 +1,193 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: django-configmap + namespace: eav +data: + production.py: | + # production.py + + + from .base import * + + from datetime import timedelta + + import os + + from django.core.exceptions import ImproperlyConfigured + + + INSTALLED_APPS.append("corsheaders") + + #MIDDLEWARE = ["corsheaders.middleware.CorsMiddleware"] + MIDDLEWARE + + + # DEBUG SETTINGS START + + # + --------------------------------------------------------------------------------------------------------------------- + + DEBUG = True + + ALLOWED_HOSTS = ['*'] + + # + --------------------------------------------------------------------------------------------------------------------- + + # DEBUG SETTINGS END + + + # DATABASE SETTINGS START + + # + --------------------------------------------------------------------------------------------------------------------- + + DATABASES = { + "default": { + "ENGINE": "django.db.backends.postgresql", + "NAME": os.getenv("DJANGO_POSTGRES_DATABASE"), + "USER": os.getenv("DJANGO_POSTGRES_USER"), + "PASSWORD": os.getenv("DJANGO_POSTGRES_PASSWORD"), + "HOST": os.getenv("DJANGO_POSTGRES_HOST"), + "PORT": "5432", + } + } + + # + --------------------------------------------------------------------------------------------------------------------- + + # DATABASE SETTINGS END + + + # RESPONSE HEADERS START + + # + --------------------------------------------------------------------------------------------------------------------- + + CORS_ORIGIN_ALLOW_ALL = True + + + CORS_ALLOWED_ORIGINS = [ + "https://srx.wb.ru", + ] + + + CORS_TRUSTED_ORIGINS = [ + "https://srx.wb.ru", + ] + + + CSRF_TRUSTED_ORIGINS = [ + "https://srx.wb.ru", + ] + + + CORS_ALLOW_METHODS = ( + 'DELETE', + 'GET', + 'OPTIONS', + 'PATCH', + 'POST', + 'PUT', + ) + + + CORS_ALLOW_HEADERS = ( + 'accept', + 'accept-encoding', + 'authorization', + 'content-type', + 'user-agent', + 'x-csrftoken', + 'x-requested-with', + 'x-token', + 'Bearer' + ) + + # + --------------------------------------------------------------------------------------------------------------------- + + # RESPONSE HEADERS END + + + REST_FRAMEWORK = { + "DEFAULT_PAGINATION_CLASS": ( + "rest_framework.pagination.LimitOffsetPagination" + ), + "DEFAULT_SCHEMA_CLASS": "rest_framework.schemas.coreapi.AutoSchema", + "PAGE_SIZE": 10000, + "DEFAULT_FILTER_BACKENDS": [ + "django_filters.rest_framework.DjangoFilterBackend" + ], + "DEFAULT_AUTHENTICATION_CLASSES": [ + "core.auth.ZitadelJWTAuthentication", + "rest_framework_simplejwt.authentication.JWTAuthentication", + "rest_framework.authentication.SessionAuthentication", + "rest_framework.authentication.BasicAuthentication", + ], + "DEFAULT_PERMISSION_CLASSES": [ + "rest_framework.permissions.AllowAny", + ] + } + + + # JWT SETTINGS START + + # + --------------------------------------------------------------------------------------------------------------------- + + def get_env_variable(var_name, default=None): + try: + return os.getenv(var_name, default) + except KeyError: + error_msg = f"Set the {var_name} environment variable" + if default: + return default + raise ImproperlyConfigured(error_msg) + + SIMPLE_JWT_ISSUER = get_env_variable("SIMPLE_JWT_ISSUER", default="django") + + + SIMPLE_JWT = { + "ACCESS_TOKEN_LIFETIME": timedelta(minutes=5), + "REFRESH_TOKEN_LIFETIME": timedelta(days=1), + "ROTATE_REFRESH_TOKENS": False, + "UPDATE_LAST_LOGIN": False, + + "ALGORITHM": "RS512", + "SIGNING_KEY": get_env_variable("JWT_PRIVATE_KEY").replace("\\\n", "\n"), + "VERIFYING_KEY": get_env_variable("JWT_PUBLIC_KEY").replace("\\\n", "\n"), + "AUDIENCE": None, + "ISSUER": SIMPLE_JWT_ISSUER, + + "AUTH_HEADER_TYPES": ("Bearer",), + "AUTH_HEADER_NAME": "HTTP_AUTHORIZATION", + "USER_ID_FIELD": "id", + "USER_ID_CLAIM": "user_id", + + "AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",), + "TOKEN_TYPE_CLAIM": "token_type", + + "JTI_CLAIM": "jti", + + "SLIDING_TOKEN_REFRESH_EXP_CLAIM": "refresh_exp", + "SLIDING_TOKEN_LIFETIME": timedelta(minutes=5), + "SLIDING_TOKEN_REFRESH_LIFETIME": timedelta(days=1), + } + + # + --------------------------------------------------------------------------------------------------------------------- + + # JWT SETTINGS END + + + STATIC_ROOT = '/static/' + + STATIC_URL = '/static/' + + STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage' + + + SESSION_COOKIE_NAME = 'eav-sessionid' + + CSRF_COOKIE_NAME = 'eav-csrftoken' diff --git a/apps/eav/base/kustomization.yaml b/apps/eav/base/kustomization.yaml new file mode 100644 index 0000000..f9a6541 --- /dev/null +++ b/apps/eav/base/kustomization.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: eav +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml + - django-configmap.yaml diff --git a/apps/eav/base/namespace.yaml b/apps/eav/base/namespace.yaml new file mode 100644 index 0000000..0587374 --- /dev/null +++ b/apps/eav/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: eav + labels: + istio-injection: enabled diff --git a/apps/eav/yc-k8s-test/kustomization.yaml b/apps/eav/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..79e4c45 --- /dev/null +++ b/apps/eav/yc-k8s-test/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: + - path: replicas.yaml + target: + kind: Deployment + name: comparisons diff --git a/apps/eav/yc-k8s-test/postgresql.yaml b/apps/eav/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..8ed8238 --- /dev/null +++ b/apps/eav/yc-k8s-test/postgresql.yaml @@ -0,0 +1,113 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: eav +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + resources: + requests: + memory: 512Mi + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "pg_stat_statements,uuid-ossp,ltree,postgis" + databases: + - name: eav_db + user: eav + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" \ No newline at end of file diff --git a/apps/eav/yc-k8s-test/replicas.yaml b/apps/eav/yc-k8s-test/replicas.yaml new file mode 100644 index 0000000..bc22003 --- /dev/null +++ b/apps/eav/yc-k8s-test/replicas.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend + namespace: eav +spec: + replicas: 1