sarex/iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cde

Browse Source
This commit is contained in:
Kochetkov S 2026-04-24 16:29:11 +03:00
parent 722fe996d6
commit a2bcdfe1b4
10 changed files with 135 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
apps/cde/base/cde-flowscallback.yaml
View File

@ -17,10 +17,25 @@ spec:
labels: labels:
app: cde-flowscallback app: cde-flowscallback
service: cde-flowscallback service: cde-flowscallback
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: cde
vault.hashicorp.com/agent-inject-secret-cde-env: secrets/data/vault/apps/cde
vault.hashicorp.com/agent-inject-template-cde-env: |-
{{- with secret "secrets/data/vault/apps/cde" -}}
{{- range $k, $v := .Data.data }}
{{ $k }}={{ replace "\n" "\\n" (printf "%v" $v) }}
{{- end }}
{{- end -}}
spec: spec:
serviceAccountName: cde-vault
containers: containers:
- name: cde-flowscallback - name: cde-flowscallback
image: cr.yandex/crp3ccidau046kdj8g9q/flowscallback-worker:prod_3.1.2 image: cr.yandex/crp3ccidau046kdj8g9q/flowscallback-worker:prod_9f3c1d2a
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- name: http - name: http

17
apps/cde/base/cde-splitpdf.yaml
View File

@ -17,10 +17,25 @@ spec:
labels: labels:
app: cde-splitpdf app: cde-splitpdf
service: cde-splitpdf service: cde-splitpdf
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: cde
vault.hashicorp.com/agent-inject-secret-cde-env: secrets/data/vault/apps/cde
vault.hashicorp.com/agent-inject-template-cde-env: |-
{{- with secret "secrets/data/vault/apps/cde" -}}
{{- range $k, $v := .Data.data }}
{{ $k }}={{ replace "\n" "\\n" (printf "%v" $v) }}
{{- end }}
{{- end -}}
spec: spec:
serviceAccountName: cde-vault
containers: containers:
- name: cde-splitpdf - name: cde-splitpdf
image: cr.yandex/crp3ccidau046kdj8g9q/splitpdf-worker:prod_3.1.2 image: cr.yandex/crp3ccidau046kdj8g9q/splitpdf-worker:prod_9f3c1d2a
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- name: http - name: http

17
apps/cde/base/cde-worker-copy.yaml
View File

@ -17,10 +17,25 @@ spec:
labels: labels:
app: cde-worker-copy app: cde-worker-copy
service: cde-worker-copy service: cde-worker-copy
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: cde
vault.hashicorp.com/agent-inject-secret-cde-env: secrets/data/vault/apps/cde
vault.hashicorp.com/agent-inject-template-cde-env: |-
{{- with secret "secrets/data/vault/apps/cde" -}}
{{- range $k, $v := .Data.data }}
{{ $k }}={{ replace "\n" "\\n" (printf "%v" $v) }}
{{- end }}
{{- end -}}
spec: spec:
serviceAccountName: cde-vault
containers: containers:
- name: cde-worker-copy - name: cde-worker-copy
image: cr.yandex/crp3ccidau046kdj8g9q/copy-worker:preprod_fd483601 image: cr.yandex/crp3ccidau046kdj8g9q/copy-worker:prod_9f3c1d2a
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- name: http - name: http

17
apps/cde/base/cde-worker-create-versions.yaml
View File

@ -17,10 +17,25 @@ spec:
labels: labels:
app: cde-worker-create-versions app: cde-worker-create-versions
service: cde-worker-create-versions service: cde-worker-create-versions
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: cde
vault.hashicorp.com/agent-inject-secret-cde-env: secrets/data/vault/apps/cde
vault.hashicorp.com/agent-inject-template-cde-env: |-
{{- with secret "secrets/data/vault/apps/cde" -}}
{{- range $k, $v := .Data.data }}
{{ $k }}={{ replace "\n" "\\n" (printf "%v" $v) }}
{{- end }}
{{- end -}}
spec: spec:
serviceAccountName: cde-vault
containers: containers:
- name: cde-worker-create-versions - name: cde-worker-create-versions
image: cr.yandex/crp3ccidau046kdj8g9q/createversions-worker:preprod_ec474ae7 image: cr.yandex/crp3ccidau046kdj8g9q/createversions-worker:prod_9f3c1d2a
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- name: http - name: http

17
apps/cde/base/cde-worker-markings.yaml
View File

@ -17,10 +17,25 @@ spec:
labels: labels:
app: cde-worker-markings app: cde-worker-markings
service: cde-worker-markings service: cde-worker-markings
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: cde
vault.hashicorp.com/agent-inject-secret-cde-env: secrets/data/vault/apps/cde
vault.hashicorp.com/agent-inject-template-cde-env: |-
{{- with secret "secrets/data/vault/apps/cde" -}}
{{- range $k, $v := .Data.data }}
{{ $k }}={{ replace "\n" "\\n" (printf "%v" $v) }}
{{- end }}
{{- end -}}
spec: spec:
serviceAccountName: cde-vault
containers: containers:
- name: cde-worker-markings - name: cde-worker-markings
image: cr.yandex/crp3ccidau046kdj8g9q/markings-worker:preprod_eb50f30e image: cr.yandex/crp3ccidau046kdj8g9q/markings-worker:prod_9f3c1d2a
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- name: http - name: http

17
apps/cde/base/cde-worker-sign.yaml
View File

@ -17,10 +17,25 @@ spec:
labels: labels:
app: cde-worker-sign app: cde-worker-sign
service: cde-worker-sign service: cde-worker-sign
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: cde
vault.hashicorp.com/agent-inject-secret-cde-env: secrets/data/vault/apps/cde
vault.hashicorp.com/agent-inject-template-cde-env: |-
{{- with secret "secrets/data/vault/apps/cde" -}}
{{- range $k, $v := .Data.data }}
{{ $k }}={{ replace "\n" "\\n" (printf "%v" $v) }}
{{- end }}
{{- end -}}
spec: spec:
serviceAccountName: cde-vault
containers: containers:
- name: cde-worker-sign - name: cde-worker-sign
image: cr.yandex/crp3ccidau046kdj8g9q/sign-worker:preprod_fd483601 image: cr.yandex/crp3ccidau046kdj8g9q/sign-worker:prod_9f3c1d2a
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- name: http - name: http

17
apps/cde/base/cde-worker-update-bundles.yaml
View File

@ -17,10 +17,25 @@ spec:
labels: labels:
app: cde-worker-update-bundles app: cde-worker-update-bundles
service: cde-worker-update-bundles service: cde-worker-update-bundles
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: cde
vault.hashicorp.com/agent-inject-secret-cde-env: secrets/data/vault/apps/cde
vault.hashicorp.com/agent-inject-template-cde-env: |-
{{- with secret "secrets/data/vault/apps/cde" -}}
{{- range $k, $v := .Data.data }}
{{ $k }}={{ replace "\n" "\\n" (printf "%v" $v) }}
{{- end }}
{{- end -}}
spec: spec:
serviceAccountName: cde-vault
containers: containers:
- name: cde-worker-update-bundles - name: cde-worker-update-bundles
image: cr.yandex/crp3ccidau046kdj8g9q/updatebundles-worker:prod_3.1.2 image: cr.yandex/crp3ccidau046kdj8g9q/updatebundles-worker:prod_9f3c1d2a
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- name: http - name: http

17
apps/cde/base/cde.yaml
View File

@ -17,10 +17,25 @@ spec:
labels: labels:
app: cde app: cde
service: cde service: cde
annotations:
traffic.sidecar.istio.io/excludeOutboundPorts: "8200"
vault.hashicorp.com/agent-init-first: "true"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-pre-populate-only: "true"
vault.hashicorp.com/auth-path: auth/kubernetes
vault.hashicorp.com/role: cde
vault.hashicorp.com/agent-inject-secret-cde-env: secrets/data/vault/apps/cde
vault.hashicorp.com/agent-inject-template-cde-env: |-
{{- with secret "secrets/data/vault/apps/cde" -}}
{{- range $k, $v := .Data.data }}
{{ $k }}={{ replace "\n" "\\n" (printf "%v" $v) }}
{{- end }}
{{- end -}}
spec: spec:
serviceAccountName: cde-vault
containers: containers:
- name: api - name: api
image: cr.yandex/crp3ccidau046kdj8g9q/cde:preprod_ec474ae7 image: cr.yandex/crp3ccidau046kdj8g9q/cde:prod_9f3c1d2a
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- name: http - name: http

3
apps/cde/base/kustomization.yaml
View File

@ -4,6 +4,7 @@ kind: Kustomization
namespace: cde namespace: cde
resources: resources:
- namespace.yaml - namespace.yaml
- serviceaccount.yaml
- cde.yaml - cde.yaml
- cde-splitpdf.yaml - cde-splitpdf.yaml
- backend-service.yaml - backend-service.yaml
@ -12,4 +13,4 @@ resources:
- cde-worker-create-versions.yaml - cde-worker-create-versions.yaml
- cde-worker-markings.yaml - cde-worker-markings.yaml
- cde-worker-sign.yaml - cde-worker-sign.yaml
- cde-worker-update-bundles.yaml - cde-worker-update-bundles.yaml

5
apps/cde/base/serviceaccount.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: cde-vault
namespace: cde