From b0243697285fcfedfff2bbb4a162ba79e56232e7 Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 17 Apr 2026 12:39:05 +0500 Subject: [PATCH 1/5] ++ --- apps/system-log/base/backend-deployment.yaml | 111 ++++++++++++++++++ apps/system-log/base/backend-service.yaml | 15 +++ apps/system-log/base/kustomization.yaml | 9 ++ apps/system-log/base/namespace.yaml | 7 ++ apps/system-log/base/worker-deployment.yaml | 91 ++++++++++++++ .../system-log/yc-k8s-test/kustomization.yaml | 7 ++ apps/system-log/yc-k8s-test/postgresql.yaml | 110 +++++++++++++++++ 7 files changed, 350 insertions(+) create mode 100644 apps/system-log/base/backend-deployment.yaml create mode 100644 apps/system-log/base/backend-service.yaml create mode 100644 apps/system-log/base/kustomization.yaml create mode 100644 apps/system-log/base/namespace.yaml create mode 100644 apps/system-log/base/worker-deployment.yaml create mode 100644 apps/system-log/yc-k8s-test/kustomization.yaml create mode 100644 apps/system-log/yc-k8s-test/postgresql.yaml diff --git a/apps/system-log/base/backend-deployment.yaml b/apps/system-log/base/backend-deployment.yaml new file mode 100644 index 0000000..ff19ce0 --- /dev/null +++ b/apps/system-log/base/backend-deployment.yaml @@ -0,0 +1,111 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: api + namespace: system-log + labels: + app: api + service: api +spec: + replicas: 1 + selector: + matchLabels: + app: api + template: + metadata: + labels: + app: api + service: api + spec: + containers: + - name: api + image: cr.yandex/crp3ccidau046kdj8g9q/system-log:prod_6ed1b27e + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - env: + - name: KAFKA_ENABLE + value: "0" + - name: KAFKA_USE_SSL + value: "0" + - name: KAFKA_ENABLE_LOGGING + value: "0" + - name: APP_NAME + value: system_log + - name: APP_VERSION + value: 0.0.1 + - name: LOG_LEVEL + value: INFO + - name: HTTP_HOST + value: 0.0.0.0 + - name: HTTP_PORT + value: "8000" + - name: NAMESPACE + value: system-log + - name: POSTGRES_POOL_SIZE + value: "3" + - name: ENABLE_SSL + value: "0" + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: KAFKA_USERNAME + valueFrom: + secretKeyRef: + key: username + name: kafka-secret + - name: KAFKA_BROKERS + valueFrom: + secretKeyRef: + key: host + name: kafka-secret + - name: KAFKA_TOPIC + valueFrom: + secretKeyRef: + key: topic + name: kafka-secret + - name: KAFKA_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: kafka-secret + - name: KAFKA_PEM_CERT + valueFrom: + secretKeyRef: + key: certificate + name: kafka-certificate + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/system-log/base/backend-service.yaml b/apps/system-log/base/backend-service.yaml new file mode 100644 index 0000000..f938e6d --- /dev/null +++ b/apps/system-log/base/backend-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: rfi-backend-api-svc + namespace: rfi +spec: + type: ClusterIP + selector: + app: rfi-backend-api + ports: + - name: http + port: 80 + targetPort: 8000 + protocol: TCP diff --git a/apps/system-log/base/kustomization.yaml b/apps/system-log/base/kustomization.yaml new file mode 100644 index 0000000..f69753d --- /dev/null +++ b/apps/system-log/base/kustomization.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: rfi +resources: + - namespace.yaml + - backend-deployment.yaml + - backend-service.yaml + - worker-deployment.yaml diff --git a/apps/system-log/base/namespace.yaml b/apps/system-log/base/namespace.yaml new file mode 100644 index 0000000..f4d8f44 --- /dev/null +++ b/apps/system-log/base/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: system-log + labels: + istio-injection: enabled diff --git a/apps/system-log/base/worker-deployment.yaml b/apps/system-log/base/worker-deployment.yaml new file mode 100644 index 0000000..46ffedf --- /dev/null +++ b/apps/system-log/base/worker-deployment.yaml @@ -0,0 +1,91 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: worker + namespace: system-log + labels: + app: worker + service: worker +spec: + replicas: 1 + selector: + matchLabels: + app: worker + template: + metadata: + labels: + app: worker + service: worker + spec: + containers: + - name: worker + image: cr.yandex/crp3ccidau046kdj8g9q/system_log_worker:de6a0147d285afa273e85c0f074c8b6049d03a32 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: APP_NAME + value: system_log + - name: APP_VERSION + value: 0.0.1 + - name: LOG_LEVEL + value: INFO + - name: HTTP_HOST + value: 0.0.0.0 + - name: HTTP_PORT + value: "8000" + - name: NAMESPACE + value: sarex-system-log + - name: DOCUMENTATIONS_URL + value: http://documentations-api.documentations.svc.cluster.local:8080 + - name: POSTGRES_POOL_SIZE + value: "3" + - name: ENABLE_SSL + value: "0" + - name: DJANGO_HOST + value: http://backend.django.svc.cluster.local:8000 + - name: POSTGRES_ADDRESS + valueFrom: + secretKeyRef: + key: hostname + name: postgresql-secret + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + key: port + name: postgresql-secret + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: database + name: postgresql-secret + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: username + name: postgresql-secret + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgresql-secret + - name: SUPER_USERNAME + valueFrom: + secretKeyRef: + key: username + name: superuser + - name: SUPER_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: superuser + + resources: + requests: + cpu: "1" + memory: 1Gi + imagePullSecrets: + - name: regcred diff --git a/apps/system-log/yc-k8s-test/kustomization.yaml b/apps/system-log/yc-k8s-test/kustomization.yaml new file mode 100644 index 0000000..e601931 --- /dev/null +++ b/apps/system-log/yc-k8s-test/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - postgresql.yaml +patches: [] diff --git a/apps/system-log/yc-k8s-test/postgresql.yaml b/apps/system-log/yc-k8s-test/postgresql.yaml new file mode 100644 index 0000000..d5659e4 --- /dev/null +++ b/apps/system-log/yc-k8s-test/postgresql.yaml @@ -0,0 +1,110 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: system-log +spec: + interval: 5m + timeout: 2h + chart: + spec: + chart: postgresql-contour + version: "17.0.2" + sourceRef: + kind: HelmRepository + name: yc-oci-charts + namespace: flux-system + + install: + timeout: 2h + remediation: + retries: 3 + + upgrade: + timeout: 2h + remediation: + retries: 3 + + values: + global: + security: + allowInsecureImages: true + defaultStorageClass: local-path + postgresql: + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + auth: + username: "" + database: "" + secretKeys: + userPasswordKey: "postgres-password" + image: + registry: cr.yandex/crp3ccidau046kdj8g9q + repository: contour/postgresql + tag: 17.0.2 + pullPolicy: Always + metrics: + enabled: false + prometheusRule: + enabled: false + primary: + containerSecurityContext: + readOnlyRootFilesystem: false + persistence: + storageClass: local-path + size: 20Gi + customLivenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customReadinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + customStartupProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sarex" -d postgres -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + nodeSelector: + dedicated: db + tolerations: + - key: dedicated + operator: Equal + value: db + effect: NoSchedule + contour: + enabled: true + adminUser: "" + adminPasswordSecretKey: "" + sharedPreloadLibraries: "ltree,pg_stat_statements,timescaledb" + databases: + - name: system_log_db + user: system_log + extensions: [] + restoreFromDump: false + s3-proxy: + endpointUrl: "s3-proxy-service.postgresql.svc.cluster.local" From d08162fb6dfe6f63aa722714ed380f231609c954 Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 17 Apr 2026 12:40:52 +0500 Subject: [PATCH 2/5] fix --- clusters/yc-k8s-test/kustomization.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/clusters/yc-k8s-test/kustomization.yaml b/clusters/yc-k8s-test/kustomization.yaml index b4bbaa9..8acc4c2 100644 --- a/clusters/yc-k8s-test/kustomization.yaml +++ b/clusters/yc-k8s-test/kustomization.yaml @@ -19,4 +19,5 @@ resources: - ../../apps/rfi/yc-k8s-test - ../../apps/checklists/yc-k8s-test - ../../apps/subscriptions/yc-k8s-test - - ../../apps/inspections/yc-k8s-test \ No newline at end of file + - ../../apps/inspections/yc-k8s-test + - ../../apps/system-log/yc-k8s-test \ No newline at end of file From 62a4bf085e34e44b184e805ca1801d6b1e9b5c8e Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 17 Apr 2026 12:42:56 +0500 Subject: [PATCH 3/5] fix --- apps/system-log/base/backend-deployment.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/apps/system-log/base/backend-deployment.yaml b/apps/system-log/base/backend-deployment.yaml index ff19ce0..b1f911d 100644 --- a/apps/system-log/base/backend-deployment.yaml +++ b/apps/system-log/base/backend-deployment.yaml @@ -27,7 +27,6 @@ spec: containerPort: 8000 protocol: TCP env: - - env: - name: KAFKA_ENABLE value: "0" - name: KAFKA_USE_SSL From a3f0a049f027cdfc5e74d081a423349e746aa6d4 Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 17 Apr 2026 12:44:31 +0500 Subject: [PATCH 4/5] fix --- apps/system-log/base/backend-service.yaml | 2 +- apps/system-log/base/kustomization.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/system-log/base/backend-service.yaml b/apps/system-log/base/backend-service.yaml index f938e6d..be9ff27 100644 --- a/apps/system-log/base/backend-service.yaml +++ b/apps/system-log/base/backend-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: rfi-backend-api-svc - namespace: rfi + namespace: system-log spec: type: ClusterIP selector: diff --git a/apps/system-log/base/kustomization.yaml b/apps/system-log/base/kustomization.yaml index f69753d..91b2b1b 100644 --- a/apps/system-log/base/kustomization.yaml +++ b/apps/system-log/base/kustomization.yaml @@ -1,7 +1,7 @@ --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: rfi +namespace: system-log resources: - namespace.yaml - backend-deployment.yaml From 88f66df68fb592d20adcb8602d1e44dc31526119 Mon Sep 17 00:00:00 2001 From: ivan Date: Fri, 17 Apr 2026 12:51:59 +0500 Subject: [PATCH 5/5] fix --- apps/system-log/base/backend-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/system-log/base/backend-deployment.yaml b/apps/system-log/base/backend-deployment.yaml index b1f911d..e024731 100644 --- a/apps/system-log/base/backend-deployment.yaml +++ b/apps/system-log/base/backend-deployment.yaml @@ -99,8 +99,8 @@ spec: - name: KAFKA_PEM_CERT valueFrom: secretKeyRef: - key: certificate - name: kafka-certificate + key: ca.crt + name: kafka-secret resources: requests: